diff --git a/CVE-2014/CVE-2014-04xx/CVE-2014-0468.json b/CVE-2014/CVE-2014-04xx/CVE-2014-0468.json index 13bc1cd21fb..915bc93349b 100644 --- a/CVE-2014/CVE-2014-04xx/CVE-2014-0468.json +++ b/CVE-2014/CVE-2014-04xx/CVE-2014-0468.json @@ -2,16 +2,55 @@ "id": "CVE-2014-0468", "sourceIdentifier": "security@debian.org", "published": "2025-06-26T21:15:27.527", - "lastModified": "2025-06-26T21:15:27.527", + "lastModified": "2025-06-27T15:15:22.890", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506." + }, + { + "lang": "es", + "value": "Vulnerabilidad en fusionforge en la configuraci\u00f3n de Apache de f\u00e1brica, donde el servidor web podr\u00eda ejecutar scripts que los usuarios habr\u00edan subido a sus repositorios SCM sin procesar (SVN, Git, Bzr, etc.). Este problema afecta a fusionforge: versiones anteriores a 5.3+20140506." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], - "metrics": {}, "references": [ { "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html", diff --git a/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json b/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json index 4fb4e8f9f70..d06b44967b2 100644 --- a/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json +++ b/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json @@ -2,16 +2,55 @@ "id": "CVE-2014-6274", "sourceIdentifier": "security@debian.org", "published": "2025-06-26T21:15:27.647", - "lastModified": "2025-06-26T21:15:27.647", + "lastModified": "2025-06-27T19:15:29.037", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes\nwas set, and the remote used encryption=pubkey or encryption=hybrid,\nthe embedded AWS credentials were stored in the git repository\nin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919." + }, + { + "lang": "es", + "value": "Git-annex ten\u00eda un error en los servidores remotos S3 y Glacier: si se configuraba embedcreds=yes y el servidor remoto usaba encrypted=pubkey o encrypted=hybrid, las credenciales de AWS integradas se almacenaban en el repositorio Git en texto plano (en la pr\u00e1ctica), no cifradas como deb\u00edan. Este problema afecta a Git-annex desde la versi\u00f3n 3.20121126 hasta la versi\u00f3n 5.20140919." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git-annex.branchable.com/upgrades/insecure_embedded_creds/", diff --git a/CVE-2014/CVE-2014-72xx/CVE-2014-7210.json b/CVE-2014/CVE-2014-72xx/CVE-2014-7210.json index eebd1773ef2..277b87a8e86 100644 --- a/CVE-2014/CVE-2014-72xx/CVE-2014-7210.json +++ b/CVE-2014/CVE-2014-72xx/CVE-2014-7210.json @@ -2,16 +2,55 @@ "id": "CVE-2014-7210", "sourceIdentifier": "security@debian.org", "published": "2025-06-26T21:15:27.757", - "lastModified": "2025-06-26T21:15:27.757", + "lastModified": "2025-06-27T19:15:30.443", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends\nare not affected." + }, + { + "lang": "es", + "value": "El paquete espec\u00edfico de pdns, tal como se incluye en Debian en versiones anteriores a la 3.3.1-1, crea un usuario MySQL con demasiados privilegios. Se descubri\u00f3 que los scripts de mantenimiento de pdns-backend-mysql otorgan permisos de base de datos demasiado amplios al usuario pdns. Los dem\u00e1s backends no se ven afectados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2016/05/msg00046.html", diff --git a/CVE-2015/CVE-2015-08xx/CVE-2015-0842.json b/CVE-2015/CVE-2015-08xx/CVE-2015-0842.json index fb5d1df5a8b..40e420111e4 100644 --- a/CVE-2015/CVE-2015-08xx/CVE-2015-0842.json +++ b/CVE-2015/CVE-2015-08xx/CVE-2015-0842.json @@ -2,16 +2,55 @@ "id": "CVE-2015-0842", "sourceIdentifier": "security@debian.org", "published": "2025-06-26T22:15:24.503", - "lastModified": "2025-06-26T22:15:24.503", + "lastModified": "2025-06-27T19:15:30.677", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass." + }, + { + "lang": "es", + "value": "yubiserver anterior a 0.6 es propenso a problemas de inyecci\u00f3n de SQL, lo que puede llevar a una omisi\u00f3n de autenticaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.include.gr/debian/yubiserver/#changelog", diff --git a/CVE-2015/CVE-2015-08xx/CVE-2015-0843.json b/CVE-2015/CVE-2015-08xx/CVE-2015-0843.json index e98d60da20e..5507f35a94b 100644 --- a/CVE-2015/CVE-2015-08xx/CVE-2015-0843.json +++ b/CVE-2015/CVE-2015-08xx/CVE-2015-0843.json @@ -2,16 +2,55 @@ "id": "CVE-2015-0843", "sourceIdentifier": "security@debian.org", "published": "2025-06-26T22:15:24.613", - "lastModified": "2025-06-26T22:15:24.613", + "lastModified": "2025-06-27T19:15:30.873", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "yubiserver before 0.6 is to buffer overflows due to misuse of sprintf." + "value": "yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf." + }, + { + "lang": "es", + "value": "yubiserver anterior a 0.6 es propenso a desbordamientos de b\u00fafer debido al mal uso de sprintf." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.include.gr/debian/yubiserver/#changelog", diff --git a/CVE-2015/CVE-2015-201xx/CVE-2015-20112.json b/CVE-2015/CVE-2015-201xx/CVE-2015-20112.json new file mode 100644 index 00000000000..98740ff9bc6 --- /dev/null +++ b/CVE-2015/CVE-2015-201xx/CVE-2015-20112.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2015-20112", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-29T21:15:22.210", + "lastModified": "2025-06-29T21:15:22.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 3.4, + "baseSeverity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-325" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ethereum/devp2p/issues/32", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ethereum/go-ethereum/issues/1315", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/hyperledger/besu/issues/7926", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-106xx/CVE-2018-10631.json b/CVE-2018/CVE-2018-106xx/CVE-2018-10631.json index 5bcecaae862..03400172879 100644 --- a/CVE-2018/CVE-2018-106xx/CVE-2018-10631.json +++ b/CVE-2018/CVE-2018-106xx/CVE-2018-10631.json @@ -2,13 +2,13 @@ "id": "CVE-2018-10631", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2018-07-13T19:29:00.213", - "lastModified": "2025-05-22T18:15:22.580", + "lastModified": "2025-06-27T17:15:30.353", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer and 8870 N'Vision removable application card does not encrypt PII and PHI while at rest." + "value": "The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer." }, { "lang": "es", @@ -22,20 +22,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE" + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, - "exploitabilityScore": 0.9, - "impactScore": 3.6 + "exploitabilityScore": 0.4, + "impactScore": 5.9 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -113,7 +113,7 @@ "description": [ { "lang": "en", - "value": "CWE-311" + "value": "CWE-693" } ] }, diff --git a/CVE-2018/CVE-2018-209xx/CVE-2018-20977.json b/CVE-2018/CVE-2018-209xx/CVE-2018-20977.json index fd8169abf16..cf4f3943907 100644 --- a/CVE-2018/CVE-2018-209xx/CVE-2018-20977.json +++ b/CVE-2018/CVE-2018-209xx/CVE-2018-20977.json @@ -2,8 +2,8 @@ "id": "CVE-2018-20977", "sourceIdentifier": "cve@mitre.org", "published": "2019-08-21T19:15:12.950", - "lastModified": "2024-11-21T04:02:36.600", - "vulnStatus": "Modified", + "lastModified": "2025-06-27T16:28:06.207", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,13 +16,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", @@ -85,9 +85,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:-:wordpress:*:*", "versionEndExcluding": "1.5.0", - "matchCriteriaId": "7325B485-65C2-489C-B9CB-96E8280FA5F4" + "matchCriteriaId": "3C70E603-B63F-4428-B651-C8CC8D4087BF" } ] } diff --git a/CVE-2018/CVE-2018-88xx/CVE-2018-8849.json b/CVE-2018/CVE-2018-88xx/CVE-2018-8849.json index e7046fffb62..2d504f362ba 100644 --- a/CVE-2018/CVE-2018-88xx/CVE-2018-8849.json +++ b/CVE-2018/CVE-2018-88xx/CVE-2018-8849.json @@ -2,13 +2,13 @@ "id": "CVE-2018-8849", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2018-05-18T13:29:00.427", - "lastModified": "2024-11-21T04:14:26.837", + "lastModified": "2025-06-27T17:15:32.103", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest." + "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest." }, { "lang": "es", @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "nvd@nist.gov", @@ -159,12 +181,12 @@ ] }, { - "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", - "source": "ics-cert@hq.dhs.gov", - "tags": [ - "Third Party Advisory", - "US Government Resource" - ] + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.medtronic.com/security", + "source": "ics-cert@hq.dhs.gov" }, { "url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf", diff --git a/CVE-2021/CVE-2021-231xx/CVE-2021-23159.json b/CVE-2021/CVE-2021-231xx/CVE-2021-23159.json index c61df091496..20e375dc79a 100644 --- a/CVE-2021/CVE-2021-231xx/CVE-2021-23159.json +++ b/CVE-2021/CVE-2021-231xx/CVE-2021-23159.json @@ -2,7 +2,7 @@ "id": "CVE-2021-23159", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-25T20:15:08.923", - "lastModified": "2024-11-21T05:51:18.177", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -70,8 +70,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", - "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2-7:*:*:*:*:*:*:*", + "matchCriteriaId": "5F508BA4-3586-4735-82CB-F5C1B81EB83B" } ] } diff --git a/CVE-2021/CVE-2021-231xx/CVE-2021-23172.json b/CVE-2021/CVE-2021-231xx/CVE-2021-23172.json index 367b6431b7c..e73adaeb88c 100644 --- a/CVE-2021/CVE-2021-231xx/CVE-2021-23172.json +++ b/CVE-2021/CVE-2021-231xx/CVE-2021-23172.json @@ -2,7 +2,7 @@ "id": "CVE-2021-23172", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-25T20:15:08.977", - "lastModified": "2024-11-21T05:51:19.270", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -70,8 +70,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", - "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2-7:*:*:*:*:*:*:*", + "matchCriteriaId": "5F508BA4-3586-4735-82CB-F5C1B81EB83B" } ] } diff --git a/CVE-2021/CVE-2021-232xx/CVE-2021-23210.json b/CVE-2021/CVE-2021-232xx/CVE-2021-23210.json index 996eb14ce95..7dcfb2fd260 100644 --- a/CVE-2021/CVE-2021-232xx/CVE-2021-23210.json +++ b/CVE-2021/CVE-2021-232xx/CVE-2021-23210.json @@ -2,7 +2,7 @@ "id": "CVE-2021-23210", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-25T20:15:09.027", - "lastModified": "2024-11-21T05:51:22.910", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -70,8 +70,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", - "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2-7:*:*:*:*:*:*:*", + "matchCriteriaId": "5F508BA4-3586-4735-82CB-F5C1B81EB83B" } ] } diff --git a/CVE-2021/CVE-2021-277xx/CVE-2021-27704.json b/CVE-2021/CVE-2021-277xx/CVE-2021-27704.json index 23f10fa1f41..99be6920490 100644 --- a/CVE-2021/CVE-2021-277xx/CVE-2021-27704.json +++ b/CVE-2021/CVE-2021-277xx/CVE-2021-27704.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27704", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-12T23:15:03.993", - "lastModified": "2024-11-26T18:15:17.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:46:39.343", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:appspace:appspace:6.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "6AD7EBEE-1FA6-4C7D-ACE7-B3D7D62373EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2021-27704", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-338xx/CVE-2021-33844.json b/CVE-2021/CVE-2021-338xx/CVE-2021-33844.json index d8a51f49c84..d2023f9f371 100644 --- a/CVE-2021/CVE-2021-338xx/CVE-2021-33844.json +++ b/CVE-2021/CVE-2021-338xx/CVE-2021-33844.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33844", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-25T20:15:09.087", - "lastModified": "2024-11-21T06:09:40.883", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -70,8 +70,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", - "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2-7:*:*:*:*:*:*:*", + "matchCriteriaId": "5F508BA4-3586-4735-82CB-F5C1B81EB83B" } ] } diff --git a/CVE-2021/CVE-2021-36xx/CVE-2021-3643.json b/CVE-2021/CVE-2021-36xx/CVE-2021-3643.json index 9a7227cb088..f0d08438ac0 100644 --- a/CVE-2021/CVE-2021-36xx/CVE-2021-3643.json +++ b/CVE-2021/CVE-2021-36xx/CVE-2021-3643.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3643", "sourceIdentifier": "secalert@redhat.com", "published": "2022-05-02T19:15:08.290", - "lastModified": "2024-11-21T06:22:03.630", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -95,8 +95,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "99268ADD-BECC-4183-8415-8B9DAACF63B5" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "11191C3F-FC60-414B-973F-EA5F548AEE2E" } ] } diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3077.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3077.json index 57f67f6a89c..9e9ae823a48 100644 --- a/CVE-2022/CVE-2022-30xx/CVE-2022-3077.json +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3077.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3077", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-09T15:15:14.950", - "lastModified": "2024-11-21T07:18:46.540", - "vulnStatus": "Modified", + "lastModified": "2025-06-27T17:40:17.870", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -71,8 +71,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", "versionEndExcluding": "5.19", - "matchCriteriaId": "E74E9AF8-BDF5-4917-A9CA-0AAD8E13149B" + "matchCriteriaId": "DD9A39A6-6336-4B60-807F-3538AD8D4498" } ] } diff --git a/CVE-2022/CVE-2022-316xx/CVE-2022-31650.json b/CVE-2022/CVE-2022-316xx/CVE-2022-31650.json index 8dfd90cec63..db1ee60c966 100644 --- a/CVE-2022/CVE-2022-316xx/CVE-2022-31650.json +++ b/CVE-2022/CVE-2022-316xx/CVE-2022-31650.json @@ -2,7 +2,7 @@ "id": "CVE-2022-31650", "sourceIdentifier": "cve@mitre.org", "published": "2022-05-25T23:15:07.787", - "lastModified": "2024-11-21T07:05:02.840", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -85,8 +85,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2:*:*:*:*:*:*:*", - "matchCriteriaId": "AF0DA8B6-2889-4511-A869-D113C8610D41" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C99FA8E2-5333-47D1-AC0D-5C3FF7DF8D75" } ] } diff --git a/CVE-2022/CVE-2022-316xx/CVE-2022-31651.json b/CVE-2022/CVE-2022-316xx/CVE-2022-31651.json index 4e373c19e85..57833f14c33 100644 --- a/CVE-2022/CVE-2022-316xx/CVE-2022-31651.json +++ b/CVE-2022/CVE-2022-316xx/CVE-2022-31651.json @@ -2,7 +2,7 @@ "id": "CVE-2022-31651", "sourceIdentifier": "cve@mitre.org", "published": "2022-05-25T23:15:07.833", - "lastModified": "2024-11-21T07:05:03.040", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -85,8 +85,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.2:*:*:*:*:*:*:*", - "matchCriteriaId": "AF0DA8B6-2889-4511-A869-D113C8610D41" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C99FA8E2-5333-47D1-AC0D-5C3FF7DF8D75" } ] } diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36263.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36263.json index 54382df9f78..6a4546a6678 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36263.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36263.json @@ -2,7 +2,7 @@ "id": "CVE-2022-36263", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-19T15:15:08.463", - "lastModified": "2024-11-21T07:12:40.903", + "lastModified": "2025-06-27T14:15:30.240", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -49,6 +49,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-488xx/CVE-2022-48828.json b/CVE-2022/CVE-2022-488xx/CVE-2022-48828.json index 2180042f9a4..38b690f0965 100644 --- a/CVE-2022/CVE-2022-488xx/CVE-2022-48828.json +++ b/CVE-2022/CVE-2022-488xx/CVE-2022-48828.json @@ -2,7 +2,7 @@ "id": "CVE-2022-48828", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-16T12:15:06.477", - "lastModified": "2024-11-21T07:34:09.883", + "lastModified": "2025-06-27T11:15:22.540", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -25,6 +25,10 @@ "url": "https://git.kernel.org/stable/c/8e0ecaf7a7e57b30284d6b3289cc436100fadc48", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/d2211e6e34d0755f35e2f8c22d81999fa81cfc71", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/da22ca1ad548429d7822011c54cfe210718e0aa7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2022/CVE-2022-488xx/CVE-2022-48829.json b/CVE-2022/CVE-2022-488xx/CVE-2022-48829.json index e5d2bc84853..8afea942a62 100644 --- a/CVE-2022/CVE-2022-488xx/CVE-2022-48829.json +++ b/CVE-2022/CVE-2022-488xx/CVE-2022-48829.json @@ -2,7 +2,7 @@ "id": "CVE-2022-48829", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-16T12:15:06.550", - "lastModified": "2024-11-21T07:34:09.993", + "lastModified": "2025-06-27T11:15:23.453", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -21,6 +21,10 @@ "url": "https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/72c14aed6838b5d90b4dd926b6a339b34bb02e08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0917.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0917.json index c37cac5761f..1eb0f9e5b81 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0917.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0917.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0917", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-19T09:15:11.197", - "lastModified": "2024-11-21T07:38:05.767", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -101,8 +101,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20594.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20594.json index 93f403bc106..11affa4a28e 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20594.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20594.json @@ -2,13 +2,13 @@ "id": "CVE-2023-20594", "sourceIdentifier": "psirt@amd.com", "published": "2023-09-20T18:15:12.187", - "lastModified": "2024-11-21T07:41:11.453", + "lastModified": "2025-06-27T22:15:23.257", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access." }, { "lang": "es", @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "psirt@amd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + }, { "source": "nvd@nist.gov", "type": "Primary", diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20597.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20597.json index ad107d8b0c8..16b0be386c3 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20597.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20597.json @@ -2,13 +2,13 @@ "id": "CVE-2023-20597", "sourceIdentifier": "psirt@amd.com", "published": "2023-09-20T18:15:12.257", - "lastModified": "2024-11-21T07:41:11.923", + "lastModified": "2025-06-27T22:15:25.093", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "\n\n\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access." }, { "lang": "es", @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "psirt@amd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + }, { "source": "nvd@nist.gov", "type": "Primary", diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24364.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24364.json index e6a6b538937..f00eae39cb0 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24364.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24364.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24364", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.087", - "lastModified": "2025-03-10T18:15:26.323", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24651.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24651.json index 7235b889566..d21b84f2345 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24651.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24651.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24651", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.150", - "lastModified": "2025-03-10T18:15:26.633", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24652.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24652.json index bf764deba7e..88d01d30d28 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24652.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24652.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24652", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.210", - "lastModified": "2025-03-10T18:15:26.870", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24653.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24653.json index 9d144e914f8..06364e51478 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24653.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24653.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24653", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.273", - "lastModified": "2025-03-10T18:15:27.067", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24654.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24654.json index 12e923545e7..c23f806a49b 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24654.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24654.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24654", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.330", - "lastModified": "2025-03-10T18:15:27.313", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24655.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24655.json index 4734669bf00..9f8c0485f18 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24655.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24655.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24655", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-23T01:15:12.123", - "lastModified": "2024-11-21T07:48:17.093", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24656.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24656.json index 40af4b754fe..39ca95fd10a 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24656.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24656.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24656", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T16:15:13.390", - "lastModified": "2025-03-10T18:15:27.530", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24728.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24728.json index 639695575a2..3670f7828b7 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24728.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24728.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24728", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.623", - "lastModified": "2024-11-21T07:48:20.197", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24729.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24729.json index f08bd6c0a59..1f2fc6b5b87 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24729.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24729.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24729", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.673", - "lastModified": "2024-11-21T07:48:20.353", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24730.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24730.json index f36ae7c38b0..2429f4c9f48 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24730.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24730.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24730", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.727", - "lastModified": "2024-11-21T07:48:20.500", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24731.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24731.json index e6d9b5bab3d..e7e0debf478 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24731.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24731.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24731", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.783", - "lastModified": "2024-11-21T07:48:20.640", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24732.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24732.json index 580b28846a4..422cd55900e 100644 --- a/CVE-2023/CVE-2023-247xx/CVE-2023-24732.json +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24732.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24732", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T14:15:11.833", - "lastModified": "2024-11-21T07:48:20.780", + "lastModified": "2025-06-27T19:05:16.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -56,8 +56,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:simple_customer_relationship_management_system_project:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "007FF3DB-5904-4BE6-BD0A-90D93F4CFCAF" + "criteria": "cpe:2.3:a:oretnom23:simple_customer_relationship_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1110BA8-AEB2-410C-983F-6EFEBECC8C81" } ] } diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25058.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25058.json index 6ec3e61d433..1a723416cf2 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25058.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25058", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T15:15:11.393", - "lastModified": "2024-11-21T07:49:01.580", - "vulnStatus": "Modified", + "lastModified": "2025-06-27T16:27:57.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -76,9 +76,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:-:wordpress:*:*", "versionEndExcluding": "1.6.6", - "matchCriteriaId": "B9129741-E978-4693-86C7-6EA6E5FDF9D2" + "matchCriteriaId": "23CC0FB5-1874-41B9-8058-C2B75EA2A45D" } ] } diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25998.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25998.json new file mode 100644 index 00000000000..e35544af26f --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25998.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-25998", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:26.157", + "lastModified": "2025-06-27T12:15:26.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n/a through 2.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Samex - Clean, Minimal Shop WooCommerce WordPress Theme: desde n/d hasta la versi\u00f3n 2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/samex/vulnerability/wordpress-samex-clean-minimal-shop-woocommerce-wordpress-theme-2-6-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26590.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26590.json index 1ba6de6d4e2..1d8bf1581d9 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26590.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26590.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26590", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-10T18:15:10.707", - "lastModified": "2024-11-21T07:51:48.917", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.3:*:*:*:*:*:*:*", - "matchCriteriaId": "14A53C19-2DA3-49D1-8114-3DB90ACE3263" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A0B9CCB6-B58A-46C2-A819-D579A224211B" } ] } diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28902.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28902.json new file mode 100644 index 00000000000..5ca059aa69f --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28902.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28902", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:21.160", + "lastModified": "2025-06-28T16:15:21.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28903.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28903.json new file mode 100644 index 00000000000..574373dff86 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28903.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28903", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.087", + "lastModified": "2025-06-28T16:15:22.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28904.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28904.json new file mode 100644 index 00000000000..cee61e0dacc --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28904.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28904", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.250", + "lastModified": "2025-06-28T16:15:22.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28905.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28905.json new file mode 100644 index 00000000000..fe1c9d71444 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28905.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28905", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.410", + "lastModified": "2025-06-28T16:15:22.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28906.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28906.json new file mode 100644 index 00000000000..24a681b9ad0 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28906.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28906", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.573", + "lastModified": "2025-06-28T16:15:22.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28907.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28907.json new file mode 100644 index 00000000000..38439f918e5 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28907.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28907", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.740", + "lastModified": "2025-06-28T16:15:22.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28908.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28908.json new file mode 100644 index 00000000000..5adf7f619ee --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28908.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28908", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:22.910", + "lastModified": "2025-06-28T16:15:22.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28909.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28909.json new file mode 100644 index 00000000000..6c9074000b0 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28909.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28909", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:23.080", + "lastModified": "2025-06-28T16:15:23.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28910.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28910.json new file mode 100644 index 00000000000..d87571b9ddf --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28910.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28910", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:23.253", + "lastModified": "2025-06-28T16:15:23.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28911.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28911.json new file mode 100644 index 00000000000..18a7ca8b30b --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28911.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28911", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:23.423", + "lastModified": "2025-06-28T16:15:23.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28912.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28912.json new file mode 100644 index 00000000000..401bc7080d6 --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28912.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-28912", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:23.583", + "lastModified": "2025-06-28T16:15:23.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29113.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29113.json new file mode 100644 index 00000000000..9facd255d31 --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29113.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-29113", + "sourceIdentifier": "cve@asrg.io", + "published": "2025-06-28T16:15:23.750", + "lastModified": "2025-06-28T16:15:23.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.0, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", + "source": "cve@asrg.io" + }, + { + "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", + "source": "cve@asrg.io" + }, + { + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32627.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32627.json index ffc40fcaad4..26bdcc652ad 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32627.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32627.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32627", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-10T18:15:10.767", - "lastModified": "2024-11-21T08:03:43.923", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.3:*:*:*:*:*:*:*", - "matchCriteriaId": "14A53C19-2DA3-49D1-8114-3DB90ACE3263" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A0B9CCB6-B58A-46C2-A819-D579A224211B" } ] } diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34318.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34318.json index 1f82080c68b..85ce164c2e2 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34318.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34318.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34318", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-10T18:15:10.833", - "lastModified": "2024-11-21T08:07:00.080", + "lastModified": "2025-06-27T18:51:27.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,8 +86,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:sox_project:sox:14.4.3:*:*:*:*:*:*:*", - "matchCriteriaId": "14A53C19-2DA3-49D1-8114-3DB90ACE3263" + "criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A0B9CCB6-B58A-46C2-A819-D579A224211B" } ] } diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34397.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34397.json index ed8535aa6c4..3a6f817f268 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34397.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34397.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34397", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T22:15:10.470", - "lastModified": "2025-03-24T17:15:15.300", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:13:01.813", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34398.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34398.json index 313c29c1a97..65e4ecf92c8 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34398.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34398.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34398", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T22:15:10.603", - "lastModified": "2025-03-18T18:15:26.457", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:59.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34399.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34399.json index dc06659ee61..62f8a3892aa 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34399.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34399.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34399", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T22:15:10.730", - "lastModified": "2025-03-24T17:15:15.497", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:56.393", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34400.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34400.json index 7fc0ed9870f..f4bd8677add 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34400.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34400.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34400", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T22:15:10.847", - "lastModified": "2025-03-18T20:15:19.913", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:53.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34401.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34401.json index 1eb67635575..f32bd3d9c28 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34401.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34401.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34401", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:08.867", - "lastModified": "2025-03-18T16:15:19.893", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:44.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34402.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34402.json index 08262051a4b..b10f880bcb8 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34402.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34402.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34402", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:09.337", - "lastModified": "2025-03-14T18:15:26.363", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:42.030", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34403.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34403.json index 478dda80eab..69057bdc7c5 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34403.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34403.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34403", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:09.440", - "lastModified": "2025-03-18T17:15:42.447", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:39.147", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34404.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34404.json index 439a7bc433c..88d72d62cbe 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34404.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34404.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34404", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:09.553", - "lastModified": "2025-03-17T19:15:20.573", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:36.397", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "42670EBA-2A3A-4AFD-AFA9-8D16EB0DAAC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34406.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34406.json index 69ef9b2b486..116744b31f1 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34406.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34406.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34406", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:09.633", - "lastModified": "2025-03-17T19:15:20.787", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:33.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36682.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36682.json index daadda78a04..954be66013f 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36682.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36682.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36682", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T14:15:09.583", - "lastModified": "2024-11-21T08:10:21.083", - "vulnStatus": "Modified", + "lastModified": "2025-06-27T15:56:42.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:brainstormforce:schema_pro:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding": "2.7.8", - "matchCriteriaId": "D8D591C1-AA44-4E58-A105-3478E97FA43D" + "matchCriteriaId": "7723F131-C8E2-4B58-AE01-3452E0B16EF9" } ] } diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38007.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38007.json new file mode 100644 index 00000000000..2b5a37743c0 --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38007.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-38007", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-27T15:15:24.623", + "lastModified": "2025-06-27T15:15:24.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 en Power y 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 en sistemas operativos Intel es vulnerable a la inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web que lo aloja." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7237162", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json index 2067a960271..5cbcda95146 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40670", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-13T15:15:22.127", - "lastModified": "2024-12-13T15:15:22.127", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T18:08:45.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:reviewx:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.18", + "matchCriteriaId": "EF009016-B39B-4281-B31D-DA781C1B5C52" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/reviewx/vulnerability/wordpress-reviewx-plugin-1-6-17-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10215.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10215.json index 2adb1076888..ad822fe5347 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10215.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10215.json @@ -2,7 +2,7 @@ "id": "CVE-2024-10215", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-09T20:15:34.410", - "lastModified": "2025-06-05T14:50:10.413", + "lastModified": "2025-06-27T17:37:52.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -60,9 +60,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding": "1.6.6", - "matchCriteriaId": "0869C504-573F-45C9-96FE-49D60D9E7BED" + "matchCriteriaId": "A2775321-E917-4190-AAF5-99D489B1E54D" } ] } diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10718.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10718.json index 96c279abb9f..a2947a86ee4 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10718.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10718.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10718", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:18.650", - "lastModified": "2025-03-20T10:15:18.650", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:29:49.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -49,16 +71,51 @@ "value": "CWE-614" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.0", + "matchCriteriaId": "896B6AA4-8068-41F4-ACD4-92893E5BB0AD" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/phpipam/phpipam/commit/ddf70ef6801442eb8b0be5eea829e470e653c70e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/725bce8f-328f-4fbc-acf5-46ea920cd3c1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10971.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10971.json index 45332916867..106ce37bb21 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10971.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10971.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10971", "sourceIdentifier": "security@devolutions.net", "published": "2024-11-12T16:15:19.930", - "lastModified": "2024-11-21T08:49:10.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:47:48.057", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.3.7.0", + "matchCriteriaId": "4C28C033-192A-442A-858D-FCB64949E8F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0015/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11628.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11628.json index 788c3dffbeb..e47ef226b39 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11628.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11628.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11628", "sourceIdentifier": "security@progress.com", "published": "2025-02-12T17:15:22.067", - "lastModified": "2025-02-21T12:08:11.927", + "lastModified": "2025-06-27T19:18:38.750", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -80,10 +80,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:telerik:kendo_ui_for_vue:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:progress:kendo_ui_for_vue:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "6.1.0", - "matchCriteriaId": "1F3119A5-2160-46C0-804B-56269A1D204D" + "matchCriteriaId": "CE56334D-DFF3-4969-87F3-276E91DF5A70" } ] } diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11739.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11739.json new file mode 100644 index 00000000000..4be3668432b --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11739.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11739", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-06-27T16:15:23.703", + "lastModified": "2025-06-27T16:15:23.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Case Informatics Case ERP permite la inyecci\u00f3n SQL. Este problema afecta a Case ERP: antes de V2.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0139", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12136.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12136.json index 0acd2ab222f..dd5b5cbc442 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12136.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12136.json @@ -2,13 +2,13 @@ "id": "CVE-2024-12136", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-03-19T09:15:12.710", - "lastModified": "2025-05-12T16:56:35.197", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-27T12:15:27.970", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025.\n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available." + "value": "Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: before V.01.01." }, { "lang": "es", @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12137.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12137.json index 13ae5231b8d..32d44e8fbe2 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12137.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12137.json @@ -2,13 +2,13 @@ "id": "CVE-2024-12137", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-03-19T09:15:14.090", - "lastModified": "2025-03-19T09:15:14.090", + "lastModified": "2025-06-27T12:15:28.977", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025.\n\n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available." + "value": "Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01." }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12143.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12143.json new file mode 100644 index 00000000000..3538789781b --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12143.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12143", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-06-27T17:15:32.400", + "lastModified": "2025-06-27T17:15:32.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects .\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB permite la inyecci\u00f3n SQL. Este problema afecta a . NOTA: El proveedor no inform\u00f3 sobre la finalizaci\u00f3n del proceso de correcci\u00f3n dentro del plazo especificado. El CVE se actualizar\u00e1 cuando haya nueva informaci\u00f3n disponible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0142", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12150.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12150.json new file mode 100644 index 00000000000..05059d5404a --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12150.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12150", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-06-27T17:15:32.610", + "lastModified": "2025-06-27T17:15:32.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects .\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Eron Software Wowwo CRM permite la inyecci\u00f3n SQL ciega. Este problema afecta . NOTA: El proveedor no inform\u00f3 sobre la finalizaci\u00f3n del proceso de correcci\u00f3n dentro del plazo especificado. El CVE se actualizar\u00e1 cuando haya nueva informaci\u00f3n disponible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0141", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12364.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12364.json new file mode 100644 index 00000000000..1906a7fb68b --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12364.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12364", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-06-27T17:15:32.813", + "lastModified": "2025-06-27T17:15:32.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Ye\u015fil Software Guest Tracking Software allows SQL Injection.This issue affects .\u00a0\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Mavi Ye?il Software Guest Tracking Software permite la inyecci\u00f3n SQL. Este problema afecta a . NOTA: El proveedor no inform\u00f3 sobre la finalizaci\u00f3n del proceso de correcci\u00f3n dentro del plazo especificado. El CVE se actualizar\u00e1 cuando haya nueva informaci\u00f3n disponible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0140", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12629.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12629.json index 90c04ede8a4..2a52c1b7621 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12629.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12629.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12629", "sourceIdentifier": "security@progress.com", "published": "2025-02-12T16:15:39.810", - "lastModified": "2025-02-20T20:40:12.200", + "lastModified": "2025-06-27T17:24:34.500", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -80,10 +80,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:telerik:kendoreact:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:progress:kendoreact:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "9.4.0", - "matchCriteriaId": "E7E699ED-8526-4D26-B579-CFC0DCDDC588" + "matchCriteriaId": "E6F6DD27-124D-46F1-BBD8-D46ED9007020" } ] } diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12827.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12827.json new file mode 100644 index 00000000000..08a0ecef8e1 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12827.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12827", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T09:15:24.300", + "lastModified": "2025-06-27T09:15:24.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account." + }, + { + "lang": "es", + "value": "El tema DWT - Directory & Listing WordPress Theme para WordPress es vulnerable a la escalada de privilegios mediante el robo de cuentas en todas las versiones hasta la 3.3.6 incluida. Esto se debe a que el complemento no comprueba correctamente si el valor del token est\u00e1 vac\u00edo antes de restablecer la contrase\u00f1a de un usuario mediante la funci\u00f3n dwt_listing_reset_password(). Esto permite que atacantes no autenticados cambien las contrase\u00f1as de usuarios arbitrarios, incluyendo las de administradores, y aprovechen esta situaci\u00f3n para acceder a sus cuentas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-620" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/dwt-listing-directory-listing-wordpress-theme/21976132", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51fc7d47-2a0f-4713-9859-120321aa32dc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1316.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1316.json index 0a386bc827d..6bc82eeb5bf 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1316.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1316.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1316", "sourceIdentifier": "contact@wpscan.com", "published": "2024-03-04T21:15:07.007", - "lastModified": "2024-11-21T08:50:19.090", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:13:27.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liquidweb:event_tickets:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "5.8.1", + "matchCriteriaId": "38606711-F38F-4EDD-933A-6E56180236EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liquidweb:event_tickets:*:*:*:*:plus:wordpress:*:*", + "versionEndExcluding": "5.9.1", + "matchCriteriaId": "4DF28AAA-1A23-4675-9FC1-01B6E1CAC2C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1564.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1564.json index 3d53ceba41c..b514bf42678 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1564.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1564.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1564", "sourceIdentifier": "contact@wpscan.com", "published": "2024-03-25T05:15:50.557", - "lastModified": "2024-11-21T08:50:50.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:31:56.910", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:schema:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "2.7.16", + "matchCriteriaId": "DAA6F9FA-7B6D-4DAC-A824-5AD91AA086FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22269.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22269.json index 094ace486e2..a43921ac0a4 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22269.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22269.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22269", "sourceIdentifier": "security@vmware.com", "published": "2024-05-14T16:16:10.117", - "lastModified": "2024-11-21T08:55:55.890", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:34:58.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 } ] }, @@ -51,14 +71,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "AND", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0.0", + "versionEndExcluding": "17.5.2", + "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.5.2", + "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22270.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22270.json index 2a235b172a7..2a204cf998e 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22270.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22270.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22270", "sourceIdentifier": "security@vmware.com", "published": "2024-05-14T16:16:12.613", - "lastModified": "2024-11-21T08:55:56.013", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:36:04.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 } ] }, @@ -51,14 +71,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "AND", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0.0", + "versionEndExcluding": "17.5.2", + "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.5.2", + "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22274.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22274.json index 3c2e5949edc..2161880ce42 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22274.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22274.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22274", "sourceIdentifier": "security@vmware.com", "published": "2024-05-21T18:15:09.190", - "lastModified": "2024-11-21T08:55:56.530", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:37:52.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,249 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "5.1.1", + "matchCriteriaId": "FA6C5CFA-E78F-46EA-B8E0-8AE2A29C9586" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*", + "matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*", + "matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*", + "matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22275.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22275.json index 600ca389933..10284c520de 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22275.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22275.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22275", "sourceIdentifier": "security@vmware.com", "published": "2024-05-21T18:15:09.383", - "lastModified": "2025-03-27T20:15:21.773", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:38:06.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,249 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "5.1.1", + "matchCriteriaId": "FA6C5CFA-E78F-46EA-B8E0-8AE2A29C9586" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*", + "matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*", + "matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*", + "matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22724.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22724.json index c1a89c23a5e..cc3829257d4 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22724.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22724.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22724", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-21T04:15:09.327", - "lastModified": "2024-11-21T08:56:35.627", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:21:43.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D289144B-230C-46DA-B11D-9A1D3A1DFCE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/osCommerce/osCommerce-V4/issues/62", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/osCommerce/osCommerce-V4/issues/62", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2241.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2241.json index e6157290017..c8d4b6d9ed1 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2241.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2241.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2241", "sourceIdentifier": "security@devolutions.net", "published": "2024-03-07T13:15:07.533", - "lastModified": "2024-11-21T09:09:19.940", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:18:30.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:workspace:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2024.1.1.0", + "matchCriteriaId": "96F7DDAD-CAB1-4F23-A204-8883747935D9" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0003", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://devolutions.net/security/advisories/DEVO-2024-0003", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23944.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23944.json index a9f4594bd81..8dcd07981df 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23944.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23944.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23944", "sourceIdentifier": "security@apache.org", "published": "2024-03-15T11:15:08.927", - "lastModified": "2025-02-13T18:17:05.470", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:13:01.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,24 +49,81 @@ "value": "CWE-200" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndIncluding": "3.7.2", + "matchCriteriaId": "8C9296E5-2E56-4FC3-9E6B-0A10250B4968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.4", + "matchCriteriaId": "67E0AF01-D875-4EF5-A015-66E3AA933CE7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.9.2", + "matchCriteriaId": "501AC2EB-2C3E-4388-B8AA-403535133FAC" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/03/14/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/14/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24401.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24401.json index 42e928c1862..be2a5e8355c 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24401.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24401.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24401", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-26T17:15:10.393", - "lastModified": "2024-11-21T08:59:14.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:23:42.450", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:*", + "matchCriteriaId": "C1FE1A0B-78D1-4626-A4CD-21B843DA596E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nagios.com/changelog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.nagios.com/changelog/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24818.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24818.json index 194c24dae7a..eb68914a482 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24818.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24818.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24818", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T02:52:12.073", - "lastModified": "2024-11-21T08:59:46.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:35:32.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,24 +49,66 @@ "value": "CWE-610" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.2", + "matchCriteriaId": "4B720403-FE53-4C66-BA6A-BC535A68FA6B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24915.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24915.json new file mode 100644 index 00000000000..19c0c2595a7 --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24915.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-24915", + "sourceIdentifier": "cve@checkpoint.com", + "published": "2025-06-29T12:15:22.803", + "lastModified": "2025-06-29T12:15:22.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@checkpoint.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@checkpoint.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-316" + } + ] + } + ], + "references": [ + { + "url": "https://support.checkpoint.com/results/sk/sk183545", + "source": "cve@checkpoint.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27297.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27297.json index f57b1e32398..ca793aae5af 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27297.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27297.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27297", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-11T22:15:55.277", - "lastModified": "2025-02-26T18:44:04.867", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-27T13:15:23.240", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -156,6 +156,10 @@ "Vendor Advisory" ] }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://hackmd.io/03UGerewRcy3db44JQoWvw", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2024/CVE-2024-274xx/CVE-2024-27439.json b/CVE-2024/CVE-2024-274xx/CVE-2024-27439.json index dc803c1ef86..55106fd9824 100644 --- a/CVE-2024/CVE-2024-274xx/CVE-2024-27439.json +++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27439.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27439", "sourceIdentifier": "security@apache.org", "published": "2024-03-19T11:15:06.537", - "lastModified": "2025-02-13T18:17:32.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:43:53.587", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,22 +55,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndExcluding": "9.17.0", + "matchCriteriaId": "26BA1B22-867F-4638-B682-97D916E23EF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:10.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "9365B852-58AE-46B0-8EA5-41AB42E3BC40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:10.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "AFEF17BD-48F1-4CAF-A195-45EE63001E12" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/03/19/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/19/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-274xx/CVE-2024-27497.json b/CVE-2024/CVE-2024-274xx/CVE-2024-27497.json index 2a7bfbc6adf..e77bfd26efb 100644 --- a/CVE-2024/CVE-2024-274xx/CVE-2024-27497.json +++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27497.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27497", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T15:15:08.580", - "lastModified": "2024-11-21T09:04:40.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:10:21.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linksys:e2000_firmware:1.0.06:*:*:*:*:*:*:*", + "matchCriteriaId": "FE947E51-AD41-462E-B0B6-69A21F7D670A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:linksys:e2000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8052B407-172A-4A6B-983C-074F0FD1F8DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28130.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28130.json index 261a4a25332..f0b16f08dec 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28130.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28130.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28130", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-04-23T15:15:49.390", - "lastModified": "2024-11-21T09:05:52.640", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:32:16.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:offis:dcmtk:3.6.8:*:*:*:*:*:*:*", + "matchCriteriaId": "B4A80B78-3210-466A-B051-3516CBDD6B84" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28640.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28640.json index 2b105c247ad..b461bfd709b 100644 --- a/CVE-2024/CVE-2024-286xx/CVE-2024-28640.json +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28640.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28640", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-16T06:15:14.613", - "lastModified": "2024-11-21T09:06:42.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:26:44.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,76 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*", + "matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28752.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28752.json index 2b2ad35863a..ca10c6e09fe 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28752.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28752.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28752", "sourceIdentifier": "security@apache.org", "published": "2024-03-15T11:15:09.220", - "lastModified": "2025-02-13T18:17:48.857", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:06:40.040", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,30 +61,100 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.8", + "matchCriteriaId": "6A08750E-6464-4EC2-A3D5-9846EEAA6EC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndExcluding": "3.6.3", + "matchCriteriaId": "3AFDD11C-B774-4252-83A6-5892D89477E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.4", + "matchCriteriaId": "92A087F8-A4A4-4028-9785-3D9D6B22C68F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/03/14/3", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240517-0001/", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/14/3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240517-0001/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-288xx/CVE-2024-28836.json b/CVE-2024/CVE-2024-288xx/CVE-2024-28836.json index c2bd2233e93..4e51783de3c 100644 --- a/CVE-2024/CVE-2024-288xx/CVE-2024-28836.json +++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28836.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28836", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T03:15:10.350", - "lastModified": "2024-11-21T09:07:02.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T17:46:46.613", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5.0", + "versionEndExcluding": "3.6.0", + "matchCriteriaId": "E6F3DA60-78C6-4563-8944-8BF3BE5934C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] }, { "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30166.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30166.json index d184e9747fe..f852412cafc 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30166.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30166.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30166", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-03T03:15:10.510", - "lastModified": "2024-11-21T09:11:21.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T17:46:25.570", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.3.0", + "versionEndExcluding": "3.6.0", + "matchCriteriaId": "4E4A5737-C789-47B2-8D9F-7A92639FDEC1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] }, { "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json index c8792e8334e..add6633113f 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3135", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-01T19:15:46.257", - "lastModified": "2024-11-21T09:28:58.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:58:15.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.17.0", + "matchCriteriaId": "F0DD3929-60FF-42EA-8255-D0057E2DF8BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3151.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3151.json index 09c5a5ed0df..639ab04a1fe 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3151.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3151.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3151", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-02T17:15:46.803", - "lastModified": "2024-11-21T09:29:00.680", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T18:29:55.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -76,38 +76,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bdtask:m-store:-:*:*:*:*:*:*:*", + "matchCriteriaId": "136C59BD-A0E8-4455-ACF2-D0E56060D18B" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1oTqULJy357Z4dk85vPR_yMFXRNhwZywX/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.258924", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.258924", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.303898", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://drive.google.com/file/d/1oTqULJy357Z4dk85vPR_yMFXRNhwZywX/view?usp=sharing", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.258924", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.258924", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.303898", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json index 41c3784e9df..76577a1b727 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3164", "sourceIdentifier": "security@dotcms.com", "published": "2024-04-01T22:15:22.507", - "lastModified": "2024-11-21T09:29:02.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:06:30.103", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,32 +49,128 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.02", + "versionEndExcluding": "22.03.15", + "matchCriteriaId": "B8156D65-B011-4B9A-BF2E-F7F3CCFA8BD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.01", + "versionEndExcluding": "23.01.15", + "matchCriteriaId": "4513A2EB-037F-4037-B4F7-44B8AECB407A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.02", + "versionEndIncluding": "23.09.7", + "matchCriteriaId": "E85B4224-34E8-47CD-8F08-8B129868AF1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*", + "matchCriteriaId": "33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*", + "matchCriteriaId": "342C11DD-7760-42AE-8670-4461ECB51E4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*", + "matchCriteriaId": "90B73A81-7202-4B0B-822B-4F2EE4480663" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*", + "matchCriteriaId": "0BFA7220-B846-451B-A7B2-C3DC87767575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*", + "matchCriteriaId": "258813CA-66A7-4DCA-883D-884FB88430DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*", + "matchCriteriaId": "E69C8B72-A38C-4D97-83BB-DCE392D3ABD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*", + "matchCriteriaId": "B5309F19-2D65-4E87-87FD-2A0294008FF5" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/dotCMS/core/issues/27909", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/dotCMS/core/pull/27912", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.dotcms.com/security/SI-69", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/dotCMS/core/issues/27909", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/dotCMS/core/pull/27912", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.dotcms.com/security/SI-69", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json index 9bc7d9458e5..60a2aa465c4 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3165", "sourceIdentifier": "security@dotcms.com", "published": "2024-04-01T22:15:23.080", - "lastModified": "2024-11-21T09:29:02.997", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:06:33.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,30 +51,116 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.02", + "versionEndExcluding": "22.03.15", + "matchCriteriaId": "B8156D65-B011-4B9A-BF2E-F7F3CCFA8BD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.01", + "versionEndExcluding": "23.01.15", + "matchCriteriaId": "4513A2EB-037F-4037-B4F7-44B8AECB407A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.02", + "versionEndIncluding": "23.09.7", + "matchCriteriaId": "E85B4224-34E8-47CD-8F08-8B129868AF1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*", + "matchCriteriaId": "33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*", + "matchCriteriaId": "342C11DD-7760-42AE-8670-4461ECB51E4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*", + "matchCriteriaId": "90B73A81-7202-4B0B-822B-4F2EE4480663" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*", + "matchCriteriaId": "0BFA7220-B846-451B-A7B2-C3DC87767575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*", + "matchCriteriaId": "258813CA-66A7-4DCA-883D-884FB88430DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*", + "matchCriteriaId": "E69C8B72-A38C-4D97-83BB-DCE392D3ABD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*", + "matchCriteriaId": "B5309F19-2D65-4E87-87FD-2A0294008FF5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dotCMS/core/issues/27910", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/dotCMS/core/pull/28006", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.dotcms.com/security/SI-70", - "source": "security@dotcms.com" + "source": "security@dotcms.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/dotCMS/core/issues/27910", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/dotCMS/core/pull/28006", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.dotcms.com/security/SI-70", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34050.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34050.json index 1df7d33db80..650450aa247 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34050.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34050.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34050", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-30T00:15:07.920", - "lastModified": "2024-11-21T09:17:59.180", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:31:17.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:onosproject:traffic_steering_xapplication:0.1.1:-:*:*:*:*:*:*", + "matchCriteriaId": "63EC5267-6354-41FD-8218-68A1291ED770" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/onosproject/rimedo-ts/issues/16", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/onosproject/rimedo-ts/issues/16", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json index de1eb30e5fb..efb70bf962e 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34732", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:30.790", - "lastModified": "2025-01-28T21:15:16.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:03:01.353", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json index d6e250c2260..e66746b8ff2 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34733", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:30.893", - "lastModified": "2025-01-28T21:15:16.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:02:20.730", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json index 634e11c27bd..dfc63062eb3 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34748", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:30.993", - "lastModified": "2025-01-28T21:15:16.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:01:38.090", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json index 386048208dd..819d6604316 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36050", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-18T22:15:07.460", - "lastModified": "2024-11-21T09:21:31.087", + "lastModified": "2025-06-27T12:15:29.660", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -44,6 +44,10 @@ "url": "https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345", "source": "cve@mitre.org" }, + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017/26", + "source": "cve@mitre.org" + }, { "url": "https://github.com/NixOS/nix/issues/969", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36307.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36307.json index dee734f557a..0d6c1baf2ce 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36307.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36307.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36307", "sourceIdentifier": "security@trendmicro.com", "published": "2024-06-10T22:15:11.043", - "lastModified": "2024-11-21T09:22:00.763", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:50:02.757", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.0, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -51,22 +71,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:saas:*:*", + "versionEndIncluding": "14.0.13139", + "matchCriteriaId": "5FAE93C1-56A7-4AEF-8311-A4ABDEC8DB83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:-:*:*:*", + "versionStartIncluding": "14.0", + "versionEndIncluding": "14.0.0.12980", + "matchCriteriaId": "FF72F996-ACFC-43AF-B04F-07E65C7B7AE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000298063", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-573/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://success.trendmicro.com/dcx/s/solution/000298063", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-573/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36347.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36347.json new file mode 100644 index 00000000000..2c75b1fbc05 --- /dev/null +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36347.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-36347", + "sourceIdentifier": "psirt@amd.com", + "published": "2025-06-27T23:15:26.037", + "lastModified": "2025-06-27T23:15:26.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment." + }, + { + "lang": "es", + "value": "La verificaci\u00f3n de firma incorrecta en AMD CPU ROM microcode patch loader puede permitir que un atacante con privilegios de administrador local cargue microc\u00f3digo malicioso, lo que podr\u00eda resultar en la p\u00e9rdida de integridad de la ejecuci\u00f3n de instrucciones x86, p\u00e9rdida de confidencialidad e integridad de los datos en el contexto privilegiado de la CPU x86 y compromiso del entorno de ejecuci\u00f3n de SMM." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@amd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@amd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36536.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36536.json index a34518fe706..64381c59bff 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36536.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36536.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36536", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T19:15:04.293", - "lastModified": "2024-11-21T09:22:21.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:30.923", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabedge:fabedge:0.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "35D5268F-8108-47A6-B33E-B5A6D79540F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36537.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36537.json index 2b8e53cb807..ae298e73886 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36537.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36537.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36537", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T19:15:04.373", - "lastModified": "2024-11-21T09:22:21.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:38.823", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cert-manager:cert-manager:1.14.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D4805427-7E22-4BC1-84D3-7CF1A370A2C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36538.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36538.json index a6fb8334be0..2c5217ee7be 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36538.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36538.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36538", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T19:15:04.487", - "lastModified": "2024-11-21T09:22:22.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:47.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chaos-mesh:chaos-mesh:2.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "49013F01-1322-4556-9727-F590773EF9AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/HouqiyuA/f06d1fa07b5287b862c1e0b288f301e5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/HouqiyuA/f06d1fa07b5287b862c1e0b288f301e5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36539.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36539.json index 3b8e191aed4..fa52d8d9a2d 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36539.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36539.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36539", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T17:15:10.767", - "lastModified": "2024-11-21T09:22:22.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:09.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectcontour:contour:1.28.3:*:*:*:*:kubernetes:*:*", + "matchCriteriaId": "C54D4304-74F4-40A3-A43A-AAE1FC456B61" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36540.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36540.json index e551d9d685a..e777176b17e 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36540.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36540.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36540", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T17:15:10.827", - "lastModified": "2025-03-13T19:15:44.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:19.583", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:external-secrets:external_secrets_operator:0.9.16:*:*:*:*:*:*:*", + "matchCriteriaId": "B5D0E032-923A-4537-A402-00E1206E9A3B" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3609.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3609.json index c7dd9158925..e4bdf6ddb44 100644 --- a/CVE-2024/CVE-2024-36xx/CVE-2024-3609.json +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3609.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3609", "sourceIdentifier": "security@wordfence.com", "published": "2024-05-16T21:16:10.443", - "lastModified": "2024-11-21T09:29:58.870", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T18:08:33.780", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:reviewx:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.28", + "matchCriteriaId": "9177D90E-5122-44A8-BAA0-0535641C29BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086273%40reviewx%2Ftrunk&old=3054184%40reviewx%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8152adf-1ca9-4a19-b539-39e257ab94c8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086273%40reviewx%2Ftrunk&old=3054184%40reviewx%2Ftrunk&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8152adf-1ca9-4a19-b539-39e257ab94c8?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37086.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37086.json index 571e4f329f7..092b5cf7cfc 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37086.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37086.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37086", "sourceIdentifier": "security@vmware.com", "published": "2024-06-25T15:15:12.570", - "lastModified": "2024-11-21T09:23:10.060", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:39:14.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,244 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "5.2", + "matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*", + "matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*", + "matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*", + "matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*", + "matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*", + "matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*", + "matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*", + "matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*", + "matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*", + "matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*", + "matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*", + "matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*", + "matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*", + "matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*", + "matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*", + "matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*", + "matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*", + "matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*", + "matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*", + "matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*", + "matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*", + "matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*", + "matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*", + "matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*", + "matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*", + "matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*", + "matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:d:*:*:*:*:*:*", + "matchCriteriaId": "E3BC5C77-258A-4920-B217-396212056B14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:e:*:*:*:*:*:*", + "matchCriteriaId": "17D484EB-037C-46E2-ADDF-846B3A02843F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*", + "matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*", + "matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*", + "matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*", + "matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*", + "matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*", + "matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*", + "matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2d:*:*:*:*:*:*", + "matchCriteriaId": "C37C4F29-E18F-439B-83A2-16457D04BEE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37087.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37087.json index 340eb2720f8..25cfcb0fcd9 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37087.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37087.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37087", "sourceIdentifier": "security@vmware.com", "published": "2024-06-25T15:15:12.767", - "lastModified": "2024-11-21T09:23:10.200", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T13:39:54.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,264 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "5.2", + "matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*", + "matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*", + "matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*", + "matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37400.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37400.json index 042095b37b0..5b560a4fe2c 100644 --- a/CVE-2024/CVE-2024-374xx/CVE-2024-37400.json +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37400.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37400", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.163", - "lastModified": "2024-11-13T17:35:04.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:46:03.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37600.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37600.json index 9ed362d12a6..db5a335c5c7 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37600.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37600.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37600", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:10.000", - "lastModified": "2025-02-14T21:15:15.253", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:06.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37601.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37601.json index 38742d36b72..111161a20c3 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37601.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37601.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37601", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:10.113", - "lastModified": "2025-02-18T14:15:27.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:20.587", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37602.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37602.json index 8bfdb3f011f..886aaefd11e 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37602.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37602.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37602", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:10.197", - "lastModified": "2025-02-14T17:15:15.447", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:26.847", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2021", + "matchCriteriaId": "675DA3B4-565F-4910-9BAC-331924584725" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37603.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37603.json index 58db2a0f2fd..cac2ed855fd 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37603.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37603.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37603", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-13T23:15:10.313", - "lastModified": "2025-02-18T14:15:28.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:12:30.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "42670EBA-2A3A-4AFD-AFA9-8D16EB0DAAC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38654.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38654.json index 1cb68ec3e96..52c6b3bae60 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38654.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38654.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38654", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.490", - "lastModified": "2024-11-13T17:35:06.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:45:18.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*", + "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json index 65a6f30d2a8..76abc1452dc 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38655", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.650", - "lastModified": "2024-11-23T21:15:14.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:43:22.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -51,10 +73,102 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38656.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38656.json index 3bb1da45f79..1b16d182d13 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38656.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38656.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38656", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.830", - "lastModified": "2024-12-01T19:15:04.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:42:28.510", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -73,10 +73,102 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-392xx/CVE-2024-39236.json b/CVE-2024/CVE-2024-392xx/CVE-2024-39236.json index 674681e5942..758f50bb59c 100644 --- a/CVE-2024/CVE-2024-392xx/CVE-2024-39236.json +++ b/CVE-2024/CVE-2024-392xx/CVE-2024-39236.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39236", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T19:15:05.420", - "lastModified": "2024-11-21T09:27:21.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T17:32:17.003", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -58,30 +58,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gradio_project:gradio:4.36.1:*:*:*:*:python:*:*", + "matchCriteriaId": "6AA746DE-6FAF-4321-9C59-9D1F960F4821" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Aaron911/PoC/blob/main/Gradio.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/advisories/GHSA-9v2f-6vcg-3hgv", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/gradio-app/gradio/issues/8853", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/Aaron911/PoC/blob/main/Gradio.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/advisories/GHSA-9v2f-6vcg-3hgv", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/gradio-app/gradio/issues/8853", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39730.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39730.json new file mode 100644 index 00000000000..b9f3784d32a --- /dev/null +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39730.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39730", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-28T01:15:24.740", + "lastModified": "2025-06-28T01:15:24.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim." + }, + { + "lang": "es", + "value": "IBM Datacap Navigator 9.1.7, 9.1.8 y 9.1.9 podr\u00eda permitir que un atacante remoto secuestre la acci\u00f3n de clic de la v\u00edctima. Al persuadir a la v\u00edctima a visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar sus acciones de clic y posiblemente lanzar nuevos ataques contra ella." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7238443", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json index 98caa5c6101..159aebe2ea9 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40649", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:49.063", - "lastModified": "2025-01-28T21:15:17.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:01:28.370", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json index 0ce3450ec89..d7f0b0a9e51 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40651", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:49.160", - "lastModified": "2025-01-28T21:15:17.253", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:01:13.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json index a0663bf5822..3f4f23ac226 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40669", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:49.250", - "lastModified": "2025-01-28T21:15:17.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:01:03.900", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json index 245756b0cfc..7c2f2596846 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40670", "sourceIdentifier": "security@android.com", "published": "2025-01-28T20:15:49.343", - "lastModified": "2025-01-28T21:15:17.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:00:51.030", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2024-10-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json index f33c9d3a32c..331bf87cecb 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41013.json @@ -2,7 +2,7 @@ "id": "CVE-2024-41013", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T07:15:05.430", - "lastModified": "2024-12-27T14:15:23.343", + "lastModified": "2025-06-27T11:15:23.610", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -21,6 +21,10 @@ "url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4226.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4226.json index 6b9ad308b17..f669684ac58 100644 --- a/CVE-2024/CVE-2024-42xx/CVE-2024-4226.json +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4226.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4226", "sourceIdentifier": "security@octopus.com", "published": "2024-04-30T02:15:06.577", - "lastModified": "2024-12-04T18:15:15.330", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:42:47.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.2.6729", + "versionEndExcluding": "2022.2.7934", + "matchCriteriaId": "9391F226-6969-471F-8FC5-9D5B6FC08B79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2022.3.348", + "versionEndExcluding": "2022.3.9163", + "matchCriteriaId": "D456CDD4-9135-40B7-A21E-106E452C1213" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisories.octopus.com/post/2024/SA2024-03/", - "source": "security@octopus.com" + "source": "security@octopus.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://advisories.octopus.com/post/2024/SA2024-03/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json index 055032f315b..5d436ceb8ab 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44546", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.360", - "lastModified": "2024-11-19T20:35:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:51:21.760", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.0", + "matchCriteriaId": "EA5BA607-20A0-46E6-AEB9-FD76D2B45FFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/jwx0539/5151f53ec497474cab6af4fa8ee6b6f7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/PowerJob/PowerJob", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-45xx/CVE-2024-4547.json b/CVE-2024/CVE-2024-45xx/CVE-2024-4547.json index 1d518a18735..e25791df18e 100644 --- a/CVE-2024/CVE-2024-45xx/CVE-2024-4547.json +++ b/CVE-2024/CVE-2024-45xx/CVE-2024-4547.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4547", "sourceIdentifier": "vulnreport@tenable.com", "published": "2024-05-06T14:15:08.330", - "lastModified": "2024-11-21T09:43:04.813", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:44:45.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.10.01.004", + "matchCriteriaId": "B246D713-39D0-4794-8C3E-EE51B11202BF" + } + ] + } + ] } ], "references": [ { "url": "https://www.tenable.com/security/research/tra-2024-13", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.tenable.com/security/research/tra-2024-13", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-45xx/CVE-2024-4548.json b/CVE-2024/CVE-2024-45xx/CVE-2024-4548.json index 32b49f142d7..a4f11578e36 100644 --- a/CVE-2024/CVE-2024-45xx/CVE-2024-4548.json +++ b/CVE-2024/CVE-2024-45xx/CVE-2024-4548.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4548", "sourceIdentifier": "vulnreport@tenable.com", "published": "2024-05-06T14:15:08.533", - "lastModified": "2024-11-21T09:43:04.937", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T14:44:50.180", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.10.01.004", + "matchCriteriaId": "B246D713-39D0-4794-8C3E-EE51B11202BF" + } + ] + } + ] } ], "references": [ { "url": "https://www.tenable.com/security/research/tra-2024-13", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.tenable.com/security/research/tra-2024-13", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46855.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46855.json index a89447608e0..846e9309558 100644 --- a/CVE-2024/CVE-2024-468xx/CVE-2024-46855.json +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46855.json @@ -2,7 +2,7 @@ "id": "CVE-2024-46855", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-27T13:15:17.133", - "lastModified": "2024-10-17T14:15:12.790", + "lastModified": "2025-06-27T11:15:23.747", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -130,6 +130,10 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/076d281e90aaf4192799ecb9a1ed82321e133ecd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", @@ -144,6 +148,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/6572440f78b724c46070841a68254ebc534cde24", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-483xx/CVE-2024-48307.json b/CVE-2024/CVE-2024-483xx/CVE-2024-48307.json index 6e24ad4d308..17e2a71435d 100644 --- a/CVE-2024/CVE-2024-483xx/CVE-2024-48307.json +++ b/CVE-2024/CVE-2024-483xx/CVE-2024-48307.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48307", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-31T01:15:14.803", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:45:28.870", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9B361D24-5B78-4608-9A35-695876D9F28B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jeecgboot", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/jeecgboot/JeecgBoot", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/jeecgboot/JeecgBoot/issues/7237", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48646.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48646.json index b298b101c86..81183a3cc14 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48646.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48646.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48646", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-30T18:15:07.640", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:52:09.540", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sage:sage_frp_1000:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E13E6553-6E09-445B-96ED-68CAF4D8F79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48647.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48647.json index 9bf0696ed7a..c44d3773946 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48647.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48647.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48647", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-30T18:15:07.743", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:49:51.970", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sage:sage_frp_1000:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E13E6553-6E09-445B-96ED-68CAF4D8F79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48648.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48648.json index 3ff6d728b3c..d91474de515 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48648.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48648.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48648", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-30T18:15:07.813", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:49:02.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sage:sage_frp_1000:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E13E6553-6E09-445B-96ED-68CAF4D8F79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4825.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4825.json index aedac3d3f53..139b9ae6909 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4825.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4825.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4825", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-05-14T15:45:16.483", - "lastModified": "2024-11-21T09:43:42.050", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:04:13.027", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:*", + "matchCriteriaId": "A876772F-F0DE-4FA9-BD6C-7A7BBF08AACC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json index b9ed013da5b..4be9228a9c5 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50625.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50625", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.610", - "lastModified": "2024-12-12T02:06:32.647", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:07:48.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,82 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.12", + "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.digi.com/resources/security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json index 42928684395..c18f34f5fab 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50626.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50626", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.733", - "lastModified": "2024-12-12T02:06:32.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:08:05.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,82 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.12", + "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.digi.com/resources/security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50627.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50627.json index 88e02fdadbe..653cf2f818c 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50627.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50627.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50627", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.853", - "lastModified": "2024-12-11T17:15:17.200", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:08:12.680", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,82 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.12", + "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.digi.com/resources/security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50628.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50628.json index 0394a763449..6f0aaaeb01a 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50628.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50628.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50628", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-09T22:15:22.977", - "lastModified": "2024-12-11T17:15:17.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:06:32.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,82 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.12", + "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.digi.com/resources/security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51978.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51978.json index d2d3c2f79e0..0b1baede659 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51978.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51978.json @@ -2,7 +2,7 @@ "id": "CVE-2024-51978", "sourceIdentifier": "cve@rapid7.com", "published": "2025-06-25T08:15:31.223", - "lastModified": "2025-06-26T18:58:14.280", + "lastModified": "2025-06-27T14:15:32.593", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -88,6 +88,18 @@ "url": "https://www.toshibatec.com/information/20250625_02.html", "source": "cve@rapid7.com" }, + { + "url": "https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json index 828916236b7..7698d92a9ee 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52012", "sourceIdentifier": "security@apache.org", "published": "2025-01-27T09:15:14.693", - "lastModified": "2025-02-06T17:15:19.480", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:32:29.547", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.0", + "versionEndExcluding": "9.8.0", + "matchCriteriaId": "4BDA1809-0E8C-46B3-9B7A-0696B68AAA7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/01/26/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52900.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52900.json new file mode 100644 index 00000000000..3ecf8c24bd1 --- /dev/null +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52900.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52900", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-28T01:15:24.957", + "lastModified": "2025-06-28T01:15:24.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7238163", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52928.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52928.json index be4e1a35ec3..5094d888e28 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52928.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52928.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52928", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-26T17:15:30.287", - "lastModified": "2025-06-26T18:57:43.670", + "lastModified": "2025-06-27T14:15:33.280", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website." + }, + { + "lang": "es", + "value": "Arc anterior a 1.26.1 en Windows tiene un problema de derivaci\u00f3n en la configuraci\u00f3n del sitio que permite a los sitios web (con permisos previamente otorgados) agregar nuevos permisos cuando el usuario hace clic en cualquier parte del sitio web." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], "references": [ { "url": "https://arc.net/security/bulletins#windows-site-settings-bypass-cve-2024-52928", diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json index 07c4fe2919e..7fa865dbefe 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53299", "sourceIdentifier": "security@apache.org", "published": "2025-01-23T09:15:07.033", - "lastModified": "2025-02-04T19:15:31.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:41:44.010", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.18.0", + "matchCriteriaId": "89F22F1D-1719-4BA0-AF01-4991D7C51BB4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.16.0", + "matchCriteriaId": "1E82E304-3D91-42D1-BA33-67D3C506F817" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.19.0", + "matchCriteriaId": "1930820D-7167-480E-B2ED-7B54BFA139CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.3.0", + "matchCriteriaId": "FEF67075-6C48-4C2E-BDAC-ED904916ABF8" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/01/22/12", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json index f927874d994..442039d7717 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53382", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T07:15:33.397", - "lastModified": "2025-03-03T22:15:35.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:08:24.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,20 +69,61 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "1.29.0", + "matchCriteriaId": "D9B99D59-D970-4A13-9526-394BA7C0E81D" + } + ] + } + ] } ], "references": [ { "url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "Patch" + ] }, { "url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json index 9a3c72d1b0e..4481a1adc8a 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53386", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T07:15:34.560", - "lastModified": "2025-03-03T22:15:36.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:01:00.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,20 +69,59 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piqnt:stage.js:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.8.10", + "matchCriteriaId": "B52A6B1D-156D-407C-A114-1B2097EB442F" + } + ] + } + ] } ], "references": [ { "url": "https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/piqnt/stage.js/blob/919f6e94b14242f6e6994141a9e1188439d306d5/lib/core.js#L158-L159", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json index 39f17ac6e96..26c64607b95 100644 --- a/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53552.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53552", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T02:15:17.177", - "lastModified": "2024-12-11T16:15:14.373", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T17:58:40.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.8.3", + "matchCriteriaId": "42A3B9A5-5DFF-4F10-942E-AE8F2A117618" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.2.3", + "matchCriteriaId": "FFB459AA-027F-4F7C-9615-68EEEBF83FA5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53999.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53999.json index 583117aab76..f634b9592a1 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53999.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53999.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53999", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-03T16:15:24.250", - "lastModified": "2024-12-03T16:15:24.250", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:16:59.273", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 5.8 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.9", + "matchCriteriaId": "15AD1EE4-6E96-4728-8F26-E86D6DB71E34" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54000.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54000.json index 7c15b9ea0df..76e22060eec 100644 --- a/CVE-2024/CVE-2024-540xx/CVE-2024-54000.json +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54000.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54000", "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-03T16:15:24.380", - "lastModified": "2024-12-03T16:15:24.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:17:02.040", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.7", + "matchCriteriaId": "C45DBD67-7FB8-4F4B-B61C-06622F68C81D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/f22c584aa7d43527970c9da61eb678953cfc0a8e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-m435-9v6r-v5f6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54085.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54085.json index 10885be1c06..322c6206e3a 100644 --- a/CVE-2024/CVE-2024-540xx/CVE-2024-54085.json +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54085.json @@ -2,7 +2,7 @@ "id": "CVE-2024-54085", "sourceIdentifier": "biossecurity@ami.com", "published": "2025-03-11T14:15:22.893", - "lastModified": "2025-06-26T19:29:28.430", + "lastModified": "2025-06-27T16:57:49.563", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -376,6 +376,22 @@ "Vendor Advisory" ] }, + { + "url": "https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] + }, + { + "url": "https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] + }, { "url": "https://security.netapp.com/advisory/ntap-20250328-0003/", "source": "af854a3a-2127-422b-91ae-364da2661108", @@ -383,6 +399,22 @@ "Third Party Advisory" ] }, + { + "url": "https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] + }, + { + "url": "https://www.networkworld.com/article/4013368/ami-megarac-authentication-bypass-flaw-is-being-exploitated-cisa-warns.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] + }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54085", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json index 66e2d66db56..2cdd4b018b7 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54280", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.880", - "lastModified": "2024-12-16T16:15:07.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T16:54:48.733", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "1.6.0", + "matchCriteriaId": "B4DE16B1-EF65-4698-A1CE-832B2934E236" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-6-0-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56184.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56184.json index bce2e2eba45..459bd6f9e17 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56184.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56184.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56184", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T19:15:38.983", - "lastModified": "2025-03-11T21:15:40.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:21:56.450", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56185.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56185.json index c1d1a0ae252..5a9e6e0ea4b 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56185.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56185.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56185", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T19:15:39.097", - "lastModified": "2025-03-11T21:15:40.857", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:21:27.090", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56186.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56186.json index 39a75f76872..8cb6d01839b 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56186.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56186", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T19:15:39.193", - "lastModified": "2025-03-11T21:15:40.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:21:02.190", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56187.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56187.json index ce49afde24b..859c6f6cfa9 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56187.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56187.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56187", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T19:15:39.293", - "lastModified": "2025-03-11T21:15:41.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:20:41.487", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56188.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56188.json index 90ad99a04b0..9f9eddb0000 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56188.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56188.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56188", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T19:15:39.393", - "lastModified": "2025-03-11T21:15:41.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:12:37.583", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56191.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56191.json index ae2801b71e0..32fbd31fa67 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56191.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56191.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56191", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T21:15:39.880", - "lastModified": "2025-03-11T16:15:16.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:12:14.970", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56192.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56192.json index 468fac7dbda..bf0c9c35cec 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56192.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56192.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56192", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2025-03-10T21:15:40.007", - "lastModified": "2025-03-11T16:15:16.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:12:02.787", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json index 08b00f6aa57..fead91e19e5 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57041", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-24T20:15:33.353", - "lastModified": "2025-02-06T22:15:39.000", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:33:21.410", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodebb:nodebb:3.11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "946FF6B8-06B0-4757-A788-5B0BB585C577" + } + ] + } + ] + } + ], "references": [ { "url": "http://nodebb.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/NodeBB/NodeBB/commit/4e69bff72fd04779064d37e46a43080e6c328adf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.tonysec.com/posts/cve-2024-57041/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json index 7e59f59a638..26ccfe8602f 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57052", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T23:15:09.723", - "lastModified": "2025-01-28T20:15:54.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:03:32.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:youdiancms:youdiancms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.5.20", + "matchCriteriaId": "8816EF55-90B7-4C64-AD08-191496080B2F" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json b/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json index 0c3ceead97c..7a15a54718c 100644 --- a/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json +++ b/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57184", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-24T14:15:31.793", - "lastModified": "2025-01-24T15:15:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:34:05.420", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "93EEFCFD-7417-40E6-84BF-4EA630F2A8A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gpac/gpac/issues/1421", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-573xx/CVE-2024-57326.json b/CVE-2024/CVE-2024-573xx/CVE-2024-57326.json index c6cfb10d6af..07b7ea2e6e7 100644 --- a/CVE-2024/CVE-2024-573xx/CVE-2024-57326.json +++ b/CVE-2024/CVE-2024-573xx/CVE-2024-57326.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57326", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T22:15:14.800", - "lastModified": "2025-01-24T22:15:34.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:39:56.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_pizza_delivery_system_project:online_pizza_delivery_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DC6A115E-B779-4322-ABE0-6FC7C0F7D26E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57326", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57883.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57883.json index 96f236d92a3..e301b539bb3 100644 --- a/CVE-2024/CVE-2024-578xx/CVE-2024-57883.json +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57883.json @@ -2,7 +2,7 @@ "id": "CVE-2024-57883", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-15T13:15:12.637", - "lastModified": "2025-01-17T14:15:32.357", + "lastModified": "2025-06-27T11:15:23.907", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -17,6 +17,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/02333ac1c35370517a19a4a131332a9690c6a5c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/2e31443a0d18ae43b9d29e02bf0563f07772193d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" @@ -28,6 +32,14 @@ { "url": "https://git.kernel.org/stable/c/59d9094df3d79443937add8700b2ef1a866b1081", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8410996eb6fea116fe1483ed977aacf580eee7b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94b4b41d0cdf5cfd4d4325bc0e6e9e0d0e996133", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57996.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57996.json index 8a7bfd86023..a9ee467d05f 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57996.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57996.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57996", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-02-27T02:15:13.620", - "lastModified": "2025-03-07T14:58:37.277", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-27T11:15:24.037", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -99,6 +99,14 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5921.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5921.json index 190f3356275..60fedb573a9 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5921.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5921.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5921", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-11-27T04:15:14.687", - "lastModified": "2025-02-20T23:15:11.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:55:15.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,18 +95,90 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:android:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.1.6", + "matchCriteriaId": "3359D547-998E-47A1-BEDB-B2C77EF3A409" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.1.7", + "matchCriteriaId": "CAD9B8B2-FF04-4DD8-A6CA-36D07E5E143C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.2.1", + "matchCriteriaId": "481B8617-1E9C-402D-A514-32789504E173" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.2.6", + "matchCriteriaId": "98AE3375-3394-4A30-B81C-17AEDF9F6870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.2.6", + "matchCriteriaId": "444E9B22-3CD4-462F-A476-E65CC5307396" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "337C8091-22DB-4449-B042-8325C2FBD956" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "37374EC1-2761-4204-B167-81AC7292D6B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Technical Description", + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/AmberWolfCyber/NachoVPN", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://security.paloaltonetworks.com/CVE-2024-5921", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8997.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8997.json index da978da79eb..18417ea8839 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8997.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8997.json @@ -2,13 +2,13 @@ "id": "CVE-2024-8997", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-03-18T14:15:41.400", - "lastModified": "2025-06-02T16:14:10.177", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-27T10:15:24.527", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53." }, { "lang": "es", @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "iletisim@usom.gov.tr", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9340.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9340.json index ab02d1f41fe..7748a2166c6 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9340.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9340.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9340", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:48.100", - "lastModified": "2025-03-20T10:15:48.100", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:28:07.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,51 @@ "value": "CWE-400" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.68.0", + "matchCriteriaId": "7AE0A162-5652-47CD-8840-FDA3C425F0ED" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0108.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0108.json index 3aa242dc802..d421e6c5b68 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0108.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0108.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0108", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-02-12T21:15:16.290", - "lastModified": "2025-04-17T18:30:29.477", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T20:39:59.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -133,9 +133,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", - "versionStartIncluding": "10.2.10", - "versionEndExcluding": "10.2.12", - "matchCriteriaId": "F9BD5E2D-61D2-4872-ACD1-D5B442CC809D" + "versionStartIncluding": "11.1.0", + "versionEndExcluding": "11.1.2", + "matchCriteriaId": "21CFD38A-7AED-4CEE-BDA9-77D815689C58" }, { "vulnerable": true, @@ -309,11 +309,6 @@ "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*", "matchCriteriaId": "C779DF2B-D72A-4327-8AD8-3EA6751741F1" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*", - "matchCriteriaId": "78EAA309-2755-4ED2-9AFC-F4D9DF8F90D3" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*", @@ -519,6 +514,11 @@ "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*", "matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", + "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*", @@ -544,11 +544,6 @@ "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*", "matchCriteriaId": "7EB3881C-B255-41AD-B61F-C14743824A3E" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*", - "matchCriteriaId": "224270A7-767D-433B-AD51-C031506747C1" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", @@ -589,6 +584,11 @@ "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*", + "matchCriteriaId": "2B3D7DBA-C90C-451D-94C3-8B7066826308" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*", @@ -689,16 +689,6 @@ "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*", "matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "CB628D07-9AB0-4C19-8DA3-DBE5689A3F40" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*", - "matchCriteriaId": "3A94EA8A-EADF-416D-AE54-3CF56214714C" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*", @@ -899,8 +889,8 @@ "url": "https://security.paloaltonetworks.com/CVE-2025-0108", "source": "psirt@paloaltonetworks.com", "tags": [ - "Vendor Advisory", - "Exploit" + "Exploit", + "Vendor Advisory" ] }, { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0118.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0118.json index a8c2eefee6f..40fcfa5955e 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0118.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0118.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0118", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-03-12T19:15:38.040", - "lastModified": "2025-03-12T19:15:38.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:52:34.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,10 +95,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.11", + "matchCriteriaId": "58A33FBB-1E0B-448E-97A0-FFF249E752D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.1.6", + "matchCriteriaId": "3BC6BCDC-421F-46B8-A59D-78F09150338E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.2.0", + "versionEndExcluding": "6.2.5", + "matchCriteriaId": "86211F6C-E44F-44A4-936E-716CA204D973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2025-0118", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0120.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0120.json index 38a02a5f016..f2664eded51 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0120.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0120.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0120", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-04-11T02:15:18.197", - "lastModified": "2025-04-11T15:39:52.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:51:19.773", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,10 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.12", + "matchCriteriaId": "B6E8BBD7-AE9C-4708-BCE5-805250956365" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "6.2.7-1077", + "matchCriteriaId": "5C174DAD-5FAC-4815-B1D6-34E18903EA0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2025-0120", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0135.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0135.json index d5c362d95c5..cbbe51bb71f 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0135.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0135.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0135", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-05-14T19:15:51.817", - "lastModified": "2025-05-16T14:43:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:50:37.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } ] }, "weaknesses": [ @@ -73,10 +95,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.8", + "matchCriteriaId": "B2DE8243-7786-4D7C-A0CB-A3D3E44C9B26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "EFAA1A23-5A3C-48FA-8672-D8329D67A14C" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2025-0135", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json index 635e50c00d1..de17a5ebd7b 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json @@ -2,7 +2,7 @@ "id": "CVE-2025-0357", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-25T02:15:26.990", - "lastModified": "2025-05-28T20:40:49.010", + "lastModified": "2025-06-27T17:38:07.010", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -60,9 +60,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding": "1.6.10", - "matchCriteriaId": "46AA0184-431A-4D70-AE95-7B71C59EA7CA" + "matchCriteriaId": "EBC216A2-AE98-47E3-B332-6BE8F3FC99BD" } ] } diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json new file mode 100644 index 00000000000..2d6002df0da --- /dev/null +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-0634", + "sourceIdentifier": "PSIRT@samsung.com", + "published": "2025-06-30T02:15:20.920", + "lastModified": "2025-06-30T02:15:20.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Samsung/rlottie/pull/571", + "source": "PSIRT@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0725.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0725.json index 896528dd788..7abe3c20c36 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0725.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0725.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0725", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2025-02-05T10:15:22.980", - "lastModified": "2025-06-12T16:15:22.467", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T19:24:08.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -52,30 +52,6 @@ } ], "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", - "versionStartIncluding": "7.10.5", - "versionEndExcluding": "8.12.0", - "matchCriteriaId": "34EA884B-6BF6-4F00-B302-CA48450A28D3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", - "versionStartIncluding": "7.10.5", - "versionEndExcluding": "8.12.0", - "matchCriteriaId": "00A479A7-7885-4086-A577-C2E7E95FEADA" - } - ] - } - ] - }, { "nodes": [ { @@ -191,6 +167,43 @@ ] } ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.10.5", + "versionEndExcluding": "8.12.0", + "matchCriteriaId": "34EA884B-6BF6-4F00-B302-CA48450A28D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.10.5", + "versionEndExcluding": "8.12.0", + "matchCriteriaId": "00A479A7-7885-4086-A577-C2E7E95FEADA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.2.0.3", + "matchCriteriaId": "5D0F980D-04BB-436F-BD57-D8626701839E" + } + ] + } + ] } ], "references": [ @@ -239,7 +252,10 @@ }, { "url": "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20250306-0009/", diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1367.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1367.json index 47845b5c390..2a2ad43447d 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1367.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1367.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1367", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-17T01:15:11.090", - "lastModified": "2025-02-18T20:15:23.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:46:00.413", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -124,22 +124,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_anti-virus:7.0.32:*:*:*:*:linux:*:*", + "matchCriteriaId": "E68B4EB3-10EC-4AAC-A956-BEBEDD93D250" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.295971", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.295971", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1368.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1368.json index 2573040c654..1ed419caae3 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1368.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1368.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1368", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-17T02:15:08.643", - "lastModified": "2025-02-18T20:15:24.037", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:45:48.730", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -124,22 +124,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_anti-virus:7.0.32:*:*:*:*:linux:*:*", + "matchCriteriaId": "E68B4EB3-10EC-4AAC-A956-BEBEDD93D250" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.295972", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.295972", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1369.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1369.json index 5dacc961426..57d3193c227 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1369.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1369.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1369", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-17T02:15:08.830", - "lastModified": "2025-02-18T20:15:24.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:45:37.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -124,26 +124,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_anti-virus:7.0.32:*:*:*:*:linux:*:*", + "matchCriteriaId": "E68B4EB3-10EC-4AAC-A956-BEBEDD93D250" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.295975", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.295975", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.496482", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1370.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1370.json index c218236c089..e1e905a8738 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1370.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1370.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1370", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-17T03:15:09.223", - "lastModified": "2025-02-18T20:15:24.253", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:45:14.213", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -124,22 +124,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:escanav:escan_anti-virus:7.0.32:*:*:*:*:linux:*:*", + "matchCriteriaId": "E68B4EB3-10EC-4AAC-A956-BEBEDD93D250" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.295976", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.295976", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1828.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1828.json index 8ec11b9ecb6..f52ebc757d4 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1828.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1828.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1828", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2025-03-11T00:15:11.060", - "lastModified": "2025-03-26T02:15:25.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:11:22.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:timlegge:crypt\\:\\:random:*:*:*:*:*:perl:*:*", + "versionStartIncluding": "1.05", + "versionEndIncluding": "1.55", + "matchCriteriaId": "676FDC25-23FA-488B-A0C4-58883C4FD32C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05", - "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1", - "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://perldoc.perl.org/functions/rand", - "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1991.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1991.json new file mode 100644 index 00000000000..54ac13b600c --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1991.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1991", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-28T13:15:23.900", + "lastModified": "2025-06-28T13:15:23.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7238455", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2112.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2112.json index 4a34641a4d2..8c9e2a3897c 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2112.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2112.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2112", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-08T22:15:36.443", - "lastModified": "2025-03-10T16:15:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:25:36.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,76 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:user-xiangpeng:yaoqishan:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020-02-29", + "matchCriteriaId": "068513A1-DEEA-44DD-939C-35A89568EF77" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/xiaolian-11/code_demo/blob/main/yaoqishan-sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.299005", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299005", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506085", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/xiaolian-11/code_demo/blob/main/yaoqishan-sql.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2113.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2113.json index db7498d0bc7..02bd72cfbb7 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2113.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2113.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2113", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-09T03:15:34.137", - "lastModified": "2025-03-10T16:15:13.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:24:38.260", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,77 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atgroup:atsvd:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.4.1", + "matchCriteriaId": "2668C6F0-ABFC-4EC0-86C1-990F98797D3B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/yago3008/cves", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://vuldb.com/?ctiid.299006", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299006", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506341", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506341", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2115.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2115.json index 1b333485f2b..07088d2f21a 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2115.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2115.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2115", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-09T06:15:11.933", - "lastModified": "2025-03-10T16:15:14.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:23:16.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-434" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zzskzy:warehouse_refinement_management_system:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "653DF13E-22B1-495A-BCEE-A96DB6A2E840" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/heiheixz/report/blob/main/sk_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.299010", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299010", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506655", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/heiheixz/report/blob/main/sk_1.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-221xx/CVE-2025-22112.json b/CVE-2025/CVE-2025-221xx/CVE-2025-22112.json index c0ba3d345bf..ce4f7982916 100644 --- a/CVE-2025/CVE-2025-221xx/CVE-2025-22112.json +++ b/CVE-2025/CVE-2025-221xx/CVE-2025-22112.json @@ -2,7 +2,7 @@ "id": "CVE-2025-22112", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T15:16:05.437", - "lastModified": "2025-04-17T20:22:16.240", + "lastModified": "2025-06-27T11:15:24.190", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -24,6 +24,10 @@ { "url": "https://git.kernel.org/stable/c/b1e081d331ab3a0dea25425f2b6ddeb365fc9d22", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e1724f07693439deaa413ebc2a2640325cf247f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-221xx/CVE-2025-22119.json b/CVE-2025/CVE-2025-221xx/CVE-2025-22119.json index 0a7138f5ddf..29fbdef53b5 100644 --- a/CVE-2025/CVE-2025-221xx/CVE-2025-22119.json +++ b/CVE-2025/CVE-2025-221xx/CVE-2025-22119.json @@ -2,7 +2,7 @@ "id": "CVE-2025-22119", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T15:16:06.100", - "lastModified": "2025-04-17T20:22:16.240", + "lastModified": "2025-06-27T11:15:24.310", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -21,6 +21,18 @@ "url": "https://git.kernel.org/stable/c/2617f60c3613ef105b8db2d514d2cac2a1836f7d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/60606efbf52582c0ab93e99789fddced6b47297a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b679fe84cd5cc6f3481b7131fd28676191ad2615", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eeacfbab984200dcdcd68fcf4c6e91e2c6b38792", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/fc88dee89d7b63eeb17699393eb659aadf9d9b7c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-221xx/CVE-2025-22128.json b/CVE-2025/CVE-2025-221xx/CVE-2025-22128.json index e5ed8080b20..d6ba2f726b4 100644 --- a/CVE-2025/CVE-2025-221xx/CVE-2025-22128.json +++ b/CVE-2025/CVE-2025-221xx/CVE-2025-22128.json @@ -2,7 +2,7 @@ "id": "CVE-2025-22128", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T15:16:06.897", - "lastModified": "2025-04-17T20:22:16.240", + "lastModified": "2025-06-27T11:15:24.440", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -21,6 +21,10 @@ "url": "https://git.kernel.org/stable/c/35b33ba76765ce9e72949d957f3cf1feafd2955c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/a69a594794fcad96d4cfce12aab6c5014a12b4c8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/b43b1e2c52db77c872bd60d30cdcc72c47df70c7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23137.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23137.json index 9772457b994..9c9a76013e9 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23137.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23137.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23137", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T15:16:08.080", - "lastModified": "2025-04-29T18:53:31.417", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-27T11:15:24.557", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -78,6 +78,10 @@ "Patch" ] }, + { + "url": "https://git.kernel.org/stable/c/82b6dfff0d6000b14b271f74e43d672d81fb390e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/b99c1c63d88c75a4dc5487c3696cda38697b8d35", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23967.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23967.json new file mode 100644 index 00000000000..f5080421257 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23967.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-23967", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:30.247", + "lastModified": "2025-06-27T12:15:30.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpopal GG Bought Together for WooCommerce allows SQL Injection. This issue affects GG Bought Together for WooCommerce: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en wpopal GG Bought Together for WooCommerce permite la inyecci\u00f3n SQL. Este problema afecta a GG Bought Together para WooCommerce desde n/d hasta la versi\u00f3n 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gg-bought-together/vulnerability/wordpress-gg-bought-together-for-woocommerce-1-0-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23973.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23973.json new file mode 100644 index 00000000000..e4b47d3539e --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23973.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-23973", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:30.430", + "lastModified": "2025-06-27T12:15:30.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce allows Stored XSS. This issue affects SpecFit-Virtual Try On Woocommerce: from n/a through 7.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en dugudlabs SpecFit-Virtual Try On Woocommerce permite XSS almacenado. Este problema afecta a SpecFit-Virtual Try On Woocommerce desde n/d hasta la versi\u00f3n 7.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/try-on-for-woocommerce/vulnerability/wordpress-specfit-virtual-try-on-woocommerce-7-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24289.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24289.json new file mode 100644 index 00000000000..e91504d73b0 --- /dev/null +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24289.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-24289", + "sourceIdentifier": "support@hackerone.com", + "published": "2025-06-29T20:15:24.787", + "lastModified": "2025-06-29T20:15:24.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24290.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24290.json new file mode 100644 index 00000000000..ac150bb1f03 --- /dev/null +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24290.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-24290", + "sourceIdentifier": "support@hackerone.com", + "published": "2025-06-29T20:15:24.930", + "lastModified": "2025-06-29T20:15:24.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24292.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24292.json new file mode 100644 index 00000000000..6bad8c7a245 --- /dev/null +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24292.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-24292", + "sourceIdentifier": "support@hackerone.com", + "published": "2025-06-29T20:15:25.050", + "lastModified": "2025-06-29T20:15:25.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device\u2019s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-049-049/7a019b27-6c77-4500-bec8-596cd87c9292", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24357.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24357.json index b599ad5ccff..fea1215e810 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24357.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24357.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24357", "sourceIdentifier": "security-advisories@github.com", "published": "2025-01-27T18:15:41.523", - "lastModified": "2025-01-27T18:15:41.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T19:30:59.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,22 +71,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.7.0", + "matchCriteriaId": "78210BFE-5D31-4D84-BA73-75C1594A3A3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vllm-project/vllm/pull/12366", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://pytorch.org/docs/stable/generated/torch.load.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24760.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24760.json new file mode 100644 index 00000000000..85792905bd7 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24760.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24760", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:30.623", + "lastModified": "2025-06-27T12:15:30.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass allows PHP Local File Inclusion. This issue affects Sofass: from n/a through 1.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en Goalthemes Sofass permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Sofass desde n/d hasta la versi\u00f3n 1.3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/sofass/vulnerability/wordpress-sofass-1-3-4-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24765.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24765.json new file mode 100644 index 00000000000..93a7bda0d83 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24765.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24765", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:30.817", + "lastModified": "2025-06-27T12:15:30.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow allows Path Traversal. This issue affects Image Shadow: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en RobMarsh Image Shadow permite el Path Traversal. Este problema afecta a Image Shadow desde n/d hasta la versi\u00f3n 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-shadow/vulnerability/wordpress-image-shadow-1-1-0-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24769.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24769.json new file mode 100644 index 00000000000..714c8164a16 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24769.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24769", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.003", + "lastModified": "2025-06-27T12:15:31.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny allows PHP Local File Inclusion. This issue affects Zenny: from n/a through 1.7.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de control incorrecto del nombre de archivo para las sentencias Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos PHP') en BZOTheme Zenny permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a Zenny desde n/d hasta la versi\u00f3n 1.7.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/bw-zenny/vulnerability/wordpress-zenny-1-7-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24774.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24774.json new file mode 100644 index 00000000000..1d176a1ec96 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24774.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24774", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.200", + "lastModified": "2025-06-27T12:15:31.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows Reflected XSS. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce permite XSS reflejado. Este problema afecta a WPCRM - CRM para formulario de contacto CF7 y WooCommerce desde n/d hasta la versi\u00f3n 3.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpcrm/vulnerability/wordpress-wpcrm-crm-for-contact-form-cf7-woocommerce-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-251xx/CVE-2025-25171.json b/CVE-2025/CVE-2025-251xx/CVE-2025-25171.json new file mode 100644 index 00000000000..c6a6cbcefac --- /dev/null +++ b/CVE-2025/CVE-2025-251xx/CVE-2025-25171.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-25171", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.387", + "lastModified": "2025-06-27T12:15:31.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en ThemesGrove WP SmartPay permite el abuso de autenticaci\u00f3n. Este problema afecta a WP SmartPay desde la versi\u00f3n n/d hasta la 2.7.13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smartpay/vulnerability/wordpress-wp-smartpay-plugin-2-7-13-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-251xx/CVE-2025-25173.json b/CVE-2025/CVE-2025-251xx/CVE-2025-25173.json new file mode 100644 index 00000000000..61695509f53 --- /dev/null +++ b/CVE-2025/CVE-2025-251xx/CVE-2025-25173.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-25173", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.563", + "lastModified": "2025-06-27T12:15:31.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en FasterThemes FastBook permite XSS almacenado. Este problema afecta a FastBook desde n/d hasta la versi\u00f3n 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fastbook-responsive-appointment-booking-and-scheduling-system/vulnerability/wordpress-fastbook-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25950.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25950.json index 993e999d986..950c1d573b4 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25950.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25950.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25950", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:11.533", - "lastModified": "2025-04-18T14:15:21.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:06:20.450", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25950", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25951.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25951.json index e90f81345e4..1e2a43b5e6b 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25951.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25951.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25951", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:11.660", - "lastModified": "2025-04-18T14:15:21.937", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:03:44.713", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25951", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25952.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25952.json index e59fa4b32ce..b17952ce3df 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25952.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25952.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25952", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:11.777", - "lastModified": "2025-04-18T14:15:22.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:56:41.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25952", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25953.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25953.json index 968b86d5548..3f9ad5e1722 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25953.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25953.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25953", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:11.910", - "lastModified": "2025-04-23T16:15:35.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:41:19.777", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25953", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26910.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26910.json index 0fea82487a7..bb4e78126e5 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26910.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26910.json @@ -2,7 +2,7 @@ "id": "CVE-2025-26910", "sourceIdentifier": "audit@patchstack.com", "published": "2025-03-10T15:15:37.660", - "lastModified": "2025-05-21T18:22:55.520", + "lastModified": "2025-06-27T17:39:43.517", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -80,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*", "versionEndExcluding": "1.0.2", - "matchCriteriaId": "6FDD0B9A-A9FE-4963-B545-28DE31168D83" + "matchCriteriaId": "C34AF449-C4D4-4D99-9768-73C5894AB998" } ] } diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27361.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27361.json new file mode 100644 index 00000000000..e4598ff1830 --- /dev/null +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27361.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-27361", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.760", + "lastModified": "2025-06-27T12:15:31.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en thhake Photo Express para Google permite XSS reflejado. Este problema afecta a Photo Express para Google desde n/d hasta la versi\u00f3n 0.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/photo-express-for-google/vulnerability/wordpress-photo-express-for-google-plugin-0-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27520.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27520.json index 24793887fc1..dd0d5fc7f9d 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27520.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27520.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27520", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-04T15:15:47.927", - "lastModified": "2025-04-07T14:18:15.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T12:48:46.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.3.4", + "versionEndIncluding": "1.4.2", + "matchCriteriaId": "F824F6EC-4EA6-4C23-B174-2D8E5587E9E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bentoml/BentoML/commit/b35f4f4fcc53a8c3fe8ed9c18a013fe0a728e194", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27583.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27583.json index 6afca4efa64..e27cc56541c 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27583.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27583.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27583", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:12.030", - "lastModified": "2025-03-05T17:15:16.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:43:45.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27584.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27584.json index a4ba7a09a5d..f3e3715ade6 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27584.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27584.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27584", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:12.157", - "lastModified": "2025-03-04T17:15:20.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:43:35.210", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27585.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27585.json index 8fe07c18c5f..5edacf18497 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27585.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27585.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27585", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T01:15:12.277", - "lastModified": "2025-03-04T17:15:20.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T13:23:31.990", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:serosoft:academia_student_information_system:eagler-1.0.118:*:*:*:*:*:*:*", + "matchCriteriaId": "B6A80498-86E8-4230-9270-8FC3124A887B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2775.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2775.json index bcf43699534..6fd2cb1eac0 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2775.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2775.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2775", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-05-07T15:15:57.447", - "lastModified": "2025-05-08T14:39:18.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:15:25.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -51,18 +71,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", + "versionEndIncluding": "23.3.40", + "matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899" + } + ] + } + ] + } + ], "references": [ { "url": "https://documentation.sysaid.com/docs/24-40-60", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2776.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2776.json index d515a500c03..10729404e24 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2776.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2776.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2776", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-05-07T15:15:57.573", - "lastModified": "2025-05-08T14:39:18.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:22:41.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -51,14 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", + "versionEndIncluding": "23.3.40", + "matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899" + } + ] + } + ] + } + ], "references": [ { "url": "https://documentation.sysaid.com/docs/24-40-60", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2777.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2777.json index 1f1d98cf0a9..a1c7c24d6ee 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2777.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2777.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2777", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-05-07T15:15:57.693", - "lastModified": "2025-05-08T14:39:18.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:35:46.827", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -51,18 +71,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", + "versionEndIncluding": "23.3.40", + "matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899" + } + ] + } + ] + } + ], "references": [ { "url": "https://documentation.sysaid.com/docs/24-40-60", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28946.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28946.json new file mode 100644 index 00000000000..f737a1c4e23 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28946.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28946", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:31.950", + "lastModified": "2025-06-27T12:15:31.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore allows PHP Local File Inclusion. This issue affects PrintXtore: from n/a through 1.7.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en BZOTheme PrintXtore permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a PrintXtore desde n/d hasta la versi\u00f3n 1.7.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/bw-printxtore/vulnerability/wordpress-printxtore-1-7-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28947.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28947.json new file mode 100644 index 00000000000..ea4f6c310c0 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28947.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28947", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:32.120", + "lastModified": "2025-06-27T12:15:32.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects MBStore - Digital WooCommerce WordPress Theme: from n/a through 2.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme MBStore - Digital WooCommerce WordPress Theme permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a MBStore, el tema digital WooCommerce para WordPress, desde n/d hasta la versi\u00f3n 2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/mbstore/vulnerability/wordpress-mbstore-digital-woocommerce-wordpress-theme-2-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28956.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28956.json new file mode 100644 index 00000000000..47c14a637f2 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28956.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28956", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:32.297", + "lastModified": "2025-06-27T12:15:32.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en wphobby Backwp permite XSS reflejado. Este problema afecta a Backwp desde n/d hasta la versi\u00f3n 2.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/backwp/vulnerability/wordpress-backwp-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28960.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28960.json new file mode 100644 index 00000000000..d80bc584ffe --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28960.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28960", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:32.473", + "lastModified": "2025-06-27T12:15:32.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en regibaer Evangelische Termine permite XSS reflejado. Este problema afecta a Evangelische Termine desde n/d hasta la versi\u00f3n 3.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/evangtermine/vulnerability/wordpress-evangelische-termine-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28970.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28970.json new file mode 100644 index 00000000000..825190a92ee --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28970.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28970", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:32.653", + "lastModified": "2025-06-27T12:15:32.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object Injection. This issue affects WP Optimize By xTraffic: from n/a through 5.1.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en pep.vn WP Optimize By xTraffic permite la inyecci\u00f3n de objetos. Este problema afecta a WP Optimize By xTraffic desde n/d hasta la versi\u00f3n 5.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-optimize-by-xtraffic/vulnerability/wordpress-wp-optimize-by-xtraffic-5-1-6-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28988.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28988.json new file mode 100644 index 00000000000..9bf615051e6 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28988.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28988", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:32.850", + "lastModified": "2025-06-27T12:15:32.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en aharonyan WP Front User Submit / Front Editor permite XSS reflejado. Este problema afecta a WP Front User Submit / Front Editor desde n/d hasta la versi\u00f3n 4.9.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/front-editor/vulnerability/wordpress-wp-front-user-submit-front-editor-plugin-4-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28990.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28990.json new file mode 100644 index 00000000000..fbed2c30f84 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28990.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28990", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:33.033", + "lastModified": "2025-06-27T12:15:33.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky allows PHP Local File Inclusion. This issue affects SNS Vicky: from n/a through 3.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme SNS Vicky permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a SNS Vicky desde n/d hasta la versi\u00f3n 3.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/snsvicky/vulnerability/wordpress-sns-vicky-3-7-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28993.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28993.json new file mode 100644 index 00000000000..113b7fa39ff --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28993.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-28993", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:33.230", + "lastModified": "2025-06-27T12:15:33.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache allows Code Injection. This issue affects Content No Cache: from n/a through 0.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo ('Inyecci\u00f3n de c\u00f3digo') en Jose Content No Cache permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Content No Cache desde n/d hasta la versi\u00f3n 0.1.3. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/content-no-cache/vulnerability/wordpress-content-no-cache-plugin-0-1-3-arbitrary-function-call-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28998.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28998.json new file mode 100644 index 00000000000..591711e7fbf --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28998.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28998", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:34.273", + "lastModified": "2025-06-27T12:15:34.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net allows PHP Local File Inclusion. This issue affects SERPed.net: from n/a through 4.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/serped-net/vulnerability/wordpress-serped-net-4-6-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json index 48c804f3534..94b67eaf851 100644 --- a/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json +++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29459", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T22:15:15.387", - "lastModified": "2025-04-23T13:15:57.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:45:56.820", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -58,14 +58,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mybb:mybb:1.8.38:*:*:*:*:*:*:*", + "matchCriteriaId": "07E2BC41-5325-4F85-9235-61FF5CA894D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.mybb.com/1.8/administration/security/protection/#limit-access-to-private-hosts-and-ip-addresses", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.yuque.com/morysummer/vx41bz/ggnmg5nnu635kvrc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json new file mode 100644 index 00000000000..64bd33ef8db --- /dev/null +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2025-2940", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T09:15:25.250", + "lastModified": "2025-06-27T09:15:25.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Ninja Tables \u2013 Easy Data Table Builder para WordPress es vulnerable a server-side request forgery en todas las versiones hasta la 5.0.18 incluida, a trav\u00e9s del par\u00e1metro args[url]. Esto permite a atacantes no autenticados realizar solicitudes web a ubicaciones arbitrarias desde la aplicaci\u00f3n web y utilizarlas para consultar y modificar informaci\u00f3n de servicios internos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.18/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L268", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.19/vendor/wpfluent/framework/src/WPFluent/Http/Client.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ninja-tables/trunk/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L268", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3269692%40ninja-tables&new=3269692%40ninja-tables&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02480559-be5c-4d23-9e62-bb76fafb4f42?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json index c9fcc6dd838..bd2dccde592 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30720", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.647", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:04:52.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.3", + "versionEndIncluding": "12.2.14", + "matchCriteriaId": "5CC0EA09-3974-4A14-8724-27020AECB5A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json index 8aa927bfe54..44b9c2ae018 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30722", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.870", - "lastModified": "2025-04-19T01:15:45.090", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:03:10.617", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,17 +36,151 @@ }, "exploitabilityScore": 1.6, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.6.0", + "versionEndIncluding": "7.6.33", + "matchCriteriaId": "1FD1C5C2-5266-48D9-AA5F-DD04C98E4E23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.41", + "matchCriteriaId": "6EA1092F-209F-41DC-A011-2AF17242F1E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndIncluding": "8.4.4", + "matchCriteriaId": "887D4DDD-E634-4442-9FC3-05B9FBDD161E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.2.0", + "matchCriteriaId": "14F46F26-AAE0-42DD-BEC2-6CB05F297A76" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.41", + "matchCriteriaId": "19E4FDDE-A035-4E72-AC34-FE8B75013682" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndIncluding": "8.4.4", + "matchCriteriaId": "1898BB9E-C5C9-4564-BEFB-D9CA5829EAE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.2.0", + "matchCriteriaId": "21B2906E-628D-446E-A6B8-ACB064EADE99" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20250418-0005/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json index c2ada50bc21..df56719d531 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30737", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.473", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:57:53.103", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,42 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:smart_view_for_office:24.200:*:*:*:*:*:*:*", + "matchCriteriaId": "34B1AC57-915B-4919-933F-CF5750604D99" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30972.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30972.json new file mode 100644 index 00000000000..4f78d423c23 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30972.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-30972", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:35.073", + "lastModified": "2025-06-27T12:15:35.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en iamapinan Woocommerce Line Notify permite XSS almacenado. Este problema afecta a Woocommerce Line Notify desde n/d hasta la versi\u00f3n 1.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woo-line-notify/vulnerability/wordpress-woocommerce-line-notify-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30992.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30992.json new file mode 100644 index 00000000000..ac58fa36ec3 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30992.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-30992", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:35.260", + "lastModified": "2025-06-27T12:15:35.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca allows PHP Local File Inclusion. This issue affects Puca: from n/a through 2.6.33." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos en PHP') en thembay Puca permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Puca desde n/d hasta la versi\u00f3n 2.6.33." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/puca/vulnerability/wordpress-puca-2-6-33-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31067.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31067.json new file mode 100644 index 00000000000..e48d529c166 --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31067.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-31067", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:35.447", + "lastModified": "2025-06-27T12:15:35.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en themeton Seven Stars permite XSS almacenado. Este problema afecta a Seven Stars desde n/d hasta la versi\u00f3n 1.4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/sevenstars/vulnerability/wordpress-seven-stars-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-314xx/CVE-2025-31428.json b/CVE-2025/CVE-2025-314xx/CVE-2025-31428.json new file mode 100644 index 00000000000..c64f150bfad --- /dev/null +++ b/CVE-2025/CVE-2025-314xx/CVE-2025-31428.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-31428", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:35.643", + "lastModified": "2025-06-27T12:15:35.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en BuddhaThemes HYDRO permite XSS reflejado. Este problema afecta a HYDRO desde n/d hasta la versi\u00f3n 2.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/hydro/vulnerability/wordpress-hydro-theme-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-322xx/CVE-2025-32254.json b/CVE-2025/CVE-2025-322xx/CVE-2025-32254.json index d19b82f8eae..4ba021a5784 100644 --- a/CVE-2025/CVE-2025-322xx/CVE-2025-32254.json +++ b/CVE-2025/CVE-2025-322xx/CVE-2025-32254.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32254", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-04T16:15:34.887", - "lastModified": "2025-06-09T16:53:01.463", + "lastModified": "2025-06-27T17:39:06.673", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -80,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*", "versionEndIncluding": "1.0.3", - "matchCriteriaId": "6A950E66-29C8-4F6A-A209-59DD62DBD36F" + "matchCriteriaId": "8D615178-8BCC-4512-848F-F6D8FCF38DF6" } ] } diff --git a/CVE-2025/CVE-2025-322xx/CVE-2025-32281.json b/CVE-2025/CVE-2025-322xx/CVE-2025-32281.json new file mode 100644 index 00000000000..861f333cc3c --- /dev/null +++ b/CVE-2025/CVE-2025-322xx/CVE-2025-32281.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-32281", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:35.850", + "lastModified": "2025-06-27T12:15:35.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en FocuxTheme WPKit para Elementor permite la escalada de privilegios. Este problema afecta a WPKit para Elementor desde la versi\u00f3n n/d hasta la 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpkit-elementor/vulnerability/wordpress-wpkit-for-elementor-plugin-1-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-322xx/CVE-2025-32298.json b/CVE-2025/CVE-2025-322xx/CVE-2025-32298.json new file mode 100644 index 00000000000..effbe217f07 --- /dev/null +++ b/CVE-2025/CVE-2025-322xx/CVE-2025-32298.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-32298", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:36.060", + "lastModified": "2025-06-27T12:15:36.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers allows PHP Local File Inclusion. This issue affects CTUsers: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en Case-Themes CTUsers permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a los usuarios de CTU desde n/d hasta la versi\u00f3n 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ctuser/vulnerability/wordpress-ctusers-1-0-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json index dd1780ae7cb..ed3fbb1dff5 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json @@ -2,8 +2,8 @@ "id": "CVE-2025-32385", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-16T00:15:19.907", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:51:15.417", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.5", + "matchCriteriaId": "0EF460A9-2081-4410-AC97-0F5485EAC623" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-2rf2-mj98-2fr8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32788.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32788.json index 5ce661eee71..b647e8707b5 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32788.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32788.json @@ -2,8 +2,8 @@ "id": "CVE-2025-32788", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-22T18:15:59.630", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:40:23.867", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.11.0", + "matchCriteriaId": "251E030A-D22B-4103-A355-257D00953C7E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32897.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32897.json new file mode 100644 index 00000000000..7a4aacdaa19 --- /dev/null +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32897.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-32897", + "sourceIdentifier": "security@apache.org", + "published": "2025-06-28T19:15:21.917", + "lastModified": "2025-06-28T19:15:21.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).\n\nThis security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.\nThis issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/9fhtf7yvpjpzlwd1m0wfgg6tp2btxpy1", + "source": "security@apache.org" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2024-47552", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3531.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3531.json index 052973aac48..595ca47ecbc 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3531.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3531.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3531", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-13T06:15:14.170", - "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T12:38:40.727", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -122,28 +142,77 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:youdiancms:youdiancms:9.5.21:*:*:*:*:*:*:*", + "matchCriteriaId": "606B2FEA-676D-405A-9058-2749063B2ED0" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/zonesec0/findcve/issues/4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/zonesec0/findcve/issues/5", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.304569", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.304569", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.543080", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3532.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3532.json index 99d32a77a38..46570dbacad 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3532.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3532.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3532", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-13T06:15:15.843", - "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T12:37:44.880", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -122,24 +142,68 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:youdiancms:youdiancms:9.5.21:*:*:*:*:*:*:*", + "matchCriteriaId": "606B2FEA-676D-405A-9058-2749063B2ED0" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/zonesec0/findcve/issues/6", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.304570", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.304570", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.543082", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3533.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3533.json index 0677ecdad26..8a92dec2388 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3533.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3533.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3533", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-13T10:15:14.287", - "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T12:18:44.910", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -122,24 +142,68 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:youdiancms:youdiancms:9.5.21:*:*:*:*:*:*:*", + "matchCriteriaId": "606B2FEA-676D-405A-9058-2749063B2ED0" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/zonesec0/findcve/issues/7", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.304571", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.304571", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.543083", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36026.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36026.json new file mode 100644 index 00000000000..3369778bbb1 --- /dev/null +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36026.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-36026", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-28T01:15:25.153", + "lastModified": "2025-06-28T01:15:25.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7238443", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36027.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36027.json new file mode 100644 index 00000000000..e0450961333 --- /dev/null +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36027.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-36027", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-28T01:15:25.343", + "lastModified": "2025-06-28T01:15:25.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\n\ncould allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7238443", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-365xx/CVE-2025-36529.json b/CVE-2025/CVE-2025-365xx/CVE-2025-36529.json new file mode 100644 index 00000000000..d2566d8c38e --- /dev/null +++ b/CVE-2025/CVE-2025-365xx/CVE-2025-36529.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2025-36529", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-06-27T06:15:24.587", + "lastModified": "2025-06-27T06:15:24.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device." + }, + { + "lang": "es", + "value": "Existe un problema de inyecci\u00f3n de comandos del sistema operativo en varias versiones de TB-eye network recorders y AHD recorders. Si se explota esta vulnerabilidad, un atacante que inicie sesi\u00f3n en el dispositivo podr\u00eda ejecutar un comando arbitrario del sistema operativo." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93396297/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.tbeye.com/topics/ahd/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-365xx/CVE-2025-36595.json b/CVE-2025/CVE-2025-365xx/CVE-2025-36595.json new file mode 100644 index 00000000000..c56c6816718 --- /dev/null +++ b/CVE-2025/CVE-2025-365xx/CVE-2025-36595.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-36595", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-06-27T14:15:36.517", + "lastModified": "2025-06-27T14:15:36.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution." + }, + { + "lang": "es", + "value": "Dell Unisphere para PowerMax vApp, versi\u00f3n 9.2.4.x, presenta una vulnerabilidad de neutralizaci\u00f3n incorrecta de directivas en c\u00f3digo guardado est\u00e1ticamente (inyecci\u00f3n de c\u00f3digo est\u00e1tico). Un atacante con privilegios elevados y acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n del c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-96" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000337554/dsa-2025-235-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilit", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3699.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3699.json index aaeaf7f5cd0..2d277a4ae60 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3699.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3699.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3699", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2025-06-26T23:15:22.177", - "lastModified": "2025-06-26T23:15:22.177", + "lastModified": "2025-06-27T10:15:26.300", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autenticaci\u00f3n faltante para funci\u00f3n cr\u00edtica en Mitsubishi Electric Corporation G-50 versi\u00f3n 3.37 y anteriores, G-50-W versi\u00f3n 3.37 y anteriores, G-50A versi\u00f3n 3.37 y anteriores, GB-50 versi\u00f3n 3.37 y anteriores, GB-50A versi\u00f3n 3.37 y anteriores, GB-24A versi\u00f3n 9.12 y anteriores, G-150AD versi\u00f3n 3.21 y anteriores, AG-150A-A versi\u00f3n 3.21 y anteriores, AG-150A-J versi\u00f3n 3.21 y anteriores, GB-50AD versi\u00f3n 3.21 y anteriores, GB-50ADA-A versi\u00f3n 3.21 y anteriores, GB-50ADA-J versi\u00f3n 3.21 y anteriores, EB-50GU-A versi\u00f3n 7.11 y anteriores, EB-50GU-J versi\u00f3n 7.11 y anteriores, AE-200J versi\u00f3n 8.01 y anteriores. AE-200A versi\u00f3n 8.01 y anteriores, AE-200E versi\u00f3n 8.01 y anteriores, AE-50J versi\u00f3n 8.01 y anteriores, AE-50A versi\u00f3n 8.01 y anteriores, AE-50E versi\u00f3n 8.01 y anteriores, EW-50J versi\u00f3n 8.01 y anteriores, EW-50A versi\u00f3n 8.01 y anteriores, EW-50E versi\u00f3n 8.01 y anteriores, TE-200A versi\u00f3n 8.01 y anteriores, TE-50A versi\u00f3n 8.01 y anteriores, TW-50A versi\u00f3n 8.01 y anteriores, y CMS-RMD-J versi\u00f3n 1.40 y anteriores permiten a un atacante remoto no autenticado eludir la autenticaci\u00f3n y, posteriormente, controlar ilegalmente los sistemas de aire acondicionado o divulgar informaci\u00f3n sobre ellos aprovechando esta vulnerabilidad. Adem\u00e1s, el atacante puede manipular el firmware de los sistemas utilizando la informaci\u00f3n divulgada." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -52,6 +56,10 @@ "url": "https://jvn.jp/vu/JVNVU96471539/", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-004_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json index c6385d80a9c..189e9d74b87 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json @@ -2,7 +2,7 @@ "id": "CVE-2025-37752", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.933", - "lastModified": "2025-05-02T13:53:20.943", + "lastModified": "2025-06-27T11:15:24.693", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -25,6 +25,14 @@ "url": "https://git.kernel.org/stable/c/5e5e1fcc1b8ed57f902c424c5d9b328a3a19073d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/6c589aa318023690f1606c666a7fb5f4c1c9c219", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d62ded97db6b7c94c891f704151f372b1ba4688", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/b36a68192037d1614317a09b0d78c7814e2eecf9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-379xx/CVE-2025-37929.json b/CVE-2025/CVE-2025-379xx/CVE-2025-37929.json index c27096943d8..7405cbe4a06 100644 --- a/CVE-2025/CVE-2025-379xx/CVE-2025-37929.json +++ b/CVE-2025/CVE-2025-379xx/CVE-2025-37929.json @@ -2,7 +2,7 @@ "id": "CVE-2025-37929", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-20T16:15:29.483", - "lastModified": "2025-05-21T20:25:16.407", + "lastModified": "2025-06-27T11:15:24.827", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -37,6 +37,10 @@ "url": "https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/e68da90ac00d8b681561aeb8f5d6c47af3a04861", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-379xx/CVE-2025-37948.json b/CVE-2025/CVE-2025-379xx/CVE-2025-37948.json index 26453efe015..4f9380251d7 100644 --- a/CVE-2025/CVE-2025-379xx/CVE-2025-37948.json +++ b/CVE-2025/CVE-2025-379xx/CVE-2025-37948.json @@ -2,7 +2,7 @@ "id": "CVE-2025-37948", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-20T16:15:32.800", - "lastModified": "2025-05-21T20:24:58.133", + "lastModified": "2025-06-27T11:15:24.947", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -36,6 +36,14 @@ { "url": "https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/993f63239c219696aef8887a4e7d3a16bf5a8ece", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c6a8735d841bcb7649734bb3a787bb174c67c0d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-379xx/CVE-2025-37958.json b/CVE-2025/CVE-2025-379xx/CVE-2025-37958.json index b61ba0d74e5..2ab169d87d9 100644 --- a/CVE-2025/CVE-2025-379xx/CVE-2025-37958.json +++ b/CVE-2025/CVE-2025-379xx/CVE-2025-37958.json @@ -2,7 +2,7 @@ "id": "CVE-2025-37958", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-20T16:15:34.027", - "lastModified": "2025-05-21T20:24:58.133", + "lastModified": "2025-06-27T11:15:25.057", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -17,14 +17,34 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/22f6368768340260e862f35151d2e1c55cb1dc75", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3977946f61cdba87b6b5aaf7d7094e96089583a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/6166c3cf405441f7147b322980144feb3cefc617", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/753f142f7ff7d2223a47105b61e1efd91587d711", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9468afbda3fbfcec21ac8132364dff3dab945faf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/ef5706bed97e240b4abf4233ceb03da7336bc775", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/fbab262b0c8226c697af1851a424896ed47dedcc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-379xx/CVE-2025-37963.json b/CVE-2025/CVE-2025-379xx/CVE-2025-37963.json index 202c095b00a..11ba460ed90 100644 --- a/CVE-2025/CVE-2025-379xx/CVE-2025-37963.json +++ b/CVE-2025/CVE-2025-379xx/CVE-2025-37963.json @@ -2,7 +2,7 @@ "id": "CVE-2025-37963", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-20T16:15:34.580", - "lastModified": "2025-05-21T20:24:58.133", + "lastModified": "2025-06-27T11:15:25.160", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -17,6 +17,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/038866e01ea5e5a3d948898ac216e531e7848669", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/477481c4348268136227348984b6699d6370b685", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" @@ -29,6 +33,10 @@ "url": "https://git.kernel.org/stable/c/80251f62028f1ab2e09be5ca3123f84e8b00389a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/df53d418709205450a02bb4d71cbfb4ff86f2c1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/e5f5100f1c64ac6c72671b2cf6b46542fce93706", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3745.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3745.json new file mode 100644 index 00000000000..52d334dbac0 --- /dev/null +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3745.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-3745", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-30T06:15:27.593", + "lastModified": "2025-06-30T06:15:27.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/1b50f686-c2e0-4963-95c8-b27137dcc059/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json index b5c487e6e10..35a625c2d48 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json @@ -2,7 +2,7 @@ "id": "CVE-2025-38083", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-06-20T12:15:21.470", - "lastModified": "2025-06-23T20:16:40.143", + "lastModified": "2025-06-27T11:15:25.267", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -17,10 +17,26 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4483d8b9127591c60c4eb789d6cab953bc4522a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/46c15c9d0f65c9ba857d63f53264f4b17e8a715f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "https://git.kernel.org/stable/c/53d11560e957d53ee87a0653d258038ce12361b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/93f9eeb678d4c9c1abf720b3615fa8299a490845", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38084.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38084.json new file mode 100644 index 00000000000..f7cba819c19 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38084.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38084", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-28T08:15:23.970", + "lastModified": "2025-06-28T08:15:23.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops->may_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/081056dc00a27bccb55ccc3c6f230a3d5fd3f7e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2511ac64bc1617ca716d3ba8464e481a647c1902", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/366298f2b04d2bf1f2f2b7078405bdf9df9bd5d0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a21d5584826f4880f45bbf8f72375f4e6c0ff2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9cf5b2a3b72c23fb7b84736d5d19ee6ea718762b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af6cfcd0efb7f051af221c418ec8b37a10211947", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8847d18cd9fff1edbb45e963d9141273c3b539c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38085.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38085.json new file mode 100644 index 00000000000..6c451d8b747 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38085.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2025-38085", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-28T08:15:24.843", + "lastModified": "2025-06-28T08:15:24.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don't see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38086.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38086.json new file mode 100644 index 00000000000..a1548d97ab3 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38086.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38086", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-28T08:15:24.997", + "lastModified": "2025-06-28T08:15:24.997", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ch9200: fix uninitialised access during mii_nway_restart\n\nIn mii_nway_restart() the code attempts to call\nmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()\nutilises a local buffer called \"buff\", which is initialised\nwith control_read(). However \"buff\" is conditionally\ninitialised inside control_read():\n\n if (err == size) {\n memcpy(data, buf, size);\n }\n\nIf the condition of \"err == size\" is not met, then\n\"buff\" remains uninitialised. Once this happens the\nuninitialised \"buff\" is accessed and returned during\nch9200_mdio_read():\n\n return (buff[0] | buff[1] << 8);\n\nThe problem stems from the fact that ch9200_mdio_read()\nignores the return value of control_read(), leading to\nuinit-access of \"buff\".\n\nTo fix this we should check the return value of\ncontrol_read() and return early on error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/119766de4930ff40db9f36b960cb53b0c400e81b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/33163c68d2e3061fa3935b5f0a1867958b1cdbd2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4da7fcc098218ff92b2e83a43f545c02f714cedd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6bd2569d0b2f918e9581f744df0263caf73ee76c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a350f30d65197354706b7759b5c89d6c267b1a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ad0452c0277b816a435433cca601304cfac7c21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9da3e442714f7f4393ff01c265c4959c03e88c2f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cdaa6d1cb2ff1219c6c822b27655dd170ffb0f72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38087.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38087.json new file mode 100644 index 00000000000..50c6e0bd2e7 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38087.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38087", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-30T08:15:22.607", + "lastModified": "2025-06-30T08:15:22.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u2019s taprio_dev_notifier() isn\u2019t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8a008c89e5e5c5332e4c0a33d707db9ddd529f8a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b1547d28ba468bc3b88764efd13e4319bab63be8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b160766e26d4e2e2d6fe2294e0b02f92baefcec5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38088.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38088.json new file mode 100644 index 00000000000..2d442d24200 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38088.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-38088", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-30T08:15:23.470", + "lastModified": "2025-06-30T08:15:23.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/620b77b23c41a6546e5548ffe2ea3ad71880dde4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81260c41b518b6f32c701425f1427562fa92f293", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8635e325b85dfb9ddebdfaa6b5605d40d16cd147", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c340b56d60545e4a159e41523dd8b23f81d3261", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bbd5a9ddb0f9750783a48a871c9e12c0b68c5f39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd097df4596f3a1e9d75eb8520162de1eb8485b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38089.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38089.json new file mode 100644 index 00000000000..1b00850a4de --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38089.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-38089", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-30T08:15:23.590", + "lastModified": "2025-06-30T08:15:23.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it's the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/353e75b55e583635bf71cde6abcec274dba05edd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/599c489eea793821232a2f69a00fa57d82b0ac98", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94d10a4dba0bc482f2b01e39f06d5513d0f75742", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c90459cd58bb421d275337093d8e901e0ba748dd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38090.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38090.json new file mode 100644 index 00000000000..ecd17541992 --- /dev/null +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38090.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2025-38090", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-06-30T08:15:23.707", + "lastModified": "2025-06-30T08:15:23.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -> cm_chan_msg_send()\n -> riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn't send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1921781ec4a8824bd0c520bf9363e28a880d14ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1cce6ac47f4a2ac1766b8a188dc8c8f6d8df2a53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50695153d7ddde3b1696dbf0085be0033bf3ddb3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/58f664614f8c3d6142ab81ae551e466dc6e092e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6d5c6711a55c35ce09b90705546050408d9d4b61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8b5ea2e302aa5cd00fc7addd8df53c9bde7b5f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c03ddc183249f03fc7e057e02cae6f89144d0123", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ecf5ee280b702270afb02f61b299d3dfe3ec7730", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3810.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3810.json index 52eb8a82ee1..d5bfecedd02 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3810.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3810.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3810", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-09T03:15:24.150", - "lastModified": "2025-05-21T14:39:49.083", + "lastModified": "2025-06-27T17:39:17.577", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -60,9 +60,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*", "versionEndExcluding": "1.0.3", - "matchCriteriaId": "5406CBD4-1AD2-42B7-BE27-634DA0BF0A8A" + "matchCriteriaId": "60D737B6-6693-4BD8-993F-42F8182A0466" } ] } diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3811.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3811.json index b45ee79011c..f0498677d3e 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3811.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3811.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3811", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-09T03:15:24.307", - "lastModified": "2025-05-21T14:08:03.370", + "lastModified": "2025-06-27T17:39:22.693", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -80,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*", "versionEndExcluding": "1.0.3", - "matchCriteriaId": "5406CBD4-1AD2-42B7-BE27-634DA0BF0A8A" + "matchCriteriaId": "60D737B6-6693-4BD8-993F-42F8182A0466" } ] } diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39474.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39474.json new file mode 100644 index 00000000000..8e0829a7138 --- /dev/null +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39474.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-39474", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:36.243", + "lastModified": "2025-06-27T12:15:36.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en ThemeMove Amely permite la inyecci\u00f3n SQL. Este problema afecta a Amely desde n/d hasta la versi\u00f3n 3.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/amely/vulnerability/wordpress-amely-theme-3-1-4-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39478.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39478.json new file mode 100644 index 00000000000..15e60f3e40e --- /dev/null +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39478.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-39478", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:36.443", + "lastModified": "2025-06-27T12:15:36.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en smartiolabs Smart Notification permite XSS reflejado. Este problema afecta a Smart Notification desde n/d hasta la versi\u00f3n 10.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smio-push-notification/vulnerability/wordpress-smart-notification-plugin-10-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39488.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39488.json new file mode 100644 index 00000000000..3f190041a4b --- /dev/null +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39488.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-39488", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:36.637", + "lastModified": "2025-06-27T12:15:36.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne allows Reflected XSS. This issue affects MagOne: from n/a through 8.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sneeit MagOne permite XSS reflejado. Este problema afecta a MagOne desde n/d hasta la versi\u00f3n 8.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/magone/vulnerability/wordpress-magone-theme-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json new file mode 100644 index 00000000000..b1d79bdd561 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40731", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-30T09:15:24.450", + "lastModified": "2025-06-30T09:15:24.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json new file mode 100644 index 00000000000..731e40304b4 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40732", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-30T09:15:25.567", + "lastModified": "2025-06-30T09:15:25.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json new file mode 100644 index 00000000000..4b8efd16dd5 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40733", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-30T09:15:25.760", + "lastModified": "2025-06-30T09:15:25.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the\u00a0username parameter in /login.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json new file mode 100644 index 00000000000..fe8c2d23312 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40734", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-30T09:15:25.947", + "lastModified": "2025-06-30T09:15:25.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the\u00a0password and confirm_password parameters in /register.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-409xx/CVE-2025-40910.json b/CVE-2025/CVE-2025-409xx/CVE-2025-40910.json new file mode 100644 index 00000000000..a26f091c6a6 --- /dev/null +++ b/CVE-2025/CVE-2025-409xx/CVE-2025-40910.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-40910", + "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "published": "2025-06-27T13:15:24.667", + "lastModified": "2025-06-27T20:15:23.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.\n\nLeading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation." + }, + { + "lang": "es", + "value": "La versi\u00f3n 1.10 de Net::IP::LPM para Perl no considera correctamente los ceros iniciales en las cadenas de direcciones IP CIDR, lo que podr\u00eda permitir a los atacantes eludir el control de acceso basado en direcciones IP. Los ceros iniciales se utilizan para indicar n\u00fameros octales, lo que puede confundir tanto a los usuarios que utilizan la notaci\u00f3n octal intencionalmente como a los que creen que utilizan la notaci\u00f3n decimal." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1287" + } + ] + } + ], + "references": [ + { + "url": "https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-414xx/CVE-2025-41418.json b/CVE-2025/CVE-2025-414xx/CVE-2025-41418.json new file mode 100644 index 00000000000..054c7b88be5 --- /dev/null +++ b/CVE-2025/CVE-2025-414xx/CVE-2025-41418.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2025-41418", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-06-27T06:15:26.180", + "lastModified": "2025-06-27T06:15:26.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en varias versiones de TB-eye network recorders y AHD recorders. El proceso CGI podr\u00eda finalizar de forma an\u00f3mala al procesar una solicitud especialmente manipulada." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93396297/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.tbeye.com/topics/ahd/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4227.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4227.json index 0ca6791f45f..8dce33761f5 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4227.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4227.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4227", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-06-13T06:15:22.253", - "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:49:37.187", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "GREEN" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } ] }, "weaknesses": [ @@ -73,10 +95,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.8", + "matchCriteriaId": "B2DE8243-7786-4D7C-A0CB-A3D3E44C9B26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.8", + "matchCriteriaId": "2CF74763-01A1-4403-AF7D-83DF62D56498" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "EFAA1A23-5A3C-48FA-8672-D8329D67A14C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2025-4227", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4232.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4232.json index 5085c495ed5..d91a617d976 100644 --- a/CVE-2025/CVE-2025-42xx/CVE-2025-4232.json +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4232.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4232", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2025-06-13T00:15:23.697", - "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:47:32.383", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,10 +95,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.8", + "matchCriteriaId": "B2DE8243-7786-4D7C-A0CB-A3D3E44C9B26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "EFAA1A23-5A3C-48FA-8672-D8329D67A14C" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2025-4232", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43550.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43550.json index 3ff3dabae9a..2561525cd20 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43550.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43550.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43550", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.120", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:15:03.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43573.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43573.json index ab895f0fd9c..7884cdf5cf8 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43573.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43573.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43573", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.273", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:15:01.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43574.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43574.json index 4f6759a4081..6df606e7c7f 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43574.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43574.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43574", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.427", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:59.243", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43575.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43575.json index 52b91cb4f19..c2885b21799 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43575.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43575.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43575", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.570", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:57.577", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43576.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43576.json index 245214511ff..7f4c8fbfbf3 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43576.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43576.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43576", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.723", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:56.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,143 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2170", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43577.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43577.json index cd358acabb5..63b47997f3a 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43577.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43577.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43577", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:32.893", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:54.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43578.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43578.json index 018f5ee1587..af9a684a2ee 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43578.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43578.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43578", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:33.050", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:52.487", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,143 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2159", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43579.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43579.json index c65b7ad3aba..90da001817a 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43579.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43579.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43579", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T19:15:33.200", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:14:49.923", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,135 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "376F0E78-8AFA-4E22-B184-0A65A5A7F002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20531", + "matchCriteriaId": "43496C0D-659C-469C-997C-0BF46BA6D957" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "2926A6BD-FE80-4C53-BF89-8960980F64EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "25.001.20529", + "matchCriteriaId": "1ED80F56-2F35-42E4-883C-B1D236753A67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0FFFBA4F-DE4F-440A-854E-36E903614C00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.001.30254", + "matchCriteriaId": "307B3DF8-A6D3-483C-9209-7FB3D7FBC0FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30002", + "versionEndExcluding": "20.005.30774", + "matchCriteriaId": "0F197672-D93F-4904-9846-E8A05851A6E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-441xx/CVE-2025-44163.json b/CVE-2025/CVE-2025-441xx/CVE-2025-44163.json new file mode 100644 index 00000000000..97bbd7e5bab --- /dev/null +++ b/CVE-2025/CVE-2025-441xx/CVE-2025-44163.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-44163", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:37.417", + "lastModified": "2025-06-27T20:15:25.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution." + }, + { + "lang": "es", + "value": "RaspAP raspap-webgui 3.3.1 es vulnerable a Directory Traversal en ajax/networking/get_wgkey.php. Un atacante autenticado puede enviar una solicitud POST manipulada con un payload de path traversal en el par\u00e1metro `entity` para sobrescribir archivos arbitrarios con permisos de escritura del servidor web mediante el uso indebido del comando `tee` utilizado en la ejecuci\u00f3n del shell." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/YichaoXu/3694f039a3d1b973efd068e4dc662a41", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/RaspAP/raspap-webgui/blob/125ae7a39ad7c9a71250d3b3e349fd767687ff8d/ajax/networking/get_wgkey.php#L9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-445xx/CVE-2025-44557.json b/CVE-2025/CVE-2025-445xx/CVE-2025-44557.json new file mode 100644 index 00000000000..4acd89eb79a --- /dev/null +++ b/CVE-2025/CVE-2025-445xx/CVE-2025-44557.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-44557", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T17:15:33.040", + "lastModified": "2025-06-27T17:15:33.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet." + }, + { + "lang": "es", + "value": "Una falla de transici\u00f3n de m\u00e1quina de estados en la pila Bluetooth Low Energy (BLE) de Cypress PSoC4 v3.66 permite a los atacantes eludir el proceso de emparejamiento y autenticaci\u00f3n a trav\u00e9s de un paquete pairing_failed manipulado." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Cypress/Auth_bypass.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.infineon.com/cms/en/design-support/tools/sdk/psoc-software/psoc-4-components/psoc-creator-component-datasheet-bluetooth-low-energy-ble/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-445xx/CVE-2025-44559.json b/CVE-2025/CVE-2025-445xx/CVE-2025-44559.json new file mode 100644 index 00000000000..fb301b18656 --- /dev/null +++ b/CVE-2025/CVE-2025-445xx/CVE-2025-44559.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-44559", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T17:15:33.290", + "lastModified": "2025-06-27T17:15:33.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets." + }, + { + "lang": "es", + "value": "Un problema en la pila Bluetooth Low Energy (BLE) de Realtek RTL8762E BLE SDK v1.4.0 permite a los atacantes dentro del alcance de Bluetooth provocar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de una secuencia espec\u00edfica de paquetes de control manipulados." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://realtek.com", + "source": "cve@mitre.org" + }, + { + "url": "http://rtl8762e.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Realtek/Cross-layer_Interaction_Deadlock.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-452xx/CVE-2025-45250.json b/CVE-2025/CVE-2025-452xx/CVE-2025-45250.json index b188407426b..93bb8a0eeb6 100644 --- a/CVE-2025/CVE-2025-452xx/CVE-2025-45250.json +++ b/CVE-2025/CVE-2025-452xx/CVE-2025-45250.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45250", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-06T17:16:12.380", - "lastModified": "2025-05-07T14:13:20.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T15:33:18.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mrdoc:mrdoc:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.95", + "matchCriteriaId": "55790010-AE6A-4EA9-9121-A4C12A78495C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Anike-x/CVE-2025-45250", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/zmister2016/MrDoc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45729.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45729.json new file mode 100644 index 00000000000..e51d3eec117 --- /dev/null +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45729.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-45729", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:37.630", + "lastModified": "2025-06-27T20:15:26.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services." + }, + { + "lang": "es", + "value": "D-Link DIR-823-Pro 1.02 tiene un control de permisos inadecuado, lo que permite que usuarios no autorizados activen y accedan a servicios Telnet." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.kdev.site/2025/04/02/d-link-823_pro-unauthorized-telnet-access/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45737.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45737.json new file mode 100644 index 00000000000..934b5902851 --- /dev/null +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45737.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-45737", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T05:15:33.223", + "lastModified": "2025-06-27T20:15:27.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component." + }, + { + "lang": "es", + "value": "Un problema en NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver anterior a v1.0.0.8 permite a los atacantes escalar privilegios mediante el env\u00edo de comandos IOCTL manipulados al componente NeacSafe64.sys." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/za233/NeacController", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45851.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45851.json new file mode 100644 index 00000000000..a29e7b0355a --- /dev/null +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45851.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2025-45851", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T12:15:36.817", + "lastModified": "2025-06-27T20:15:27.997", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge." + }, + { + "lang": "es", + "value": "Un problema en Hikvision DS-2CD1321-I V5.7.21 build 230819 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de una solicitud POST manipulada al endpoint /ISAPI/Security/challenge." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://crashpark.weebly.com/blog/hikvision-ip-camera-unauthenticated-denial-of-service-dos", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4587.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4587.json new file mode 100644 index 00000000000..177718f6f75 --- /dev/null +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4587.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-4587", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:22.030", + "lastModified": "2025-06-27T08:15:22.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento A/B Testing para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del bloque 'ab-testing-for-wp/ab-test-block' en todas las versiones hasta la 1.18.2 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en el par\u00e1metro 'id'. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/ab-testing-for-wp/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3dcf401a-3b91-4b55-b6b1-a132ec195607?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-460xx/CVE-2025-46014.json b/CVE-2025/CVE-2025-460xx/CVE-2025-46014.json new file mode 100644 index 00000000000..5e7d58e4a58 --- /dev/null +++ b/CVE-2025/CVE-2025-460xx/CVE-2025-46014.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-46014", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-30T02:15:21.077", + "lastModified": "2025-06-30T02:15:21.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Souhardya/Exploit-PoCs/tree/main/HonorPCManager-PrivEsc", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-464xx/CVE-2025-46415.json b/CVE-2025/CVE-2025-464xx/CVE-2025-46415.json new file mode 100644 index 00000000000..649cc85d4b7 --- /dev/null +++ b/CVE-2025/CVE-2025-464xx/CVE-2025-46415.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2025-46415", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:37.870", + "lastModified": "2025-06-27T14:15:37.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b." + }, + { + "lang": "es", + "value": "Una condici\u00f3n de ejecuci\u00f3n en los gestores de paquetes Nix, Lix y Guix permite la eliminaci\u00f3n de contenido de carpetas arbitrarias. Esto afecta a Nix anteriores a 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a 1.4.0-38.0e79d5b." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 3.2, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.4, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "references": [ + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", + "source": "cve@mitre.org" + }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.snyk.io", + "source": "cve@mitre.org" + }, + { + "url": "https://lix.systems/blog/2025-06-24-lix-cves/", + "source": "cve@mitre.org" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2025-46415", + "source": "cve@mitre.org" + }, + { + "url": "https://security.snyk.io/vuln/?search=CVE-2025-46415", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-464xx/CVE-2025-46416.json b/CVE-2025/CVE-2025-464xx/CVE-2025-46416.json new file mode 100644 index 00000000000..36774a98380 --- /dev/null +++ b/CVE-2025/CVE-2025-464xx/CVE-2025-46416.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2025-46416", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:38.163", + "lastModified": "2025-06-27T14:15:38.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b." + }, + { + "lang": "es", + "value": "Los gestores de paquetes Nix, Lix y Guix permiten omitir el aislamiento de compilaci\u00f3n, lo que permite a un usuario elevar sus privilegios a la cuenta de usuario de compilaci\u00f3n (p. ej., nixbld o guixbuild). Esto afecta a Nix hasta las versiones 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix hasta las versiones 2.91.2, 2.92.2 y 2.93.1; y Guix anterior a la versi\u00f3n 1.4.0-38.0e79d5b." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 2.9, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.4, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-282" + } + ] + } + ], + "references": [ + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", + "source": "cve@mitre.org" + }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.snyk.io", + "source": "cve@mitre.org" + }, + { + "url": "https://lix.systems/blog/2025-06-24-lix-cves/", + "source": "cve@mitre.org" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2025-46416", + "source": "cve@mitre.org" + }, + { + "url": "https://security.snyk.io/vuln/?search=CVE-2025-46416", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46707.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46707.json new file mode 100644 index 00000000000..a02a63967e7 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46707.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-46707", + "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", + "published": "2025-06-27T17:15:33.597", + "lastModified": "2025-06-27T17:15:33.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU." + }, + { + "lang": "es", + "value": "El software instalado y ejecut\u00e1ndose dentro de una m\u00e1quina virtual invitada puede anular el estado del firmware y obtener acceso a la GPU." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", + "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46708.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46708.json new file mode 100644 index 00000000000..eda186bfbf2 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46708.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-46708", + "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", + "published": "2025-06-27T17:15:33.803", + "lastModified": "2025-06-27T17:15:33.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU." + }, + { + "lang": "es", + "value": "El software instalado y ejecut\u00e1ndose dentro de una m\u00e1quina virtual invitada puede realizar llamadas de sistema de GPU incorrectas para evitar que otros invitados ejecuten trabajos en la GPU." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-280" + } + ] + } + ], + "references": [ + { + "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", + "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47574.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47574.json new file mode 100644 index 00000000000..311dd5d6bf2 --- /dev/null +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47574.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47574", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.030", + "lastModified": "2025-06-27T12:15:37.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Mojoomla School Management permite XSS reflejado. Este problema afecta a School Management desde n/d hasta la versi\u00f3n 92.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-system-plugin-92-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-476xx/CVE-2025-47654.json b/CVE-2025/CVE-2025-476xx/CVE-2025-47654.json new file mode 100644 index 00000000000..26e54a5bd21 --- /dev/null +++ b/CVE-2025/CVE-2025-476xx/CVE-2025-47654.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47654", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.207", + "lastModified": "2025-06-27T12:15:37.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Adrian Tobey FormLift for Infusionsoft Web Forms permite XSS reflejado. Este problema afecta a FormLift para formularios web de Infusionsoft desde n/d hasta la versi\u00f3n 7.5.20." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/formlift/vulnerability/wordpress-formlift-for-infusionsoft-web-forms-plugin-7-5-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47818.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47818.json new file mode 100644 index 00000000000..6216a1b554e --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47818.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47818", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T02:15:23.570", + "lastModified": "2025-06-27T02:15:23.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety Gunshot Detection anteriores a la versi\u00f3n 1.3 tienen una contrase\u00f1a codificada para la conexi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 2.2, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-259" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47819.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47819.json new file mode 100644 index 00000000000..a4db9a87695 --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47819.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47819", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T02:15:23.757", + "lastModified": "2025-06-27T02:15:23.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety Gunshot Detection anteriores a la versi\u00f3n 1.3 tienen una interfaz de depuraci\u00f3n en chip con un control de acceso inadecuado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1191" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47820.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47820.json new file mode 100644 index 00000000000..88e5fe4d8f1 --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47820.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47820", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T02:15:23.920", + "lastModified": "2025-06-27T03:15:21.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety Gunshot Detection anteriores a la versi\u00f3n 1.3 tienen almacenamiento de c\u00f3digo en texto sin cifrar." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47821.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47821.json new file mode 100644 index 00000000000..5c25c9b04ef --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47821.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47821", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T03:15:22.160", + "lastModified": "2025-06-27T03:15:22.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety Gunshot Detection anteriores a la versi\u00f3n 1.3 tienen una contrase\u00f1a codificada para un sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 2.2, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-259" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47822.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47822.json new file mode 100644 index 00000000000..d16d6bb0f00 --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47822.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47822", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T03:15:22.323", + "lastModified": "2025-06-27T03:15:22.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety LPR (License Plate Reader) con firmware hasta la versi\u00f3n 2.2 tienen una interfaz de depuraci\u00f3n en chip con un control de acceso inadecuado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1191" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47823.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47823.json new file mode 100644 index 00000000000..80690a040fb --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47823.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47823", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T03:15:22.487", + "lastModified": "2025-06-27T03:15:22.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety LPR (License Plate Reader) con firmware hasta la versi\u00f3n 2.2 tienen una contrase\u00f1a codificada para un sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 2.2, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-259" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47824.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47824.json new file mode 100644 index 00000000000..b5d64df01bb --- /dev/null +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47824.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-47824", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T03:15:22.650", + "lastModified": "2025-06-27T03:15:22.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code." + }, + { + "lang": "es", + "value": "Los dispositivos Flock Safety LPR (License Plate Reader) con firmware hasta la versi\u00f3n 2.2 tienen almacenamiento de c\u00f3digo en texto sin cifrar." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-481xx/CVE-2025-48175.json b/CVE-2025/CVE-2025-481xx/CVE-2025-48175.json index f739cb17237..ab5ded34b6c 100644 --- a/CVE-2025/CVE-2025-481xx/CVE-2025-48175.json +++ b/CVE-2025/CVE-2025-481xx/CVE-2025-48175.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48175", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-16T05:15:37.470", - "lastModified": "2025-05-16T14:42:18.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-27T15:21:28.030", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.4, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 } ] }, @@ -51,18 +71,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aomedia:libavif:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "401B7089-C028-4344-AC58-DB1CF4C8401C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/AOMediaCodec/libavif/pull/2769", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json index 815f60c531a..4a9aa5b2a1a 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49176", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:45.470", - "lastModified": "2025-06-23T19:15:24.090", + "lastModified": "2025-06-30T09:15:26.127", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -19,23 +19,23 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", - "baseScore": 6.6, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", - "integrityImpact": "LOW", + "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, - "impactScore": 4.7 + "impactScore": 5.5 } ] }, diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json index a1609272eca..80c8ce5eb09 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49179", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:46.000", - "lastModified": "2025-06-23T19:15:24.383", + "lastModified": "2025-06-30T09:15:26.510", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -19,23 +19,23 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", - "baseScore": 6.6, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, - "impactScore": 4.7 + "impactScore": 5.5 } ] }, diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json index 84b2223a1de..d3248c8a12f 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49180", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:46.183", - "lastModified": "2025-06-23T19:15:24.517", + "lastModified": "2025-06-30T09:15:26.713", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -19,23 +19,23 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, - "impactScore": 4.2 + "impactScore": 5.9 } ] }, diff --git a/CVE-2025/CVE-2025-492xx/CVE-2025-49290.json b/CVE-2025/CVE-2025-492xx/CVE-2025-49290.json new file mode 100644 index 00000000000..487965731b7 --- /dev/null +++ b/CVE-2025/CVE-2025-492xx/CVE-2025-49290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49290", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.397", + "lastModified": "2025-06-27T12:15:37.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Reflected XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) permite XSS reflejado. Este problema afecta a las barras laterales y men\u00fas fuera del lienzo (barras deslizantes): desde n/d hasta la versi\u00f3n 0.5.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/off-canvas-sidebars/vulnerability/wordpress-off-canvas-sidebars-menus-slidebars-plugin-0-5-8-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-493xx/CVE-2025-49321.json b/CVE-2025/CVE-2025-493xx/CVE-2025-49321.json new file mode 100644 index 00000000000..6a90f63915c --- /dev/null +++ b/CVE-2025/CVE-2025-493xx/CVE-2025-49321.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49321", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.587", + "lastModified": "2025-06-27T12:15:37.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Arraytics Eventin permite XSS reflejado. Este problema afecta a Eventin desde n/d hasta la versi\u00f3n 4.0.28." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-28-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-494xx/CVE-2025-49416.json b/CVE-2025/CVE-2025-494xx/CVE-2025-49416.json new file mode 100644 index 00000000000..b37f3693d1b --- /dev/null +++ b/CVE-2025/CVE-2025-494xx/CVE-2025-49416.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49416", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.763", + "lastModified": "2025-06-27T12:15:37.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery allows PHP Local File Inclusion. This issue affects FW Gallery: from n/a through 8.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en Fastw3b LLC FW Gallery permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a FW Gallery desde n/d hasta la versi\u00f3n 8.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-494xx/CVE-2025-49423.json b/CVE-2025/CVE-2025-494xx/CVE-2025-49423.json new file mode 100644 index 00000000000..3178dee7fa3 --- /dev/null +++ b/CVE-2025/CVE-2025-494xx/CVE-2025-49423.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:37.950", + "lastModified": "2025-06-27T12:15:37.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator allows Reflected XSS. This issue affects Bulk YouTube Post Creator: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Syed Tahir Ali Jan Bulk YouTube Post Creator permite XSS reflejado. Este problema afecta a Bulk YouTube Post Creator desde n/d hasta la versi\u00f3n 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bulk-youtube-post-creator/vulnerability/wordpress-bulk-youtube-post-creator-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-494xx/CVE-2025-49448.json b/CVE-2025/CVE-2025-494xx/CVE-2025-49448.json new file mode 100644 index 00000000000..82fbe5c1f03 --- /dev/null +++ b/CVE-2025/CVE-2025-494xx/CVE-2025-49448.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49448", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:38.130", + "lastModified": "2025-06-27T12:15:38.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n de una ruta a un directorio restringido ('Path Traversal') en Fastw3b LLC FW Food Menu permite el Path Traversal. Este problema afecta a FW Food Menu desde n/d hasta la versi\u00f3n 6.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49852.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49852.json index ff76186701b..273dc0397b6 100644 --- a/CVE-2025/CVE-2025-498xx/CVE-2025-49852.json +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49852.json @@ -2,13 +2,13 @@ "id": "CVE-2025-49852", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-06-24T20:15:25.727", - "lastModified": "2025-06-26T18:58:14.280", + "lastModified": "2025-06-27T18:15:47.070", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers." + "value": "ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers." }, { "lang": "es", @@ -59,12 +59,34 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } ] }, "weaknesses": [ { "source": "ics-cert@hq.dhs.gov", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49853.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49853.json index 4672704c486..3d00242595f 100644 --- a/CVE-2025/CVE-2025-498xx/CVE-2025-49853.json +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49853.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49853", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-06-24T20:15:25.873", - "lastModified": "2025-06-26T18:58:14.280", + "lastModified": "2025-06-27T18:15:49.777", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -59,12 +59,34 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } ] }, "weaknesses": [ { "source": "ics-cert@hq.dhs.gov", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49883.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49883.json new file mode 100644 index 00000000000..b50fbc2cd26 --- /dev/null +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49883.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49883", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:38.307", + "lastModified": "2025-06-27T12:15:38.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart allows PHP Local File Inclusion. This issue affects Greenmart: from n/a through 4.2.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en thembay Greenmart permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Greenmart desde n/d hasta la versi\u00f3n 4.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/greenmart/vulnerability/wordpress-greenmart-4-2-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49885.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49885.json new file mode 100644 index 00000000000..5a58d533000 --- /dev/null +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49885.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49885", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:38.477", + "lastModified": "2025-06-27T12:15:38.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through 5.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de tipo peligroso en la carga sin restricciones de archivos en HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce permite subir un shell web a un servidor web. Este problema afecta a la funci\u00f3n de arrastrar y soltar m\u00faltiples archivos (Pro) de WooCommerce: desde n/d hasta la versi\u00f3n 5.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/drag-and-drop-file-upload-wc-pro/vulnerability/wordpress-drag-and-drop-multiple-file-upload-pro-woocommerce-5-0-6-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49886.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49886.json new file mode 100644 index 00000000000..6ae768d68eb --- /dev/null +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49886.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49886", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:38.663", + "lastModified": "2025-06-27T12:15:38.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core allows PHP Local File Inclusion. This issue affects Zikzag Core: from n/a through 1.4.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en WebGeniusLab Zikzag Core permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a Zikzag Core desde n/d hasta la versi\u00f3n 1.4.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/zikzag-core/vulnerability/wordpress-zikzag-core-1-4-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50052.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50052.json new file mode 100644 index 00000000000..1bdf481d595 --- /dev/null +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50052.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-50052", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:38.837", + "lastModified": "2025-06-27T12:15:38.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter allows Reflected XSS. This issue affects Flexo Counter: from n/a through 1.0001." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en flexostudio Flexo Counter permite XSS reflejado. Este problema afecta a Flexo Counter desde n/d hasta la versi\u00f3n 1.0001." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flexo-countdown/vulnerability/wordpress-flexo-counter-1-0001-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-503xx/CVE-2025-50367.json b/CVE-2025/CVE-2025-503xx/CVE-2025-50367.json new file mode 100644 index 00000000000..b6938370214 --- /dev/null +++ b/CVE-2025/CVE-2025-503xx/CVE-2025-50367.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-50367", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T16:15:25.263", + "lastModified": "2025-06-27T20:15:29.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad XSS ciega almacenada en la p\u00e1gina de contacto de Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. El campo de nombre no depura correctamente la entrada del usuario, lo que permite a un atacante inyectar JavaScript malicioso." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1h3ll/CVEs/blob/main/BXSS-Medicalcard_Generations_System.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-503xx/CVE-2025-50369.json b/CVE-2025/CVE-2025-503xx/CVE-2025-50369.json new file mode 100644 index 00000000000..1347beaa3d1 --- /dev/null +++ b/CVE-2025/CVE-2025-503xx/CVE-2025-50369.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-50369", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T16:15:25.407", + "lastModified": "2025-06-27T20:15:31.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en la funci\u00f3n de administraci\u00f3n de tarjetas (/mcgs/admin/manage-card.php) de PHPGurukul Medical Card Generation System 1.0. El endpoint vulnerable permite a un administrador autorizado eliminar registros de tarjetas m\u00e9dicas mediante una simple solicitud GET sin verificar el origen de la solicitud." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1h3ll/CVEs/blob/main/CSRF-MANAGECARD_Medicalcard_Generations_System.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-503xx/CVE-2025-50370.json b/CVE-2025/CVE-2025-503xx/CVE-2025-50370.json new file mode 100644 index 00000000000..ccb721e5da2 --- /dev/null +++ b/CVE-2025/CVE-2025-503xx/CVE-2025-50370.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-50370", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T16:15:25.543", + "lastModified": "2025-06-27T20:15:33.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross Site Request Forgery (CSRF) en la funci\u00f3n de gesti\u00f3n de consultas /mcgs/admin/readenq.php de Phpgurukul Medical Card Generation System 1.0. El endpoint vulnerable permite a un administrador autenticado eliminar registros de consultas mediante una simple solicitud GET, sin necesidad de un token CSRF ni de validar el origen de la solicitud." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1h3ll/CVEs/blob/main/CSRF-ReadEnquiry_Medicalcard_Generations_System.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-505xx/CVE-2025-50528.json b/CVE-2025/CVE-2025-505xx/CVE-2025-50528.json new file mode 100644 index 00000000000..cdac98a68b4 --- /dev/null +++ b/CVE-2025/CVE-2025-505xx/CVE-2025-50528.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-50528", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:39.140", + "lastModified": "2025-06-27T20:15:34.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n fromNatStaticSetting de Tenda AC6 <=V15.03.05.19 a trav\u00e9s del par\u00e1metro de p\u00e1gina." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pfwqdxwdd/cve/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-506xx/CVE-2025-50693.json b/CVE-2025/CVE-2025-506xx/CVE-2025-50693.json index 74ba7bae3d9..1c565c8b9a2 100644 --- a/CVE-2025/CVE-2025-506xx/CVE-2025-50693.json +++ b/CVE-2025/CVE-2025-506xx/CVE-2025-50693.json @@ -2,8 +2,8 @@ "id": "CVE-2025-50693", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-24T16:15:29.410", - "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:35:39.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:online_dj_booking_management_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "244227FC-8C07-4082-BBEB-D41E73CE303A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/blackm4c/cve/blob/master/phpgurukul/odms/idor/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-506xx/CVE-2025-50695.json b/CVE-2025/CVE-2025-506xx/CVE-2025-50695.json index 441dcd3cc4a..7c0752d2637 100644 --- a/CVE-2025/CVE-2025-506xx/CVE-2025-50695.json +++ b/CVE-2025/CVE-2025-506xx/CVE-2025-50695.json @@ -2,8 +2,8 @@ "id": "CVE-2025-50695", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-24T16:15:29.530", - "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:33:31.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:online_dj_booking_management_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "244227FC-8C07-4082-BBEB-D41E73CE303A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/blackm4c/cve/tree/master/phpgurukul/odms/1.stored_xss", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-50xx/CVE-2025-5035.json b/CVE-2025/CVE-2025-50xx/CVE-2025-5035.json new file mode 100644 index 00000000000..ad768f105f9 --- /dev/null +++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5035.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2025-5035", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-27T06:15:26.393", + "lastModified": "2025-06-27T15:15:27.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Firelight Lightbox para WordPress anterior a la versi\u00f3n 2.3.16 no depura ni escapa los atributos de t\u00edtulo antes de mostrarlos en la p\u00e1gina, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de colaboradores realizar ataques de cross site scripting almacenado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wpscan.com/vulnerability/5dca30af-4624-4a71-93be-00fa8dc00c97/", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/5dca30af-4624-4a71-93be-00fa8dc00c97/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-50xx/CVE-2025-5093.json b/CVE-2025/CVE-2025-50xx/CVE-2025-5093.json new file mode 100644 index 00000000000..c126683393d --- /dev/null +++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5093.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2025-5093", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-27T06:15:26.517", + "lastModified": "2025-06-27T15:15:27.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Responsive Lightbox & Gallery de WordPress anterior a la versi\u00f3n 2.5.2 usa la librer\u00eda Swipebox, que no valida ni escapa los atributos de t\u00edtulo antes de mostrarlos nuevamente en una p\u00e1gina o publicaci\u00f3n cuando se usa, lo que podr\u00eda permitir que los usuarios con rol de colaborador y superior realicen ataques de cross site scripting almacenado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wpscan.com/vulnerability/1862b4a6-5570-48a4-9b09-f9659eb0e9e3/", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/1862b4a6-5570-48a4-9b09-f9659eb0e9e3/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-51xx/CVE-2025-5194.json b/CVE-2025/CVE-2025-51xx/CVE-2025-5194.json new file mode 100644 index 00000000000..c5d722fab1d --- /dev/null +++ b/CVE-2025/CVE-2025-51xx/CVE-2025-5194.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-5194", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-27T06:15:26.633", + "lastModified": "2025-06-27T06:15:26.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento WP Map Block de WordPress anterior a la versi\u00f3n 2.0.3 no valida ni escapa algunas de sus opciones de bloque antes de mostrarlas nuevamente en una p\u00e1gina o publicaci\u00f3n donde el bloque est\u00e1 incrustado, lo que podr\u00eda permitir a los usuarios con rol de colaborador y superior realizar ataques de cross site scripting almacenado." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/f90b7ad6-e2a2-4833-a390-a78c64dc2382/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-522xx/CVE-2025-52207.json b/CVE-2025/CVE-2025-522xx/CVE-2025-52207.json new file mode 100644 index 00000000000..751c9fed928 --- /dev/null +++ b/CVE-2025/CVE-2025-522xx/CVE-2025-52207.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-52207", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T17:15:34.333", + "lastModified": "2025-06-27T17:15:34.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory." + }, + { + "lang": "es", + "value": "PBXCoreREST/Controllers/Files/PostController.php en MikoPBX hasta 2024.1.114 permite cargar un script PHP en un directorio arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mikopbx/Core/commit/3ee785429d3f1b33c9ab387ef4221127c9b8c5f3", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mikopbx.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-525xx/CVE-2025-52553.json b/CVE-2025/CVE-2025-525xx/CVE-2025-52553.json new file mode 100644 index 00000000000..b12adabfffb --- /dev/null +++ b/CVE-2025/CVE-2025-525xx/CVE-2025-52553.json @@ -0,0 +1,94 @@ +{ + "id": "CVE-2025-52553", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T15:15:25.143", + "lastModified": "2025-06-27T15:15:25.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, however this check is missing in versions prior to 2025.6.3 and 2025.4.3. When, for example, using RAC during a screenshare, a malicious user could access the same session by copying the URL from the shown browser. authentik 2025.4.3 and 2025.6.3 fix this issue. As a workaround, it is recommended to decrease the duration a token is valid for (in the RAC Provider settings, set Connection expiry to `minutes=5` for example). The maintainers of authentik also recommend enabling the option Delete authorization on disconnect." + }, + { + "lang": "es", + "value": "Authentik es un proveedor de identidad de c\u00f3digo abierto. Tras autorizar el acceso a un endpoint RAC, Authentik crea un token que se utiliza para una \u00fanica conexi\u00f3n y se env\u00eda al cliente en la URL. Este token est\u00e1 dise\u00f1ado para ser v\u00e1lido \u00fanicamente durante la sesi\u00f3n del usuario que autoriz\u00f3 la conexi\u00f3n; sin embargo, esta comprobaci\u00f3n no est\u00e1 disponible en versiones anteriores a 2025.6.3 y 2025.4.3. Por ejemplo, al usar RAC durante una pantalla compartida, un usuario malintencionado podr\u00eda acceder a la misma sesi\u00f3n copiando la URL del navegador mostrado. Authentik 2025.4.3 y 2025.6.3 soluciona este problema. Como soluci\u00f3n alternativa, se recomienda reducir la validez de un token (por ejemplo, en la configuraci\u00f3n del proveedor RAC, establezca la caducidad de la conexi\u00f3n en `minutos=5`). Los desarrolladores de Authentik tambi\u00e9n recomiendan habilitar la opci\u00f3n \"Eliminar autorizaci\u00f3n al desconectar\"." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/goauthentik/authentik/commit/0e07414e9739b318cff9401a413a5fe849545325", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/65373ab21711d58147b5cb9276c5b5876baaa5eb", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/7100d3c6741853f1cfe3ea2073ba01823ab55caa", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-wr3v-9p2c-chx7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52709.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52709.json new file mode 100644 index 00000000000..365599f7fc0 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52709.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52709", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.030", + "lastModified": "2025-06-27T12:15:39.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object Injection. This issue affects Everest Forms: from n/a through 3.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en wpeverest Everest Forms permite la inyecci\u00f3n de objetos. Este problema afecta a Everest Forms desde la versi\u00f3n n/d hasta la 3.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/everest-forms/vulnerability/wordpress-everest-forms-3-2-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52717.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52717.json new file mode 100644 index 00000000000..000dafc092c --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52717.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52717", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.220", + "lastModified": "2025-06-27T12:15:39.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en chrisbadgett LifterLMS permite la inyecci\u00f3n SQL. Este problema afecta a LifterLMS desde n/d hasta la versi\u00f3n 8.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lifterlms/vulnerability/wordpress-lifterlms-8-0-6-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52722.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52722.json new file mode 100644 index 00000000000..a7353813d6f --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52722.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52722", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.403", + "lastModified": "2025-06-27T12:15:39.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera allows SQL Injection. This issue affects Classiera: from n/a through 4.0.34." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en JoinWebs Classiera permite la inyecci\u00f3n SQL. Este problema afecta a Classiera desde n/d hasta la versi\u00f3n 4.0.34." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/classiera/vulnerability/wordpress-classiera-4-0-34-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52723.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52723.json new file mode 100644 index 00000000000..19a463dc5fa --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52723.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52723", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.590", + "lastModified": "2025-06-27T12:15:39.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker allows PHP Local File Inclusion. This issue affects Networker: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en Codesupplyco Networker permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Networker desde n/d hasta la versi\u00f3n 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/networker/vulnerability/wordpress-networker-1-2-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52724.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52724.json new file mode 100644 index 00000000000..dfc6b5487c1 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52724.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52724", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.760", + "lastModified": "2025-06-27T12:15:39.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection. This issue affects Amwerk: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en BoldThemes Amwerk permite la inyecci\u00f3n de objetos. Este problema afecta a Amwerk desde n/d hasta la versi\u00f3n 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/amwerk/vulnerability/wordpress-amwerk-1-2-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52725.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52725.json new file mode 100644 index 00000000000..9a08739b1f0 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52725.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52725", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:39.950", + "lastModified": "2025-06-27T12:15:39.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This issue affects CouponXxL: from n/a through 3.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en pebas CouponXxL permite la inyecci\u00f3n de objetos. Este problema afecta a CouponXxL desde n/d hasta la versi\u00f3n 3.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/couponxxl/vulnerability/wordpress-couponxxl-3-0-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52726.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52726.json new file mode 100644 index 00000000000..73a81594c8c --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52726.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52726", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:40.120", + "lastModified": "2025-06-27T12:15:40.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types allows Privilege Escalation. This issue affects CouponXxL Custom Post Types: from n/a through 3.0." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en pebas CouponXxL Custom Post Types permite la escalada de privilegios. Este problema afecta a los tipos de publicaci\u00f3n personalizados CouponXxL desde n/d hasta la versi\u00f3n 3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/couponxxl-cpt/vulnerability/wordpress-couponxxl-custom-post-types-3-0-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52727.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52727.json new file mode 100644 index 00000000000..e8eb34dbe55 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52727.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52727", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:40.960", + "lastModified": "2025-06-27T12:15:40.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables allows Reflected XSS. This issue affects CSS3 Vertical Web Pricing Tables: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en QuanticaLabs CSS3 Vertical Web Pricing Tables permite XSS reflejado. Este problema afecta a las tablas de precios verticales CSS3 desde n/d hasta la versi\u00f3n 1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/css3_vertical_web_pricing_tables/vulnerability/wordpress-css3-vertical-web-pricing-tables-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52729.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52729.json new file mode 100644 index 00000000000..882a313e628 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52729.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52729", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:41.430", + "lastModified": "2025-06-27T12:15:41.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza allows PHP Local File Inclusion. This issue affects Diza: from n/a through 1.3.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en thembay Diza permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Diza desde n/d hasta la versi\u00f3n 1.3.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/diza/vulnerability/wordpress-diza-1-3-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52774.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52774.json new file mode 100644 index 00000000000..9555fdc96f8 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52774.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52774", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:41.720", + "lastModified": "2025-06-27T12:15:41.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Infility Infility Global permite XSS reflejado. Este problema afecta a Infility Global desde n/d hasta la versi\u00f3n 2.12.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/infility-global/vulnerability/wordpress-infility-global-2-12-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52778.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52778.json new file mode 100644 index 00000000000..258a8353b60 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52778.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52778", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:41.910", + "lastModified": "2025-06-27T12:15:41.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Michel - xiligroup dev xili-dictionary permite XSS reflejado. Este problema afecta a xili-dictionary desde n/d hasta la versi\u00f3n 2.12.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/xili-dictionary/vulnerability/wordpress-xili-dictionary-2-12-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-527xx/CVE-2025-52799.json b/CVE-2025/CVE-2025-527xx/CVE-2025-52799.json new file mode 100644 index 00000000000..2fe0d66f4d0 --- /dev/null +++ b/CVE-2025/CVE-2025-527xx/CVE-2025-52799.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52799", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:42.120", + "lastModified": "2025-06-27T12:15:42.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en designthemes LMS que permite XSS reflejado. Este problema afecta a LMS desde n/d hasta la versi\u00f3n 9.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/lms/vulnerability/wordpress-lms-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52808.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52808.json new file mode 100644 index 00000000000..5e865b79dc4 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52808.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52808", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:42.293", + "lastModified": "2025-06-27T12:15:42.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite allows PHP Local File Inclusion. This issue affects RealtyElite: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en real-web RealtyElite permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a RealtyElite desde n/d hasta la versi\u00f3n 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/realtyelite/vulnerability/wordpress-realtyelite-1-0-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52809.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52809.json new file mode 100644 index 00000000000..0877ff2aede --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52809.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52809", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:42.463", + "lastModified": "2025-06-27T12:15:42.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts allows PHP Local File Inclusion. This issue affects National Weather Service Alerts: from n/a through 1.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP (\u00abInclusi\u00f3n remota de archivos en PHP\u00bb) en John Russell National Weather Service Alerts permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a las Alertas del Servicio Meteorol\u00f3gico Nacional desde la versi\u00f3n n/d hasta la 1.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/national-weather-service-alerts/vulnerability/wordpress-national-weather-service-alerts-1-3-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52810.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52810.json new file mode 100644 index 00000000000..1876e08eff4 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52810.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52810", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:42.643", + "lastModified": "2025-06-27T12:15:42.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Path Traversal en TMRW-studio Katerio - Magazine permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Katerio - Magazine desde n/d hasta la versi\u00f3n 1.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/katerio/vulnerability/wordpress-katerio-magazine-1-5-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52811.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52811.json new file mode 100644 index 00000000000..469798af4db --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52811.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52811", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:42.830", + "lastModified": "2025-06-27T12:15:42.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Path Traversal en Creanncy Davenport - Versatile Blog and Magazine WordPress Theme permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Davenport - Versatile Blog and Magazine WordPress Theme: desde n/d hasta la versi\u00f3n 1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/davenport/vulnerability/wordpress-davenport-versatile-blog-and-magazine-wordpress-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52812.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52812.json new file mode 100644 index 00000000000..db7ecd6225f --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52812.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52812", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.037", + "lastModified": "2025-06-27T12:15:43.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo allows PHP Local File Inclusion. This issue affects Domnoo: from n/a through 1.49." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP (\u00abInclusi\u00f3n remota de archivos en PHP\u00bb) en ApusWP Domnoo permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Domnoo desde n/d hasta la versi\u00f3n 1.49." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/domnoo/vulnerability/wordpress-domnoo-1-49-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52814.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52814.json new file mode 100644 index 00000000000..e6db4eab66f --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52814.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52814", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.213", + "lastModified": "2025-06-27T12:15:43.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.7.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en ovatheme BRW permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a BRW desde n/d hasta la versi\u00f3n 1.7.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ova-brw/vulnerability/wordpress-brw-1-7-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52815.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52815.json new file mode 100644 index 00000000000..60346ad7853 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52815.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52815", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.377", + "lastModified": "2025-06-27T12:15:43.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov allows PHP Local File Inclusion. This issue affects CityGov: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad \"Control inadecuado del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP\" ('Inclusi\u00f3n remota de archivos PHP') en AncoraThemes CityGov permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a CityGov desde n/d hasta la versi\u00f3n 1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/citygov/vulnerability/wordpress-citygov-1-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52816.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52816.json new file mode 100644 index 00000000000..705367232cb --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52816.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52816", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.610", + "lastModified": "2025-06-27T12:15:43.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en themehunk Zita permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Zita desde n/d hasta la versi\u00f3n 1.6.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/zita/vulnerability/wordpress-zita-1-6-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52817.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52817.json new file mode 100644 index 00000000000..4f41531e88a --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52817.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52817", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.803", + "lastModified": "2025-06-27T12:15:43.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en ZealousWeb Abandoned Contact Form 7 permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al formulario de contacto abandonado 7 desde n/d hasta la versi\u00f3n 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/abandoned-contact-form-7/vulnerability/wordpress-abandoned-contact-form-7-2-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52818.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52818.json new file mode 100644 index 00000000000..bb0ce9ebb0b --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52818.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52818", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:43.993", + "lastModified": "2025-06-27T12:15:43.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Dejan Jasnic Trusty Whistleblowing permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Trusty Whistleblowing desde la versi\u00f3n n/d hasta la 1.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/trusty-whistleblowing-solution/vulnerability/wordpress-trusty-whistleblowing-1-5-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52824.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52824.json new file mode 100644 index 00000000000..bfd4f7ef760 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52824.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52824", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:44.170", + "lastModified": "2025-06-27T12:15:44.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en MDJM Mobile DJ Manager permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Mobile DJ Manager desde n/d hasta la versi\u00f3n 1.7.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mobile-dj-manager/vulnerability/wordpress-mobile-dj-manager-1-7-6-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52826.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52826.json new file mode 100644 index 00000000000..1e856da44a3 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52826.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52826", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:44.350", + "lastModified": "2025-06-27T12:15:44.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en uxper Sala permite la inyecci\u00f3n de objetos. Este problema afecta a Sala desde n/d hasta la versi\u00f3n 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-1-1-3-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52827.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52827.json new file mode 100644 index 00000000000..ddb345d83d5 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52827.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52827", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:44.637", + "lastModified": "2025-06-27T12:15:44.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in uxper Nuss allows Object Injection. This issue affects Nuss: from n/a through 1.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en uxper Nuss permite la inyecci\u00f3n de objetos. Este problema afecta a Nuss desde n/d hasta la versi\u00f3n 1.3.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/nuss/vulnerability/wordpress-nuss-1-3-3-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52829.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52829.json new file mode 100644 index 00000000000..041ba039cf6 --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52829.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52829", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:44.803", + "lastModified": "2025-06-27T12:15:44.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing allows SQL Injection. This issue affects DirectIQ Email Marketing: from n/a through 2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en DirectIQ DirectIQ Email Marketing permite la inyecci\u00f3n SQL. Este problema afecta a DirectIQ Email Marketing desde n/d hasta la versi\u00f3n 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/directiq-wp/vulnerability/wordpress-directiq-email-marketing-2-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-528xx/CVE-2025-52834.json b/CVE-2025/CVE-2025-528xx/CVE-2025-52834.json new file mode 100644 index 00000000000..58be5c4d01f --- /dev/null +++ b/CVE-2025/CVE-2025-528xx/CVE-2025-52834.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-52834", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T12:15:44.977", + "lastModified": "2025-06-27T12:15:44.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en favethemes Homey permite la inyecci\u00f3n SQL. Este problema afecta a Homey desde n/d hasta la versi\u00f3n 2.4.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/theme/homey/vulnerability/wordpress-homey-2-4-5-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-529xx/CVE-2025-52991.json b/CVE-2025/CVE-2025-529xx/CVE-2025-52991.json new file mode 100644 index 00000000000..a36f2c8a37e --- /dev/null +++ b/CVE-2025/CVE-2025-529xx/CVE-2025-52991.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2025-52991", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:41.253", + "lastModified": "2025-06-27T14:15:41.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b." + }, + { + "lang": "es", + "value": "Los gestores de paquetes Nix, Lix y Guix utilizan por defecto directorios de compilaci\u00f3n temporales en una ubicaci\u00f3n legible y modificable para todos. Esto permite a los usuarios est\u00e1ndar enga\u00f1ar al gestor de paquetes para que utilice directorios con contenido preexistente, lo que podr\u00eda provocar acciones no autorizadas o manipulaci\u00f3n de datos. Esto afecta a Nix anteriores a las versiones 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a las versiones 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a la versi\u00f3n 1.4.0-38.0e79d5b." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 3.2, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.4, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", + "source": "cve@mitre.org" + }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.snyk.io", + "source": "cve@mitre.org" + }, + { + "url": "https://lix.systems/blog/2025-06-24-lix-cves/", + "source": "cve@mitre.org" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2025-52991", + "source": "cve@mitre.org" + }, + { + "url": "https://security.snyk.io/vuln/?search=CVE-2025-52991", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-529xx/CVE-2025-52992.json b/CVE-2025/CVE-2025-529xx/CVE-2025-52992.json new file mode 100644 index 00000000000..3c41eff6c29 --- /dev/null +++ b/CVE-2025/CVE-2025-529xx/CVE-2025-52992.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2025-52992", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:41.990", + "lastModified": "2025-06-27T14:15:41.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 3.2, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.4, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", + "source": "cve@mitre.org" + }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.snyk.io", + "source": "cve@mitre.org" + }, + { + "url": "https://lix.systems/blog/2025-06-24-lix-cves/", + "source": "cve@mitre.org" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2025-52992", + "source": "cve@mitre.org" + }, + { + "url": "https://security.snyk.io/vuln/?search=CVE-2025-52992", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-529xx/CVE-2025-52993.json b/CVE-2025/CVE-2025-529xx/CVE-2025-52993.json new file mode 100644 index 00000000000..9d230dc4127 --- /dev/null +++ b/CVE-2025/CVE-2025-529xx/CVE-2025-52993.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2025-52993", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-27T14:15:42.283", + "lastModified": "2025-06-27T14:15:42.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b." + }, + { + "lang": "es", + "value": "Una condici\u00f3n de ejecuci\u00f3n en los gestores de paquetes Nix, Lix y Guix permite cambiar la propiedad de archivos arbitrarios al UID y GID del usuario de compilaci\u00f3n (p. ej., nixbld* o guixbuild*). Esto afecta a Nix anteriores a 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a 1.4.0-38.0e79d5b." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017", + "source": "cve@mitre.org" + }, + { + "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.snyk.io", + "source": "cve@mitre.org" + }, + { + "url": "https://lix.systems/blog/2025-06-24-lix-cves/", + "source": "cve@mitre.org" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2025-52993", + "source": "cve@mitre.org" + }, + { + "url": "https://security.snyk.io/vuln/?search=CVE-2025-52993", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53018.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53018.json new file mode 100644 index 00000000000..a4cf13570aa --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53018.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-53018", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T13:15:24.803", + "lastModified": "2025-06-27T14:15:42.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application\u2019s backend to make HTTP requests to any URL they choose. Consequently, internal network resources\u2014such as localhost services or cloud-provider metadata endpoints\u2014become reachable. The endpoint takes a URL from the user and calls it server-side via fopen() without any safeguards. There is no IP address validation, nor are there any allow-list, timeout, or size restrictions. Because of this, attackers can point the application at internal targets. Using this flaw, an attacker can perform internal port scans or retrieve sensitive cloud metadata. Version 6.6.13 contains a patch for the issue." + }, + { + "lang": "es", + "value": "Lychee es una herramienta gratuita y de c\u00f3digo abierto para la gesti\u00f3n de fotos. Antes de la versi\u00f3n 6.6.13, exist\u00eda una vulnerabilidad cr\u00edtica de Server-Side Request Forgery (SSRF) en el endpoint `/api/v2/Photo::fromUrl`. Esta falla permite a un atacante indicar al backend de la aplicaci\u00f3n que realice solicitudes HTTP a cualquier URL. En consecuencia, se puede acceder a recursos internos de la red, como servicios de host local o endpoints de metadatos de proveedores de la nube. El endpoint toma una URL del usuario y la llama desde el servidor mediante fopen() sin ninguna protecci\u00f3n. No hay validaci\u00f3n de direcci\u00f3n IP, ni restricciones de lista de permitidos, tiempo de espera ni tama\u00f1o. Gracias a esto, los atacantes pueden apuntar la aplicaci\u00f3n a objetivos internos. Con esta falla, un atacante puede realizar escaneos de puertos internos o recuperar metadatos confidenciales de la nube. La versi\u00f3n 6.6.13 incluye un parche para este problema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 3.0, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LycheeOrg/Lychee/commit/9dc162eefe56ce185ac1d59da42ee557933d914d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-cpgw-wgf3-xc6v", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-cpgw-wgf3-xc6v", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53074.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53074.json new file mode 100644 index 00000000000..3a24b5336f1 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53074.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-53074", + "sourceIdentifier": "PSIRT@samsung.com", + "published": "2025-06-30T03:15:25.680", + "lastModified": "2025-06-30T03:15:25.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Samsung/rlottie/pull/571", + "source": "PSIRT@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53075.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53075.json new file mode 100644 index 00000000000..d8b30aeaa0c --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53075.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-53075", + "sourceIdentifier": "PSIRT@samsung.com", + "published": "2025-06-30T02:15:21.237", + "lastModified": "2025-06-30T02:15:21.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Samsung/rlottie/pull/571", + "source": "PSIRT@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53076.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53076.json new file mode 100644 index 00000000000..20d3943e020 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53076.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-53076", + "sourceIdentifier": "PSIRT@samsung.com", + "published": "2025-06-30T03:15:25.843", + "lastModified": "2025-06-30T03:15:25.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Samsung/rlottie/pull/573", + "source": "PSIRT@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53091.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53091.json new file mode 100644 index 00000000000..ebed55b5134 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53091.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-53091", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T15:15:25.957", + "lastModified": "2025-06-27T15:15:25.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. Version 3.4.0 fixes the issue." + }, + { + "lang": "es", + "value": "WeGIA es un gestor web de c\u00f3digo abierto centrado en el idioma portugu\u00e9s y las instituciones ben\u00e9ficas. Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL ciega basada en el tiempo en la versi\u00f3n 3.3.3, en el par\u00e1metro almox del endpoint `/controle/getProdutosPorAlmox.php`. Este problema permite a cualquier atacante no autenticado inyectar consultas SQL arbitrarias, lo que podr\u00eda provocar acceso no autorizado a los datos o una mayor explotaci\u00f3n, dependiendo de la configuraci\u00f3n de la base de datos. La versi\u00f3n 3.4.0 corrige el problema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmf9-2rc3-vvxx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53093.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53093.json new file mode 100644 index 00000000000..dad9873211d --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53093.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2025-53093", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T18:15:50.773", + "lastModified": "2025-06-27T18:15:50.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `` tag. Version 3.1.1 contains a patch for the bug." + }, + { + "lang": "es", + "value": "TabberNeue es una extensi\u00f3n de MediaWiki que permite crear pesta\u00f1as en la wiki. A partir de la versi\u00f3n 3.0.0 y anteriores a la 3.1.1, cualquier usuario puede insertar HTML arbitrario en el DOM insertando un payload en cualquier atributo permitido de la etiqueta ``. La versi\u00f3n 3.1.1 incluye un parche para este error." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/Components/TabberComponentTabs.php#L15-L31", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/Tabber.php#L76", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/templates/Tabs.mustache#L1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/4cdf217ef96da74a1503d1dd0bb0ed898fc2a612", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/62ce0fcdf32bd3cfa77f92ff6b940459a14315fa", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-jfj7-249r-7j2m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53094.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53094.json new file mode 100644 index 00000000000..d3f741cb082 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53094.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2025-53094", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T20:15:35.173", + "lastModified": "2025-06-27T20:15:35.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\\r`) or LF (`\\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-93" + }, + { + "lang": "en", + "value": "CWE-113" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ESP32Async/ESPAsyncWebServer/blob/1095dfd1ecf1a903aede29854232af1b24f089b1/src/AsyncWebHeader.cpp#L6-L32", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ESP32Async/ESPAsyncWebServer/pull/211", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ESP32Async/ESPAsyncWebServer/security/advisories/GHSA-87j8-6f7g-h8wh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53097.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53097.json new file mode 100644 index 00000000000..449784212f1 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53097.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-53097", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T22:15:25.803", + "lastModified": "2025-06-27T22:15:25.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent could potentially read a sensitive file and then write the information to a JSON schema. Users have the option to disable schema fetching in VS Code, but the feature is enabled by default. For users with this feature enabled, writing to the schema would trigger a network request without the user having a chance to deny. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent. Version 3.20.3 fixed the issue where `search_files` did not respect the setting to limit it to the workspace. This reduces the scope of the damage if an attacker is able to take control of the agent through prompt injection or another vector." + }, + { + "lang": "es", + "value": "Roo Code es un agente de codificaci\u00f3n aut\u00f3nomo basado en IA. Antes de la versi\u00f3n 3.20.3, exist\u00eda un problema por el cual la herramienta `search_files` del agente Roo Code no respetaba la configuraci\u00f3n para deshabilitar las lecturas fuera del espacio de trabajo de VS Code. Esto significa que un atacante que pudiera inyectar un mensaje en el agente podr\u00eda leer un archivo confidencial y luego escribir la informaci\u00f3n en un esquema JSON. Los usuarios tienen la opci\u00f3n de deshabilitar la obtenci\u00f3n del esquema en VS Code, pero la funci\u00f3n est\u00e1 habilitada por defecto. Para los usuarios con esta funci\u00f3n habilitada, escribir en el esquema activar\u00eda una solicitud de red sin que el usuario pudiera denegarla. Este problema es de gravedad moderada, ya que requiere que el atacante ya pueda enviar mensajes al agente. La versi\u00f3n 3.20.3 solucion\u00f3 el problema por el cual `search_files` no respetaba la configuraci\u00f3n para limitarlo al espacio de trabajo. Esto reduce el alcance del da\u00f1o si un atacante logra tomar el control del agente mediante la inyecci\u00f3n de mensajes u otro vector." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RooCodeInc/Roo-Code/commit/10b2fb32ed047bbd7b8d10ef185c1ed345efcc92", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-wr2q-46pg-f228", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-530xx/CVE-2025-53098.json b/CVE-2025/CVE-2025-530xx/CVE-2025-53098.json new file mode 100644 index 00000000000..53d5ff58df0 --- /dev/null +++ b/CVE-2025/CVE-2025-530xx/CVE-2025-53098.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-53098", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-27T22:15:25.993", + "lastModified": "2025-06-27T22:15:25.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would have been possible for an attacker with access to craft a prompt to ask the agent to write a malicious command to the MCP configuration file. If the user had opted-in to auto-approving file writes within the project, this would have led to arbitrary command execution. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent (for instance through a prompt injection attack), for the user to have MCP enabled (on by default), and for the user to have enabled auto-approved file writes (off by default). Version 3.20.3 fixes the issue by adding an additional layer of opt-in configuration for auto-approving writing to Roo's configuration files, including all files within the `.roo/` folder." + }, + { + "lang": "es", + "value": "Roo Code es un agente de codificaci\u00f3n aut\u00f3nomo basado en IA. La configuraci\u00f3n de MCP espec\u00edfica del proyecto para el agente de Roo Code se almacena en el archivo `.roo/mcp.json` dentro del espacio de trabajo de VS Code. Dado que el formato de configuraci\u00f3n de MCP permite la ejecuci\u00f3n de comandos arbitrarios, antes de la versi\u00f3n 3.20.3, un atacante con acceso habr\u00eda podido manipular un mensaje para solicitar al agente que escribiera un comando malicioso en el archivo de configuraci\u00f3n de MCP. Si el usuario hubiera habilitado la aprobaci\u00f3n autom\u00e1tica de escrituras de archivos dentro del proyecto, esto habr\u00eda provocado la ejecuci\u00f3n de comandos arbitrarios. Este problema es de gravedad moderada, ya que requiere que el atacante ya pueda enviar mensajes al agente (por ejemplo, mediante un ataque de inyecci\u00f3n de mensajes), que el usuario tenga MCP habilitado (activado por defecto) y que tenga habilitada la aprobaci\u00f3n autom\u00e1tica de escrituras de archivos (desactivada por defecto). La versi\u00f3n 3.20.3 corrige el problema agregando una capa adicional de configuraci\u00f3n opt-in para aprobar autom\u00e1ticamente la escritura en los archivos de configuraci\u00f3n de Roo, incluidos todos los archivos dentro de la carpeta `.roo/`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-5x8h-m52g-5v54", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53157.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53157.json new file mode 100644 index 00000000000..b2f72008b3f --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53157.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53157", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:46.420", + "lastModified": "2025-06-27T04:15:46.420", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53158.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53158.json new file mode 100644 index 00000000000..9f50ba06373 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53158.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53158", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:50.040", + "lastModified": "2025-06-27T04:15:50.040", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53159.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53159.json new file mode 100644 index 00000000000..1c4319ef61f --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53159.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53159", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:50.637", + "lastModified": "2025-06-27T04:15:50.637", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53160.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53160.json new file mode 100644 index 00000000000..aad23d6814c --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53160.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53160", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:52.530", + "lastModified": "2025-06-27T04:15:52.530", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53161.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53161.json new file mode 100644 index 00000000000..3b8140e3ee8 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53161.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53161", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:54.820", + "lastModified": "2025-06-27T04:15:54.820", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53162.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53162.json new file mode 100644 index 00000000000..19ba9ee3f76 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53162.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53162", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:54.897", + "lastModified": "2025-06-27T04:15:54.897", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53163.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53163.json new file mode 100644 index 00000000000..7bb02f1686f --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53163.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53163", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:54.987", + "lastModified": "2025-06-27T04:15:54.987", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53164.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53164.json new file mode 100644 index 00000000000..818615e03cc --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53164.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53164", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:55.077", + "lastModified": "2025-06-27T04:15:55.077", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53165.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53165.json new file mode 100644 index 00000000000..5869335e474 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53165.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53165", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:55.547", + "lastModified": "2025-06-27T04:15:55.547", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53166.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53166.json new file mode 100644 index 00000000000..867c2738ae2 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53166.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53166", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-27T04:15:55.620", + "lastModified": "2025-06-27T04:15:55.620", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53193.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53193.json new file mode 100644 index 00000000000..6fcd745c603 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53193.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53193", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:42.713", + "lastModified": "2025-06-27T14:15:42.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst Statistics: from n/a through 2.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Burst Statistics BV. Burst Statistics permite Cross Site Request Forgery. Este problema afecta a Burst Statistics desde n/d hasta la versi\u00f3n 2.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/burst-statistics/vulnerability/wordpress-burst-statistics-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53197.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53197.json new file mode 100644 index 00000000000..474925f230f --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53197.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53197", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:42.973", + "lastModified": "2025-06-27T14:15:42.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en cookiebot Cookiebot permite Cross Site Request Forgery. Este problema afecta a Cookiebot desde la versi\u00f3n n/d hasta la 4.5.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cookiebot/vulnerability/wordpress-cookiebot-plugin-4-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-531xx/CVE-2025-53199.json b/CVE-2025/CVE-2025-531xx/CVE-2025-53199.json new file mode 100644 index 00000000000..2710992b163 --- /dev/null +++ b/CVE-2025/CVE-2025-531xx/CVE-2025-53199.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53199", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:43.180", + "lastModified": "2025-06-27T14:15:43.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor allows DOM-Based XSS. This issue affects HT Slider For Elementor: from n/a through 1.6.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en HT Plugins HT Slider For Elementor permite XSS basado en DOM. Este problema afecta a HT Slider para Elementor desde n/d hasta la versi\u00f3n 1.6.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ht-slider-for-elementor/vulnerability/wordpress-ht-slider-for-elementor-plugin-1-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53200.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53200.json new file mode 100644 index 00000000000..83aa338fbae --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53200.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53200", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:43.350", + "lastModified": "2025-06-27T14:15:43.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en QuantumCloud ChatBot permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ChatBot desde la versi\u00f3n n/d hasta la 6.7.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/chatbot/vulnerability/wordpress-chatbot-plugin-6-7-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53202.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53202.json new file mode 100644 index 00000000000..93ab5c9b4e8 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53202.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53202", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:43.577", + "lastModified": "2025-06-27T14:15:43.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CyberChimps Responsive Blocks permite XSS basado en DOM. Este problema afecta a los bloques responsivos desde n/d hasta la versi\u00f3n 2.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/responsive-block-editor-addons/vulnerability/wordpress-responsive-blocks-plugin-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53203.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53203.json new file mode 100644 index 00000000000..d9cb2139af1 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53203.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53203", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:43.783", + "lastModified": "2025-06-27T14:15:43.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en EDGARROJAS WooCommerce PDF Invoice Builder permite Cross Site Request Forgery. Este problema afecta a WooCommerce PDF Invoice Builder desde n/d hasta la versi\u00f3n 1.2.148." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woo-pdf-invoice-builder/vulnerability/wordpress-woocommerce-pdf-invoice-builder-plugin-1-2-148-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53206.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53206.json new file mode 100644 index 00000000000..b17784e29fd --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53206.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53206", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:43.980", + "lastModified": "2025-06-27T14:15:43.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega \u2013 Absolute Addons for WPBakery Page Builder allows Stored XSS. This issue affects HT Mega \u2013 Absolute Addons for WPBakery Page Builder: from n/a through 1.0.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en HT Plugins HT Mega \u2013 Absolute Addons for WPBakery Page Builder permite XSS almacenado. Este problema afecta a HT Mega (Absolute Addons para WPBakery Page Builder) desde n/d hasta la versi\u00f3n 1.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ht-mega-for-wpbakery/vulnerability/wordpress-ht-mega-absolute-addons-for-wpbakery-page-builder-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53211.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53211.json new file mode 100644 index 00000000000..7d6f3b83dd0 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53211.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53211", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:44.167", + "lastModified": "2025-06-27T14:15:44.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder allows Retrieve Embedded Sensitive Data. This issue affects Audio Editor & Recorder: from n/a through 2.2.3." + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n sensible del sistema a una vulnerabilidad de esfera de control no autorizada en Roland Beaussant Audio Editor & Recorder permite recuperar datos confidenciales incrustados. Este problema afecta al editor y grabador de audio desde la versi\u00f3n n/d hasta la 2.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/audio-editor-recorder/vulnerability/wordpress-audio-editor-recorder-plugin-2-2-3-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53253.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53253.json new file mode 100644 index 00000000000..6bb078f39a7 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53253.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53253", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:44.370", + "lastModified": "2025-06-27T14:15:44.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit allows Stored XSS. This issue affects WP Edit: from n/a through 4.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Josh WP Edit permite XSS almacenado. Este problema afecta a WP Edit desde la versi\u00f3n n/d hasta la 4.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-edit/vulnerability/wordpress-wp-edit-plugin-4-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53254.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53254.json new file mode 100644 index 00000000000..90ab6f8ee60 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53254.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53254", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:44.560", + "lastModified": "2025-06-27T14:15:44.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en webcraftic Cyrlitera permite Cross Site Request Forgery. Este problema afecta a Cyrlitera desde la versi\u00f3n n/d hasta la 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cyrlitera/vulnerability/wordpress-cyrlitera-plugin-1-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53255.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53255.json new file mode 100644 index 00000000000..9d83444e520 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53255.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53255", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:44.747", + "lastModified": "2025-06-27T14:15:44.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Nabil Lemsieh HurryTimer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a HurryTimer desde la versi\u00f3n n/d hasta la 2.13.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hurrytimer/vulnerability/wordpress-hurrytimer-plugin-2-13-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53256.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53256.json new file mode 100644 index 00000000000..f8c9dad80f0 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53256.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53256", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:44.917", + "lastModified": "2025-06-27T14:15:44.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 6.8.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en YayCommerce YaySMTP permite la inyecci\u00f3n SQL. Este problema afecta a YaySMTP desde n/d hasta la versi\u00f3n 6.8.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/yaysmtp/vulnerability/wordpress-yaysmtp-plugin-6-8-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53257.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53257.json new file mode 100644 index 00000000000..eea4567e9b4 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53257.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53257", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:45.103", + "lastModified": "2025-06-27T14:15:45.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows PHP Local File Inclusion. This issue affects Gmedia Photo Gallery: from n/a through 1.23.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en Serhii Pasyuk Gmedia Photo Gallery permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a la galer\u00eda fotogr\u00e1fica Gmedia desde n/d hasta la versi\u00f3n 1.23.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/grand-media/vulnerability/wordpress-gmedia-photo-gallery-plugin-1-23-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53258.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53258.json new file mode 100644 index 00000000000..56a2f23a884 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53258.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53258", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:45.290", + "lastModified": "2025-06-27T14:15:45.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects allows SQL Injection. This issue affects Hover Effects: from n/a through 2.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Wow-Company Hover Effects permite la inyecci\u00f3n SQL. Este problema afecta a los efectos de desplazamiento desde n/d hasta la versi\u00f3n 2.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hover-effects/vulnerability/wordpress-hover-effects-plugin-2-1-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53259.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53259.json new file mode 100644 index 00000000000..7e6a345f62f --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53259.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53259", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:45.467", + "lastModified": "2025-06-27T14:15:45.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en nicdark Hotel Booking permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Hotel Booking desde n/d hasta la versi\u00f3n 3.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/nd-booking/vulnerability/wordpress-hotel-booking-plugin-3-7-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53260.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53260.json new file mode 100644 index 00000000000..71a05150385 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53260.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53260", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:45.647", + "lastModified": "2025-06-27T14:15:45.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress allows Upload a Web Shell to a Web Server. This issue affects File Manager Plugin For Wordpress: from n/a through 7.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de subida sin restricciones de archivos con tipo peligroso en getredhawkstudio File Manager Plugin For Wordpress permite subir un shell web a un servidor web. Este problema afecta al plugin de gesti\u00f3n de archivos para WordPress desde la versi\u00f3n n/d hasta la 7.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/file-manager-plugin-for-wordpress/vulnerability/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53261.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53261.json new file mode 100644 index 00000000000..ccfeeddacd2 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53261.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53261", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:45.850", + "lastModified": "2025-06-27T14:15:45.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en macbookandrew WP YouTube Live permite Cross Site Request Forgery. Este problema afecta a WP YouTube Live desde n/d hasta la versi\u00f3n 1.10.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-youtube-live/vulnerability/wordpress-wp-youtube-live-plugin-1-10-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53262.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53262.json new file mode 100644 index 00000000000..73414e10bf6 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53262.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53262", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.010", + "lastModified": "2025-06-27T14:15:46.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic allows Cross Site Request Forgery. This issue affects Writesonic: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Writesonic Writesonic permite Cross Site Request Forgery. Este problema afecta a Writesonic desde n/d hasta la versi\u00f3n 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/writesonic/vulnerability/wordpress-writesonic-plugin-1-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53263.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53263.json new file mode 100644 index 00000000000..ab269efaf71 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53263.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53263", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.180", + "lastModified": "2025-06-27T14:15:46.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en PluginsCafe Address Autocomplete via Google for Gravity Forms permite Cross Site Request Forgery. Este problema afecta al autocompletado de direcciones a trav\u00e9s de Google para Gravity Forms desde n/d hasta la versi\u00f3n 1.3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gf-google-address-autocomplete/vulnerability/wordpress-address-autocomplete-via-google-for-gravity-forms-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53264.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53264.json new file mode 100644 index 00000000000..6e6d7dad393 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53264.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53264", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.360", + "lastModified": "2025-06-27T14:15:46.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Konr\u00e1d Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Konr\u00e1d Koller ONet Regenerate Thumbnails permite Cross Site Request Forgery. Este problema afecta a ONet Regenerate Thumbnails desde n/d hasta la versi\u00f3n 1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/onet-regenerate-thumbnails/vulnerability/wordpress-onet-regenerate-thumbnails-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53265.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53265.json new file mode 100644 index 00000000000..a67649bf0e6 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53265.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53265", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.547", + "lastModified": "2025-06-27T14:15:46.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Elena Yamshikova Virusdie permite Cross Site Request Forgery. Este problema afecta a Virusdie desde la versi\u00f3n n/a hasta la 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/virusdie/vulnerability/wordpress-virusdie-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53266.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53266.json new file mode 100644 index 00000000000..2992aab965f --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53266.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53266", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.750", + "lastModified": "2025-06-27T14:15:46.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en EdwardBock Cron Logger permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al registrador cron desde la versi\u00f3n n/d hasta la 1.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cron-logger/vulnerability/wordpress-cron-logger-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53267.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53267.json new file mode 100644 index 00000000000..7ed0c4b833f --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53267.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53267", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:46.943", + "lastModified": "2025-06-27T14:15:46.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Aftab Husain Hide Admin Bar From Front End permite Cross Site Request Forgery. Este problema afecta a Hide Admin Bar From Front End: desde n/d hasta la versi\u00f3n 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hide-admin-bar-from-front-end/vulnerability/wordpress-hide-admin-bar-from-front-end-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53268.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53268.json new file mode 100644 index 00000000000..1c1a2bc0f00 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53268.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53268", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:47.127", + "lastModified": "2025-06-27T14:15:47.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en ryanpcmcquen Import external attachments permite Cross Site Request Forgery. Este problema afecta a la importaci\u00f3n de archivos adjuntos externos desde n/d hasta la versi\u00f3n 1.5.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/import-external-attachments/vulnerability/wordpress-import-external-attachments-plugin-1-5-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53269.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53269.json new file mode 100644 index 00000000000..183a4ba18b9 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53269.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53269", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:47.307", + "lastModified": "2025-06-27T14:15:47.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en imw3 My Wp Brand permite Cross Site Request Forgery. Este problema afecta a My Wp Brand desde n/d hasta la versi\u00f3n 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/my-wp-brand/vulnerability/wordpress-my-wp-brand-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53270.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53270.json new file mode 100644 index 00000000000..5911db285db --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53270.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53270", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:47.487", + "lastModified": "2025-06-27T14:15:47.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Blend Media WordPress CTA permite Cross Site Request Forgery. Este problema afecta a WordPress CTA desde n/d hasta la versi\u00f3n 1.6.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-sticky-sidebar/vulnerability/wordpress-cta-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53271.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53271.json new file mode 100644 index 00000000000..f8bda844de5 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53271.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53271", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:47.647", + "lastModified": "2025-06-27T14:15:47.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce allows Stored XSS. This issue affects Additional Order Filters for WooCommerce: from n/a through 1.22." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Anton Bond Additional Order Filters for WooCommerce permite XSS almacenado. Este problema afecta a Additional Order Filters for WooCommerce: desde n/d hasta la versi\u00f3n 1.22." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/additional-order-filters-for-woocommerce/vulnerability/wordpress-additional-order-filters-for-woocommerce-plugin-1-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53272.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53272.json new file mode 100644 index 00000000000..c38b8c16c0c --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53272.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53272", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:47.850", + "lastModified": "2025-06-27T14:15:47.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Opicron Image Cleanup permite Cross Site Request Forgery. Este problema afecta a Image Cleanup desde n/d hasta la versi\u00f3n 1.9.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-cleanup/vulnerability/wordpress-image-cleanup-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53273.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53273.json new file mode 100644 index 00000000000..ad6f64bb18a --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53273.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53273", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.010", + "lastModified": "2025-06-27T14:15:48.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Slickstream Slickstream permite Cross Site Request Forgery. Este problema afecta a Slickstream desde n/d hasta la versi\u00f3n 2.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/slick-engagement/vulnerability/wordpress-slickstream-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53274.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53274.json new file mode 100644 index 00000000000..072168d5358 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53274.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53274", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.193", + "lastModified": "2025-06-27T14:15:48.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator allows Stored XSS. This issue affects WP Permalink Translator: from n/a through 1.7.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Hossin Asaadi WP Permalink Translator permite XSS almacenado. Este problema afecta a WP Permalink Translator desde n/d hasta la versi\u00f3n 1.7.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-permalink-translator/vulnerability/wordpress-wp-permalink-translator-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53275.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53275.json new file mode 100644 index 00000000000..c23e910bcdc --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53275.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53275", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.383", + "lastModified": "2025-06-27T14:15:48.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en VaultDweller Leyka permite XSS basado en DOM. Este problema afecta a Leyka desde n/d hasta la versi\u00f3n 3.31.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leyka/vulnerability/wordpress-leyka-plugin-3-31-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53276.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53276.json new file mode 100644 index 00000000000..c65e38f2d45 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53276.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53276", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.567", + "lastModified": "2025-06-27T14:15:48.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress allows DOM-Based XSS. This issue affects Omnipress: from n/a through 1.6.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en omnipressteam Omnipress permite XSS basado en DOM. Este problema afecta a Omnipress desde n/d hasta la versi\u00f3n 1.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/omnipress/vulnerability/wordpress-omnipress-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53277.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53277.json new file mode 100644 index 00000000000..e6f79cae475 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53277.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53277", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.750", + "lastModified": "2025-06-27T14:15:48.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion allows Object Injection. This issue affects IS-theme-companion: from n/a through 1.57." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Infigo Software IS-theme-companion permite la inyecci\u00f3n de objetos. Este problema afecta a IS-theme-companion desde n/d hasta la versi\u00f3n 1.57." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/weblizar-companion/vulnerability/wordpress-is-theme-companion-plugin-1-57-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53278.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53278.json new file mode 100644 index 00000000000..1d66888e343 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53278.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53278", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:48.960", + "lastModified": "2025-06-27T14:15:48.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPeka WP AdCenter permite XSS almacenado. Este problema afecta a WP AdCenter desde n/d hasta la versi\u00f3n 2.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpadcenter/vulnerability/wordpress-wp-adcenter-plugin-2-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53279.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53279.json new file mode 100644 index 00000000000..b58e414af39 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53279.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53279", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:49.133", + "lastModified": "2025-06-27T14:15:49.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms allows DOM-Based XSS. This issue affects Popup addon for Ninja Forms: from n/a through 3.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aman Popup addon for Ninja Forms permite XSS basado en DOM. Este problema afecta al complemento Popup para Ninja Forms desde la versi\u00f3n n/d hasta la 3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/popup-addon-for-ninja-forms/vulnerability/wordpress-popup-addon-for-ninja-forms-plugin-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53280.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53280.json new file mode 100644 index 00000000000..ae8975dad68 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53280.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53280", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:49.303", + "lastModified": "2025-06-27T14:15:49.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AntoineH Football Pool permite XSS almacenado. Este problema afecta a Football Pool desde n/d hasta la versi\u00f3n 2.12.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/football-pool/vulnerability/wordpress-football-pool-plugin-2-12-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53281.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53281.json new file mode 100644 index 00000000000..4e79b85567b --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53281.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53281", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:49.487", + "lastModified": "2025-06-27T14:15:49.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPBean WPB Category Slider for WooCommerce allows PHP Local File Inclusion. This issue affects WPB Category Slider for WooCommerce: from n/a through 1.71." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos en PHP') en WPBean WPB Category Slider for WooCommerce permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a WPB Category Slider para WooCommerce desde n/d hasta la versi\u00f3n 1.71." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpb-woocommerce-category-slider/vulnerability/wordpress-wpb-category-slider-for-woocommerce-plugin-1-71-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53282.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53282.json new file mode 100644 index 00000000000..b250ec6f418 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53282.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53282", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:49.673", + "lastModified": "2025-06-27T14:15:49.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor allows Stored XSS. This issue affects Thumbnail Editor: from n/a through 2.3.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en el aviplugins.com Thumbnail Editor permite XSS almacenado. Este problema afecta al editor de miniaturas desde la versi\u00f3n n/d hasta la 2.3.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/thumbnail-editor/vulnerability/wordpress-thumbnail-editor-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53284.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53284.json new file mode 100644 index 00000000000..df42d64a7bb --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53284.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53284", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:49.870", + "lastModified": "2025-06-27T14:15:49.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en pankaj.sakaria CMS Blocks permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los bloques CMS desde n/d hasta la versi\u00f3n 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cms-blocks/vulnerability/wordpress-cms-blocks-plugin-1-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53285.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53285.json new file mode 100644 index 00000000000..b7e76984ddc --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53285.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53285", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.070", + "lastModified": "2025-06-27T14:15:50.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon allows Stored XSS. This issue affects Add & Replace Affiliate Links for Amazon: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en The Website Flip Add & Replace Affiliate Links for Amazon permite XSS almacenado. Este problema afecta a la herramienta Agregar y reemplazar enlaces de afiliados de Amazon desde n/d hasta la versi\u00f3n 1.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/add-replace-affiliate-links-for-amazon/vulnerability/wordpress-add-replace-affiliate-links-for-amazon-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53287.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53287.json new file mode 100644 index 00000000000..f4bc9ae4ca8 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53287.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53287", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.250", + "lastModified": "2025-06-27T14:15:50.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Cummings Quick Favicon allows Stored XSS. This issue affects Quick Favicon: from n/a through 0.22.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Robert Cummings Quick Favicon permite XSS almacenado. Este problema afecta a Quick Favicon desde n/d hasta la versi\u00f3n 0.22.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/quick-favicon/vulnerability/wordpress-quick-favicon-plugin-0-22-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53288.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53288.json new file mode 100644 index 00000000000..b8b20eff665 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53288.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53288", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.420", + "lastModified": "2025-06-27T14:15:50.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Adrian Lad\u00f3 PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Adrian Lad\u00f3 PlatiOnline Payments permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los Pagos de PlatiOnline desde la versi\u00f3n n/d hasta la 6.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/plationline/vulnerability/wordpress-plationline-payments-plugin-6-3-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53290.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53290.json new file mode 100644 index 00000000000..b11180ae699 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53290", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.597", + "lastModified": "2025-06-27T14:15:50.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap allows Stored XSS. This issue affects WP Visual Sitemap: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en MS WP Visual Sitemap permite XSS almacenado. Este problema afecta a WP Visual Sitemap desde n/d hasta la versi\u00f3n 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-visual-sitemap/vulnerability/wordpress-wp-visual-sitemap-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53292.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53292.json new file mode 100644 index 00000000000..2336e3ef24d --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53292.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53292", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.777", + "lastModified": "2025-06-27T14:15:50.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk WP DataTable allows DOM-Based XSS. This issue affects WP DataTable: from n/a through 0.2.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en samsk WP DataTable permite XSS basado en DOM. Este problema afecta a WP DataTable desde n/d hasta la versi\u00f3n 0.2.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-datatable/vulnerability/wordpress-wp-datatable-plugin-0-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53293.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53293.json new file mode 100644 index 00000000000..8615d81ffd5 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53293.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53293", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:50.973", + "lastModified": "2025-06-27T14:15:50.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Morten Dalgaard Johansen Dashboard Widget Sidebar permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la barra lateral del widget del panel desde la versi\u00f3n n/d hasta la 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dashboard-widget-sidebar/vulnerability/wordpress-dashboard-widget-sidebar-plugin-1-2-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53294.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53294.json new file mode 100644 index 00000000000..92693dfe45e --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53294.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53294", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:51.143", + "lastModified": "2025-06-27T14:15:51.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda allows Stored XSS. This issue affects Smart Agenda: from n/a through 4.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Smart Agenda Smart Agenda permite XSS almacenado. Este problema afecta a Smart Agenda desde n/d hasta la versi\u00f3n 4.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smart-agenda-prise-de-rendez-vous-en-ligne/vulnerability/wordpress-smart-agenda-plugin-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53295.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53295.json new file mode 100644 index 00000000000..2b6479ec6e2 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53295.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53295", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:51.317", + "lastModified": "2025-06-27T14:15:51.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en iCount iCount Payment Gateway permite acceder a funciones no restringidas correctamente por las ACL. Este problema afecta a la pasarela de pago iCount desde n/d hasta la versi\u00f3n 2.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/icount/vulnerability/wordpress-icount-payment-gateway-plugin-2-0-6-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53296.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53296.json new file mode 100644 index 00000000000..880f00ab132 --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53296.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53296", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:51.500", + "lastModified": "2025-06-27T14:15:51.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ecoal95 EC Stars Rating allows Stored XSS. This issue affects EC Stars Rating: from n/a through 1.0.11." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ecoal95 EC Stars Rating permite XSS almacenado. Este problema afecta a la calificaci\u00f3n de estrellas de EC desde n/d hasta la versi\u00f3n 1.0.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ec-stars-rating/vulnerability/wordpress-ec-stars-rating-plugin-1-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-532xx/CVE-2025-53298.json b/CVE-2025/CVE-2025-532xx/CVE-2025-53298.json new file mode 100644 index 00000000000..9d41dc24daa --- /dev/null +++ b/CVE-2025/CVE-2025-532xx/CVE-2025-53298.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53298", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:51.697", + "lastModified": "2025-06-27T14:15:51.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gioni Plugin Inspector allows Path Traversal. This issue affects Plugin Inspector: from n/a through 1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en gioni Plugin Inspector permite Path Traversal. Este problema afecta al Inspector de Plugins desde la versi\u00f3n n/d hasta la 1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/plugin-inspector/vulnerability/wordpress-plugin-inspector-plugin-1-5-arbitrary-file-download-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53300.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53300.json new file mode 100644 index 00000000000..49ef26f08d3 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53300.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53300", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:51.893", + "lastModified": "2025-06-27T14:15:51.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en douglaskarr Podcast Feed Player Widget and Shortcode permite XSS almacenado. Este problema afecta al widget y c\u00f3digo corto del reproductor de podcasts desde n/d hasta la versi\u00f3n 2.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/podcast-feed-player-widget/vulnerability/wordpress-podcast-feed-player-widget-and-shortcode-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53301.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53301.json new file mode 100644 index 00000000000..c06bb3c2c96 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53301.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53301", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.073", + "lastModified": "2025-06-27T14:15:52.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Junkie Theme Junkie Team Content allows DOM-Based XSS. This issue affects Theme Junkie Team Content: from n/a through 0.1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Theme Junkie Theme Junkie Team Content permite XSS basado en DOM. Este problema afecta a Theme Junkie Team Content desde n/d hasta la versi\u00f3n 0.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/theme-junkie-team-content/vulnerability/wordpress-theme-junkie-team-content-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53304.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53304.json new file mode 100644 index 00000000000..322d646ed7c --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53304.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53304", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.253", + "lastModified": "2025-06-27T14:15:52.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form – 7 : Hide Success Message: from n/a through 1.1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Rohil Contact Form \u2013 7 : Hide Success Message permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a Contact Form 7: Ocultar mensaje de \u00e9xito desde n/d hasta la versi\u00f3n 1.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-hide-success-message/vulnerability/wordpress-contact-form-7-hide-success-message-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53305.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53305.json new file mode 100644 index 00000000000..603df963ef8 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53305.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53305", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.440", + "lastModified": "2025-06-27T14:15:52.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server allows Stored XSS. This issue affects WP Forum Server: from n/a through 1.8.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en lucidcrew WP Forum Server permite XSS almacenado. Este problema afecta a WP Forum Server desde n/d hasta la versi\u00f3n 1.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/forum-server/vulnerability/wordpress-wp-forum-server-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53306.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53306.json new file mode 100644 index 00000000000..72cd2745049 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53306.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53306", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.603", + "lastModified": "2025-06-27T14:15:52.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lucidcrew WP Forum Server allows SQL Injection. This issue affects WP Forum Server: from n/a through 1.8.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en lucidcrew WP Forum Server permite la inyecci\u00f3n SQL. Este problema afecta a WP Forum Server desde n/d hasta la versi\u00f3n 1.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/forum-server/vulnerability/wordpress-wp-forum-server-plugin-1-8-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53308.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53308.json new file mode 100644 index 00000000000..d8167af7306 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53308.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53308", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.777", + "lastModified": "2025-06-27T14:15:52.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en gopi_plus Image Slider With Description permite XSS almacenado. Este problema afecta a Image Slider With Description desde n/d hasta la versi\u00f3n 9.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-slider-with-description/vulnerability/wordpress-image-slider-with-description-plugin-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53309.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53309.json new file mode 100644 index 00000000000..b017ae39415 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53309.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53309", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:52.953", + "lastModified": "2025-06-27T14:15:52.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Stripe Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Stripe Payments Using Contact Form 7: from n/a through 3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en ZealousWeb Accept Stripe Payments Using Contact Form 7 permite recuperar datos confidenciales incrustados. Este problema afecta a Accept Stripe Payments Using Contact Form 7: desde n/d hasta la versi\u00f3n 3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/accept-stripe-payments-using-contact-form-7/vulnerability/wordpress-accept-stripe-payments-using-contact-form-7-plugin-3-0-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53310.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53310.json new file mode 100644 index 00000000000..00cdd379caa --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53310.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53310", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:53.120", + "lastModified": "2025-06-27T14:15:53.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost allows Reflected XSS. This issue affects HidePost: from n/a through 2.3.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Funnnny HidePost permite XSS reflejado. Este problema afecta a HidePost desde la versi\u00f3n n/d hasta la 2.3.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hidepost/vulnerability/wordpress-hidepost-plugin-2-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53311.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53311.json new file mode 100644 index 00000000000..8b8ce2fe6dc --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53311.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53311", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:53.280", + "lastModified": "2025-06-27T14:15:53.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Amol Nirmala Waman Navayan Subscribe permite XSS almacenado. Este problema afecta a Navayan Subscribe desde n/d hasta la versi\u00f3n 1.13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/navayan-subscribe/vulnerability/wordpress-navayan-subscribe-plugin-1-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53312.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53312.json new file mode 100644 index 00000000000..7e6f054e46b --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53312.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53312", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:53.470", + "lastModified": "2025-06-27T14:15:53.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Looks Awesome OnionBuzz permite XSS almacenado. Este problema afecta a OnionBuzz desde n/d hasta la versi\u00f3n 1.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/onionbuzz-viral-quiz/vulnerability/wordpress-onionbuzz-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53313.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53313.json new file mode 100644 index 00000000000..e4d0bd56f33 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53313.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53313", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:53.663", + "lastModified": "2025-06-27T14:15:53.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en plumwd Twitch TV Embed Suite permite XSS almacenado. Este problema afecta a Twitch TV Embed Suite desde n/d hasta la versi\u00f3n 2.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/twitch-tv-embed-suite/vulnerability/wordpress-twitch-tv-embed-suite-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53314.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53314.json new file mode 100644 index 00000000000..a1eb3e36ee0 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53314.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53314", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:53.857", + "lastModified": "2025-06-27T14:15:53.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This issue affects WP Optimizer: from n/a through 2.3.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en sh1zen WP Optimizer permite la inyecci\u00f3n de SQL. Este problema afecta a WP Optimizer desde n/d hasta la versi\u00f3n 2.3.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-optimizer/vulnerability/wordpress-wp-optimizer-plugin-2-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53315.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53315.json new file mode 100644 index 00000000000..45e50324953 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53315.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53315", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.050", + "lastModified": "2025-06-27T14:15:54.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en alanft Relocate Upload permite XSS almacenado. Este problema afecta a Relocate Upload desde n/d hasta la versi\u00f3n 0.24.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/relocate-upload/vulnerability/wordpress-relocate-upload-plugin-0-24-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53317.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53317.json new file mode 100644 index 00000000000..1d9466fb1ec --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53317.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53317", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.243", + "lastModified": "2025-06-27T14:15:54.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite allows Stored XSS. This issue affects WPShapere Lite: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en AcmeeDesign WPShapere Lite permite XSS almacenado. Este problema afecta a WPShapere Lite desde n/d hasta la versi\u00f3n 1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpshapere-lite/vulnerability/wordpress-wpshapere-lite-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53318.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53318.json new file mode 100644 index 00000000000..b891ec50e16 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53318.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53318", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.410", + "lastModified": "2025-06-27T14:15:54.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en WPManiax WP DB Booster permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP DB Booster desde la versi\u00f3n n/d hasta la 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-db-booster/vulnerability/wordpress-wp-db-booster-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53320.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53320.json new file mode 100644 index 00000000000..f9e909fe80d --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53320.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53320", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.590", + "lastModified": "2025-06-27T14:15:54.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Wp Enhanced Free Downloads EDD permite XSS basado en DOM. Este problema afecta a Free Downloads EDD desde n/d hasta la versi\u00f3n 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/free-downloads-edd/vulnerability/wordpress-free-downloads-edd-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53321.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53321.json new file mode 100644 index 00000000000..0a359cac657 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53321.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53321", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.767", + "lastModified": "2025-06-27T14:15:54.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from n/a through 5.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Raise The Money Raise The Money permite XSS basado en DOM. Este problema afecta a Raise The Money desde n/d hasta la versi\u00f3n 5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/raise-the-money/vulnerability/wordpress-raise-the-money-plugin-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53322.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53322.json new file mode 100644 index 00000000000..860ca7b0fd2 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53322.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53322", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:54.967", + "lastModified": "2025-06-27T14:15:54.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Authorize.NET Payments Using Contact Form 7: from n/a through 2.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en ZealousWeb Accept Authorize.NET Payments permite recuperar datos confidenciales incrustados. Este problema afecta a Accept Authorize.NET Payments Using Contact Form 7: desde n/d hasta la versi\u00f3n 2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/accept-authorize-net-payments-using-contact-form-7/vulnerability/wordpress-accept-authorize-net-payments-using-contact-form-7-plugin-2-5-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53323.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53323.json new file mode 100644 index 00000000000..9151d8c9dcd --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53323.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53323", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:55.163", + "lastModified": "2025-06-27T14:15:55.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en danbriapps Pre-Publish Post Checklist permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la lista de verificaci\u00f3n de prepublicaci\u00f3n desde n/d hasta la versi\u00f3n 3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pre-publish-post-checklist/vulnerability/wordpress-pre-publish-post-checklist-plugin-3-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53325.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53325.json new file mode 100644 index 00000000000..2b32a34e1d7 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53325.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53325", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:55.350", + "lastModified": "2025-06-27T14:15:55.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dilip kumar Beauty Contact Popup Form allows Stored XSS. This issue affects Beauty Contact Popup Form: from n/a through 6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Dilip kumar Beauty Contact Popup Form permite XSS almacenado. Este problema afecta al formulario emergente de contacto de Beauty: desde n/d hasta la versi\u00f3n 6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/beauty-contact-popup-form/vulnerability/wordpress-beauty-contact-popup-form-plugin-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53327.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53327.json new file mode 100644 index 00000000000..65cb6558fda --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53327.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53327", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:55.527", + "lastModified": "2025-06-27T14:15:55.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en rui_mashita Aioseo Multibyte Descriptions permite Cross Site Request Forgery. Este problema afecta a Aioseo Multibyte Descriptions desde n/d hasta la versi\u00f3n 0.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/aioseo-multibyte-descriptions/vulnerability/wordpress-aioseo-multibyte-descriptions-plugin-0-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53329.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53329.json new file mode 100644 index 00000000000..2068f7f729b --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53329.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53329", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:55.687", + "lastModified": "2025-06-27T14:15:55.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in szajenw Spo\u0142eczno\u015bciowa 6 PL 2013 allows Stored XSS. This issue affects Spo\u0142eczno\u015bciowa 6 PL 2013: from n/a through 2.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en szajenw Spo?eczno?ciowa 6 PL 2013 permite XSS almacenado. Este problema afecta a Spo?eczno?ciowa 6 PL 2013: desde n/d hasta la versi\u00f3n 2.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/spolecznosciowa-6-pl-2013/vulnerability/wordpress-spolecznosciowa-6-pl-2013-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53331.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53331.json new file mode 100644 index 00000000000..9218739fa70 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53331.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53331", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:55.863", + "lastModified": "2025-06-27T14:15:55.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en samcharrington RSS Digest permite XSS almacenado. Este problema afecta a RSS Digest: desde n/d hasta la versi\u00f3n 1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rss-digest/vulnerability/wordpress-rss-digest-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53332.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53332.json new file mode 100644 index 00000000000..b4e11112b47 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53332.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53332", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:56.027", + "lastModified": "2025-06-27T14:15:56.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en ethoseo Track Everything permite XSS almacenado. Este problema afecta a Track Everything desde la versi\u00f3n n/d hasta la 2.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/track-everything/vulnerability/wordpress-track-everything-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53336.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53336.json new file mode 100644 index 00000000000..63d005e3944 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53336.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53336", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:56.413", + "lastModified": "2025-06-27T14:15:56.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en abditsori My Resume Builder permite XSS almacenado. Este problema afecta a My Resume Builder desde n/d hasta la versi\u00f3n 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/my-resume-builder/vulnerability/wordpress-my-resume-builder-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53338.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53338.json new file mode 100644 index 00000000000..47b450cbbb5 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53338.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53338", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:56.610", + "lastModified": "2025-06-27T14:15:56.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en dor re.place permite XSS almacenado. Este problema afecta a re.place desde n/d hasta la versi\u00f3n 0.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/replace/vulnerability/wordpress-re-place-plugin-0-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53339.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53339.json new file mode 100644 index 00000000000..8d9689c8864 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53339.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-53339", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-06-27T14:15:56.797", + "lastModified": "2025-06-27T14:15:56.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos en PHP') en devnex Devnex Addons para Elementor permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Devnex Addons para Elementor desde n/d hasta la versi\u00f3n 1.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/devnex-addons-for-elementor/vulnerability/wordpress-devnex-addons-for-elementor-plugin-1-0-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53380.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53380.json new file mode 100644 index 00000000000..187fbaa2583 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53380.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53380", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:24.373", + "lastModified": "2025-06-28T03:15:24.373", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53381.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53381.json new file mode 100644 index 00000000000..714c97b7803 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53381.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53381", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.393", + "lastModified": "2025-06-28T03:15:25.393", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53382.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53382.json new file mode 100644 index 00000000000..ce5b087a2e6 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53382.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53382", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.470", + "lastModified": "2025-06-28T03:15:25.470", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53383.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53383.json new file mode 100644 index 00000000000..e7082c79552 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53383.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53383", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.563", + "lastModified": "2025-06-28T03:15:25.563", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53384.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53384.json new file mode 100644 index 00000000000..986d2ca03af --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53384.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53384", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.630", + "lastModified": "2025-06-28T03:15:25.630", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53385.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53385.json new file mode 100644 index 00000000000..abee7cc6f1e --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53385.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53385", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.710", + "lastModified": "2025-06-28T03:15:25.710", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53386.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53386.json new file mode 100644 index 00000000000..44c7fa842d4 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53386.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53386", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.790", + "lastModified": "2025-06-28T03:15:25.790", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53387.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53387.json new file mode 100644 index 00000000000..e3b7edd4387 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53387.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53387", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.860", + "lastModified": "2025-06-28T03:15:25.860", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53388.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53388.json new file mode 100644 index 00000000000..ae3c3676c24 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53388.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-53388", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-06-28T03:15:25.933", + "lastModified": "2025-06-28T03:15:25.933", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: Not used" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53391.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53391.json new file mode 100644 index 00000000000..6665a79820a --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53391.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-53391", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-28T22:15:23.600", + "lastModified": "2025-06-28T22:15:23.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://bugs.debian.org/1108288", + "source": "cve@mitre.org" + }, + { + "url": "https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc", + "source": "cve@mitre.org" + }, + { + "url": "https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac70cfb9684b/debian/patches/fix_zulupolkit_policy.patch", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53392.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53392.json new file mode 100644 index 00000000000..46707d17a6b --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53392.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2025-53392", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-28T23:15:21.503", + "lastModified": "2025-06-28T23:15:21.503", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "In Netgate pfSense CE 2.8.0, the \"WebCfg - Diagnostics: Command\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-36" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/skraft9/pfsense-security-research", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-533xx/CVE-2025-53393.json b/CVE-2025/CVE-2025-533xx/CVE-2025-53393.json new file mode 100644 index 00000000000..0c3c6cbcac7 --- /dev/null +++ b/CVE-2025/CVE-2025-533xx/CVE-2025-53393.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-53393", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-28T23:15:21.760", + "lastModified": "2025-06-28T23:15:21.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/akka/akka/pull/32748", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-534xx/CVE-2025-53415.json b/CVE-2025/CVE-2025-534xx/CVE-2025-53415.json new file mode 100644 index 00000000000..45fc7170d7d --- /dev/null +++ b/CVE-2025/CVE-2025-534xx/CVE-2025-53415.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-53415", + "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "published": "2025-06-30T09:15:26.903", + "lastModified": "2025-06-30T09:15:26.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics DTM Soft\u00a0Project File Parsing Deserialization of Untrusted Data Remote Code Execution" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory", + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5304.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5304.json new file mode 100644 index 00000000000..aa4db4897e4 --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5304.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5304", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T06:15:22.173", + "lastModified": "2025-06-28T06:15:22.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/project-notebooks/tags/1.1.3/includes/structure/admin/pto_admin_settings.php#L233", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/project-notebooks/tags/1.1.3/includes/structure/admin/pto_admin_settings.php#L36", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/project-notebooks/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/552ec9fc-5bff-4bee-be04-39892c89cd59?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5306.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5306.json new file mode 100644 index 00000000000..a8c980fb8b8 --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5306.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-5306", + "sourceIdentifier": "security@pandorafms.com", + "published": "2025-06-27T08:15:22.277", + "lastModified": "2025-06-27T08:15:22.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales en el campo de directorio Netflow puede permitir la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Pandora FMS 774 a 778." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NEGLIGIBLE", + "Automatable": "NO", + "Recovery": "USER", + "valueDensity": "DIFFUSE", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "GREEN" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5310.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5310.json new file mode 100644 index 00000000000..68284adbde4 --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5310.json @@ -0,0 +1,99 @@ +{ + "id": "CVE-2025-5310", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-06-27T18:15:52.310", + "lastModified": "2025-06-27T18:15:52.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dover Fueling Solutions ProGauge MagLink LX Consoles\u00a0expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution." + }, + { + "lang": "es", + "value": "Dover Fueling Solutions ProGauge MagLink LX Consoles exponen una interfaz de framework de comunicaci\u00f3n de destino (TCF) no documentada ni autenticada en un puerto espec\u00edfico. Se pueden crear, eliminar o modificar archivos, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5398.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5398.json new file mode 100644 index 00000000000..d9abfab6d2e --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5398.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5398", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T10:15:26.470", + "lastModified": "2025-06-27T10:15:26.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Ninja Forms \u2013 The Contact Form Builder That Grows With You para WordPress es vulnerable a Cross-Site Scripting almacenado mediante el uso de un motor de plantillas en todas las versiones hasta la 3.10.2.1 incluida, debido a un escape de salida insuficiente en los datos de usuario que se pasan a trav\u00e9s de la plantilla. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.10.1/assets/js/min/front-end.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3317181%40ninja-forms&new=3317181%40ninja-forms&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92d106c6-a910-4f41-94d1-59f6b7f3aeb0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5526.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5526.json new file mode 100644 index 00000000000..570ffa68db2 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5526.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-5526", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-27T06:15:26.763", + "lastModified": "2025-06-27T06:15:26.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user" + }, + { + "lang": "es", + "value": "El complemento BuddyPress Docs para WordPress anterior a la versi\u00f3n 2.2.5 carece de controles de acceso adecuados y permite que un usuario que haya iniciado sesi\u00f3n vea y descargue archivos que pertenecen a otro usuario." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5730.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5730.json new file mode 100644 index 00000000000..faef427c38e --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5730.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-5730", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-30T06:15:28.713", + "lastModified": "2025-06-30T06:15:28.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/e1e7f423-f981-413c-a99a-e5927fc1cd0c/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-58xx/CVE-2025-5878.json b/CVE-2025/CVE-2025-58xx/CVE-2025-5878.json new file mode 100644 index 00000000000..1c077f3c171 --- /dev/null +++ b/CVE-2025/CVE-2025-58xx/CVE-2025-5878.json @@ -0,0 +1,161 @@ +{ + "id": "CVE-2025-5878", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T12:15:23.633", + "lastModified": "2025-06-29T12:15:23.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disclosed to the public. The project was contacted early about this issue and handled it with an exceptional level of professionalism. Upgrading to version 2.7.0.0 is able to address this issue. Commit ID f75ac2c2647a81d2cfbdc9c899f8719c240ed512 is disabling the feature by default and any attempt to use it will trigger a warning. And commit ID e2322914304d9b1c52523ff24be495b7832f6a56 is updating the misleading Java class documentation to warn about the risks." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-138" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.7.0.0", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/uglory-gll/javasec/blob/main/ESAPI.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314321", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314321", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590149", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590150", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5936.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5936.json new file mode 100644 index 00000000000..9d792f9bdbd --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5936.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5936", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:22.497", + "lastModified": "2025-06-27T08:15:22.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento VR Calendar para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.4.7 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n syncCalendar(). Esto permite que atacantes no autenticados activen la sincronizaci\u00f3n del calendario mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/vr-calendar-sync/trunk/Admin/Classes/VRCalendarAdmin.class.php#L98", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57dbafe8-dcb3-4ac9-ad5e-76baf1963850?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5937.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5937.json new file mode 100644 index 00000000000..7d0ce5e0e3c --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5937.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5937", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T08:15:25.143", + "lastModified": "2025-06-28T08:15:25.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MicroPayments \u2013 Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/paid-membership/trunk/inc/options.php#L1364", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3318389/#file0", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d80417bc-2bb2-4826-be03-796a7cd2825f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5940.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5940.json new file mode 100644 index 00000000000..67a710141de --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5940.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5940", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:22.857", + "lastModified": "2025-06-27T08:15:22.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Osom Blocks \u2013 Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Osom Blocks \u2013 Custom Post Type listing block para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del par\u00e1metro 'class_name' en todas las versiones hasta la 1.2.1 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/osomblocks/trunk/blocks/cpt-list/index.php#L171", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/osomblocks/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54e022df-0dc7-4f60-811d-48a92b723d55?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5951.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5951.json new file mode 100644 index 00000000000..e2c2d63c567 --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5951.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-5951", + "sourceIdentifier": "cve@gitlab.com", + "published": "2025-06-28T23:15:21.963", + "lastModified": "2025-06-28T23:15:21.963", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6019.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6019.json index b3390737177..b49fae80ce7 100644 --- a/CVE-2025/CVE-2025-60xx/CVE-2025-6019.json +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6019.json @@ -2,7 +2,7 @@ "id": "CVE-2025-6019", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-19T12:15:19.727", - "lastModified": "2025-06-23T20:16:59.783", + "lastModified": "2025-06-30T03:15:25.990", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -88,6 +88,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9328", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9878", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-6019", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6128.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6128.json index 49b64b442cf..b6fb4f847f0 100644 --- a/CVE-2025/CVE-2025-61xx/CVE-2025-6128.json +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6128.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6128", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-16T16:15:20.047", - "lastModified": "2025-06-17T20:50:23.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T14:46:05.487", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -124,30 +124,80 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD36F94-8646-4794-8878-6F4BF1BF1153" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/byxs0x0/cve2/blob/main/8.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/byxs0x0/cve2/blob/main/8.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.312597", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.312597", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.592694", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-62xx/CVE-2025-6252.json b/CVE-2025/CVE-2025-62xx/CVE-2025-6252.json new file mode 100644 index 00000000000..febc2bf6602 --- /dev/null +++ b/CVE-2025/CVE-2025-62xx/CVE-2025-6252.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6252", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T05:15:24.710", + "lastModified": "2025-06-28T05:15:24.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/assets/js/main.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3318746%40qi-addons-for-elementor%2Ftrunk&old=3308494%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ef82a52-0a32-4dc4-b027-3d2098549404?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-63xx/CVE-2025-6350.json b/CVE-2025/CVE-2025-63xx/CVE-2025-6350.json new file mode 100644 index 00000000000..f28c706fabb --- /dev/null +++ b/CVE-2025/CVE-2025-63xx/CVE-2025-6350.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6350", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T04:15:45.190", + "lastModified": "2025-06-28T04:15:45.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP VR \u2013 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018hotspot-hover\u2019 parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wpvr/trunk/admin/classes/class-wpvr-ajax.php#L171", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3317520%40wpvr%2Ftrunk&old=3314284%40wpvr%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3d82ec-5f94-4511-a6ba-8ee1dec06160?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-63xx/CVE-2025-6379.json b/CVE-2025/CVE-2025-63xx/CVE-2025-6379.json new file mode 100644 index 00000000000..e743c42389d --- /dev/null +++ b/CVE-2025/CVE-2025-63xx/CVE-2025-6379.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6379", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T04:15:45.700", + "lastModified": "2025-06-28T04:15:45.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26abf509-f0a9-4849-9028-d6c42832158f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-63xx/CVE-2025-6381.json b/CVE-2025/CVE-2025-63xx/CVE-2025-6381.json new file mode 100644 index 00000000000..892d02953e0 --- /dev/null +++ b/CVE-2025/CVE-2025-63xx/CVE-2025-6381.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6381", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T04:15:46.110", + "lastModified": "2025-06-28T04:15:46.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-36" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6448.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6448.json index 1ff7b91241e..576f26c1a2b 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6448.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6448.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6448", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T00:15:25.400", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:58:56.890", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "61BF42C7-3A62-4829-9CFE-E7522E8E62CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/zzb1388/cve/issues/8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313555", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313555", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598586", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/zzb1388/cve/issues/8", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6449.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6449.json index 8b8774bd9b4..38cf1d3a913 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6449.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6449.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6449", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T01:15:24.283", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:59:11.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "61BF42C7-3A62-4829-9CFE-E7522E8E62CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/zzb1388/cve/issues/9", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313556", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313556", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598587", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/zzb1388/cve/issues/9", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6450.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6450.json index 5d1d9b6d16b..d28d6b22913 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6450.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6450.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6450", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T01:15:24.470", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:59:51.930", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "61BF42C7-3A62-4829-9CFE-E7522E8E62CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/zzb1388/cve/issues/10", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313557", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313557", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598588", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/zzb1388/cve/issues/10", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6451.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6451.json index da743e3a6a0..f2f5c279f63 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6451.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6451.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6451", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T02:15:22.983", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:00:53.823", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "61BF42C7-3A62-4829-9CFE-E7522E8E62CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/zzb1388/cve/issues/11", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313558", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313558", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598589", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/zzb1388/cve/issues/11", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6452.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6452.json index fead29684f1..0d599e6b995 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6452.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6452.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6452", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T03:15:30.703", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:01:21.663", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -124,34 +144,80 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:patient_record_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8361BAE2-7E6B-4F41-AAF3-AF0B3E058A07" + } + ] + } + ] + } + ], "references": [ { "url": "https://codeastro.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md#-proof-of-concept-poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313559", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.313559", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598711", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6455.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6455.json index 812f1f3103f..a980b0c052f 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6455.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6455.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6455", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T03:15:31.667", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:02:14.733", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1AFA9F09-A919-4283-BE6A-A5A8C4BE803C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/blueandhack/cve/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598876", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/blueandhack/cve/issues/3", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6456.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6456.json index b51f075cf15..e578b4941d3 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6456.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6456.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6456", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T04:15:28.673", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:02:28.953", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1AFA9F09-A919-4283-BE6A-A5A8C4BE803C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/blueandhack/cve/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313562", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313562", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598877", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/blueandhack/cve/issues/2", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6457.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6457.json index ea646403759..d9f6fed1817 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6457.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6457.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6457", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T04:15:33.007", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:02:36.347", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1AFA9F09-A919-4283-BE6A-A5A8C4BE803C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/blueandhack/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313563", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313563", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598878", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/blueandhack/cve/issues/1", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6462.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6462.json new file mode 100644 index 00000000000..ce23a8bb13a --- /dev/null +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6462.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6462", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-29T05:15:20.663", + "lastModified": "2025-06-29T05:15:20.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3318513/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/elisqlreports/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6811f19-07fb-4c05-977f-90f9c5d89bb4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6467.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6467.json index 8dc6ec9f22d..aa88863b3c7 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6467.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6467.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6467", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T06:15:23.623", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:30:42.310", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,30 +144,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Kristin5634487/cve/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313575", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313575", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598882", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Kristin5634487/cve/issues/2", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6468.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6468.json index ff689a8c3bc..10a2bea32c1 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6468.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6468.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6468", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T08:15:24.677", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:37:25.340", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,26 +144,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ganzhi-qcy/cve/issues/12", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313576", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313576", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.598994", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6469.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6469.json index 3e7a597e547..3907952dcba 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6469.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6469.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6469", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T08:15:25.497", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:54:31.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,26 +144,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/W2-l0mechan1c/cve/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313577", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313577", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.599089", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6470.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6470.json index 1e0623aa3bd..1ab000c224e 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6470.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6470.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6470", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T09:15:25.157", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:55:15.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,26 +144,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/W2-l0mechan1c/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313578", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313578", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.599090", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6471.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6471.json index bf2938715e8..ae3f4d5ec74 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6471.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6471.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6471", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T10:15:21.680", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:56:34.050", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,26 +144,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ganzhi-qcy/cve/issues/11", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313579", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313579", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.599402", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6472.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6472.json index a2f32524acd..9e96a5ebbba 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6472.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6472.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6472", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T10:15:22.703", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:56:41.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,26 +144,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabian:online_bidding_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41FE5C5F-8DE9-41F0-B9AA-29EBE2BC199C" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ganzhi-qcy/cve/issues/10", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313580", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313580", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.599867", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6474.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6474.json index 34cbd3606fc..a4e59797438 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6474.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6474.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6474", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T12:15:19.777", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:29:34.393", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/1609624781/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313582", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313582", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.600494", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6475.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6475.json index c25bab62bad..bc7254311d5 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6475.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6475.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6475", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T12:15:20.747", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:20:59.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -122,28 +142,73 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:razormist:student_result_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9FBD5779-C1BF-4B42-B4B8-79D7DE7729A5" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README8.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.313583", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313583", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.600550", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6476.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6476.json index 3c1e5ad0c4b..fe3ee0136fc 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6476.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6476.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6476", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T13:15:34.470", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:14:29.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -122,28 +122,75 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:gym_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0E3FCB58-338B-4DDF-8A94-26E3EC131A2B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/alc9700jmo/CVE/issues/15", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313584", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313584", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.600558", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6478.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6478.json index 6dfe09626ca..cfaadef2de0 100644 --- a/CVE-2025/CVE-2025-64xx/CVE-2025-6478.json +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6478.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6478", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-22T14:15:21.467", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:13:26.643", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -122,24 +122,66 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:expense_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9A369429-262C-4B3B-931B-3236522AC181" + } + ] + } + ] } ], "references": [ { "url": "https://codeastro.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.313586", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313586", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.600581", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6488.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6488.json new file mode 100644 index 00000000000..0f6a71b7588 --- /dev/null +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6488.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6488", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T05:15:34.203", + "lastModified": "2025-06-27T05:15:34.203", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018device\u2019 parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3318334/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/ismobile/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1886db3-e01d-4cb1-8134-8cddff6503ac?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6500.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6500.json index 549d80623d5..cd62ace578b 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6500.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6500.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6500", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-23T03:15:26.913", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:58:31.480", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -76,6 +76,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -118,32 +138,84 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mex135605/cve/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313616", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313616", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601250", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/mex135605/cve/issues/3", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6501.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6501.json index 28f2daa917b..965a6795521 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6501.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6501.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6501", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-23T03:15:27.100", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:57:09.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,32 +142,84 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mex135605/cve/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313617", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313617", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601251", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/mex135605/cve/issues/2", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6502.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6502.json index 7283674a98e..7ec2a1f9a06 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6502.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6502.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6502", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-23T04:15:24.780", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:56:37.683", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mex135605/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313618", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313618", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601252", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6503.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6503.json index ae77a41def4..798cbb3938b 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6503.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6503.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6503", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-23T04:15:42.737", - "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:55:49.877", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/YunQipao/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313619", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313619", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601286", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6521.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6521.json new file mode 100644 index 00000000000..4aacfbc0b6d --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6521.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2025-6521", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-06-27T17:15:35.073", + "lastModified": "2025-06-27T17:15:35.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "During the initial setup of the device the user connects to an access \npoint broadcast by the Sight Bulb Pro. During the negotiation, AES \nEncryption keys are passed in cleartext. If captured, an attacker may be\n able to decrypt communications between the management app and the Sight\n Bulb Pro which may include sensitive information such as network \ncredentials." + }, + { + "lang": "es", + "value": "Durante la configuraci\u00f3n inicial del dispositivo, el usuario se conecta a un punto de acceso transmitido por Sight Bulb Pro. Durante la negociaci\u00f3n, las claves de cifrado AES se transmiten en texto plano. Si se capturan, un atacante podr\u00eda descifrar las comunicaciones entre la aplicaci\u00f3n de administraci\u00f3n y Sight Bulb Pro, que pueden incluir informaci\u00f3n confidencial como las credenciales de red." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.trendmakerscares.com/Customer-Service-Hours", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6522.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6522.json new file mode 100644 index 00000000000..5644aee1f86 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6522.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2025-6522", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-06-27T18:15:52.580", + "lastModified": "2025-06-27T18:15:52.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unauthenticated users on an adjacent network with the Sight Bulb Pro can\n run shell commands as root through a vulnerable proprietary TCP \nprotocol available on Port 16668. This vulnerability allows an attacker \nto run arbitrary commands on the Sight Bulb Pro by passing a well formed\n JSON string." + }, + { + "lang": "es", + "value": "Los usuarios no autenticados en una red adyacente con Sight Bulb Pro pueden ejecutar comandos de shell como root a trav\u00e9s de un protocolo TCP propietario vulnerable disponible en el puerto 16668. Esta vulnerabilidad permite a un atacante ejecutar comandos arbitrarios en Sight Bulb Pro pasando una cadena JSON bien formada." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.trendmakerscares.com/Customer-Service-Hours", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6550.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6550.json new file mode 100644 index 00000000000..b0470b65eb2 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6550.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2025-6550", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:23.053", + "lastModified": "2025-06-27T08:15:23.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018slider_options\u2019 parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento The Pack Elementor para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del par\u00e1metro 'slider_options' en todas las versiones hasta la 2.1.3 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/carousel_parallax/view.php#L25", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/imgbox_1/view.php#L31", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/imgbox_4/view.php#L57", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/sliderparallax/view.php#L37", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/testimonial_1/one.php#L46", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/the-pack-addon/trunk/includes/widgets/element/testimonial_5/one.php#L33", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af2f136-5806-4d5e-a72d-486c4839a695?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6567.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6567.json index 7d8f46dfa89..fda4e172e4f 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6567.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6567.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6567", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-24T15:15:25.623", - "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:48:39.390", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:campcodes:online_recruitment_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D9037ECC-11B2-4334-9E4B-0D5349E34D4A" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Sp1d3rL1/CVE/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313739", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313739", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601339", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.campcodes.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6568.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6568.json index bbc8a9eeb58..5155f1881ad 100644 --- a/CVE-2025/CVE-2025-65xx/CVE-2025-6568.json +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6568.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6568", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-24T15:15:25.823", - "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T16:43:42.703", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -122,32 +122,94 @@ "value": "CWE-120" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD36F94-8646-4794-8878-6F4BF1BF1153" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/d2pq/cve/blob/main/616/23.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/d2pq/cve/blob/main/616/23.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313740", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313740", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601344", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6611.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6611.json index 11451aca6e8..e1d1552e337 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6611.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6611.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6611", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T16:15:27.233", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:35:43.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Lwlej/cve/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313828", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313828", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601976", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6612.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6612.json index a6f5fc6204a..b61276631d9 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6612.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6612.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6612", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T16:15:27.413", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:22:07.427", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Lwlej/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313829", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313829", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.601977", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6618.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6618.json index d5f83b94008..7f10e06a018 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6618.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6618.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6618", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T18:15:24.757", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:20:53.133", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,40 +142,110 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*", + "matchCriteriaId": "F8729CF2-38C8-483B-9BDB-7C4ACA2C8D97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*", + "matchCriteriaId": "006251DF-FF38-4FC5-8BE2-96374D8F6B7B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313836", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313836", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602263", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6619.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6619.json index 511e6dd3918..3a7758aacf8 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6619.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6619.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6619", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T18:15:24.950", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:19:19.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,40 +142,110 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*", + "matchCriteriaId": "F8729CF2-38C8-483B-9BDB-7C4ACA2C8D97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*", + "matchCriteriaId": "006251DF-FF38-4FC5-8BE2-96374D8F6B7B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_45/45.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_45/45.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313837", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313837", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602264", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_45/45.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_45/45.md#poc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6620.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6620.json index a02be5f429d..f151c70cb0e 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6620.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6620.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6620", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T18:15:25.137", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:11:26.180", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,40 +142,110 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*", + "matchCriteriaId": "F8729CF2-38C8-483B-9BDB-7C4ACA2C8D97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*", + "matchCriteriaId": "006251DF-FF38-4FC5-8BE2-96374D8F6B7B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_46/46.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_46/46.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313838", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313838", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602265", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_46/46.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_46/46.md#poc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6621.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6621.json index 92e01fe6341..6c09efcaae4 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6621.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6621.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6621", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T18:15:25.310", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T18:10:30.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,40 +142,110 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*", + "matchCriteriaId": "F8729CF2-38C8-483B-9BDB-7C4ACA2C8D97" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*", + "matchCriteriaId": "006251DF-FF38-4FC5-8BE2-96374D8F6B7B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313839", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313839", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602266", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.totolink.net/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6664.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6664.json index db78a5e1db4..8e91357f151 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6664.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6664.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6664", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T21:15:21.520", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:57:43.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -122,32 +122,82 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:patient_record_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8361BAE2-7E6B-4F41-AAF3-AF0B3E058A07" + } + ] + } + ] } ], "references": [ { "url": "https://codeastro.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System-CSRF/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System-CSRF.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System-CSRF/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System-CSRF.md#-steps-to-reproduce", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313878", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313878", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602323", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6665.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6665.json index 3a179b14491..97746a61e3a 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6665.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6665.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6665", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T21:15:21.703", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:56:25.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/catfish258/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313879", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313879", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602324", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6668.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6668.json index d6dda8b8e1e..c8ceb5cf469 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6668.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6668.json @@ -2,8 +2,8 @@ "id": "CVE-2025-6668", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T22:15:24.450", - "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-27T17:49:20.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "78AAB56E-9A99-4A71-B622-32EE2C1ADFB1" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/lijingze-eng/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.313881", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.313881", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.602340", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6669.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6669.json index 4547072d1f7..27e7eaa189a 100644 --- a/CVE-2025/CVE-2025-66xx/CVE-2025-6669.json +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6669.json @@ -2,7 +2,7 @@ "id": "CVE-2025-6669", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-25T23:15:21.310", - "lastModified": "2025-06-26T18:57:43.670", + "lastModified": "2025-06-27T11:15:25.547", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -111,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -130,11 +130,11 @@ "source": "cna@vuldb.com" }, { - "url": "https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524", + "url": "https://github.com/gooaclok819/sublinkX/issues/68", "source": "cna@vuldb.com" }, { - "url": "https://github.com/gooaclok819/sublinkX/issues/69", + "url": "https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524", "source": "cna@vuldb.com" }, { @@ -150,7 +150,7 @@ "source": "cna@vuldb.com" }, { - "url": "https://vuldb.com/?submit.602369", + "url": "https://vuldb.com/?submit.602368", "source": "cna@vuldb.com" } ] diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6688.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6688.json new file mode 100644 index 00000000000..de68ca4b753 --- /dev/null +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6688.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6688", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:23.243", + "lastModified": "2025-06-27T08:15:23.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users." + }, + { + "lang": "es", + "value": "El complemento Simple Payment para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en las versiones 1.3.6 a 2.3.8. Esto se debe a que el complemento no verifica correctamente la identidad del usuario antes de iniciar sesi\u00f3n mediante la funci\u00f3n create_user(). Esto permite que atacantes no autenticados inicien sesi\u00f3n como usuarios administrativos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3318371/simple-payment/tags/2.3.9/simple-payment-plugin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4e2f87-e3ad-4f1b-b647-f5e5a49f691b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6689.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6689.json new file mode 100644 index 00000000000..d2a3fda7846 --- /dev/null +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6689.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6689", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-27T08:15:23.440", + "lastModified": "2025-06-27T08:15:23.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento FL3R Accessibility Suite para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del shortcode fl3raccessibilitysuite en todas las versiones hasta la 1.4 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/fl3r-accessibility-suite/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33f673b5-2bcb-4591-b589-4d7230b5c2e7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6701.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6701.json index 3f925b43cd9..40d26bd4947 100644 --- a/CVE-2025/CVE-2025-67xx/CVE-2025-6701.json +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6701.json @@ -2,13 +2,17 @@ "id": "CVE-2025-6701", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-26T16:15:36.930", - "lastModified": "2025-06-26T18:57:43.670", + "lastModified": "2025-06-27T14:15:57.400", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en Xuxueli xxl-sso 1.1.0. Este problema afecta a un procesamiento desconocido del archivo /xxl-sso-server/doLogin. La manipulaci\u00f3n del argumento redirect_url provoca una redirecci\u00f3n abierta. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { @@ -59,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", @@ -107,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -132,6 +136,10 @@ { "url": "https://vuldb.com/?submit.597472", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-02.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6702.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6702.json index 820e5dac310..0606ffc436a 100644 --- a/CVE-2025/CVE-2025-67xx/CVE-2025-6702.json +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6702.json @@ -2,13 +2,17 @@ "id": "CVE-2025-6702", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-26T16:15:38.033", - "lastModified": "2025-06-26T18:57:43.670", + "lastModified": "2025-06-27T14:15:57.553", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en linlinjava litemall 1.8.0. La vulnerabilidad afecta a una funci\u00f3n desconocida del archivo /wx/comment/post. La manipulaci\u00f3n del argumento adminComment provoca una autorizaci\u00f3n indebida. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { @@ -59,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", @@ -107,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -136,6 +140,10 @@ { "url": "https://vuldb.com/?submit.597473", "source": "cna@vuldb.com" + }, + { + "url": "https://ctf-n0el4kls.notion.site/Litemall-Mass-Assignment-Vulnerability-in-wx-comment-post-21441990f447808b86d1cb15e37ecae9", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6705.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6705.json new file mode 100644 index 00000000000..5d6d244e066 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6705.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2025-6705", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-06-27T15:15:28.263", + "lastModified": "2025-06-27T17:15:35.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "On open-vsx.org https://open-vsx.org/ \u00a0it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to an existing extension could take over the service account of the marketplace. The issue has been fixed on June 24th, 2025 and the vulnerable code present in the publish-extension code repository." + }, + { + "lang": "es", + "value": "En open-vsx.org (https://open-vsx.org/), era posible ejecutar scripts de compilaci\u00f3n arbitrarios para extensiones publicadas autom\u00e1ticamente debido a la falta de la sandbox para las ejecuciones de trabajos de integraci\u00f3n continua. Un atacante con acceso a una extensi\u00f3n existente podr\u00eda tomar el control de la cuenta de servicio del marketplace. El problema se solucion\u00f3 el 24 de junio de 2025 y el c\u00f3digo vulnerable se encuentra en el repositorio de c\u00f3digo de la extensi\u00f3n publicada." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-653" + }, + { + "lang": "en", + "value": "CWE-913" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/EclipseFdn/publish-extensions/pull/881", + "source": "emo@eclipse.org" + }, + { + "url": "https://open-vsx.org", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6731.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6731.json index 3f8e1fc5b9f..29dc82d0c9b 100644 --- a/CVE-2025/CVE-2025-67xx/CVE-2025-6731.json +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6731.json @@ -2,13 +2,17 @@ "id": "CVE-2025-6731", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-26T22:15:25.073", - "lastModified": "2025-06-26T22:15:25.073", + "lastModified": "2025-06-27T14:15:57.707", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en yzcheng90 X-SpringBoot (hasta la versi\u00f3n 5.0), clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n uploadApk del archivo /sys/oss/upload/apk del componente APK File Handler. La manipulaci\u00f3n del argumento \"File\" provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { @@ -59,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -136,6 +140,14 @@ { "url": "https://vuldb.com/?submit.597524", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md#steps-to-reproduce", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6734.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6734.json index 58abd77ed47..61484c623da 100644 --- a/CVE-2025/CVE-2025-67xx/CVE-2025-6734.json +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6734.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en UTT HiPER 840G hasta la versi\u00f3n 3.1.1-190328. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n sub_484E40 del archivo /goform/formP2PLimitConfig de la API del componente. La manipulaci\u00f3n del argumento \"except\" provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6735.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6735.json new file mode 100644 index 00000000000..00e5438a759 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6735.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6735", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T00:15:37.793", + "lastModified": "2025-06-27T00:15:37.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en juzaweb CMS 3.4.2. Se trata de una funci\u00f3n desconocida del archivo /admin-cp/imports del componente Import Page. La manipulaci\u00f3n da lugar a una autorizaci\u00f3n indebida. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314010", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314010", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.597778", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6736.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6736.json new file mode 100644 index 00000000000..4bc3a9aac5b --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6736.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6736", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T00:15:38.790", + "lastModified": "2025-06-27T00:15:38.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad cr\u00edtica en juzaweb CMS 3.4.2. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin-cp/theme/install del componente \"Add New Themes Page\". La manipulaci\u00f3n da lugar a una autorizaci\u00f3n indebida. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314011", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314011", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.597779", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6738.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6738.json new file mode 100644 index 00000000000..46b5ca111fd --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6738.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6738", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T01:15:23.533", + "lastModified": "2025-06-27T01:15:23.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en huija bicycleSharingServer hasta la versi\u00f3n 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Este problema afecta a la funci\u00f3n userDao.selectUserByUserNameLike del archivo UserServiceImpl.java. La manipulaci\u00f3n del argumento \"Username\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza una versi\u00f3n continua para garantizar una distribuci\u00f3n continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/huija/bicycleSharingServer/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314012", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314012", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.597988", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6748.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6748.json new file mode 100644 index 00000000000..d7b926a6a15 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6748.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6748", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T02:15:24.053", + "lastModified": "2025-06-27T02:15:24.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en Bharti Airtel Thanks App 4.105.4 para Android. Se trata de una funci\u00f3n desconocida del archivo /Android/data/com.myairtelapp/files/. La manipulaci\u00f3n permite el almacenamiento de texto plano en un archivo o en el disco. Es posible lanzar el ataque contra el dispositivo f\u00edsico. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.1, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + }, + { + "lang": "en", + "value": "CWE-313" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314046", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314046", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.598122", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6749.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6749.json new file mode 100644 index 00000000000..58300621a45 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6749.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6749", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T02:15:24.260", + "lastModified": "2025-06-27T02:15:24.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en huija bicycleSharingServer hasta 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Esta vulnerabilidad afecta a la funci\u00f3n searchAdminMessageShow del archivo AdminController.java. La manipulaci\u00f3n del argumento Title provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto no utiliza control de versiones. Por ello, no hay informaci\u00f3n disponible sobre las versiones afectadas y no afectadas." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/huija/bicycleSharingServer/issues/6", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314047", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314047", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.598164", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6750.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6750.json new file mode 100644 index 00000000000..587fd61fe49 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6750.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6750", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T03:15:22.827", + "lastModified": "2025-06-27T14:15:58.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en HDF5 1.14.6. Este problema afecta a la funci\u00f3n H5O__mtime_new_encode del archivo src/H5Omtime.c. Esta manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. Es necesario realizar ataques locales. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5549", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20438441/hdf5_crash_1.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314048", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314048", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601017", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/HDFGroup/hdf5/issues/5549", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6751.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6751.json new file mode 100644 index 00000000000..9bb49e768b1 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6751.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6751", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T04:15:56.977", + "lastModified": "2025-06-27T04:15:56.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad clasificada como cr\u00edtica en el Linksys E8450 hasta la versi\u00f3n 1.2.00.360516. Esta vulnerabilidad afecta a la funci\u00f3n set_device_language del archivo portal.cgi del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento dut_language provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/E8450/1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/E8450/1.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314049", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314049", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.598217", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.linksys.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6752.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6752.json new file mode 100644 index 00000000000..649b37a65eb --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6752.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6752", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T04:16:01.407", + "lastModified": "2025-06-27T04:16:01.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en Linksys WRT1900ACS, EA7200, EA7450 y EA7500 hasta la versi\u00f3n 20250619, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n SetDefaultConnectionService del archivo /upnp/control/Layer3Forwarding del componente IGD. La manipulaci\u00f3n del argumento NewDefaultConnectionService provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314050", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314050", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.600638", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.linksys.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6753.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6753.json new file mode 100644 index 00000000000..75eff51375a --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6753.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6753", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T05:15:34.450", + "lastModified": "2025-06-27T05:15:34.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en huija bicycleSharingServer 1.0, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n selectAdminByNameLike del archivo AdminController.java. La manipulaci\u00f3n provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/huija/bicycleSharingServer/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314051", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314051", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.597982", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6755.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6755.json new file mode 100644 index 00000000000..c11405a228a --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6755.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6755", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-28T06:15:23.910", + "lastModified": "2025-06-28T06:15:23.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/game-users-share-buttons/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f861ece5-21e4-4c7f-8701-bd9492b1b8bf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6761.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6761.json new file mode 100644 index 00000000000..238c6dd999d --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6761.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6761", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T11:15:25.740", + "lastModified": "2025-06-27T11:15:25.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \\k3\\o2o\\bos\\webapp\\action\\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release \"Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes.\"" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n plugin.buildMobilePopHtml del archivo \\k3\\o2o\\bos\\webapp\\action\\DynamicForm 4 Action.class del componente Freemarker Engine. La manipulaci\u00f3n provoca la neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un motor de plantillas. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. El proveedor explica que, en la versi\u00f3n corregida, \u00abFreemarker est\u00e1 configurado en 'ALLOWS_NOTHING_RESOLVER' para no analizar ninguna clase\u00bb." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-791" + }, + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://vip.kingdee.com/link/s/ZlWX7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vip.kingdee.com/school/detail/713028702245944320", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314072", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314072", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601207", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6762.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6762.json new file mode 100644 index 00000000000..1adf7adce0d --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6762.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6762", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T12:15:45.280", + "lastModified": "2025-06-27T14:15:58.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en diyhi bbs hasta la versi\u00f3n 6.8. Esta afecta a la funci\u00f3n getUrl del archivo /admin/login del componente HTTP Header Handler. La manipulaci\u00f3n del argumento Host provoca server-side request forgery. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-02.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-02.md#steps-to-reproduce", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314073", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314073", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.598896", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-02.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6763.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6763.json new file mode 100644 index 00000000000..4f4ebdaa9b1 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6763.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6763", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T12:15:45.500", + "lastModified": "2025-06-27T14:15:58.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. This vulnerability affects unknown code of the file /setupA.cfg of the component Web-based Management Interface. The manipulation leads to missing authentication. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 y H3531 1.60. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /setupA.cfg del componente Interfaz de Administraci\u00f3n Web. La manipulaci\u00f3n provoca la omisi\u00f3n de la autenticaci\u00f3n. Se requiere acceso a la red local para este ataque. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", + "baseScore": 6.8, + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.2, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + }, + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zeke2997/CVE_request_comet_system", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeke2997/CVE_request_comet_system#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314074", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314074", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.599848", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeke2997/CVE_request_comet_system", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6765.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6765.json new file mode 100644 index 00000000000..d85bd6bd78c --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6765.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6765", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T12:15:45.770", + "lastModified": "2025-06-27T13:15:24.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Intelbras InControl 2.21.60.9. Este problema afecta a un procesamiento desconocido del archivo /v1/operador/ del componente HTTP PUT Request Handler. La manipulaci\u00f3n genera problemas de permisos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-275" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.314075", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314075", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.599873", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.599880", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.599873", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + }, + { + "url": "https://vuldb.com/?submit.599880", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6766.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6766.json new file mode 100644 index 00000000000..5a3857849ea --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6766.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6766", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T13:15:25.153", + "lastModified": "2025-06-27T13:15:25.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en sfturing hosp_order hasta 627f426331da8086ce8fff2017d65b1ddef384f8. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getOfficeName del archivo OfficeServiceImpl.java. La manipulaci\u00f3n del argumento officesName provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza una versi\u00f3n continua para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizadas." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sfturing/hosp_order/issues/108", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314080", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314080", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.600529", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/sfturing/hosp_order/issues/108", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6767.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6767.json new file mode 100644 index 00000000000..58fec12ef82 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6767.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6767", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T13:15:25.367", + "lastModified": "2025-06-27T13:15:25.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en sfturing hosp_order hasta 627f426331da8086ce8fff2017d65b1ddef384f8. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n findDoctorByCondition del archivo DoctorServiceImpl.java. La manipulaci\u00f3n del argumento hospitalName provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una entrega continua. Por lo tanto, no se dispone de informaci\u00f3n sobre las versiones afectadas ni sobre las actualizadas." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sfturing/hosp_order/issues/109", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314081", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314081", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.600547", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6768.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6768.json new file mode 100644 index 00000000000..2db9f4aee21 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6768.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6768", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T14:15:58.930", + "lastModified": "2025-06-27T14:15:58.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sfturing/hosp_order/issues/110", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314082", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314082", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601081", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6772.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6772.json new file mode 100644 index 00000000000..1f798be726b --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6772.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6772", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T19:15:31.500", + "lastModified": "2025-06-27T19:15:31.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en eosphoros-ai db-gpt hasta la versi\u00f3n 0.7.2. Se ha clasificado como cr\u00edtica. La funci\u00f3n import_flow del archivo /api/v2/serve/awel/flow/import est\u00e1 afectada. La manipulaci\u00f3n del argumento File provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eosphoros-ai/DB-GPT/issues/2774", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314088", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314088", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601028", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6773.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6773.json new file mode 100644 index 00000000000..c017e21b04b --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6773.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6773", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T19:15:31.737", + "lastModified": "2025-06-27T19:15:31.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. It is possible to launch the attack on the local host. The identifier of the patch is 60777d535b719631680bcf5d0969bdef79ca4eaf. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en HKUDS LightRAG hasta la versi\u00f3n 1.3.8. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n upload_to_input_dir del archivo lightrag/api/routers/document_routes.py del componente File Upload. La manipulaci\u00f3n del argumento file.filename provoca un path traversal. Es posible lanzar el ataque en el host local. El identificador del parche es 60777d535b719631680bcf5d0969bdef79ca4eaf. Se recomienda aplicar un parche para solucionar este problema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 4.3, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HKUDS/LightRAG/commit/60777d535b719631680bcf5d0969bdef79ca4eaf", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/HKUDS/LightRAG/issues/1692", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/HKUDS/LightRAG/issues/1692#issuecomment-3009368235", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314089", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314089", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601276", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6774.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6774.json new file mode 100644 index 00000000000..c7931659e40 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6774.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6774", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T20:15:35.510", + "lastModified": "2025-06-27T20:15:35.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9 is able to address this issue. The patch is identified as 778d26aef723daa58df98c8060c43f5bf5d1b10b. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en gooaclok819 sublinkX hasta la versi\u00f3n 1.8. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n AddTemp del archivo api/template.go. La manipulaci\u00f3n del argumento filename provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.9 puede solucionar este problema. El parche se identifica como 778d26aef723daa58df98c8060c43f5bf5d1b10b. Se recomienda actualizar el componente afectado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gooaclok819/sublinkX/commit/778d26aef723daa58df98c8060c43f5bf5d1b10b", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/gooaclok819/sublinkX/issues/69", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/gooaclok819/sublinkX/releases/tag/1.9", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314090", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314090", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602369", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6775.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6775.json new file mode 100644 index 00000000000..bd83a938309 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6775.json @@ -0,0 +1,157 @@ +{ + "id": "CVE-2025-6775", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T20:15:35.750", + "lastModified": "2025-06-27T20:15:35.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en xiaoyunjie openvpn-cms-flask hasta la versi\u00f3n 1.2.7. Esta vulnerabilidad afecta a la funci\u00f3n create_user del archivo /app/api/v1/openvpn.py del componente User Creation Endpoint. La manipulaci\u00f3n del argumento \"Username\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se llama e23559b98c8ea2957f09978c29f4e512ba789eb6. Se recomienda actualizar el componente afectado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314091", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314091", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602373", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6776.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6776.json new file mode 100644 index 00000000000..3bd01268a12 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6776.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6776", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T20:15:35.990", + "lastModified": "2025-06-27T20:15:35.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en xiaoyunjie openvpn-cms-flask hasta la versi\u00f3n 1.2.7. Esta vulnerabilidad afecta la funci\u00f3n \"Upload\" del archivo app/plugins/oss/app/controller.py del componente \"File Upload\". La manipulaci\u00f3n del argumento \"image\" provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.2.8 soluciona este problema. El parche se llama e23559b98c8ea2957f09978c29f4e512ba789eb6. Se recomienda actualizar el componente afectado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314092", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314092", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602374", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6777.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6777.json new file mode 100644 index 00000000000..72b3159d541 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6777.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6777", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T21:15:24.830", + "lastModified": "2025-06-27T21:15:24.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en code-projects Food Distributor Site 1.0. Este problema afecta a un procesamiento desconocido del archivo /admin/process_login.php. La manipulaci\u00f3n del argumento \"username/password\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/fubxx/CVE/blob/main/Food%20Distributor%20system%20SQL1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314093", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314093", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602598", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6778.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6778.json new file mode 100644 index 00000000000..2be8c09cc64 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6778.json @@ -0,0 +1,161 @@ +{ + "id": "CVE-2025-6778", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-27T21:15:25.087", + "lastModified": "2025-06-27T21:15:25.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en code-projects Food Distributor Site 1.0. La vulnerabilidad afecta a una funci\u00f3n desconocida del archivo /admin/save_settings.php. La manipulaci\u00f3n del argumento site_phone/site_email/address provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/fubxx/CVE/blob/main/Food%20Distributor%20system%20XSS%202.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/fubxx/CVE/blob/main/Food%20Distributor%20system%20XSS%203.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314094", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314094", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602600", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602601", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602602", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6816.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6816.json new file mode 100644 index 00000000000..89e34d73109 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6816.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6816", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T08:15:25.343", + "lastModified": "2025-06-28T08:15:25.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5571", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314254", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314254", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602291", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6817.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6817.json new file mode 100644 index 00000000000..e338a313f9a --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6817.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6817", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T12:15:20.790", + "lastModified": "2025-06-28T12:15:20.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + }, + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5572", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623368/hdf5_crash_4.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314255", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314255", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602294", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6818.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6818.json new file mode 100644 index 00000000000..5bc1fe3f6a6 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6818.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6818", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T16:15:23.977", + "lastModified": "2025-06-28T16:15:23.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5573", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623382/hdf5_crash_5.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314256", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314256", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602326", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6819.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6819.json new file mode 100644 index 00000000000..d39e94afba6 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6819.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6819", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T17:15:24.960", + "lastModified": "2025-06-28T17:15:24.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /php_action/removeBrand.php. The manipulation of the argument brandId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/AlbaDove/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314257", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314257", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602609", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6820.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6820.json new file mode 100644 index 00000000000..176832c85f3 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6820.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6820", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T18:15:21.033", + "lastModified": "2025-06-28T18:15:21.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /php_action/createProduct.php. The manipulation of the argument productName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/AlbaDove/cve/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314258", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314258", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602617", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6821.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6821.json new file mode 100644 index 00000000000..826d34402ac --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6821.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6821", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T18:15:22.400", + "lastModified": "2025-06-28T18:15:22.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/createOrder.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Dav1d-safe/cve/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314259", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314259", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602640", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6822.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6822.json new file mode 100644 index 00000000000..6cc6c203bc7 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6822.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6822", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T19:15:23.143", + "lastModified": "2025-06-28T19:15:23.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/removeProduct.php. The manipulation of the argument productId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Dav1d-safe/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314260", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314260", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602641", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6823.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6823.json new file mode 100644 index 00000000000..629533b36ff --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6823.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6823", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T20:15:22.973", + "lastModified": "2025-06-28T20:15:22.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/editProduct.php. The manipulation of the argument editProductName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Dav1d-safe/cve/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314261", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314261", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602642", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6824.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6824.json new file mode 100644 index 00000000000..eb0b2afff43 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6824.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6824", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T20:15:23.917", + "lastModified": "2025-06-28T20:15:23.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/awindog/cve/blob/main/688/28.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/awindog/cve/blob/main/688/28.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314262", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314262", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602643", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6825.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6825.json new file mode 100644 index 00000000000..781c5d70f6b --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6825.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6825", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T21:15:29.613", + "lastModified": "2025-06-28T21:15:29.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/awindog/cve/blob/main/688/29.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/awindog/cve/blob/main/688/29.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314263", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314263", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602655", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6826.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6826.json new file mode 100644 index 00000000000..64a1bbeb372 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6826.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6826", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T21:15:30.627", + "lastModified": "2025-06-28T21:15:30.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Cashbeebee/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314264", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314264", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602674", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6827.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6827.json new file mode 100644 index 00000000000..e794b25957b --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6827.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6827", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T22:15:24.560", + "lastModified": "2025-06-28T22:15:24.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/editOrder.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/YunQipao/cve/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314265", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314265", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602999", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6828.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6828.json new file mode 100644 index 00000000000..14aa4c4b9b6 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6828.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6828", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T23:15:22.053", + "lastModified": "2025-06-28T23:15:22.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /orders.php. The manipulation of the argument i leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/YunQipao/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314266", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314266", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603000", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6829.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6829.json new file mode 100644 index 00000000000..432ede93d0e --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6829.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6829", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-28T23:15:22.277", + "lastModified": "2025-06-28T23:15:22.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chujianxin0101/vuln/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314267", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314267", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603033", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6834.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6834.json new file mode 100644 index 00000000000..9807977e8c1 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6834.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6834", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T00:15:20.953", + "lastModified": "2025-06-29T00:15:20.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/editPayment.php. The manipulation of the argument orderId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/xiaoqitc/cve-/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314278", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314278", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603127", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603855", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6835.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6835.json new file mode 100644 index 00000000000..02161274601 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6835.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6835", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T00:15:21.207", + "lastModified": "2025-06-29T00:15:21.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/blueandhack/cve/issues/6", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314279", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314279", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603142", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6836.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6836.json new file mode 100644 index 00000000000..95f30f5bc19 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6836.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6836", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T01:15:21.267", + "lastModified": "2025-06-29T01:15:21.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/blueandhack/cve/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314280", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314280", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603145", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6837.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6837.json new file mode 100644 index 00000000000..54928afe5a4 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6837.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6837", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T01:15:21.527", + "lastModified": "2025-06-29T01:15:21.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/blueandhack/cve/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314281", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314281", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603154", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6839.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6839.json new file mode 100644 index 00000000000..b08223c4607 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6839.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6839", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T02:15:21.747", + "lastModified": "2025-06-29T02:15:21.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B", + "source": "cna@vuldb.com" + }, + { + "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314282", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314282", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603176", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6840.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6840.json new file mode 100644 index 00000000000..63a179f04f8 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6840.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6840", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T03:15:21.580", + "lastModified": "2025-06-29T03:15:21.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/10", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314283", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314283", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603200", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6841.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6841.json new file mode 100644 index 00000000000..ecbae6ab490 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6841.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6841", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T03:15:21.843", + "lastModified": "2025-06-29T03:15:21.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/11", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314284", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314284", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603207", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6842.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6842.json new file mode 100644 index 00000000000..80aab8f5e4d --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6842.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6842", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T04:15:29.417", + "lastModified": "2025-06-29T04:15:29.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/12", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314285", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314285", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603208", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6843.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6843.json new file mode 100644 index 00000000000..3465475afae --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6843.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6843", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T04:15:34.907", + "lastModified": "2025-06-29T04:15:34.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/13", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314286", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314286", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603263", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6844.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6844.json new file mode 100644 index 00000000000..4252f6656a1 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6844.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6844", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T04:15:38.570", + "lastModified": "2025-06-29T04:15:38.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signin.php. The manipulation of the argument User leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/14", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314287", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314287", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603344", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6845.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6845.json new file mode 100644 index 00000000000..e3133eb4df0 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6845.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6845", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T05:15:21.687", + "lastModified": "2025-06-29T05:15:21.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Simple Forum 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /register1.php. The manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/15", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314288", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314288", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603345", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6846.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6846.json new file mode 100644 index 00000000000..9f78b9302ae --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6846.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6846", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T05:15:21.923", + "lastModified": "2025-06-29T05:15:21.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Simple Forum 1.0. This affects an unknown part of the file /forum_viewfile.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/16", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314289", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314289", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603346", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6847.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6847.json new file mode 100644 index 00000000000..5f592dafd17 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6847.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6847", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T06:15:21.230", + "lastModified": "2025-06-29T06:15:21.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Simple Forum 1.0. This vulnerability affects unknown code of the file /forum_edit.php. The manipulation of the argument iii leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/17", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314290", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314290", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603347", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6848.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6848.json new file mode 100644 index 00000000000..e0e68b086c8 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6848.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6848", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T06:15:23.457", + "lastModified": "2025-06-29T06:15:23.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/18", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314291", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314291", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603349", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6849.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6849.json new file mode 100644 index 00000000000..1f9e9761f98 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6849.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6849", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T07:15:24.343", + "lastModified": "2025-06-29T07:15:24.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/19", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314292", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314292", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603351", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6850.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6850.json new file mode 100644 index 00000000000..c06a1ffa5ec --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6850.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6850", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T07:15:25.450", + "lastModified": "2025-06-29T07:15:25.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/20", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314293", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314293", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603352", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6853.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6853.json new file mode 100644 index 00000000000..910604e53d4 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6853.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-6853", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T08:15:21.550", + "lastModified": "2025-06-29T08:15:21.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatchat-space/Langchain-Chatchat/issues/5352", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314325", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314325", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601155", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6854.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6854.json new file mode 100644 index 00000000000..ec8f3ee8d91 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6854.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-6854", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T09:15:24.020", + "lastModified": "2025-06-29T09:15:24.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatchat-space/Langchain-Chatchat/issues/5353", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314326", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314326", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601161", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6855.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6855.json new file mode 100644 index 00000000000..7a3d364469a --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6855.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-6855", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T09:15:24.290", + "lastModified": "2025-06-29T09:15:24.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 5.2, + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chatchat-space/Langchain-Chatchat/issues/5354", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314327", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314327", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601162", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6856.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6856.json new file mode 100644 index 00000000000..c00e5466bbc --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6856.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6856", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T10:15:21.443", + "lastModified": "2025-06-29T10:15:21.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5574", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623417/hdf5_crash_6.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314328", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314328", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602528", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6857.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6857.json new file mode 100644 index 00000000000..859c6e7da12 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6857.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6857", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T10:15:22.800", + "lastModified": "2025-06-29T10:15:22.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5575", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623442/hdf5_crash_7.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314329", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314329", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602529", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6858.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6858.json new file mode 100644 index 00000000000..ab01f30679b --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6858.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6858", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T11:15:24.313", + "lastModified": "2025-06-29T11:15:24.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + }, + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5576", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623475/hdf5_crash_8.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314330", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314330", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602530", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6859.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6859.json new file mode 100644 index 00000000000..c9e6e4d7a43 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6859.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6859", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T13:15:23.577", + "lastModified": "2025-06-29T13:15:23.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/pro_sale.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-11.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314331", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314331", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603373", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6860.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6860.json new file mode 100644 index 00000000000..2f9425cd496 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6860.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6860", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T13:15:24.617", + "lastModified": "2025-06-29T13:15:24.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/staff_commision.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-12.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314332", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314332", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603374", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6861.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6861.json new file mode 100644 index 00000000000..df8c3dc2640 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6861.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6861", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T14:15:21.617", + "lastModified": "2025-06-29T14:15:21.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add_plan.php. The manipulation of the argument plan_name/description/duration_days/price leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-13.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314333", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314333", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603375", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6862.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6862.json new file mode 100644 index 00000000000..a434d36cf36 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6862.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6862", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T15:15:29.510", + "lastModified": "2025-06-29T15:15:29.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit_plan.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-14.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314334", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314334", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603378", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6863.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6863.json new file mode 100644 index 00000000000..8f80ee16b0b --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6863.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6863", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T15:15:30.550", + "lastModified": "2025-06-29T15:15:30.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/louis-zly/myCVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314335", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314335", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603386", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6864.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6864.json new file mode 100644 index 00000000000..20f180c8e52 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6864.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6864", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T16:15:23.420", + "lastModified": "2025-06-29T16:15:23.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/murongchengshu/zhicheng_tan/blob/main/SeaCMS_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314336", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314336", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603562", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6865.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6865.json new file mode 100644 index 00000000000..f26f2eae102 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6865.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6865", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T17:15:21.677", + "lastModified": "2025-06-29T17:15:21.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wwm1995/weiming_wang/blob/main/daicuocms_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314337", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314337", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603563", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6866.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6866.json new file mode 100644 index 00000000000..e81ed8d9a8a --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6866.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6866", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T18:15:21.020", + "lastModified": "2025-06-29T18:15:21.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/22", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314338", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314338", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603581", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6867.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6867.json new file mode 100644 index 00000000000..973f2f449a0 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6867.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6867", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T19:15:22.187", + "lastModified": "2025-06-29T19:15:22.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/23", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314339", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314339", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603637", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6868.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6868.json new file mode 100644 index 00000000000..43d5c15d0cd --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6868.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6868", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T19:15:22.720", + "lastModified": "2025-06-29T19:15:22.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/24", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314340", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314340", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603638", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6869.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6869.json new file mode 100644 index 00000000000..8b0505ccb9d --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6869.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6869", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T20:15:25.160", + "lastModified": "2025-06-29T20:15:25.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/25", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314341", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314341", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603639", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6870.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6870.json new file mode 100644 index 00000000000..99b6050b7cd --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6870.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6870", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T20:15:25.330", + "lastModified": "2025-06-29T20:15:25.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/26", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314342", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314342", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603640", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6871.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6871.json new file mode 100644 index 00000000000..89b06802718 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6871.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6871", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T21:15:22.587", + "lastModified": "2025-06-29T21:15:22.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/27", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314343", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314343", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603641", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6872.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6872.json new file mode 100644 index 00000000000..5737ebd4f5b --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6872.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6872", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T21:15:22.790", + "lastModified": "2025-06-29T21:15:22.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/28", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314344", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314344", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603643", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6873.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6873.json new file mode 100644 index 00000000000..8f102fc67a9 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6873.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6873", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T22:15:21.593", + "lastModified": "2025-06-29T22:15:21.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ez-lbz/poc/issues/29", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314345", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314345", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603645", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6874.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6874.json new file mode 100644 index 00000000000..ea9f574673f --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6874.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6874", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T22:15:22.637", + "lastModified": "2025-06-29T22:15:22.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/add_subscribe.php. The manipulation of the argument user_id/plan_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-15.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314346", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314346", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603651", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6875.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6875.json new file mode 100644 index 00000000000..9e7ef7bd356 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6875.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6875", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T23:15:21.067", + "lastModified": "2025-06-29T23:15:21.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-16.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314347", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314347", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603652", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6876.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6876.json new file mode 100644 index 00000000000..19e062c9312 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6876.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6876", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-29T23:15:21.277", + "lastModified": "2025-06-29T23:15:21.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/add-category.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-17.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314348", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314348", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603653", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6877.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6877.json new file mode 100644 index 00000000000..f2b968afc4f --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6877.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6877", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T00:15:22.443", + "lastModified": "2025-06-30T00:15:22.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-18.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314349", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314349", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603654", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6878.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6878.json new file mode 100644 index 00000000000..83fdead3ccd --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6878.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6878", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T01:15:25.080", + "lastModified": "2025-06-30T01:15:25.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-19.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314350", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314350", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603655", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6879.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6879.json new file mode 100644 index 00000000000..8f1fc174eda --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6879.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6879", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T01:15:25.280", + "lastModified": "2025-06-30T01:15:25.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add-tax.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-20.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314351", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314351", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603656", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6880.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6880.json new file mode 100644 index 00000000000..797ae407805 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6880.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6880", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T01:15:25.463", + "lastModified": "2025-06-30T01:15:25.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-21.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314352", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314352", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603657", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6881.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6881.json new file mode 100644 index 00000000000..c6126e5e2d9 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6881.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6881", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T02:15:21.420", + "lastModified": "2025-06-30T02:15:21.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.314360", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314360", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603692", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6882.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6882.json new file mode 100644 index 00000000000..c59f8526e6e --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6882.json @@ -0,0 +1,148 @@ +{ + "id": "CVE-2025-6882", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T03:15:26.287", + "lastModified": "2025-06-30T03:15:26.287", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.314361", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314361", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603693", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6883.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6883.json new file mode 100644 index 00000000000..0997addd0ad --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6883.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6883", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T03:15:26.507", + "lastModified": "2025-06-30T03:15:26.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /update_index.php. The manipulation of the argument updateid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/qingchuana/q1ngchuan/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314362", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314362", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603719", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6884.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6884.json new file mode 100644 index 00000000000..9b55db88ad5 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6884.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6884", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T03:15:26.687", + "lastModified": "2025-06-30T03:15:26.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /search_index.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/qingchuana/q1ngchuan/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314363", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314363", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603720", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6885.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6885.json new file mode 100644 index 00000000000..08fd1dfd6ae --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6885.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6885", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T04:15:33.767", + "lastModified": "2025-06-30T04:15:33.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/louis-zly/myCVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314364", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314364", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603766", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6886.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6886.json new file mode 100644 index 00000000000..2f9203035cc --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6886.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6886", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T05:15:40.763", + "lastModified": "2025-06-30T05:15:40.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC5-setSchedWifi_schedEndTime-21d53a41781f80fb8a90f08898e8d404?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC5-setSchedWifi_schedStartTime-21d53a41781f803f97eeddd9828c5c84?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603774", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603775", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6887.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6887.json new file mode 100644 index 00000000000..9cd5056365c --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6887.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-6887", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T05:15:41.103", + "lastModified": "2025-06-30T05:15:41.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC5-fromSetSysTime_time-21d53a41781f8002bdb3fe8344d6fd8c?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC5-fromSetSysTime_timeZone-21d53a41781f8021ae2fd2ac639f1b3f?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314366", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314366", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603788", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603789", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6888.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6888.json new file mode 100644 index 00000000000..b2d498e72ca --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6888.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6888", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T05:15:41.340", + "lastModified": "2025-06-30T05:15:41.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/louis-zly/myCVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314367", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314367", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603793", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6889.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6889.json new file mode 100644 index 00000000000..8f8312f57e1 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6889.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6889", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T06:15:28.847", + "lastModified": "2025-06-30T06:15:28.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /logIn.php. The manipulation of the argument postName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/30", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314368", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314368", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603831", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6890.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6890.json new file mode 100644 index 00000000000..f564cae35a5 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6890.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6890", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T06:15:29.353", + "lastModified": "2025-06-30T06:15:29.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ticketConfirmation.php. The manipulation of the argument Date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ez-lbz/poc/issues/31", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314369", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314369", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603844", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6891.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6891.json new file mode 100644 index 00000000000..69818928fd0 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6891.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6891", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T07:15:23.280", + "lastModified": "2025-06-30T07:15:23.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/tangjihong1974/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314370", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314370", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.603882", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6896.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6896.json new file mode 100644 index 00000000000..6642b58e696 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6896.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6896", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T07:15:23.543", + "lastModified": "2025-06-30T07:15:23.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + }, + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_1_en.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314388", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314388", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.604441", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6897.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6897.json new file mode 100644 index 00000000000..f2e86d31441 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6897.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6897", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T08:15:23.843", + "lastModified": "2025-06-30T08:15:23.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 5.2, + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + }, + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314389", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314389", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.604442", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6898.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6898.json new file mode 100644 index 00000000000..4c4c4af4f25 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6898.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6898", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T08:15:24.113", + "lastModified": "2025-06-30T08:15:24.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in\u00a0proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + }, + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314390", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314390", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.604443", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-68xx/CVE-2025-6899.json b/CVE-2025/CVE-2025-68xx/CVE-2025-6899.json new file mode 100644 index 00000000000..aadfaafce37 --- /dev/null +++ b/CVE-2025/CVE-2025-68xx/CVE-2025-6899.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6899", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T09:15:27.160", + "lastModified": "2025-06-30T09:15:27.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + }, + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314391", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314391", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.604444", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-69xx/CVE-2025-6900.json b/CVE-2025/CVE-2025-69xx/CVE-2025-6900.json new file mode 100644 index 00000000000..05c11b38235 --- /dev/null +++ b/CVE-2025/CVE-2025-69xx/CVE-2025-6900.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6900", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-30T09:15:27.380", + "lastModified": "2025-06-30T09:15:27.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/W2-l0mechan1c/CVE1/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314392", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314392", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.604504", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c0226cee80f..1a990ae6864 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-26T23:55:18.697115+00:00 +2025-06-30T10:00:13.715915+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-26T23:15:22.743000+00:00 +2025-06-30T09:15:27.380000+00:00 ``` ### Last Data Feed Release @@ -27,35 +27,75 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-06-26T00:00:04.326040+00:00 +2025-06-27T00:00:04.323263+00:00 ``` ### Total Number of included CVEs ```plain -299494 +299868 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `374` -- [CVE-2015-0842](CVE-2015/CVE-2015-08xx/CVE-2015-0842.json) (`2025-06-26T22:15:24.503`) -- [CVE-2015-0843](CVE-2015/CVE-2015-08xx/CVE-2015-0843.json) (`2025-06-26T22:15:24.613`) -- [CVE-2015-0849](CVE-2015/CVE-2015-08xx/CVE-2015-0849.json) (`2025-06-26T22:15:24.717`) -- [CVE-2025-3699](CVE-2025/CVE-2025-36xx/CVE-2025-3699.json) (`2025-06-26T23:15:22.177`) -- [CVE-2025-5731](CVE-2025/CVE-2025-57xx/CVE-2025-5731.json) (`2025-06-26T22:15:24.917`) -- [CVE-2025-6731](CVE-2025/CVE-2025-67xx/CVE-2025-6731.json) (`2025-06-26T22:15:25.073`) -- [CVE-2025-6732](CVE-2025/CVE-2025-67xx/CVE-2025-6732.json) (`2025-06-26T22:15:25.267`) -- [CVE-2025-6733](CVE-2025/CVE-2025-67xx/CVE-2025-6733.json) (`2025-06-26T23:15:22.560`) -- [CVE-2025-6734](CVE-2025/CVE-2025-67xx/CVE-2025-6734.json) (`2025-06-26T23:15:22.743`) +- [CVE-2025-6872](CVE-2025/CVE-2025-68xx/CVE-2025-6872.json) (`2025-06-29T21:15:22.790`) +- [CVE-2025-6873](CVE-2025/CVE-2025-68xx/CVE-2025-6873.json) (`2025-06-29T22:15:21.593`) +- [CVE-2025-6874](CVE-2025/CVE-2025-68xx/CVE-2025-6874.json) (`2025-06-29T22:15:22.637`) +- [CVE-2025-6875](CVE-2025/CVE-2025-68xx/CVE-2025-6875.json) (`2025-06-29T23:15:21.067`) +- [CVE-2025-6876](CVE-2025/CVE-2025-68xx/CVE-2025-6876.json) (`2025-06-29T23:15:21.277`) +- [CVE-2025-6877](CVE-2025/CVE-2025-68xx/CVE-2025-6877.json) (`2025-06-30T00:15:22.443`) +- [CVE-2025-6878](CVE-2025/CVE-2025-68xx/CVE-2025-6878.json) (`2025-06-30T01:15:25.080`) +- [CVE-2025-6879](CVE-2025/CVE-2025-68xx/CVE-2025-6879.json) (`2025-06-30T01:15:25.280`) +- [CVE-2025-6880](CVE-2025/CVE-2025-68xx/CVE-2025-6880.json) (`2025-06-30T01:15:25.463`) +- [CVE-2025-6881](CVE-2025/CVE-2025-68xx/CVE-2025-6881.json) (`2025-06-30T02:15:21.420`) +- [CVE-2025-6882](CVE-2025/CVE-2025-68xx/CVE-2025-6882.json) (`2025-06-30T03:15:26.287`) +- [CVE-2025-6883](CVE-2025/CVE-2025-68xx/CVE-2025-6883.json) (`2025-06-30T03:15:26.507`) +- [CVE-2025-6884](CVE-2025/CVE-2025-68xx/CVE-2025-6884.json) (`2025-06-30T03:15:26.687`) +- [CVE-2025-6885](CVE-2025/CVE-2025-68xx/CVE-2025-6885.json) (`2025-06-30T04:15:33.767`) +- [CVE-2025-6886](CVE-2025/CVE-2025-68xx/CVE-2025-6886.json) (`2025-06-30T05:15:40.763`) +- [CVE-2025-6887](CVE-2025/CVE-2025-68xx/CVE-2025-6887.json) (`2025-06-30T05:15:41.103`) +- [CVE-2025-6888](CVE-2025/CVE-2025-68xx/CVE-2025-6888.json) (`2025-06-30T05:15:41.340`) +- [CVE-2025-6889](CVE-2025/CVE-2025-68xx/CVE-2025-6889.json) (`2025-06-30T06:15:28.847`) +- [CVE-2025-6890](CVE-2025/CVE-2025-68xx/CVE-2025-6890.json) (`2025-06-30T06:15:29.353`) +- [CVE-2025-6891](CVE-2025/CVE-2025-68xx/CVE-2025-6891.json) (`2025-06-30T07:15:23.280`) +- [CVE-2025-6896](CVE-2025/CVE-2025-68xx/CVE-2025-6896.json) (`2025-06-30T07:15:23.543`) +- [CVE-2025-6897](CVE-2025/CVE-2025-68xx/CVE-2025-6897.json) (`2025-06-30T08:15:23.843`) +- [CVE-2025-6898](CVE-2025/CVE-2025-68xx/CVE-2025-6898.json) (`2025-06-30T08:15:24.113`) +- [CVE-2025-6899](CVE-2025/CVE-2025-68xx/CVE-2025-6899.json) (`2025-06-30T09:15:27.160`) +- [CVE-2025-6900](CVE-2025/CVE-2025-69xx/CVE-2025-6900.json) (`2025-06-30T09:15:27.380`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `258` -- [CVE-2012-1977](CVE-2012/CVE-2012-19xx/CVE-2012-1977.json) (`2025-06-26T22:15:24.103`) +- [CVE-2025-6472](CVE-2025/CVE-2025-64xx/CVE-2025-6472.json) (`2025-06-27T16:56:41.610`) +- [CVE-2025-6474](CVE-2025/CVE-2025-64xx/CVE-2025-6474.json) (`2025-06-27T17:29:34.393`) +- [CVE-2025-6475](CVE-2025/CVE-2025-64xx/CVE-2025-6475.json) (`2025-06-27T17:20:59.637`) +- [CVE-2025-6476](CVE-2025/CVE-2025-64xx/CVE-2025-6476.json) (`2025-06-27T17:14:29.533`) +- [CVE-2025-6478](CVE-2025/CVE-2025-64xx/CVE-2025-6478.json) (`2025-06-27T17:13:26.643`) +- [CVE-2025-6500](CVE-2025/CVE-2025-65xx/CVE-2025-6500.json) (`2025-06-27T16:58:31.480`) +- [CVE-2025-6501](CVE-2025/CVE-2025-65xx/CVE-2025-6501.json) (`2025-06-27T16:57:09.610`) +- [CVE-2025-6502](CVE-2025/CVE-2025-65xx/CVE-2025-6502.json) (`2025-06-27T16:56:37.683`) +- [CVE-2025-6503](CVE-2025/CVE-2025-65xx/CVE-2025-6503.json) (`2025-06-27T16:55:49.877`) +- [CVE-2025-6567](CVE-2025/CVE-2025-65xx/CVE-2025-6567.json) (`2025-06-27T16:48:39.390`) +- [CVE-2025-6568](CVE-2025/CVE-2025-65xx/CVE-2025-6568.json) (`2025-06-27T16:43:42.703`) +- [CVE-2025-6611](CVE-2025/CVE-2025-66xx/CVE-2025-6611.json) (`2025-06-27T18:35:43.527`) +- [CVE-2025-6612](CVE-2025/CVE-2025-66xx/CVE-2025-6612.json) (`2025-06-27T18:22:07.427`) +- [CVE-2025-6618](CVE-2025/CVE-2025-66xx/CVE-2025-6618.json) (`2025-06-27T18:20:53.133`) +- [CVE-2025-6619](CVE-2025/CVE-2025-66xx/CVE-2025-6619.json) (`2025-06-27T18:19:19.447`) +- [CVE-2025-6620](CVE-2025/CVE-2025-66xx/CVE-2025-6620.json) (`2025-06-27T18:11:26.180`) +- [CVE-2025-6621](CVE-2025/CVE-2025-66xx/CVE-2025-6621.json) (`2025-06-27T18:10:30.697`) +- [CVE-2025-6664](CVE-2025/CVE-2025-66xx/CVE-2025-6664.json) (`2025-06-27T17:57:43.810`) +- [CVE-2025-6665](CVE-2025/CVE-2025-66xx/CVE-2025-6665.json) (`2025-06-27T17:56:25.200`) +- [CVE-2025-6668](CVE-2025/CVE-2025-66xx/CVE-2025-6668.json) (`2025-06-27T17:49:20.193`) +- [CVE-2025-6669](CVE-2025/CVE-2025-66xx/CVE-2025-6669.json) (`2025-06-27T11:15:25.547`) +- [CVE-2025-6701](CVE-2025/CVE-2025-67xx/CVE-2025-6701.json) (`2025-06-27T14:15:57.400`) +- [CVE-2025-6702](CVE-2025/CVE-2025-67xx/CVE-2025-6702.json) (`2025-06-27T14:15:57.553`) +- [CVE-2025-6731](CVE-2025/CVE-2025-67xx/CVE-2025-6731.json) (`2025-06-27T14:15:57.707`) +- [CVE-2025-6734](CVE-2025/CVE-2025-67xx/CVE-2025-6734.json) (`2025-06-26T23:15:22.743`) ## Download and Usage diff --git a/_state.csv b/_state.csv index a4e4f929add..564b5ac1910 100644 --- a/_state.csv +++ b/_state.csv @@ -53624,7 +53624,7 @@ CVE-2012-1973,0,0,b36788eb6f6bded041cff293fa95c9cc0d1529a91185f3d8a05b5ef5e55752 CVE-2012-1974,0,0,6d760e5ac92988323c57f0d76c71f146bc5e9aec33b27d0e0e5f1e491d6fdbf3,2025-04-11T00:51:21.963000 CVE-2012-1975,0,0,1c0ab2a630f6dadff905f4cc3424c93f66d703a82ca2c9345c57f1e4b9f25fff,2025-04-11T00:51:21.963000 CVE-2012-1976,0,0,e1e884aca97bfd28c7f4bb41e76dfc0fe4d2620672a9906f4f1d48e68f5d218f,2025-04-11T00:51:21.963000 -CVE-2012-1977,0,1,1c4322afcb91f1a2f06e31fd22fd4746bd630036e4e19bebe53d3a6b539ecbfb,2025-06-26T22:15:24.103000 +CVE-2012-1977,0,0,1c4322afcb91f1a2f06e31fd22fd4746bd630036e4e19bebe53d3a6b539ecbfb,2025-06-26T22:15:24.103000 CVE-2012-1978,0,0,f315d189cfc9f35263ba664907dc2257b1c8b35b4fa694146dbd7658b74b99d0,2025-04-12T10:46:40.837000 CVE-2012-1979,0,0,9c0681a5f45ea6f0cfbc7f0366135aa821230341da9af233e29d17e7af503289,2025-04-11T00:51:21.963000 CVE-2012-1982,0,0,765585f4ba53a8604f9496ed2daeae40e4e0b99cd025a9ad8a0d8ffa4e04dcdc,2025-04-11T00:51:21.963000 @@ -64956,7 +64956,7 @@ CVE-2014-0464,0,0,c1cfcace4e4692094e98f4c4162e086e71bb6bde04666cb247c46b18f5042b CVE-2014-0465,0,0,ecfc43cd065a4f4b266a59935f385edffe42f6d5a2c1e6f34de02c34b498c64a,2025-04-12T10:46:40.837000 CVE-2014-0466,0,0,17ca8b82471b3c276e8d75132259275c430540bf67e14c7652a3b8e6c8b2ff8a,2025-04-12T10:46:40.837000 CVE-2014-0467,0,0,bedccfb8f095853a098a8d23d9401d32b49003c130d0d3deb50209806721d49a,2025-04-12T10:46:40.837000 -CVE-2014-0468,0,0,b20a47a37a1b6664397fc7e58a682bf28381a9a844212cdca44870c196eb2683,2025-06-26T21:15:27.527000 +CVE-2014-0468,0,1,c32f598a0ba45a906a8c814661bb52706db796f31c34c2baacbc1c5a6ca06137,2025-06-27T15:15:22.890000 CVE-2014-0469,0,0,bff183f2bd19fd83d5e68fd474a9f0b052f2469e6a8771c1079ffbb9039f2ad4,2025-04-12T10:46:40.837000 CVE-2014-0470,0,0,2895d316d5e4e0cd5ace15397b218e99957671ba27a66f4570b301ca9bab0c55,2025-04-12T10:46:40.837000 CVE-2014-0471,0,0,57d12920f18a34c90f6986e9646c6ca68ac0324960bf38c2499931bd82e7a49f,2025-04-12T10:46:40.837000 @@ -70111,7 +70111,7 @@ CVE-2014-6270,0,0,c4914f40a9efa53af102626b769ad6f1ec591e7248f25e985f5fed42559d8f CVE-2014-6271,0,0,40d6bf521564d0e0289da99f84edd683ac5a03b83b03c3cf07a513d3d59d67d7,2025-04-12T10:46:40.837000 CVE-2014-6272,0,0,be93ccb3cba27bd43b0ff1fc980eb21284370f9056b8aa622a9fcb16f5eb7668,2025-04-12T10:46:40.837000 CVE-2014-6273,0,0,d996a9cafa7c7db18c24611b004e6431aa64616b39da6eafc3859a5f0f5079aa,2025-04-12T10:46:40.837000 -CVE-2014-6274,0,0,c6671eaec2a9004858743eabbab54f6e5c9d35cd2eda8394730d319839d05dd4,2025-06-26T21:15:27.647000 +CVE-2014-6274,0,1,c569efa3b13b896b92ec3ca63097214734ff3688639dac4a26b40d2910593473,2025-06-27T19:15:29.037000 CVE-2014-6275,0,0,376de0b289a018a569a42aa425bbc02c3f9c448d623505daf0e87d3a3b2e31e7,2024-11-21T02:14:04.637000 CVE-2014-6276,0,0,b24069cfa43110fd98f9d264945252b916b0e64f9039ef0210ab8fd64c270ff8,2025-04-12T10:46:40.837000 CVE-2014-6277,0,0,b92c86d3aaef5b4d4c7b1fe5a98c5a68e213138f3197c46dcc11f5c92f28b109,2025-04-12T10:46:40.837000 @@ -70993,7 +70993,7 @@ CVE-2014-7206,0,0,99e7ceb5d5e045f751614addcffd58b7d502efd67907f2814eabbaa8d0f21f CVE-2014-7207,0,0,68e789b3a8519190a9eb1f8852b9c8be8cfde8482c22c22975155b2679daf3f2,2025-04-12T10:46:40.837000 CVE-2014-7208,0,0,36f96cba9fe5441eef64b179e4439f66d961beb82102aaa56ee9f90fdcb1be91,2025-04-12T10:46:40.837000 CVE-2014-7209,0,0,002448c85539fff241f21b4ed12ee50b4228924ea6a83f04a40c3868b39d2494,2025-04-12T10:46:40.837000 -CVE-2014-7210,0,0,96dddf4a1b1191c39a4f6bffbaf907a80a0251221d972f3e93ae54f2096bfd9f,2025-06-26T21:15:27.757000 +CVE-2014-7210,0,1,7a66d0384459140302461bc23f98df6a5b875cb056293e9a7ddf2520e9a1739a,2025-06-27T19:15:30.443000 CVE-2014-7211,0,0,8c2444e0dec6612b68c62bf1aa00b0e0bf79d5dcfec26984d76b2618c5f44fce,2023-11-07T02:21:13.993000 CVE-2014-7212,0,0,37dcbae6cffde220038026127ca19ee7dfdf710813746d7e1951422983051b11,2023-11-07T02:21:14.217000 CVE-2014-7213,0,0,d5aaf9aa82a9d84be333e8bee6cc038d083149f513a8d4870ccaeef71d96641b,2023-11-07T02:21:14.460000 @@ -74294,14 +74294,14 @@ CVE-2015-0838,0,0,fba2852c19d3e3c0d0f470d52e82994d927833442cf81e66008f4788e863c3 CVE-2015-0839,0,0,f1e67d52f44c290aeb08605cfd4c02888cb4e3366766f3265c58959611e2075d,2025-04-20T01:37:25.860000 CVE-2015-0840,0,0,9874ece8c65d3b76a5a243bb852ac02e121009e7b57172c02ba8f652cdd090a5,2025-04-12T10:46:40.837000 CVE-2015-0841,0,0,54502a1aad36ebb1ba2ee8120d2a7fbe8c5cc39f675b2de560608ecd061b4b5e,2024-11-21T02:23:50.397000 -CVE-2015-0842,1,1,40862c532785b2cbc823a1b8511bc194e97ab796b518428560d5a740a18c22d9,2025-06-26T22:15:24.503000 -CVE-2015-0843,1,1,645c07f7559fe6f15b0551c4b225906e0611d4eeba54c01acb99c270f11e78b4,2025-06-26T22:15:24.613000 +CVE-2015-0842,0,1,a4e424d450fe075e22ebfb88b4112f0bd4d4e3ee57ca9cdf30be32e924958b03,2025-06-27T19:15:30.677000 +CVE-2015-0843,0,1,77921c0eca7de0b56b92f7c8387a1e8b12da5897dd82f550ad20c855419bf959,2025-06-27T19:15:30.873000 CVE-2015-0844,0,0,211fe39ff44c6dd365b46c0147d3e269c6641bed4774b02c867172273a1b4653,2025-04-12T10:46:40.837000 CVE-2015-0845,0,0,918ad2eae2c16c15beda7e15121a9ad37c5918d96ac2a7ba9e7204559904cd69,2025-04-12T10:46:40.837000 CVE-2015-0846,0,0,233e67bebe0beff27355cf2caed98902861fac56eac93c28d636c313299caac5,2025-04-12T10:46:40.837000 CVE-2015-0847,0,0,1aa0d5f2e98d15701860d3c6f5c4d2b69890b6f13cfe7d93cec851f466450073,2025-04-12T10:46:40.837000 CVE-2015-0848,0,0,2af8d6d2258510ec86007dc80b39fe39f2a966c83f94abec112573624408965c,2025-04-12T10:46:40.837000 -CVE-2015-0849,1,1,69c53a67114e207d762c914aaa7a3b33a52c9cf597eb261d4ebde4e27193d89c,2025-06-26T22:15:24.717000 +CVE-2015-0849,0,0,69c53a67114e207d762c914aaa7a3b33a52c9cf597eb261d4ebde4e27193d89c,2025-06-26T22:15:24.717000 CVE-2015-0850,0,0,15f9b8157aced0e80f17951d04cb36c5ecf909da47a3735064cd8e2e1a9db895,2025-04-12T10:46:40.837000 CVE-2015-0851,0,0,b9c831277470fe83d1e42bd07f2fa61d904e2fcbeb39a4bd6d396b147e1ba0fc,2025-04-12T10:46:40.837000 CVE-2015-0852,0,0,3d2c0fa6f46aaae97ead547830e2bd37e3e34b8443dd719f9d9e5ed80d25ba9e,2025-04-12T10:46:40.837000 @@ -75513,6 +75513,7 @@ CVE-2015-20109,0,0,2bf1e6a2a0aebcb949dd9282731f2369f9fc7adc1c7bcf52542a118243a93 CVE-2015-2011,0,0,06f56aead2364e3076f7eb929d78fb3c6d19a17d023025b6a06a913b8edfa6b0,2025-04-12T10:46:40.837000 CVE-2015-20110,0,0,f647ff59dc80b822962eaafd4f0d29e37c37027a6514f8a4f9fdd8f455390764,2024-11-21T02:26:34.023000 CVE-2015-20111,0,0,b468cbb2981a06da805fce0c4cb8fe23069fb703e2ce74cfafdee6d7dea8385b,2024-11-18T17:35:00.977000 +CVE-2015-20112,1,1,338f8975b930c03130c4580204b2d894befd0974b7f0e9e30036e4719f067703,2025-06-29T21:15:22.210000 CVE-2015-2012,0,0,3ce1105e5b15194e052052ba4f9229b374641c815a6547e4edede4c706706788,2025-04-12T10:46:40.837000 CVE-2015-2013,0,0,2603568374d23297590490a04160b117d8201c314080cb3b2d911b4ec3d944d7,2025-04-12T10:46:40.837000 CVE-2015-2014,0,0,6f69059372e60024d74cd4a6000fa395de3155bf7bcb7ca8f895ad23f0c128b9,2025-04-12T10:46:40.837000 @@ -111769,7 +111770,7 @@ CVE-2018-10627,0,0,eab6116822f4bd27f9eb7ae2ad477a6abebc336cbd61c0342251c3ec29cc5 CVE-2018-10628,0,0,43a5de65463bdca04b4f91a1fb378b316766972ceb655f75bc5194a582959811,2024-11-21T03:41:41.730000 CVE-2018-1063,0,0,f819d034fc028c284a155a63eae13cf3eaeb52401b7024473d31af800dbc5ce7,2024-11-21T03:59:06.050000 CVE-2018-10630,0,0,c5fc9dc673cc7009e74d8b6b5a04a675b1f1651bbe5c072d62988ff3fa75f341,2024-11-21T03:41:41.853000 -CVE-2018-10631,0,0,6e1f8b93ea884cb40557423fa79adc92f86914fc3d0b68017d924721738880fb,2025-05-22T18:15:22.580000 +CVE-2018-10631,0,1,91e2c37cc92f48a5e829fe020850d1abb4105bd752447cb49660a3eae76dc681,2025-06-27T17:15:30.353000 CVE-2018-10632,0,0,3517a8d976c7b741af68e52397a5269c0b531bfdfbf1f8604258d6c9291dfe7e,2024-11-21T03:41:42.167000 CVE-2018-10633,0,0,2771492907b150aa2357204ecaafed238937b5304d8e2ab64738815b4076f2d8,2024-11-21T03:41:42.273000 CVE-2018-10634,0,0,fb64e1869ba04e34c97cb75705eca0f7929e72332c8a6bfb4278081bfd8768aa,2025-05-22T17:15:21.460000 @@ -120672,7 +120673,7 @@ CVE-2018-20973,0,0,9b83b8d73df1a82e2b8f069680029a08de7d7808d7f2c6ffe08e687513b4a CVE-2018-20974,0,0,a5622bb0b87ae8c7678f22e69c22ac37650554888b6fee62e75db937c2c6ac5b,2024-11-21T04:02:36.140000 CVE-2018-20975,0,0,4c1f150c7031f595153e7621ad122034037cda2376e856e3d5c3615fed2ebb89,2024-11-21T04:02:36.290000 CVE-2018-20976,0,0,0df685da333973f77447b789f214d65d6857c247b3b1d35ce00e946aaa4fc1b8,2024-11-21T04:02:36.433000 -CVE-2018-20977,0,0,c0d0d93ced24ce08a2ce4d80a6b7bba8e41a7df10825426bf0f356e0db4d6fe1,2024-11-21T04:02:36.600000 +CVE-2018-20977,0,1,0c488fb29833e514eb74bb1d3651dea1e3356e3d658c8444656d20232db3a5e6,2025-06-27T16:28:06.207000 CVE-2018-20978,0,0,84e26d11c5b7ec926dc55a9d452ec2fb2062c87a84a623f295f16d334e23b4fa,2024-11-21T04:02:36.733000 CVE-2018-20979,0,0,1b961ffcb642da21ad60107261627bcc8b350a754ffa244f7469ec0388d0fb55,2024-11-21T04:02:36.870000 CVE-2018-2098,0,0,ee989b017d7c954554473942c3898f4ea43e015453c7fc4fa6c3890a85736a32,2023-11-07T02:56:51.560000 @@ -126564,7 +126565,7 @@ CVE-2018-8845,0,0,8431da1fa78736e64f614dcf12191c9ab0d9c7a942486a0cccc1291baff34a CVE-2018-8846,0,0,23a896bab70fb1653ce1a9a52861872577cdaf4c467aa8c18e165c2bfebde468,2024-11-21T04:14:26.453000 CVE-2018-8847,0,0,e27e2f59f7d83ba161a7a839bf5ebd2cb1878261f560f6247a76da1fb21ecd45,2024-11-21T04:14:26.587000 CVE-2018-8848,0,0,1a636ee6198daa5e5ba55e5100d915df90aec55a2c195adbc12151a95d7dbc2a,2024-11-21T04:14:26.713000 -CVE-2018-8849,0,0,73cc24e9070decab72c0d0610e9be951dbefbde8e268838f0c4de25b02bf06c5,2024-11-21T04:14:26.837000 +CVE-2018-8849,0,1,3937d807c670307f067f2b8bf92497888ed79fd45dd5c5d238a7ca1558afea30,2025-06-27T17:15:32.103000 CVE-2018-8850,0,0,adf3446e999c886d2168b96f599b98c1ee51a6c5812d6cf8b14c41ff0ef424a0,2024-11-21T04:14:26.963000 CVE-2018-8851,0,0,5401c270e474ff83823c50f68d236a69fd5628190a778f81d15c14adb7b98985,2024-11-21T04:14:27.100000 CVE-2018-8852,0,0,c4f6f21163ed08a83742cc109ce0a9bdae2ceb974c8b1be762620ad1292a5d6f,2024-11-21T04:14:27.230000 @@ -169704,7 +169705,7 @@ CVE-2021-23155,0,0,3cc60d0ebbfc51051b03f0b3c430e4aaf24797c505d1866703dfc3a527aa1 CVE-2021-23156,0,0,1f8ccb3a06a528bce191a7f8f0dfddb4c16d7c26d0782ea9ef08dadbec31b14b,2023-11-07T03:30:48.453000 CVE-2021-23157,0,0,118ca1b9c1fd6846956c68c2b1f1efd340e01ea668cdaa1f92fca1a1b98e3bd5,2024-11-21T05:51:17.927000 CVE-2021-23158,0,0,586ad9d3ca16782d240ed05e24f60f8f57c66edb4a435c94b72ae18559c5b311,2024-11-21T05:51:18.057000 -CVE-2021-23159,0,0,9c3175f4280f5bcdbb75523c0b21811ef478d3ce148f1c1d7f54c4a7f0e6227e,2024-11-21T05:51:18.177000 +CVE-2021-23159,0,1,6eac99c3fd01d0b3ee439e324f893cd2c373e5ec5f26eaa3af1fc2ccef2b173b,2025-06-27T18:51:27.923000 CVE-2021-2316,0,0,a23d88249dd93c4512cae696dd0c9b07cafce14d6f7c9e361fd2fff9775b740e,2024-11-21T06:02:52.433000 CVE-2021-23161,0,0,2f50b71a9c98702a51d1566f0f8a274cf30984c0d40bf270c850781a880f0302,2023-11-07T03:30:48.733000 CVE-2021-23162,0,0,33dca7fe1269ac57533d0b12e6ce85b2882b9db8fc452157e3d7a5b90f802fc4,2024-11-21T05:51:18.327000 @@ -169715,7 +169716,7 @@ CVE-2021-23167,0,0,80f6801f32ecdc1c5ab51f4ddc7bc38fd06df457deb0789a7328f5e5cf251 CVE-2021-23168,0,0,62725c6f91aa656974471644a546ad0a6ec272500efa7e4584271eb0676e96dc,2025-05-05T17:16:59.187000 CVE-2021-23169,0,0,6ab73f967be3623634b727c3a13fd68a941e8b4962e42e314fbb05358a97f4a4,2024-11-21T05:51:19.137000 CVE-2021-2317,0,0,3f35169442ce422a050800da8c60c42e51d7e6f4735460ec20ee5de357fe8e60,2024-11-21T06:02:52.563000 -CVE-2021-23172,0,0,dc2cd08903a87078a8b6fd951b1bc924187281c51240c821c5bb1bf56670eb8b,2024-11-21T05:51:19.270000 +CVE-2021-23172,0,1,9ccc9c14858fdb48e360cb7c9df7b19c4c4ebc3d02c4247b722c4fb182ecb64c,2025-06-27T18:51:27.923000 CVE-2021-23173,0,0,446d16a1b72d3d1d499935973ca505aa886f9b1ea783991c6f23288be5d97927,2024-11-21T05:51:19.420000 CVE-2021-23174,0,0,01bf5df5a3503569c03982fb7bea7598f7d7c9947b0711d0a85f8643c6692036,2024-11-21T05:51:19.563000 CVE-2021-23175,0,0,1ca4317ca518ae149b919dd4a75883e3539b7fb8cade5deb2ebfafceccdf2428,2024-11-21T05:51:19.697000 @@ -169747,7 +169748,7 @@ CVE-2021-23206,0,0,bca60c8addba61a514d80ed92e19cdf0b340bb21a5724aa1c6dc959b98beb CVE-2021-23207,0,0,4bcd09dbb90aab68c1c8fb200141f59e4de910407acf802282af6c589da8afa1,2024-11-21T05:51:22.630000 CVE-2021-23209,0,0,e1d4aebaf6111411182bedcfa8d0173b144eb92cc89f3a6d8027b0366ee15c1b,2024-11-21T05:51:22.770000 CVE-2021-2321,0,0,a1aca71c4d52275ca153e203be4ca51b47ddf3c013e469e5bbc909a907779c27,2024-11-21T06:02:53.077000 -CVE-2021-23210,0,0,257e2988c3019ee282088cfa6a7c9e1a0d66527e2f3406c8184dfcd788dc7746,2024-11-21T05:51:22.910000 +CVE-2021-23210,0,1,d87711c8d4497c30d743d80de1c4e61324f7a39f5b072265f1dff96ed8846496,2025-06-27T18:51:27.923000 CVE-2021-23211,0,0,01a6a19d7adbd5aad876e43fcca1a3ecda4d584f1de63695b043fdf63eec9f48,2024-11-21T05:51:23.040000 CVE-2021-23212,0,0,2655d9b43e38cd8fc8eb2aabce157bda25866a0b6e46d7dbbeb2502e21731ccd,2023-11-07T03:30:49.680000 CVE-2021-23214,0,0,84a9ba01e0d41fd2ad7b83c26c75df40f061b9c3cebdc48636dfaad0f31aff07,2024-11-21T05:51:23.187000 @@ -173131,7 +173132,7 @@ CVE-2021-27700,0,0,e9923bbb9fb35a21cdd801cccfb3fc5221132f961af1f5d4d4d36c9513139 CVE-2021-27701,0,0,680e14df2a174c582219095cdfade6b6d6e2393dcbd4e0a83c9853c6e7c0fece,2024-11-18T19:35:01.613000 CVE-2021-27702,0,0,f0b671d07b083ba80445c9008df47abf1b6b1863481b290a7eaa46788c56e0dd,2024-11-15T22:35:02.520000 CVE-2021-27703,0,0,7e9bfa319382b494ddec895b0e371f68d31e9b0c25a1927ff818120cffcdbaf1,2024-11-15T22:35:03.380000 -CVE-2021-27704,0,0,f2a574ca9f2082cda716e9fbce61dcbf56cf677325a2d17fdd4c7611bdbb5366,2024-11-26T18:15:17.960000 +CVE-2021-27704,0,1,2f221da0cfaecd67576dad593720bccfc3c0c2505e9285a5131d709f6d1ebc60,2025-06-27T18:46:39.343000 CVE-2021-27705,0,0,11993218cc9a43b0e505484aedae86cb442acd279a946ee2d2ec15c957bbf70d,2024-11-21T05:58:27.570000 CVE-2021-27706,0,0,e78c34b2bfac4d253378c267a285017eaa3d01c31d2d0ee4cccc56254fec34de,2024-11-21T05:58:27.703000 CVE-2021-27707,0,0,2cea2c570bf1707761ed3b2f10b5cc1d55ccf817734eb31af2b55fec095115ee,2024-11-21T05:58:27.853000 @@ -177683,7 +177684,7 @@ CVE-2021-33840,0,0,668100a0522330a96badb42e353b7cabc98ba218ebd10894b7c5907667fca CVE-2021-33841,0,0,5a0d3ef9c44c1cd7695fa12580017a134dbed6db7e79b28fefc743607c5176e6,2024-11-21T06:09:40.470000 CVE-2021-33842,0,0,25a67a4b79312f3a84caeb658bbe4d491eaab24cd1015734b330997585614081,2024-11-21T06:09:40.603000 CVE-2021-33843,0,0,3fb2dbf515d26954377c896144c894626c3c8e8308c90aad1f0930a248fb87dc,2024-11-21T06:09:40.740000 -CVE-2021-33844,0,0,e87c0c0afe8b038cd965e14a02f4535e94ae9cd6a7cf62ec622982c8a02a7476,2024-11-21T06:09:40.883000 +CVE-2021-33844,0,1,206ca2aebcecbc16b49038e50d87b01e04e25a5c3486319b16d732f3caa783b5,2025-06-27T18:51:27.923000 CVE-2021-33845,0,0,8b3e574e5ef6e36221953ca9bfa54671c028dd2adea6f9cc553dbb2df5ed1a3c,2024-11-21T06:09:41.023000 CVE-2021-33846,0,0,a8bad0fb4de6105e8a78f15f20477db57c0ee89aeccf34f85474c83f7286d1bd,2024-11-21T06:09:41.177000 CVE-2021-33847,0,0,520c0676033bb2062fe721948d4a59563891d26dfa3ad33075c3a05a65a7a6d0,2025-05-05T17:17:25.557000 @@ -179516,7 +179517,7 @@ CVE-2021-3642,0,0,1532869268f3ef777363dc9eceb46794628e4ed87cee7323882cc38b3e99d3 CVE-2021-36424,0,0,16ad38123863013dc6b47bed551b81a8f40c65ceef55ede9eb2a3c2bae8f4b9d,2025-03-26T18:15:15 CVE-2021-36425,0,0,6a02ea75c3b14a213ff680514d5d580af225cb508850429576d9fd3a46a5bb2c,2025-03-26T18:15:16.017000 CVE-2021-36426,0,0,4e30cf5bb35f1b8b80110c8d7d41ff3fd604831bce4b61c3ee69b4da6eb41a03,2025-03-26T18:15:16.180000 -CVE-2021-3643,0,0,8550da842d93e4b67b1af5d37afa815ec8e63ca704cf8d2bce3f82b7ae1f4f64,2024-11-21T06:22:03.630000 +CVE-2021-3643,0,1,02f87c57830c7b83cc06470b3c43e0273b22b9008359e1f346e36fc7455dcf7d,2025-06-27T18:51:27.923000 CVE-2021-36431,0,0,04368c43a859994a6bd5e34ffa1f202a00d18081722a907725afc0781ffd17f2,2025-03-26T18:15:16.340000 CVE-2021-36432,0,0,30bb92c3a2767c2e3091e094a049ce68b528b588309f6c5ff3bd9215bbb9c4de,2025-03-26T18:15:16.507000 CVE-2021-36433,0,0,a79df12a61fcef081a6935d06bfb73758f5bb6f4bb7eead64c74d04222773b82,2025-03-26T18:15:16.670000 @@ -199343,7 +199344,7 @@ CVE-2022-30765,0,0,1432d1b38124671ff4afd453e477cf14c851ba640e6fbc2a696c7d3f3427e CVE-2022-30767,0,0,ea9aeb578c1e4ff0a1b8f822a4fb3f3b49897ce27330079363c8aa737c192b72,2024-11-21T07:03:20.180000 CVE-2022-30768,0,0,6ca3298b61f8a29049bd056d66fc0276f8b711382e4e27c20f33389a7b0b8b20,2025-04-30T17:15:49.290000 CVE-2022-30769,0,0,12f7d26da53d17ad46140c0b329e3e94b51771e4da77f4286bff3ee0064f640a,2025-04-30T17:15:49.540000 -CVE-2022-3077,0,0,d7b330dfb010a4721625cbcae9acb28e034a2ae08066210ca41d58521c5264ff,2024-11-21T07:18:46.540000 +CVE-2022-3077,0,1,0861b4f043230d36e0e8436d280fb02da248d7d65cbf3f77da6b8b5adfd61220,2025-06-27T17:40:17.870000 CVE-2022-30770,0,0,48f1a218a4b26983b762d6bb916a93897a5949403b23417f1488d5a3d23e7d5b,2024-11-21T07:03:20.623000 CVE-2022-30771,0,0,31dc72e08b23aa034d98e62343eec8e5bfa3e62833e565922a8fa3bf080efd67,2025-04-30T16:15:21.247000 CVE-2022-30772,0,0,8843d07930c9c1fcb60280aae0275448c4cfbfc2999e72df0e32bd8470692394,2025-04-30T16:15:21.463000 @@ -200104,8 +200105,8 @@ CVE-2022-31647,0,0,5d97ed3eeadbc07bde0fb0ec68ca1e40783c8dd15ba88eca2ce3a54e6720b CVE-2022-31648,0,0,344ed376a4cfa12222e8b7aecf75bd89b2d9d6886b929fc17ec8e6e7b5447d92,2024-11-21T07:05:02.450000 CVE-2022-31649,0,0,f63981d3365b98465059d41e02f9513486e43c621f49a87e2c3ed4c211bfcf49,2024-11-21T07:05:02.637000 CVE-2022-3165,0,0,5a7034df8b988249bf12b7405c63bdb7c9a61df3cc0401430528ece3fc13c797,2025-05-14T21:15:52.767000 -CVE-2022-31650,0,0,134591c783bfbb3099fdc5454b909c2082af37213c154e60f6fb248580fcc506,2024-11-21T07:05:02.840000 -CVE-2022-31651,0,0,f7f4babdb21a2915ad6429452766e61d6824f3fe4349835145964df6014dea10,2024-11-21T07:05:03.040000 +CVE-2022-31650,0,1,48c95061071d5f0edda33659c4f2fe3b513a8508fd4cb963728527d735a32846,2025-06-27T18:51:27.923000 +CVE-2022-31651,0,1,4895355eb1c5713d6abfd63235241950ff86f1ca4ae9f7ea29dcfff6fa533c88,2025-06-27T18:51:27.923000 CVE-2022-31654,0,0,77dc6c9e79b48053c940005343a2a255a337ae404b6ff96c686d3d6934d2f564,2024-11-21T07:05:03.267000 CVE-2022-31655,0,0,3234056713465317fca0a870aa645b43490556a07a4ee7c4bd6dd4a358125890,2024-11-21T07:05:03.437000 CVE-2022-31656,0,0,52f4a04de317c7300ea95feb5f0de5e2526bd0320d0ccfb6fb0518dd78213b3f,2024-11-21T07:05:03.623000 @@ -203840,7 +203841,7 @@ CVE-2022-36259,0,0,5aa27a017d79b0ce62345ef864ac66e67ecd2bae93d51cc11e98af7eb6bf0 CVE-2022-3626,0,0,64e7881f1752e6a45663b5458765fa79d605467c4b67b9304370b7ae22bfa945,2025-05-07T16:15:20.460000 CVE-2022-36261,0,0,7fe839b290c58ad8820559359f9b6421123583730fc73ef65e02cee02ab29cca,2024-11-21T07:12:40.580000 CVE-2022-36262,0,0,b7618a93f59be1277211b395f455de1f443cb0f693d248bb05e7ecea9f1ff70e,2024-11-21T07:12:40.750000 -CVE-2022-36263,0,0,204ae6d686215e002657b4f955df43fe76ceeb37bc672adb514616a96e533cee,2024-11-21T07:12:40.903000 +CVE-2022-36263,0,1,c497f9f254db8ad961ee861ddb3442e9a9c4fac5c00af148ff27823e625f6ea8,2025-06-27T14:15:30.240000 CVE-2022-36264,0,0,9362bf9c79f9aceb5829e5c59c89bba86f1b585b8e40f499d24ce5c94ac9e671,2024-11-21T07:12:41.057000 CVE-2022-36265,0,0,c2a34a1e8e4011de91304a3ea0ee61ca414be1c8ef2ac28716e2a37551d05d5e,2024-11-21T07:12:41.200000 CVE-2022-36266,0,0,8929194d665d2455f7e676e43b0bd7cb87bc41d7b544d75ccce67bc2dd47021d,2024-11-21T07:12:41.350000 @@ -213222,8 +213223,8 @@ CVE-2022-48824,0,0,cfda6b7d2acf8bb872d6fa6afb099ee8048e60481381b8c8bf4ba7b61effa CVE-2022-48825,0,0,f77e883241cec15f8c9700b5d09a40cf77ef1924f9bef2953235e134d0ac3581,2024-11-21T07:34:09.540000 CVE-2022-48826,0,0,eb2c23661e650309111b6515f53a230ebe0f461e3609384a75f2ea2b7e8921c8,2024-11-21T07:34:09.643000 CVE-2022-48827,0,0,59a6cad7f6f2d12d8ed70898fe02c3f7c8544fb257f311d73d4984a36e9b27a6,2024-11-21T07:34:09.767000 -CVE-2022-48828,0,0,7a234af029357a827284fafcee560972937ab1d00a6901553e15bf06be0ae96b,2024-11-21T07:34:09.883000 -CVE-2022-48829,0,0,23b069311a24aa387c6592becd0f69e4210410c11f95c41a93227a82c0aa2c1a,2024-11-21T07:34:09.993000 +CVE-2022-48828,0,1,a306d994ceeb547d4a306146d597bc6478784705c119651e00bfc36c03518db2,2025-06-27T11:15:22.540000 +CVE-2022-48829,0,1,0bbf405debdbe7517f127c780ff4430ff2aa730c7dc1e9fd5665d2a3671a2de6,2025-06-27T11:15:23.453000 CVE-2022-4883,0,0,ca0d7be2c3e22bdd085322e5712e140797c1e3afea4aa983f9e23659b64d85a7,2025-03-20T20:15:26.757000 CVE-2022-48830,0,0,528e538a1cb5b7fc619709dd1a627afd309d21ad4886875ad2412a3af030b95a,2024-11-21T07:34:10.103000 CVE-2022-48831,0,0,05bb24217e56141a02362670e6855afe44bffe0bad1a2d46f283b17ecf64f728,2024-11-21T07:34:10.210000 @@ -215596,7 +215597,7 @@ CVE-2023-0913,0,0,688fe2b0da8672b536a9b57a779e69be8da2ed0836557c705fa030863c9d7e CVE-2023-0914,0,0,e721acb8f2953789bf55b5ead3e315fcd4523baec03edf3d1efadd37858ab230,2024-11-21T07:38:05.390000 CVE-2023-0915,0,0,a676a61b5df957484bbc2a01a2229e325210370668a149449f013ba67b925a39,2024-11-21T07:38:05.510000 CVE-2023-0916,0,0,596b7dc36222b209b87b2899b78f27cf28a8f8d758e1f657c2c931f77289bac4,2024-11-21T07:38:05.640000 -CVE-2023-0917,0,0,a7231a8da1c4d44e142bf303dc21b6784566ff4ddd3681cce4dc781b6b845f21,2024-11-21T07:38:05.767000 +CVE-2023-0917,0,1,f9731cc7fe5c5aa39549296db00a4c4bb438adff4348d2be9196765f1a42d872,2025-06-27T19:05:16.527000 CVE-2023-0918,0,0,3991662f18a9da25feb427987e4c4ade19c212ca9558262d1cc8872eda6f4723,2024-11-21T07:38:05.887000 CVE-2023-0919,0,0,5305cf677997835fc8e97f12f98585f9abdf4bd59ff72c678671606015005d50,2024-11-21T07:38:06.010000 CVE-2023-0921,0,0,faf523b88ab4fdb905a6f2a8d08c350262a4a3cae99654c80e7955aa1eddcc6e,2025-05-05T14:12:29.340000 @@ -217008,9 +217009,9 @@ CVE-2023-2059,0,0,ffce54a590e61593f5f3d8d76c44cc73481ba51f5d6f07bf42cb227f4f7f7e CVE-2023-20591,0,0,7957f0aea8380285d247ab0445c0f9eb5176b2d2a46c76ffb9c09d937ed6a65d,2025-03-13T17:15:24.183000 CVE-2023-20592,0,0,708d0578e76ad625398754b2740a8730dd5fc6b307278f2b3eef99e456b83fe7,2024-11-21T07:41:11.020000 CVE-2023-20593,0,0,b00842c3517da9910482afabc38e38109fd35ebccb65f9b66ed1e13344cecd1d,2025-02-13T17:16:01.713000 -CVE-2023-20594,0,0,7aad91080c6a13f0a0b508684038941964c52e96ba7ac77cc4d649d4cf35f051,2024-11-21T07:41:11.453000 +CVE-2023-20594,0,1,bffbf208d32f26c6b49d15385fbc7926e13cfd8dd1a0d58265aa32f26f63cb7b,2025-06-27T22:15:23.257000 CVE-2023-20596,0,0,5b2bce570c3a41831e228fca0439c8b43c565eb8206629753215f3aa992a61a3,2024-11-21T07:41:11.750000 -CVE-2023-20597,0,0,1ce3daeb1083e877ed67ba7eb1e0c169b92397e49e6b8d5547e7fdafb9c41f1d,2024-11-21T07:41:11.923000 +CVE-2023-20597,0,1,fe91243bc830d4126f4e84fe7d067079f00476a2ae7e821426e3c869fc333404,2025-06-27T22:15:25.093000 CVE-2023-20598,0,0,10bdb3216576a83083efc44a069662dde254102fd0b21ecf4ce722f0ae080fd5,2024-11-21T07:41:12.177000 CVE-2023-20599,0,0,ea541e91db53e12e1931e4743800cfd245ed0bb976f2daa1881d0bb9a6405b1e,2025-06-12T16:06:39.330000 CVE-2023-2060,0,0,c256a39dd7e962fae313c1daa7316cb92aff2ed2ab60c07792ec1909b8ec56d0,2024-11-21T07:57:51.607000 @@ -220302,7 +220303,7 @@ CVE-2023-24350,0,0,a78605901682a1ab7be442d33284e7c5b8650d5b043f0bcde09442a91092c CVE-2023-24351,0,0,c6579eb0801e0be1bbca3784ea0b459ec7beb898db4af28ab8dd20ffdc3049b2,2025-03-24T17:15:15.077000 CVE-2023-24352,0,0,ea667d0dc2b95e7bab8443e0dd157707d6f2f758c1c2a02ec344f02a2b705e24,2025-03-24T16:15:17.040000 CVE-2023-2436,0,0,2f2707775499ceab975728bb97e30831616245051d74f197f5448b7364446a2e,2024-11-21T07:58:36.907000 -CVE-2023-24364,0,0,61f926ce1df43404bece98f2dd55d5ca5a40dbcd0b2a60e5372dd4cd23603683,2025-03-10T18:15:26.323000 +CVE-2023-24364,0,1,9c77986ce0032fd5bb785b3988e8cf714d0e1f2c7b956ce9a43808c837ce77a0,2025-06-27T19:05:16.527000 CVE-2023-24366,0,0,5d7db002c1457019f1582d6e2eb9871a01ac3c1ff77928c5a114a7191bcb3a47,2025-02-19T18:15:22.477000 CVE-2023-24367,0,0,bd2afe80ba273e0d4f82725134a30190fb13e39466ede74273078ca9c22f3c02,2023-11-07T04:08:26.813000 CVE-2023-24368,0,0,5900bc1b5bb4d3a71bee753000740d76a9c188b4b457ab1d2153e4af094e1845,2023-11-07T04:08:26.850000 @@ -220581,12 +220582,12 @@ CVE-2023-24646,0,0,34dfaf7e3782db0681ff62b365e39bf946ffb423f2b11732b34d70b9f9289 CVE-2023-24647,0,0,cebe355bf03825e0f827b210668efa8be5392221dd61f4c9ac56e10c3e241455,2025-03-21T18:15:31.940000 CVE-2023-24648,0,0,4f3b108dd5dbc8687934f650b6a2b08f9428291a59e308f41f008ab85f82f4c4,2025-03-21T18:15:32.120000 CVE-2023-2465,0,0,2e484d3ef588499a8634f042b97e16c005480a38f269a79668612bd11ca7ca85,2024-11-21T07:58:40.380000 -CVE-2023-24651,0,0,488301ad46ce92451b7cd307f09d1a45eb6f2e0705322a23296c6314d9cff72a,2025-03-10T18:15:26.633000 -CVE-2023-24652,0,0,7c8a6ad52a57389247139a3adfe1f42c90279364bc95856593026e54f305437b,2025-03-10T18:15:26.870000 -CVE-2023-24653,0,0,956b5780900ec10ef24476deb9832642ac13bd1832e03bc3dfb8d14f9df9d112,2025-03-10T18:15:27.067000 -CVE-2023-24654,0,0,22ee38175d63edaac498acdfa539ed750af24589b6b4d0f7bd0cddcd58238fff,2025-03-10T18:15:27.313000 -CVE-2023-24655,0,0,2c683583f12b22bfec0d853f0ded8bda91e3947d26c46f2146e03ff553b71ae0,2024-11-21T07:48:17.093000 -CVE-2023-24656,0,0,6125992e2f6efe3194f000bcb420a1fdaf47364a78f7c7c3083ba847105da4b5,2025-03-10T18:15:27.530000 +CVE-2023-24651,0,1,30465cacda5e2545087f7da799c659aabbd5ab4e734a12212d9e0efb4c15c209,2025-06-27T19:05:16.527000 +CVE-2023-24652,0,1,242b9ee0c6be76db17091a1b4a77da17cc8b1af4271153590b83d6a0ca3dccca,2025-06-27T19:05:16.527000 +CVE-2023-24653,0,1,bbf57ce8c5572daea40a3e1be660dd565208be711e2b3b4c4cc666b5d8c7e431,2025-06-27T19:05:16.527000 +CVE-2023-24654,0,1,84a45ac8c6b0d4e1933e91a7e74227102db7019a530a279c3a60dc7a03737bfd,2025-06-27T19:05:16.527000 +CVE-2023-24655,0,1,9aa312c144aecdb4ac4a7ef9fb5656804a7e4d92b8e98854dd704c1765f2652a,2025-06-27T19:05:16.527000 +CVE-2023-24656,0,1,133f910ca44e35c389ac1b55762c7ccdc013ea986b795ad49214e90b359fde8a,2025-06-27T19:05:16.527000 CVE-2023-24657,0,0,f8b10dff5ae7356948f588b06462f065fe0728ac17c0ffeb6a7a94b9ec0ba4bb,2025-03-05T19:15:29.283000 CVE-2023-2466,0,0,11706004b2e4425098ffba584a264c551af3b1fa100d938c14012cd19f192cc7,2024-11-21T07:58:40.510000 CVE-2023-2467,0,0,bcb3cc43170efb1f1f3187d2376deda032a3eae91db4c6ac796dc30649cef271,2024-11-21T07:58:40.630000 @@ -220612,12 +220613,12 @@ CVE-2023-24720,0,0,6b8bed746e2c0ccf07d91fd8c0cf084ef06296dda35fea10ff93f652dde8c CVE-2023-24721,0,0,713c683cf74d5b07e827992264dc10f34b57246cabaf877eef720bd3ce53e5b3,2025-02-11T16:15:32.340000 CVE-2023-24724,0,0,05a88cd95e33a4726ae4f06c87ceb395258f4b7f4993ae98d8cca6d83f32f84b,2025-02-18T15:15:13.037000 CVE-2023-24726,0,0,50947bf9030f1be550b36be9e40cf29480ad3420c4490b8a419b75411ce1452f,2024-11-21T07:48:20.050000 -CVE-2023-24728,0,0,78f9f3fd11f088d15e352f0731d33cd001c053f50bcad2715a6ad0f3de54c7a8,2024-11-21T07:48:20.197000 -CVE-2023-24729,0,0,4c489d287c9812b2fd170bc5a0633aff9d1e8593ae8341a0ee1391c7ee6a9e06,2024-11-21T07:48:20.353000 +CVE-2023-24728,0,1,916bc8407e93b98b13ce2baf4825e0590415a9a8a68d72181564f931da4c739e,2025-06-27T19:05:16.527000 +CVE-2023-24729,0,1,26a7e87545c53a320e25da37a6c0da83b252f2556af72ea62d1371cdf6e345b9,2025-06-27T19:05:16.527000 CVE-2023-2473,0,0,3f52f44849e670ec887b37e327f30b2cba41eac2f7f5765ee95f4ea0d98d1058,2025-04-04T15:16:10.910000 -CVE-2023-24730,0,0,f41f7ce60b87186a36c799b291e39c363ae59e5aaa71806b34570d06e1757d83,2024-11-21T07:48:20.500000 -CVE-2023-24731,0,0,8fa5455f55f7771c5580cf6e6cc163bbe6deadec98f097e1e136a45ddc4c91f5,2024-11-21T07:48:20.640000 -CVE-2023-24732,0,0,ac333993770ae4c975ad2f5e9cc596c859fb3cd3c16fc2f4f786c38ed5ffd9bd,2024-11-21T07:48:20.780000 +CVE-2023-24730,0,1,bee1816b27e391c06a4f0f2d19d95f7cd33c8b1f1b0e74f9390a9a7ab9a2bbe1,2025-06-27T19:05:16.527000 +CVE-2023-24731,0,1,590899221ad8cfc3d97f335ee487dbd8e3ed319c5292c6c9059460d5cbdcb540,2025-06-27T19:05:16.527000 +CVE-2023-24732,0,1,5a3207b62aa0d59f52208bc5a1af96589bb72629915193863ae8e943e7b3426d,2025-06-27T19:05:16.527000 CVE-2023-24733,0,0,d891caa554d1970a619ec268a553a327f54a540998260e6f4fd8a634052a3410,2024-11-21T07:48:20.927000 CVE-2023-24734,0,0,4814cd3c63ee5cba6db216cdcc84ea827cfc96095ecd1508c8d28eec1179eb1d,2024-11-21T07:48:21.067000 CVE-2023-24735,0,0,58b807a613975521214fa8737211daacf150432167e04e51a11570b38fbebc68,2024-11-21T07:48:21.207000 @@ -220911,7 +220912,7 @@ CVE-2023-25054,0,0,1e27cea9be153b3c6b3cb0d1cb9508710046d215f87d61c65b21cd183ac37 CVE-2023-25055,0,0,38e7d9e3e6035919ee6bed97aa0e57070353161fc90e9f962b30dcabad873fc8,2024-11-21T07:49:01.197000 CVE-2023-25056,0,0,196219883dba34b939aaaf36ab149975dd01d399ca01bac7e63c448e14dead19,2024-11-21T07:49:01.327000 CVE-2023-25057,0,0,a54158d9a05a6e059c863c3415644cef07bd073e531ab44f7aa9538036988828,2024-11-21T07:49:01.453000 -CVE-2023-25058,0,0,8131cdbf52c950aef806882dfc8e03e567a8ac87a35239158d0e7a238c80e0bf,2024-11-21T07:49:01.580000 +CVE-2023-25058,0,1,594b9dc812cc2464115aeca3e9029453d027e4a424a55edf2907f84301e445fe,2025-06-27T16:27:57.687000 CVE-2023-25059,0,0,1e0f6d0a19cac13a9ff6230ea687b2f3a919142c339659319bdfd47266c284b4,2024-11-21T07:49:01.703000 CVE-2023-25060,0,0,09b814ec299c0ca3c7a777ba45e85b918c805b179ee97b5d492b54881d1c00fc,2024-12-09T13:15:23.067000 CVE-2023-25061,0,0,7edeeafd309968f258052bef3c6197c9de39753d3b73c8886e4a75f8d15cb329,2024-11-21T07:49:01.827000 @@ -221715,6 +221716,7 @@ CVE-2023-25993,0,0,c0f03929351cdf07b1f1748eedcae3c4bc7ee37ee19c379a128ded87056d1 CVE-2023-25994,0,0,f5583d7411115f6984b74982d1af77ea15389dc97edba9d1ea7f1ef77a8060d2,2024-11-21T07:50:35.260000 CVE-2023-25995,0,0,c50235885df6facf684f7fcb3669728d7522a03dd4f83b6c17532910eaa41777,2025-06-06T14:06:58.193000 CVE-2023-25997,0,0,c15f1e19209d69c35717cec88c53e55e80227d0515e36d02ffe7938b686b204c,2025-06-06T14:06:58.193000 +CVE-2023-25998,1,1,d64406fa9a2648ab2d29e1f8ca8ac453a09cbb8d38eb0de6e507fb1782b62f2f,2025-06-27T12:15:26.157000 CVE-2023-25999,0,0,802453fe5be6d1b25014d06ae1be71c7fd85418a589a9b55c45d4c4e22c503a8,2025-06-12T16:06:47.857000 CVE-2023-2600,0,0,a872c778f8801ce6d05663d064f57f1b014192778a320d594d11d3db783b363e,2025-04-23T17:16:30.140000 CVE-2023-26000,0,0,b1768b3be7a0d214a41b0d3dd5460ead3b76b1bd92078f3f8cbbd8a696d8a5e4,2025-06-06T14:06:58.193000 @@ -222254,7 +222256,7 @@ CVE-2023-26587,0,0,cc57613a1f5c1e490a01323e91490a25f2673179cabbe289ffc6c054075f5 CVE-2023-26588,0,0,83346d4a9026331befc534784b2880d1faaf1390da7cd704e48b5115174b05d4,2025-02-11T21:15:11.567000 CVE-2023-26589,0,0,5ba5e10f81523125eba4f0c3b6ed5f40c13600c2bbb720de803ae42baaee70c9,2024-11-21T07:51:48.793000 CVE-2023-2659,0,0,fb34ca557c86afe19393caff693daf9878f8334e66df0813e0939e0ec1ce0db5,2024-11-21T07:59:01.410000 -CVE-2023-26590,0,0,81026d0b9b1c018466411e0285636898c1c4b1f8c2710904882ad94fa0193c32,2024-11-21T07:51:48.917000 +CVE-2023-26590,0,1,0765a10b8a1cacc969227bd40b6303a581c508ad15858e6e107714f8e98cfdb4,2025-06-27T18:51:27.923000 CVE-2023-26591,0,0,cb8b1433788fd981cf324c451c550b68d1d16a2521cc103f97b7a22224911fc2,2024-11-21T07:51:49.050000 CVE-2023-26592,0,0,25cf56c806a537b19ae74f034c88077cfa1cf5258e7f9d2da830d0ca93b65355,2024-11-21T07:51:49.167000 CVE-2023-26593,0,0,3f33b945829cf8e546d7c5168d0003b64bee21e74c734497645df9b3717253ea,2025-02-10T19:15:36.690000 @@ -224154,7 +224156,18 @@ CVE-2023-28898,0,0,5063bb8f2aaf43e04f9c3806d252ca940deaa91465538b7a1dc8c97290879 CVE-2023-28899,0,0,ace3616b7ed13c6232f5dbcd338861a0a3eb162cd24c045e8fb898537dda4273,2024-11-21T07:56:14.463000 CVE-2023-28900,0,0,95474310488f87be0cee5d16dabb5ad2dc651b5bd222f5c1e223db09f941ca4c,2024-11-21T07:56:14.617000 CVE-2023-28901,0,0,7b7a3ce35e98d750456768add88af488531e7343d46c7819972ceb6377506317,2024-11-21T07:56:14.760000 +CVE-2023-28902,1,1,71d5b327503a084bc60b61b2427702919c9ee38e3e1a79336e5c15a20e224bb6,2025-06-28T16:15:21.160000 +CVE-2023-28903,1,1,614cfb0a0a179719c97fb3a4346f8a7d2a6147b3eb99d133871dc8e131639bd0,2025-06-28T16:15:22.087000 +CVE-2023-28904,1,1,292187d0eeff4cc34fbd4b013898535b22989834cfbef8871c88db3942a80d78,2025-06-28T16:15:22.250000 +CVE-2023-28905,1,1,e8d7473bc1ca316ef5a8d5a31eaafb772a1aa721ccf01b11c00b81b3ad8b5b63,2025-06-28T16:15:22.410000 +CVE-2023-28906,1,1,8c683b69eec50151319002cdf6a3e9d72413c8917e9e3c1759f7ff6a197d395a,2025-06-28T16:15:22.573000 +CVE-2023-28907,1,1,642c4d73809e640b670ed1c6ee97748de828466e9bb3e6261d4be43c2fbdaf4e,2025-06-28T16:15:22.740000 +CVE-2023-28908,1,1,e6d1be197198626ec16da4aa6fee1605f72e1456e5885560f89cff69a896202c,2025-06-28T16:15:22.910000 +CVE-2023-28909,1,1,70bb03b2aa30f6e77f5763b5e0cfc10fd90a477f184f04819e8f370c4cb904fc,2025-06-28T16:15:23.080000 CVE-2023-2891,0,0,e3feeab0619825c1073733808071dc45223397d726b3177896edea0ff0a9af90,2024-11-21T07:59:30.437000 +CVE-2023-28910,1,1,e264ef5f8b7a22b348b5b1c97863ed6314bad8663683710898004a33b84fab5b,2025-06-28T16:15:23.253000 +CVE-2023-28911,1,1,e4648bd6992c98fcbd22860198409b119df28ea2e8b8c838fa8ca42882c5921d,2025-06-28T16:15:23.423000 +CVE-2023-28912,1,1,dcde0577a9bc180ae2e9c50942e0ce0279907212c62efd9878e11a725f182fb2,2025-06-28T16:15:23.583000 CVE-2023-2892,0,0,83c6a74410cda2ae7545fe10f4713283badd74af828f4a39c620e2da5de23c25,2024-11-21T07:59:30.560000 CVE-2023-28929,0,0,f2202b0d7ac3774e31e59c8cfe6f316f42a94222d911e013a7381c7cc18e67ad,2024-11-21T07:56:14.880000 CVE-2023-2893,0,0,f7f1043d3f9afc414fb1263da69b8318d663c2e8f60276fcd882e47f24d1e6c4,2024-11-21T07:59:30.683000 @@ -224336,6 +224349,7 @@ CVE-2023-2911,0,0,7104d2eef9ac79bbd4e73152964bbf515eed1913b564589aabf9673026d2a3 CVE-2023-29110,0,0,116679a1f80aa4ce5c755d2ebc4fa2df892a04eec5b5e23fe61be9ef540b5ba9,2024-11-21T07:56:34.107000 CVE-2023-29111,0,0,976e0ac5f2d7d2c65e07d4a513ebabb22015fb7168e0a3ac82b6fdfff68a12c3,2024-11-21T07:56:34.237000 CVE-2023-29112,0,0,d70aba2d73a935e0178c2ddfc0d29e234b59c33d2934fe3529918bfca0bb7674,2024-11-21T07:56:34.367000 +CVE-2023-29113,1,1,21731972f7dd726ef0bf5bead8fc279fefbcfbe697aed1fd31f117edb7020d04,2025-06-28T16:15:23.750000 CVE-2023-29114,0,0,8dfcfc2712e36883a5decde28e318a2929445829b706c128b01645a8d3c42179,2024-11-05T17:15:05.277000 CVE-2023-29115,0,0,9b8cf9e9334a84402a0253e1d609f4cf9662c943050fe6ed77424d1a43da6da0,2024-11-08T16:08:01.997000 CVE-2023-29116,0,0,bb4c833c2d03c85e3c4f4dd3a43c97aae89dbe99e351af417cc34f7c146707b2,2024-11-08T16:08:20.573000 @@ -227004,7 +227018,7 @@ CVE-2023-32623,0,0,a5adba31d46423dd713fe069545ec84b8f029b2c2c629ffa304edf69d7c47 CVE-2023-32624,0,0,3545873d37a08f2cdd03840597575d8bcb2014d3243e379c0adf8f924f4f024b,2024-11-21T08:03:43.553000 CVE-2023-32625,0,0,50246508f13a905e38f7ec5793884dacab05c29b91cc4fe4b547785600a39a06,2024-11-21T08:03:43.670000 CVE-2023-32626,0,0,6070edc8ff789ac77444a5ac5f615be658c29bef56992f94c4e1fdce54afdeb3,2024-11-21T08:03:43.787000 -CVE-2023-32627,0,0,90745fb834885956dafa97bb3a7726c30bb33d278a2cf36cb57c22c44e2e3fa6,2024-11-21T08:03:43.923000 +CVE-2023-32627,0,1,dde1c6b4822e9ba7f2ec605fa3b087a3d4fb4b5248f16e961e7ca2b3e6b41b5c,2025-06-27T18:51:27.923000 CVE-2023-32628,0,0,4499c6858049a163046f07f9a02bcd8d0f73823459be658addc6b21dcacb3bd7,2024-11-21T08:03:44.067000 CVE-2023-32629,0,0,de5272d1113857b22e7739330fd7d1da50bdf3434d6ff8edf0327dfdaeb95278,2024-11-21T08:03:44.193000 CVE-2023-3263,0,0,8862ec57e5efcdd76a86f1fd3282c1780a8363e11f34e912aa054ba015d5e54a,2024-11-21T08:16:49.587000 @@ -228411,7 +228425,7 @@ CVE-2023-34314,0,0,78e82052be492c6cb71fedd8385b825ffb4f86961fede5bcf9258eaf01737 CVE-2023-34315,0,0,d7e134dcc60888edf7812914f1fd263be02b8117a702f2bd76c4b4ac691e3cf0,2024-11-21T08:06:59.670000 CVE-2023-34316,0,0,e1d99c569a670017cde17d5e800a2863c775939e0a87b980880a6de31c35c780,2025-01-27T17:15:14.840000 CVE-2023-34317,0,0,4a6da1a33a5ab4c1869c1d7b02c6c5852d38d417ec979c6faa21773c5291bba5,2024-11-21T08:06:59.937000 -CVE-2023-34318,0,0,6b9a1a5d0b8b652766c8052be84a50cb3974515b59c14bb09efc1969a0eff430,2024-11-21T08:07:00.080000 +CVE-2023-34318,0,1,59b498658f7f70d42a4b63cfd00b586a4ceae74040c0a306cb67cdaa90b512f3,2025-06-27T18:51:27.923000 CVE-2023-34319,0,0,9b92213ada32b88b29f7b500bfbeebed89a74408b104d63530701b597b063bdf,2025-06-18T15:15:22.413000 CVE-2023-3432,0,0,d3c0add556aac9226788fa02ea2f83d983b8db610d47a651083fc2532cdc7dc2,2024-11-21T08:17:15.230000 CVE-2023-34320,0,0,7dd5a44a76cc9db5856958d6cb1ec6f19295ef5a527f621ac9994deb65a6fd97,2024-11-21T08:07:00.387000 @@ -228494,16 +228508,16 @@ CVE-2023-34392,0,0,d8289ef9b8ee4c730669c475b92ed9638b79be5cddb18576855295bf53608 CVE-2023-34394,0,0,5024dd48b5a3dae7028cef62d61893803441cad1bf0497670d85da6b8c6740d0,2024-11-21T08:07:09.990000 CVE-2023-34395,0,0,6b27da8fd46729cf8e00b5b710b84600fc46a48029d9eace73be2c1175bddefe,2024-11-21T08:07:10.127000 CVE-2023-34396,0,0,f2afbfe9f4806de76c22475b1659b3b884af9c982dd3c05d912c943853c3e4e2,2025-02-13T17:16:36.117000 -CVE-2023-34397,0,0,ec6c0ba623594b4329e8e3acdc2b4017fa7097fa4d9ef1623814289abdd0fd69,2025-03-24T17:15:15.300000 -CVE-2023-34398,0,0,077559ac724cd78ad6235ce0120ad4ec99170e43813d9c35e6f7da985206ff5c,2025-03-18T18:15:26.457000 -CVE-2023-34399,0,0,49f156e44cc4f75e870bcf3c47f88f29a9e07a86e72ec3bd74554fbc6f250486,2025-03-24T17:15:15.497000 +CVE-2023-34397,0,1,b51e660d00a4165184df68608b2408391ab84da0fb378deea91a05a736097dd8,2025-06-27T16:13:01.813000 +CVE-2023-34398,0,1,7852bb473f81dca2a720d3ac5f1ea9248a99872f69d33859308b2de1e13d659a,2025-06-27T16:12:59.223000 +CVE-2023-34399,0,1,20ae373af7f3d7367c4b2f1799bd3cf2fbe3209b3dfe19186b94dbf985f68d5c,2025-06-27T16:12:56.393000 CVE-2023-3440,0,0,c3a148f8bda83f5626794fbc68f98a1dc6c64d7bea5c4682462694a567b20fe9,2024-11-21T08:17:16.337000 -CVE-2023-34400,0,0,be9e0e2b2ce53e9215b2f5aaf23dd47e0a864f777e01243d2fbab40b05d8075f,2025-03-18T20:15:19.913000 -CVE-2023-34401,0,0,aad41f98879d7ae191ef9b50221ec8f6fdc9fc7882bae8d851876dcb68d4f50d,2025-03-18T16:15:19.893000 -CVE-2023-34402,0,0,0e583efcedab98cab7fd79f63abea166da9dcd7db122c146a28d695b7149926b,2025-03-14T18:15:26.363000 -CVE-2023-34403,0,0,3f27ecd1107525963fef14353f5e2a06e55be1287a6ecc99e6f39dd091b38cad,2025-03-18T17:15:42.447000 -CVE-2023-34404,0,0,7f1d8d3c0a2f104382ed2e46be70e4b2ab0ce361229661dcbe9e30ac004070ab,2025-03-17T19:15:20.573000 -CVE-2023-34406,0,0,3a9044870b4acd7cda8895cf404c3b42953d0a39be5a3ff562c2c6524d7c1596,2025-03-17T19:15:20.787000 +CVE-2023-34400,0,1,4dbcaf9fbd365b391758cba751b8e3c3bffa918adbceb9a3238bd2705d7e1115,2025-06-27T16:12:53.050000 +CVE-2023-34401,0,1,7047468724a17377d1d77e6749e30c0a2fdfc410921dc55f25399a85e6bc38bb,2025-06-27T16:12:44.720000 +CVE-2023-34402,0,1,3ceae51b094aefb10f4e562d73080a8423b757899c6be66f9c191746d92da322,2025-06-27T16:12:42.030000 +CVE-2023-34403,0,1,8bce2998dad66bd9ed0bdd3946f5edceb0ad8a5c72c1c517aded3c403f73fdd5,2025-06-27T16:12:39.147000 +CVE-2023-34404,0,1,ce82efb73f04ab983d7e8c811b509009372609cbfe78d778c2fe1f6af9a6799b,2025-06-27T16:12:36.397000 +CVE-2023-34406,0,1,0b07aa7113954e6af46b17148a41fd56a5e789dd5c4baabc6be6e12020f19384,2025-06-27T16:12:33.503000 CVE-2023-34407,0,0,feb0cd99a613c0605481c85d03f4038aed84545414c9a8173ba7dd7d0782d2cd,2025-01-08T17:15:13.003000 CVE-2023-34408,0,0,03b9bef6d87ce45b6ba8997f0b9758107c5f0a4c0c52b45bc5822b37a8cffdfe,2025-01-08T20:15:26.503000 CVE-2023-34409,0,0,51b8f8415923aa1a2d243bed75d521d233228a55cbd4b9792f4bc8dabc1d5016,2025-01-08T16:15:31.940000 @@ -229997,7 +230011,7 @@ CVE-2023-36679,0,0,ed1f3de56093701fdb4a214905c64f3c796daabee607ff7968e3432374b44 CVE-2023-3668,0,0,ee0fc8a117dff3c229840274c7d57f54273ddbff69a341d8dbdb2bd6060e7e7f,2024-11-21T08:17:47.787000 CVE-2023-36680,0,0,b9be5117546aa41ea1b0775680cd0c31aaaddfcf395655d1742c642ab34f3467,2024-12-13T15:15:17.740000 CVE-2023-36681,0,0,ba75c1ed12841cccdd0dc45bcb2d67806bc34ea8ffe85b9ecba1ae7eef612478,2025-03-18T15:29:53.393000 -CVE-2023-36682,0,0,a41c33aa328da6abdf6c6c55f258f097063853362c56d55f38e1ba1186fef322,2024-11-21T08:10:21.083000 +CVE-2023-36682,0,1,b79c28bcfcb2e5564165fe345d4e89139770de4645ccf6767e10d2681886871a,2025-06-27T15:56:42.170000 CVE-2023-36683,0,0,8d83c95d8cd435a69efedd20d6968eda7a232d88890535bea10df8fb4fceac53,2024-11-21T08:10:21.260000 CVE-2023-36684,0,0,f72336fd565671fd468c54e38ccb885b594b1f1fc2f1521ebebd46b276f38303,2024-11-21T08:10:21.443000 CVE-2023-36685,0,0,805400e3186d895142e860cbe03dcf61012a652c9947d450f6a4995330081af9,2024-11-21T08:10:21.637000 @@ -231072,6 +231086,7 @@ CVE-2023-38000,0,0,f302fe2aa8512cea31c20b4a7c58e253de1ffdc3d1be669ab1e2dc42df677 CVE-2023-38001,0,0,59813676e2bd0245d088be67c0815fc9c634dbc57499cf0f051205236327d85f,2024-11-21T08:12:40.490000 CVE-2023-38002,0,0,11fb0758eaa7b961a3a0df91d9a00e7b42b3bcc5f411b51796ef1a318b38f981,2024-11-21T08:12:40.637000 CVE-2023-38003,0,0,d84005b22fbc5b577419dd725bee31341bd9f0980a498ef6647a0b9e648a0922,2024-11-21T08:12:40.753000 +CVE-2023-38007,1,1,b1cecac6d2ce008153de4fe1bb4f695ab5a8eedfb45806fe5566724de29b5cce,2025-06-27T15:15:24.623000 CVE-2023-38009,0,0,33e50820590e77ed2d89493e87b28d7dddae87d3d1114e98820d633260e0587f,2025-01-26T16:15:30.033000 CVE-2023-3801,0,0,07bd937a546b791f41c481c78de785e3d588a94a54cf897593eeef06fcdda9b2,2024-11-21T08:18:05.833000 CVE-2023-38012,0,0,e9f30087004a3d6e8732224340384d9ea57bc2c7b97c80e83a73d736c95123bd,2025-01-25T14:15:27.337000 @@ -233349,7 +233364,7 @@ CVE-2023-40667,0,0,941dae6f67f9b95c8781f35fa014eb5c5de3ac3b8c92531e22d5421e6b2e1 CVE-2023-40668,0,0,d20387041cff4293a2e68d3af05afa0a0db225c16ebcbfd370d87f55bfae559a,2024-11-21T08:19:56.303000 CVE-2023-40669,0,0,691d1e74a0b598bed36ceb320f9d06f2c745611ab0516d8e0f2f65dc4503be4b,2024-11-21T08:19:56.443000 CVE-2023-4067,0,0,f85692b90e5789beda68f4d41635667fb44a75698d58a1808c7b5bb54ee9505c,2024-11-21T08:34:20.203000 -CVE-2023-40670,0,0,787cc3dcc31eb4685285b88f6c681e0f028db12ce4710d4f14c8da5d1f61ecbb,2024-12-13T15:15:22.127000 +CVE-2023-40670,0,1,df26cea056726bed5035d06d86d9c504965e19ddd7fcd94d5aee1987872972c0,2025-06-27T18:08:45.467000 CVE-2023-40671,0,0,ee3210910c80b0ed587b4032a9853a2e6cb9c7c90522477df44a3ba2f28278c2,2024-11-21T08:19:56.573000 CVE-2023-40672,0,0,d50abaa67ca035c514d389bcdfee33a2075f481bc7e6736f833603a981c48344,2024-11-21T08:19:56.693000 CVE-2023-40673,0,0,e5ca085b12a4fa5a04bcec5dc1437b0120308901c1e9127bfc011b953da2937d,2024-11-21T08:19:56.827000 @@ -245611,7 +245626,7 @@ CVE-2024-10209,0,0,f7fb28ad84294f1160229ba66e6a2820743e6fb862166bdedcb216d3043bc CVE-2024-1021,0,0,56f2f9eee79bdc92dbb448a3c95eee6b8f89b4e054d4b7192e1d1c62db78aeca,2024-11-21T08:49:37.003000 CVE-2024-10210,0,0,fb10d2be93723a9e68c9b1f4f77ff29ba136d0953d54e18596776dfc493fc91e,2025-03-27T16:45:46.410000 CVE-2024-10214,0,0,467db0fceb73548b6a7ebc4075348a74b9e7e348b74ad43d9d19dc1d995ea230,2024-11-05T17:03:22.953000 -CVE-2024-10215,0,0,844916ec04b827b3a52199727703eea80febabe21a45a1c69fe8bb499d260eee,2025-06-05T14:50:10.413000 +CVE-2024-10215,0,1,a1340448af05e101d15e700c58f53ac0cc21088556d246d6cf39d60320054d66,2025-06-27T17:37:52.610000 CVE-2024-10216,0,0,7efd7977bea24d511707bbe36b0d202ab13046e143dbfa99dbb77f77d96a732b,2025-02-07T17:17:00.953000 CVE-2024-10217,0,0,2b3d28b1f7c94e354d20e32f3278b3a8484f01b067feeff949bfdb4316ebd7df,2024-11-21T17:15:08.813000 CVE-2024-10218,0,0,01faf3b9fcb037676e70fc65d531266330c779addbe981863f771eb16f220503,2024-11-22T21:15:07.950000 @@ -246125,7 +246140,7 @@ CVE-2024-10714,0,0,0e7d3cb66cb49280399973873c6ea55e5492468674f3b139750558b7ff593 CVE-2024-10715,0,0,6fa55f97ae5fcd6312de37986afae22727e013700ca28ac779704d7aedf50d61,2024-11-08T20:25:37.380000 CVE-2024-10716,0,0,00787346fed7523acb40560213ad8e30914f97d914d276c9cf70e6fb564f1e31,2025-03-10T14:02:57.913000 CVE-2024-10717,0,0,0409fd2fec9c27a01b7762b7a1218f1a8d9b085105d1da44f396b6817ee08daa,2024-11-13T17:01:16.850000 -CVE-2024-10718,0,0,8b18af24de44cff5aa744d19c2bd83d47890af5afce8e4243ddb97f0a24825b1,2025-03-20T10:15:18.650000 +CVE-2024-10718,0,1,e3c2eb6821a9cd2e0180a84012bb032d1f78bc4d1166fdea5cef4cdf9a01c783,2025-06-27T15:29:49.470000 CVE-2024-10719,0,0,ff9e6a15b7ee82bd830f8e07ad485fadf1cec2349ddbba679642acb834326291,2025-05-28T20:34:18.857000 CVE-2024-1072,0,0,072588b3ad9799dd1be77562cbf99842d770c415df8f6c79982601d36efe8be1,2024-11-21T08:49:44.053000 CVE-2024-10720,0,0,c21fcc461784c33cff5b7cb22a7817ac40cd8dc6899640ad3275b927f5f28d26,2025-05-28T20:36:18.510000 @@ -246389,7 +246404,7 @@ CVE-2024-10968,0,0,f7ee9f26514f3a2be3ee831e18f4791797ecc4e634e17f5c1c6c42f078844 CVE-2024-10969,0,0,cae20fa3f33a78e7fe7606c0bde1e3c5242b5fae2a806dbca460c43ac29ea509,2025-05-15T07:15:50.080000 CVE-2024-1097,0,0,f1ad2b99b98b2176c3b3ccdd494bed6625a86a9f96e0ed3a25e7d4f3cd789ac4,2024-11-19T19:05:30.620000 CVE-2024-10970,0,0,671a695f28b04e703546d912e6aec761522395bf74b4b3a5f5a2c1f71e98f04d,2025-01-16T02:15:26.857000 -CVE-2024-10971,0,0,f8d3e9d67661e4546a1e254ebb74d5d0c1dddae1c4d768a7ce5fd78bda7de46d,2024-11-21T08:49:10.613000 +CVE-2024-10971,0,1,66ea72d227bc8385164c19e15664810a20d4e7f568c8f1071d0f045316b596b3,2025-06-27T18:47:48.057000 CVE-2024-10972,0,0,94ad4fe97792a860dbbbaf6ed1055424200bc83bc27354926dcdaef27787b40d,2024-12-16T16:15:05.880000 CVE-2024-10973,0,0,c4a438cb7175cc7f87fbd47773e595b9abd866f12599d404e4b3db76b54af5df,2024-12-17T23:15:05.423000 CVE-2024-10975,0,0,87dd438a371aa254e8d367f54246f88f9b61e035fde8423a2dec0ee6b83d81a4,2024-11-08T19:01:03.880000 @@ -247061,7 +247076,7 @@ CVE-2024-11624,0,0,2fbadf82b86c601ba5e3c164ddb11cdb07fbf96914b2d5fb97e205c966153 CVE-2024-11625,0,0,c71612eff4dbfdfd57dcd77786b9f90aeda1003c787b3baa9b3e022b7aa38e14,2025-01-07T09:15:06.560000 CVE-2024-11626,0,0,e05f68563d0cfe4fcf37166c88856797ec0301944e16df5d7b6760557f29956d,2025-01-07T09:15:07.533000 CVE-2024-11627,0,0,9ff1a8df860daf1368acfa4151c0612097655e3c1d986846213632a0d4bd06d7,2025-01-07T09:15:07.633000 -CVE-2024-11628,0,0,7c5616b880f8e46349d606dff048f573949b5a6f95ae4c87d4a1d5678ef21441,2025-02-21T12:08:11.927000 +CVE-2024-11628,0,1,18d904cade9e051313bc44414fc3c29d7de72f6791597a72dc5342bf26df93b4,2025-06-27T19:18:38.750000 CVE-2024-11629,0,0,c03c8073dae9eb5d857d83b66f0e9182250584b24834bf542305a5224d4450fc,2025-02-19T19:09:11.177000 CVE-2024-1163,0,0,3534cb0564ba7e08015dfddf52a975a19f7b672cf09e3f78e469f84e669f2cea,2024-11-21T08:49:56.403000 CVE-2024-11630,0,0,57a75e6bee931e9abd20a3aa0544d0f2e41e4ed0a89295b43eb691bc8aed25eb,2024-11-22T22:15:13.637000 @@ -247182,6 +247197,7 @@ CVE-2024-11734,0,0,78c28d43096a77334429bffad85c310a594f71e1430baf5f4b291aea9769b CVE-2024-11736,0,0,a05a247d4f96dd12a7462de5bc34960ced7347b34507ad0b2e6e267e0fc4b835,2025-01-14T09:15:20.750000 CVE-2024-11737,0,0,cf185e99a1f42c27e571d5023bd23bffa97b33a2ebd84b7c2b620812ee0719a8,2024-12-11T10:15:06.677000 CVE-2024-11738,0,0,f587c97dbd4b1ce8e0f6a611dd679c71e26fa6d4305ce8c0e3ca3797b0619379,2024-12-06T15:15:07.723000 +CVE-2024-11739,1,1,493c6648cec7f3257a5b2d7cb24292ea5da7cb40eca117d2cba8a6d3b8a56b28,2025-06-27T16:15:23.703000 CVE-2024-1174,0,0,0ddf47c6c6f2793cdfeecaa6649be9ee3b4d0b30964f2b3b2ef5c5433196c50a,2025-03-13T16:15:15.627000 CVE-2024-11740,0,0,f7cbd5adeb4472a45bd34b76827371e415aa439a41e694880947a82a296148bf,2025-03-21T19:18:50.900000 CVE-2024-11741,0,0,c080687292d1d29e05317c1a96ac6dc4aae3f353b16efa58e92c71e50acad217,2025-05-09T20:15:38.060000 @@ -247595,18 +247611,20 @@ CVE-2024-12130,0,0,f13cb67c00f6dcc27d0c31ba4dea31c8dabc6f66eb953b7214a560c5a851f CVE-2024-12131,0,0,dbf0aa17931777a7d2a18f8d74d983fb90b7cc72d860577b6997f11baa1caf8d,2025-02-05T19:34:09.820000 CVE-2024-12132,0,0,b06e93c25499732ca815413e2d46627c97d1199e136eda86bfe61d37a4878c0b,2025-02-05T19:37:43.237000 CVE-2024-12133,0,0,10b581a4c9ad6acebafd3e4c21f3a1617e68b9dc24e22b02761c5ae5fa3a9b83,2025-06-02T15:15:27.653000 -CVE-2024-12136,0,0,c0c4c27cbbd7828041291776815c4afc28a05bd5c4ef0cabafb6c42812b651a4,2025-05-12T16:56:35.197000 -CVE-2024-12137,0,0,3866c73264ee04bbb6164db23f168e7ffa40b18dd0c34a109d019afb6b1c2412,2025-03-19T09:15:14.090000 +CVE-2024-12136,0,1,c88ac55ec34590b857005277878a6008d06e4859bd042aa3e3a68e8366b8399d,2025-06-27T12:15:27.970000 +CVE-2024-12137,0,1,e078a251f613c9dd40e3a04308f37c79e41bc2615f413ba0d039c73e0ed6ea46,2025-06-27T12:15:28.977000 CVE-2024-12138,0,0,da6ee7fbee0e9075f414529b46a16ebad54f1168ad899da7c1771d5519a5d924,2024-12-04T14:15:19.413000 CVE-2024-1214,0,0,de1b224b633b4f15934a6c113718a0fee219da295a9b4587f21a72c198d9d833,2025-01-29T16:26:04.440000 CVE-2024-12140,0,0,c2add199266b1c986c32a034700db286963405079b6f69910eeedd64a6ce0f35,2025-01-07T05:15:14.730000 CVE-2024-12142,0,0,082b26a389086f6acfe4cbd0f3b415209a939b071b952054449ce1192c408bcb,2025-01-17T11:15:08.683000 +CVE-2024-12143,1,1,c4b9c5c20c343f5575560c34e79563f8ac0e46f006ee4def6e29c74ac41cc401,2025-06-27T17:15:32.400000 CVE-2024-12144,0,0,5ad374ae161b81c02dd52fa717a7d20838d0374ff8a2c01287b8a69e49581cb1,2025-03-06T14:15:35.297000 CVE-2024-12146,0,0,94e303002d6bd6731794caf755e131a26c106cb9795464278d57fb494be8940d,2025-03-06T15:15:15.137000 CVE-2024-12147,0,0,c562efe56e0c0cece525db9ad15e5bc08bd9593dfc976acd1410d7219e1d4e99,2025-01-14T14:15:28.163000 CVE-2024-12148,0,0,16e949e4c0812a2d78a8443d5ae4b5d79a9a13cdd58307868257c2ae017b92e5,2025-03-28T16:22:20.900000 CVE-2024-12149,0,0,a83993a4e2ca147f0b32ff65add4dc0ab0b5074a07c8437da6cd01b3bb0a535d,2025-03-28T16:21:47.753000 CVE-2024-1215,0,0,4329416f300d2c475797311e08de13347ae9dc69f951944050207e3d4abf36b5,2024-11-21T08:50:03.560000 +CVE-2024-12150,1,1,e3ade3e7c670dd6169cdf20bfa6837995996249f4e05c065230bf96f543b638a,2025-06-27T17:15:32.610000 CVE-2024-12151,0,0,e8d13992532d4961aa37d540eb10e8db5aced703c7e96584b766e12d7b5a1d81,2025-03-28T16:22:18.057000 CVE-2024-12152,0,0,5a1d4d7f0aa379bbbfc5c795af6f48efa7d2c7af7b58f75617e710a6121e79b8,2025-01-07T10:15:06.577000 CVE-2024-12153,0,0,ee8fdb07044f47e63da8bef3775a8e8b6e3c5cfbf491a775b0902d77fe82a75e,2025-01-07T05:15:14.927000 @@ -247831,6 +247849,7 @@ CVE-2024-1236,0,0,f564a253105189a2966f4c441c5e76f3d1423ed26820e32a8083e952019049 CVE-2024-12360,0,0,ed8e6713ac4f1b3a987d2e1bf362b9ff6e5c51183904107b962ec88ef88d4595,2024-12-10T23:33:47.773000 CVE-2024-12362,0,0,ae85a03598fbfa73b68d0a04bedecd83a853b0e7800585aa3682db4fd46d21fd,2024-12-16T10:15:05.097000 CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000 +CVE-2024-12364,1,1,a3992c906249aaec68d9630d18bd0fba827652e6cd7ecf186d362ccc7f90133c,2025-06-27T17:15:32.813000 CVE-2024-12365,0,0,e44342e05a0b6e2262a493fac9edc68519495d51c0acf8bc24f40ad738356cb8,2025-01-16T21:31:22.633000 CVE-2024-12366,0,0,bf8b8c2c212f453e6f6d5dc642f1270129eabc7111c7a613295f8bc64058885c,2025-02-11T20:15:33.247000 CVE-2024-12368,0,0,cf43f2f55bc00689e177d5a51be5bd5730dfcbcf801633d096fc0bdbd9cefb9b,2025-02-28T15:40:59.097000 @@ -248106,7 +248125,7 @@ CVE-2024-12624,0,0,5e7ff0728298740b51bc71547c6153c6f49e2311f395bfc0566af7f460143 CVE-2024-12626,0,0,dc01f58442ef4eb4425488c755c4a1d0852a1ed618c4541c829e9e2584781b84,2024-12-19T12:15:06.160000 CVE-2024-12627,0,0,022af0cec2036ad3cef4dfbe1da5009a76ffbe6b2f826e6feb835dd2d0810966,2025-01-11T03:15:21.587000 CVE-2024-12628,0,0,f48463b1ecdc4a2ff76d188b8ae44a2e0e32ef1e929dc806ea33e24839d1432f,2024-12-14T07:15:07.213000 -CVE-2024-12629,0,0,f532a520a581ddf0c516adb9414295f4f858c916587b9f64329a7582075fe8ce,2025-02-20T20:40:12.200000 +CVE-2024-12629,0,1,e54ccba7d7fdf3152764030aee57265d8d7722dc06e78c9d2ad7e5278537d3ea,2025-06-27T17:24:34.500000 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000 CVE-2024-12633,0,0,aa2de65b34cad526fad2ad4462ad560794d8e7fd2121b7b4323cbcbfceffb766,2025-01-07T06:15:17.417000 @@ -248296,6 +248315,7 @@ CVE-2024-12822,0,0,dbb8b5e7ae1f3badb68b038755cd1a1ee39ca8c64a8242669bbaad42c09fe CVE-2024-12824,0,0,745411acf5e29a8cf52147ffcf8673eb469d57599bf2aa0a55cc35cd23dddbc9,2025-03-01T07:15:09.063000 CVE-2024-12825,0,0,e5a4d7f38d6d259b5737402affdabce23860527403323be321069fe15e333462,2025-02-21T15:34:58.803000 CVE-2024-12826,0,0,5299c46313436d68c9289650a6ef6457bf429f032709c773f24c86ea6949c331,2025-01-25T08:15:08.463000 +CVE-2024-12827,1,1,98525565ec7f4b196a186940aff8120e061c56ac2ed605a2f5a840a006dca206,2025-06-27T09:15:24.300000 CVE-2024-12828,0,0,a29f7d175d08af9e9a3e3b2d9a239843d4c47c7b84f9529c7b9ddf19ae5c7fea,2024-12-30T17:15:07.717000 CVE-2024-12829,0,0,b6def8373fb939ecec35d929ec57c311d0480519af7a0919a5038b5b832e9ed5,2025-01-03T17:46:48.507000 CVE-2024-1283,0,0,6c1c96d7825672909441950dddf73708269f69b6a4ba53cdeb3469e0fffe0ab8,2025-06-17T15:15:38.487000 @@ -248635,7 +248655,7 @@ CVE-2024-13156,0,0,30f08a5146793529d2149bd8fe28d1d230f7d62ef9b057e2393b31a9d88e8 CVE-2024-13157,0,0,80e03db47d7aeaaff8ebfe5d3bb0d4e0a672091f1b6d6e0617afb0f75c61e9a3,2025-01-31T09:15:06.617000 CVE-2024-13158,0,0,d921bcc53f0c4810cb7f77f962be3471977624bd876c8c3eed3db3c6a249539e,2025-01-14T18:15:26.020000 CVE-2024-13159,0,0,1b7bc6376d1c3a43ba0a3f4f61357ca44950c78fc38b9a2d872fcb1438c1796b,2025-03-13T15:28:42.627000 -CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000 +CVE-2024-1316,0,1,952416035771bda7840e251a06f2a89e83741cc5a5ee71f87d4cb29a21ee197b,2025-06-27T14:13:27.050000 CVE-2024-13160,0,0,e4da495b5373ce95b346a58fc5bb9c68619a57aedf76a9586ccd4d585493c1df,2025-03-13T15:30:35.020000 CVE-2024-13161,0,0,850237702967ed6e541cf945b438c28b3679eb2666b9a30b136c88eadc563bfb,2025-03-13T15:37:13.340000 CVE-2024-13162,0,0,da666b41a7d98c9e3b9af1e27b198252acb00cdb0ecec4980b750fd64eed2fe4,2025-01-14T18:15:26.840000 @@ -249643,7 +249663,7 @@ CVE-2024-1560,0,0,d009367ed8b8086464e0025c114249617eace4d9066f160c04ad0afb15a8e8 CVE-2024-1561,0,0,9457196c919808e64e590d1e9a9ff260bf5140b029d38454414502236a9f1f29,2024-11-21T08:50:50.303000 CVE-2024-1562,0,0,1d6819170215a7c372d713175fe11e23023b90700b4f23bf88f8ae8ba6ba6d5e,2025-03-07T19:59:17.197000 CVE-2024-1563,0,0,3bbe9628e5eb9d42770c7178f1f369146e12844946493e94f9aa84b3ed67a42b,2025-03-27T15:15:48.940000 -CVE-2024-1564,0,0,84ceb93463fa25d921ef01feb499d06d312a061c27da82d4c95abef3e4e86329,2024-11-21T08:50:50.673000 +CVE-2024-1564,0,1,a31e0ae3e604b282d1bfe35dcfe8e93025d7cb62176df75036483ddd351026e7,2025-06-27T15:31:56.910000 CVE-2024-1565,0,0,00fc6a5125264a59a67555b8c8202352f41a7d44a1f5f9ff79d0346bf16d4f67,2024-11-21T08:50:50.860000 CVE-2024-1566,0,0,19229fee43d76a12f78941a8b8afe76459e8e587ee3503bc72482e098a960207,2025-02-28T03:21:16.857000 CVE-2024-1567,0,0,6cdbaee71c1770d77caf03403af77d158a420504c05e33f36e632e6fe2f3ce20,2025-01-08T20:47:46.820000 @@ -252100,14 +252120,14 @@ CVE-2024-22264,0,0,41cf9408b734afbf4c752259ac6ee58534aaed593aedeaa9456d16bebd1e9 CVE-2024-22266,0,0,5a01c6e98b30179eaa3c94d91a1ca14baf1020518f14d649701450e7ae82dd1c,2024-11-21T08:55:55.490000 CVE-2024-22267,0,0,104400d906916687382e6059349a61fee72323b8edae8c01227a38e83f6cb1bc,2025-03-14T15:15:39.803000 CVE-2024-22268,0,0,bc1e6e036ca5b6fa9995e3668ab5416b25db7e7589d663e8e27f39530c1b1891,2025-03-27T15:15:49.787000 -CVE-2024-22269,0,0,988e3aee3134438d85874bd11e9ccee9e7e802a5c06ad05b3459e38caa48c9e9,2024-11-21T08:55:55.890000 +CVE-2024-22269,0,1,de64ac43f2a6de622e25a87c4c7482969762750d6dde618cd4854f59351fe350,2025-06-27T13:34:58.657000 CVE-2024-2227,0,0,f4193cad275230e4a77caad12789eba12ab0bb05070cfcfc47b838d20d262771,2024-11-21T09:09:18 -CVE-2024-22270,0,0,7b719d9fdc016717f142115013896dafdf332f999d65299f77507d8beac3f78d,2024-11-21T08:55:56.013000 +CVE-2024-22270,0,1,50d416f0142f563507a8cd61ec21f8ac5351366d25e91e102052614570bac3e0,2025-06-27T13:36:04.077000 CVE-2024-22271,0,0,75c1718838fa265bf8dac6e03c9384a09b6896e0d07a3322cc92b020117c5dd0,2024-11-21T08:55:56.137000 CVE-2024-22272,0,0,ae8f99036a93171821b7649d503a5022b4d6b3351e2d9b659b485dd91464f98a,2024-12-02T18:15:09.290000 CVE-2024-22273,0,0,57d23372dcf9fbefdc38d1098eb55f47fbc7c3b9c8cc29f9336c883da00fab81,2025-03-26T16:15:19.423000 -CVE-2024-22274,0,0,d340b46451d08c57fe5c465a2ecf03a5908ff81403282a964817880d6a262956,2024-11-21T08:55:56.530000 -CVE-2024-22275,0,0,316cf28c5559a0263d72f90edde7ead5c1dc1e66fc17b5ffeaba0fff6ac8688a,2025-03-27T20:15:21.773000 +CVE-2024-22274,0,1,8ee17cffeab95d90ee4be5902fb894bd241ee3be8c696e81dcc734bc53f7d8e2,2025-06-27T13:37:52.240000 +CVE-2024-22275,0,1,e86983e4b3554d303b93653c8b44992a778d272f357351c4bef5cb12a094868a,2025-06-27T13:38:06.967000 CVE-2024-22276,0,0,a04a9e6d0ae5e9d579794d26ed880a69b39cf873a295c44f1908b9c4201e03dc,2024-11-21T08:55:56.780000 CVE-2024-22277,0,0,376495165809b03ebca40ba54a28c4d471c752a1c0a49fc842e80dd53971070e,2025-03-13T17:15:28.503000 CVE-2024-22278,0,0,40d737bb4572ae1d0ed91059153dd48f12812df7d0f0e4389bb7eb783d65b4ea,2024-08-14T22:15:04.253000 @@ -252242,7 +252262,7 @@ CVE-2024-22406,0,0,18dc78bc4445daa7366dbab01d433eb47ffbd1f52f56b1a5538995e96588d CVE-2024-22407,0,0,4be91030f0b330f871dfba9f93df1aaa7b156abf55413285631f9f2c4c8c0296,2024-11-21T08:56:13.350000 CVE-2024-22408,0,0,80944047ab84f614815a0b4de581a40551ca034d87d40fe8b526267136ecd9ca,2024-11-21T08:56:13.493000 CVE-2024-22409,0,0,ffef1bb789dfda0c12b525a6bac5b3861923e2e73f053879ae446e5fa92885d5,2024-11-21T08:56:13.623000 -CVE-2024-2241,0,0,42616a772bf176ebe67c1b2bc09553630407005b5312ee21ea6e023f2ff2eb88,2024-11-21T09:09:19.940000 +CVE-2024-2241,0,1,870e85abf41c8a5c50cbedf9c02e8cfe34de3562a6f8f3ee92582bad8eabdd26,2025-06-27T14:18:30.700000 CVE-2024-22410,0,0,4dc8fba1bd28236813a0414568e694c0042a5db9683b6a7ddc68db12e067a6bf,2024-11-21T08:56:13.760000 CVE-2024-22411,0,0,00481441b96f754dff78bd6b7732c7c1b2b0cb05c54025acd39b971fb2bb0fd5,2024-11-21T08:56:13.933000 CVE-2024-22412,0,0,322ab6aa257ec9121b3f11d46365c8bb3f16769682ce00ac3ba129750048c656,2024-11-21T08:56:14.090000 @@ -252403,7 +252423,7 @@ CVE-2024-22720,0,0,ced8e9498dda9d0b6520dcb54b6d4601d9935c2ff070d85c84ff5e17fb9ae CVE-2024-22721,0,0,d65e8b48a2b38e89fb21cd524e004ad80ee473c585bc71d76ab768f65ebe62a2,2025-04-08T15:20:50.123000 CVE-2024-22722,0,0,b52b3ea4f13cfa5524c524b96d16ace3a07bc5602ec4988ddb0bfba4fde7c250,2025-04-08T15:20:57.363000 CVE-2024-22723,0,0,590504d6ddbcfe59132e37aee995b9e0b4e9718bb7fbd1999a65e80b0cef714a,2025-01-21T18:31:46.820000 -CVE-2024-22724,0,0,3a01194172a7704aa0a2e9eba3a40f97fe0e459b77ede1bf851b722b6900375b,2024-11-21T08:56:35.627000 +CVE-2024-22724,0,1,99abb1b03cb83591a05bce2be1d0cd600ade285b45060b0eea5de710b151d395,2025-06-27T15:21:43.277000 CVE-2024-22725,0,0,ac8ec4b1a56ac431a0eb50b48f09c9776f0337d224ce501bbb2f0a8d435288fb,2025-06-04T22:15:25.180000 CVE-2024-22727,0,0,bc17139817b54dbe557343f06cbe3841eb840d2294a7055da210550585fddca2,2024-12-03T17:15:09.237000 CVE-2024-22729,0,0,ceac2812632cca63d8f89f0112e4f876ec0e99a153421e7592a09f58ba0b396c,2025-06-04T22:15:25.360000 @@ -253365,7 +253385,7 @@ CVE-2024-23940,0,0,ce578acda44eefb4ecc0c89bcbb039d72902603761c6b8411f7609e6778bc CVE-2024-23941,0,0,f67188fa7336bb0ecf3483a8f18f3200ea25c746b56f7fdd851552a6ddace8b8,2025-06-04T16:15:35.160000 CVE-2024-23942,0,0,dc212c389e52e3a4e5fba3be784fed041cb1605fc90985db7d15bc7aaa11a86a,2025-03-18T11:15:38.777000 CVE-2024-23943,0,0,6d7da328c21af48ae95f23da21de015ab3069df6f76fb54c89f70c29a47af6aa,2025-03-18T11:15:39.090000 -CVE-2024-23944,0,0,d1f7d065765e5643c2171d654a3fe7a15ded2542e5ae0ba9d07c168a5a5837bf,2025-02-13T18:17:05.470000 +CVE-2024-23944,0,1,d36492cd045c7a5c5dc02126de0f6423091c81ca8b24a04d3ba7ac589ac36689,2025-06-27T15:13:01.597000 CVE-2024-23945,0,0,b8a85ff8effc4368d7e35080b87eec39094e8c22e2c3e7651fd484d947d126ab,2025-03-19T14:15:36.173000 CVE-2024-23946,0,0,9c898cf09e521a2a31019dd3080db79ce9c32f7697e5321cb7301cafff4ddf89,2024-11-21T08:58:44.260000 CVE-2024-23947,0,0,71278d4a159cc549aab5b7dbabd025fce93076b316a17d3e2ac8c5a91e551401,2025-02-12T18:43:20.107000 @@ -253592,7 +253612,7 @@ CVE-2024-24397,0,0,3501920d62c738b549e4fe694cac4cc134b8a3677ddb914004cc38d0f75b7 CVE-2024-24398,0,0,c86501b22f4ff480bb0270c1a5e71e6cae2cca0a1f831c1449ad442be12187cf,2025-05-15T20:15:46.310000 CVE-2024-24399,0,0,2f3ad87b190792fadc9b11dd70802b52f52e0fdb50c1703cefa598e8f0771412,2025-06-05T19:15:28.127000 CVE-2024-2440,0,0,83378454086363d7ca4f57beb9690f64458469c3707996c259c9c7cf2668d08e,2024-11-21T09:09:45.437000 -CVE-2024-24401,0,0,71e4ae3c681bf9b1d76b85f2490244760ec98ea3c8d8cb9c503af1362e66c9be,2024-11-21T08:59:14.860000 +CVE-2024-24401,0,1,8cb9b21d8e6fb364e925e46ba9a392985949a27659492f83cfafa71f1b58258f,2025-06-27T13:23:42.450000 CVE-2024-24402,0,0,7f458a8af3fe0b9a45e7a437cbf857eb25ac5b2d4389714ce9b7162d41f6a675,2025-03-24T20:15:17.830000 CVE-2024-24403,0,0,9dfd8d2383a51e07b61f370007222fc6207ac481d048277e8f500a7d8b0ad907,2024-05-01T20:15:12.510000 CVE-2024-24407,0,0,ce06cc5f32b49af63e6fa2d5048a0736900175f28e47920036d6aeba3df70372,2025-05-02T19:51:07.730000 @@ -253865,7 +253885,7 @@ CVE-2024-24814,0,0,0bd91b2e8766d71a59e66ee7b09a6e3dd065def9b717217cab776ccd87922 CVE-2024-24815,0,0,477a51f4d54394b48dedb489f396739facae4fa6064b1e5df0bb1cff5d982cd4,2024-11-21T08:59:46.343000 CVE-2024-24816,0,0,823e9031d4ff85c8ffd066eaf6addd3c767fe0429f13a879f60557e790033e92,2024-11-21T08:59:46.490000 CVE-2024-24817,0,0,a8c9d542e9bfe20bd41fa2e154275a6d2b3436689e5acb7cf10525e78a664031,2025-02-05T21:59:51.047000 -CVE-2024-24818,0,0,9f6cdbf54a293f634bf2bb0d43a4ed9390e3fee341cf699d97e90d35014dc4fc,2024-11-21T08:59:46.770000 +CVE-2024-24818,0,1,e4aa5f5220eb7f9cce03cb8fbb56351f46ab76a03651e03f3c1e72fe1157721e,2025-06-27T14:35:32.800000 CVE-2024-24819,0,0,ac821307a43b4a131d4aab48940ba4b05b87ac63d15e45f69044c6ff9ceec37f,2024-11-21T08:59:46.900000 CVE-2024-2482,0,0,498f6821d1ca412559fefbf21502667e731ecd3f49d04b99de83e68f6fa58640,2025-01-23T19:31:20.220000 CVE-2024-24820,0,0,e09a68673ea540d6e6b04904a166ee2cc19610221f27c15c4d17017d90d38036,2024-11-21T08:59:47.043000 @@ -253964,6 +253984,7 @@ CVE-2024-24910,0,0,6b331799a881a5d956a87c006abe5e882f01b24bf255742ad3b49c624db6b CVE-2024-24911,0,0,000ec366e410a6c31f93ab7f8a2e5fcf30159e4251e9a0263b609a65802a079d,2025-02-06T14:15:29.577000 CVE-2024-24912,0,0,7e4db9efaf9ed4fd90c3653c0c141095d6d30e8a8ae2098e663586572a626f62,2024-11-21T08:59:57.947000 CVE-2024-24914,0,0,6a184fa1912b50a75a0f68f12ef7de42e993a65d0e5eee8a5ac41cb6b37ddf0c,2024-11-08T19:01:03.880000 +CVE-2024-24915,1,1,5dd77bc123f76795461872837781fdc70a6575f179abd8ed4dd51cf27b9d2c1e,2025-06-29T12:15:22.803000 CVE-2024-24916,0,0,f3ed4031b1e2754b0cb8c03ce63bec578990752c18fe6caa51300a09784fac18,2025-06-23T20:16:59.783000 CVE-2024-24919,0,0,79021d06164055237b10fa49935e385f8096a39629b5d8ac929ac9e336c9c5cc,2025-01-27T21:42:18.743000 CVE-2024-2492,0,0,a9b15c0f5d53de03b8229afca1c8a7b4e7a78c54ba58e9584411863892de05ef,2025-01-09T17:01:54.423000 @@ -255919,7 +255940,7 @@ CVE-2024-27292,0,0,0985bf46a0f580555a70e94b95028857bb5056e62cd8bc4114703d5e8c1fc CVE-2024-27294,0,0,15fb30f72dc2972426006ede89bbcd017fb168504530ce9f5eaab933beb1b3d8,2025-04-11T16:58:53.520000 CVE-2024-27295,0,0,62b63c8181e69fdf30bf5e9ea58e339ce340673603d1ccec39c0824328ff8081,2025-01-03T15:57:16.817000 CVE-2024-27296,0,0,bc7f110c759f40dab70b917dec22fad4a370b676b33c49ffc610915e7181e1a5,2025-01-03T16:14:03.593000 -CVE-2024-27297,0,0,e2d94aaf08ca017867b47c9217cc71c818b5a24f07cc239321b5022891c63d23,2025-02-26T18:44:04.867000 +CVE-2024-27297,0,1,f3315669f55fb8d80b793fcd98c682979cc9dc9b28477799a8bc56bc37341187,2025-06-27T13:15:23.240000 CVE-2024-27298,0,0,fec5a39b802dd251f2972424edfe42a5be7f6a4ad28011a2651a8684a41ac677,2024-11-21T09:04:16.450000 CVE-2024-27299,0,0,029c976c3a15e4a9e0fa1ae958d30182e2a2f2bc16237dfb8bd97dafa3f1d373,2025-01-09T17:27:11.167000 CVE-2024-2730,0,0,df1b973ea168bd529abdfe561b63ebe22b42d0397347bc19dfec242d8ab4a455,2024-11-21T09:10:23.560000 @@ -256071,7 +256092,7 @@ CVE-2024-27435,0,0,6dc8bb3ee34c85a8c6dfc8862b9a9e1049341ecc1b661f32e8230a1c343af CVE-2024-27436,0,0,713a88796ee4dc48163f026b97ffc79c81e0d3b45ee6235d4ff52cf8ec2e3e87,2024-11-21T09:04:36.280000 CVE-2024-27437,0,0,209eb3192ec71504daa2eda9becf70ece581fec90d86a17cc35f43c1e02e19d9,2025-03-27T21:37:24.097000 CVE-2024-27438,0,0,884220c2384dd6c25081e4c3d4b9e503a84643cb245f83edad730396f8909ca1,2025-06-17T13:50:01.197000 -CVE-2024-27439,0,0,bf70e55b581f82f7468b043b9b647a64b6f90e7d462ac0abeb48e128046a1ae0,2025-02-13T18:17:32.507000 +CVE-2024-27439,0,1,40a046df8b6dbc21bcec26119a1563f0d689397e89084750032f45397d7d13a1,2025-06-27T14:43:53.587000 CVE-2024-2744,0,0,d7bf8b89d62a8b9265c01e026210353751391b534d66ac852ccc06ffc57a5571,2025-05-21T18:58:27 CVE-2024-27440,0,0,f3246d021e78594286f96d28f38f4a153ba29ec42bd1ca9c545820901bf05123,2024-11-21T09:04:36.887000 CVE-2024-27441,0,0,8627ee176bbd8db9047f0ac2824f85227251736cca8356f59d7164883e7165ed,2024-03-13T15:15:52.083000 @@ -256100,7 +256121,7 @@ CVE-2024-2748,0,0,81ac4eacdbdacc04b7fe111ed5d4746e52367963774e6db669519a5e5c8822 CVE-2024-27488,0,0,5320e2fdfc5da3ad09c401d0637f295f862172d42e9a14aa4b307c0ce61bc3d7,2024-11-21T09:04:40.187000 CVE-2024-27489,0,0,5336dca041954d1e26e4b3d0955394288c5270412febd061bddb236f9fc7126f,2025-03-27T16:15:23.117000 CVE-2024-2749,0,0,177296a74c00a65b12a9c0be748cfd2b242c3d00669907b8071357d15e7aac5d,2025-05-05T17:10:37.557000 -CVE-2024-27497,0,0,62f599a501b5cf4655f3ce984b75800709d12bba5ed8533f5e10f5fa43687f31,2024-11-21T09:04:40.573000 +CVE-2024-27497,0,1,4ece9ef790eadf5c17ffea915ef16f5401f93af05fcf6092bf5c01d2e278d109,2025-06-27T14:10:21 CVE-2024-27499,0,0,aff8399d997e8300117ba4dd5debedc8467698b2abf7cffa6e1a46591c5be175,2025-04-11T20:08:14.407000 CVE-2024-2750,0,0,7a22bbbb3a616bb457587b001fe4c1da677362ec1b983db201c6134fde3c5544,2025-01-21T20:43:58.117000 CVE-2024-27507,0,0,bb7331cad5d2d4c13577ed348b72807b480e0dd6fd2e18b90d5069d38ec6e0da,2025-05-12T13:07:50.110000 @@ -256584,7 +256605,7 @@ CVE-2024-28126,0,0,bdca6710977b6c4816da9b6611740c12aabc24c1dc8b3f05e1f936957ab23 CVE-2024-28127,0,0,77e8cab03528d8443539f421af735f4841e64e2500d965d208c91c76c1e365e8,2025-02-12T22:15:32.137000 CVE-2024-28128,0,0,3902b762ca50352e1553f0e963e15d5f43b1b39e4e02a9982674db458e936006,2025-03-20T19:15:28.360000 CVE-2024-2813,0,0,f6cf44b143c45f427a4e19d3a3c84fafa892be9cdc350a85d194bce1d00ab565,2024-11-21T09:10:35.157000 -CVE-2024-28130,0,0,d187ce45e65a0066707ab095ab61f67fa2791a511904ca757735a4922b896b7b,2024-11-21T09:05:52.640000 +CVE-2024-28130,0,1,0a8a454c5101961ed697a57fee773c8ef4b615d9e10ecb73dcd98797f7d9bdd7,2025-06-27T14:32:16.977000 CVE-2024-28131,0,0,ac6341de81d38b323cb8d4155aaff35dcc48c0fd487702b27be5fe24c82bdc12,2024-11-21T09:05:52.790000 CVE-2024-28132,0,0,175c8a5b906c462629f50efa40142a9a2be9cbc5170b0eaf7994a7275f266134,2024-11-21T09:05:52.973000 CVE-2024-28133,0,0,25c98225bb575fb176dd1e011196c4784144df2ade977063aaca6fbc12d8683e,2025-01-23T18:51:57.947000 @@ -256860,7 +256881,7 @@ CVE-2024-2863,0,0,cb802aec2f5670a2db50b65a9ba985518f35a86ec8069dd3385b56752f9cc0 CVE-2024-28635,0,0,66c28729dbb83576272fe65c166c670e56b5ae3e2a39b51c02fef7fd0ec24579,2025-06-17T14:05:15.577000 CVE-2024-28639,0,0,e7a0e0b3ab0a4c3b57de2dc0a84196d1068993c21df426fe3caa9e5c75427b24,2025-03-26T15:15:49.150000 CVE-2024-2864,0,0,e3c30714995f30dc7e0b527a75c52b920bd6b9f7aa0c230a72b2bee2dd8a2993,2025-05-28T18:50:59.273000 -CVE-2024-28640,0,0,990c29eb8c733a819b0a31dbb2e2b0510b47e9a808edbc4e02611ff94875e45d,2024-11-21T09:06:42.733000 +CVE-2024-28640,0,1,48ae5460b8b511e02299f92aa1a3d1544088493e4dae478845447f959af63734,2025-06-27T14:26:44.797000 CVE-2024-2865,0,0,5829b9f895a4ba79b3592f650e6f3b7b48b361c5424fd86986d5cdb1471edc67,2024-11-21T09:10:42.747000 CVE-2024-2866,0,0,0b9e7e6b190edc1fb6f92975c3f997f504dfccfc4fc2eb0b51cfe7935d053241,2024-04-11T16:15:24.870000 CVE-2024-28662,0,0,6d9eaead521a1a9fd8a10e61358a4dcdb5fc735bca1f09d70df7eb7a2eaa1bcc,2025-05-23T14:43:43.533000 @@ -256924,7 +256945,7 @@ CVE-2024-28749,0,0,d82cd3742eadfa7bf824ee31dfa37098b1ae1737e1fa93022ca9f93753fa6 CVE-2024-2875,0,0,6cdb006d1a6c5034276b51f0b43f593cf2fffd4a38086e818a1876a540999eec,2024-06-14T21:15:51.043000 CVE-2024-28750,0,0,6ec72c712e80adb4c1f4622423847cc8904326480a5f0ef28eee3dff6f4b5950,2024-11-21T09:06:53.150000 CVE-2024-28751,0,0,ceaed3272b135a4722d7745acb0bc62f516b0fe247956e66de3108e0ddf15946,2024-11-21T09:06:53.270000 -CVE-2024-28752,0,0,3743867d820cb3fac6cc93d0ae0ebb1af1934f8628bb7b6539e88268ce65acb8,2025-02-13T18:17:48.857000 +CVE-2024-28752,0,1,2377d1491e1e30c6c75e18c7a513c282c1aaea1ecc77a8183b0a614a4985a4c1,2025-06-27T15:06:40.040000 CVE-2024-28753,0,0,bf7e9c161fe17ddef885af4de9deb82e14e1947648f4df3c13214108525d2ba1,2025-05-01T00:17:11.497000 CVE-2024-28754,0,0,2214144a78c46b2580bfbfec179b899b282fb753a98595a9fdf69833f99d7b2c,2025-05-01T00:13:29.087000 CVE-2024-28755,0,0,94db876d89381c6bafbe99b1b5cd635119fcf3d8444f7aa68a6413cada173fe6,2025-06-10T00:41:15.783000 @@ -256993,7 +257014,7 @@ CVE-2024-28832,0,0,d36740d578b94e121524c78aca6be42c6639b820da2e5a247680f98779cbf CVE-2024-28833,0,0,fa5f7f551c6db18003fcd4eb03f3ed4f2450ffe38b2398151d32446828703756,2024-11-21T09:07:01.503000 CVE-2024-28834,0,0,d614da2408fa7af8139c3a0c0d8bcb70b30384a1d7b7872f763949216531488e,2024-11-21T21:15:19.513000 CVE-2024-28835,0,0,2a76269f5b0f30ba77f1f70a1e00b84220b50714e4656af78c5aba43ea723cd5,2024-11-22T12:15:18.570000 -CVE-2024-28836,0,0,62ea4ea06a96083984430503a551a9fb234940211a4bbed05c5870784420ae10,2024-11-21T09:07:02.010000 +CVE-2024-28836,0,1,7eb19a295b5a94a8b7e20314e570bee3f01a670899209fca65f0b61f0603a659,2025-06-27T17:46:46.613000 CVE-2024-2884,0,0,cacce53e5e51217e3dfb169dce36dcfaad319ed4c44e6d50f237c0f4a253faa4,2025-03-19T16:15:24.330000 CVE-2024-28847,0,0,268bcd99493c8142c03138ae4c578b554dcd0966d72dfbc92319b075a2d99f62,2024-11-21T09:07:02.247000 CVE-2024-28848,0,0,ac0cc2f13d6479fa9ef5f40a6043a1e1afd98b06da363160eb2fde1d86caf54a,2024-11-21T09:07:02.380000 @@ -258004,7 +258025,7 @@ CVE-2024-30162,0,0,1d89027fadd32d888ac91deacfb634da9306e22312414c5b33187ff9291e6 CVE-2024-30163,0,0,2887459b66695d41f1e6d12551511852bcbdefc140339f61da6a07ca21c85b99,2025-03-19T17:15:39.967000 CVE-2024-30164,0,0,6998914e7b9a904a0ad839bc7bfbf870f6e9811a73e1e955fe85aadcbe3e160e,2024-11-21T09:11:20.680000 CVE-2024-30165,0,0,36d8b80b6275d52da8de003880254279acb2ea19b7eba966f7643a6302de347c,2024-11-21T09:11:20.927000 -CVE-2024-30166,0,0,18fa3c77f36083e2cd864840a6f6292b4ff3d6d72cbd7928cc677dd932a94ea6,2024-11-21T09:11:21.147000 +CVE-2024-30166,0,1,a4a18d7175d20951182491654722db8e6776adeec8d659bc3b9a835e3bf0dd67,2025-06-27T17:46:25.570000 CVE-2024-3017,0,0,d4aec23ba050936007b98f21f6c10b9585a3d459061927c976eed38f1f480c88,2024-11-21T09:28:41.480000 CVE-2024-30170,0,0,ed60f0d302cd151d50df6d1bb62de9bb721767f8db7fef2c2cb93566e32436d2,2024-08-12T16:13:53.803000 CVE-2024-30171,0,0,6ebe5e9eae1a7ad2da52de3f79b45587d88b57791a58fe5821737eae0455762c,2024-11-21T09:11:21.590000 @@ -258971,7 +258992,7 @@ CVE-2024-31346,0,0,b972a4a46a8f82aecb8e6a911642668b9c99df971421a9cdb94fecde63fc4 CVE-2024-31347,0,0,fbe2b413b7eff6717602ddd334ae28e4d6a1bc4991f31ed08ca6e39c79a3eba8,2024-11-21T09:13:20.513000 CVE-2024-31348,0,0,2e98ac178df5c221fd6690a2f1a2bc14e79e9523c14699479d5406069a39380a,2024-11-21T09:13:20.623000 CVE-2024-31349,0,0,8fb1bf130b3543f5ee4e77d2aa844f32c4ae8d775a848bd2fce3e481197dd9aa,2025-02-12T01:27:43.223000 -CVE-2024-3135,0,0,ec4fd1a8b6bffaeb4eaf27837b8b245c5ff59672a247eb47cbe1da6cd9ba7109,2024-11-21T09:28:58.417000 +CVE-2024-3135,0,1,672c92722e4bd15145b33524c989860e5c5a0af29967be29ffe9c922781c7286,2025-06-27T15:58:15.920000 CVE-2024-31350,0,0,d28e6c1f64725b53d92b4f35582c3333676898df2f97b9e93654a4411eeafad8,2024-11-21T09:13:20.840000 CVE-2024-31351,0,0,3f7ced4f437cb4193b5793698558cff23065693886f1bbdc13896cd7172f1730,2025-04-18T16:20:25.827000 CVE-2024-31352,0,0,a5fbc21f876c90d849572f68f41fd91c86027cbd93925284987f99216cd01ea7,2024-11-21T09:13:21.093000 @@ -259131,7 +259152,7 @@ CVE-2024-31503,0,0,530411a449c8426e81e299f531fc066bec6672190a1939b892141fcba7227 CVE-2024-31504,0,0,e609fdd3d56331d45ea8d49c7af4d1de4b29d053dc7ca378918a58ec72a1ae55,2024-11-21T09:13:39.917000 CVE-2024-31506,0,0,616284889025843c021b0726709d0c2938adbe743bbeef4b239aedaa6c11d52a,2025-03-20T19:15:29.227000 CVE-2024-31507,0,0,09533bcdb609fea2f5a5fb10fa1fa7fffce9c3a62004ff2e439e8975ef660f06,2025-04-18T18:35:31.437000 -CVE-2024-3151,0,0,71638aa74d8ee78d0eb7551a2e4c25d581b4e933de16191c432844a774c20128,2024-11-21T09:29:00.680000 +CVE-2024-3151,0,1,b86dda2c268c152d9673d13babdff2a85c59b7266d96fa9327f1fd5a9b2634b5,2025-06-27T18:29:55.070000 CVE-2024-31510,0,0,81886f3ba02f8fa5d2b3f9541ab3b63f18369a591e7028ab4059f6604bc1ef58,2024-11-21T09:13:40.523000 CVE-2024-3152,0,0,232a7ab8a6c5151aba1982b503cbcc7bcb30e91652e2552e7d49e1b5852760ca,2024-11-21T09:29:00.820000 CVE-2024-31525,0,0,b8d8ab4d6181e02f7a03e856bfebf33fc0b55b912e5b45755f0ccd69b64a78be,2025-03-06T15:15:15.607000 @@ -259187,10 +259208,10 @@ CVE-2024-31630,0,0,2bd16e3fcef7bda0b7ed937f45148dde60c59ea9d09224ef4dc76dc8aeb1e CVE-2024-31631,0,0,189299e833a9bdec5625f34c9b7af7b60646f6c7b2cd4586dea999ec400d5e00,2024-06-05T17:15:13.130000 CVE-2024-31634,0,0,896bd3a323a4fc15d9e296c9826d2b8a0397660547569ad91dd368efac94a3a6,2024-11-21T09:13:46.923000 CVE-2024-31636,0,0,489455932c28d1634573ea9d90055dccd7d519dd0b98ca84ab9c3600efccc6c1,2024-11-21T09:13:47.140000 -CVE-2024-3164,0,0,a59c309cfb663bf100d71407d5d65ee0502b1f84764812ba0a0608a048b479b9,2024-11-21T09:29:02.850000 +CVE-2024-3164,0,1,37f2de100f3bf9737b2d89cb8e4fc9aa977ceec125613efb403d2572e897947f,2025-06-27T14:06:30.103000 CVE-2024-31648,0,0,19fff8e87fe84d52f2f93578e1b5a26bc93833fcab23536023a36e9bc5aac26b,2024-11-21T09:13:47.353000 CVE-2024-31649,0,0,71e68bf4fb2731a54082fcaee47eb1c18a122224de1b25ec0ed2a9ad80be14e9,2025-04-10T14:20:31.483000 -CVE-2024-3165,0,0,c5c2ca079b1d25437bdd23d54506a8d6256a0fc05fcab96ccf6f17a43c20e89d,2024-11-21T09:29:02.997000 +CVE-2024-3165,0,1,4aa1579485e1dc78f45e24f502413446cfad91f334cf1cdc6348d827c354d114,2025-06-27T14:06:33.077000 CVE-2024-31650,0,0,d3f6053319c774d41708988512daabb2dea00593287b4827eb58d5a4c61c0f24,2025-04-10T14:20:15.980000 CVE-2024-31651,0,0,e55c69fada3c22ed387c11259472ae7e1e643d81f5aa13ac3ceb05c19f5a6aad,2024-11-21T09:13:47.943000 CVE-2024-31652,0,0,cd620e76c3a3b5773fd0b42a3a685acd481dec307908c8df3a6879a1a3b7b437,2025-04-10T14:19:54.860000 @@ -260992,7 +261013,7 @@ CVE-2024-34047,0,0,9e3052e646c20b96e3da9cb2dc32999bff983a675879455ddd4c72211fd67 CVE-2024-34048,0,0,5dfe645896be15b4717118faa0360ee8f75e1594b437ff4e734cedd846a19fa3,2025-05-27T12:53:06.970000 CVE-2024-34049,0,0,7ca9e67ca8336f8252a8b8d1a792a8e8e047b2cd92b69f1c17c3dd5182c09f79,2025-05-27T12:42:58.183000 CVE-2024-3405,0,0,f17f5bea02b268238f307825b30bfd1feb4cbefe8cdd8d003fc4c0880f2aaf78,2025-05-15T14:38:35.477000 -CVE-2024-34050,0,0,ee55a700ccecadbeb56c711d62ba8755563bdb0bdfb310583ed60f15a914696f,2024-11-21T09:17:59.180000 +CVE-2024-34050,0,1,8d5838cac49ec4a03e84134e153a301738c987323aac4f4633afdbbb2c96e272,2025-06-27T15:31:17.060000 CVE-2024-34051,0,0,30656643db26eb25261a573c3173abcd4deef50a6f07e61ad38f260cad0347c3,2024-11-21T09:17:59.397000 CVE-2024-34055,0,0,8274f9e7a90c6f83eb90e85ee1cbe197a9f9dbbde048ebfd3348f3e044958db4,2024-12-06T15:15:08.330000 CVE-2024-34057,0,0,d79f219aee9dc644e61e2144d0b74a2f85add96fba1923e59bb2b1050216e384,2024-09-25T17:08:16.017000 @@ -261567,8 +261588,8 @@ CVE-2024-34729,0,0,a9c60c9154b250ad0ad8fb09f024d8d1b9a123940a86c93e901bc505dc2f9 CVE-2024-3473,0,0,635984728ea9670d6b9cfdf6ab19079fff83892dfbc983db637b3e272784b4e4,2024-11-21T09:29:40.730000 CVE-2024-34730,0,0,6b67cdf248bd89d92c96770ff9a6355a9cbfa992ecfbe34caa440d6bd923adb2,2025-04-22T14:32:46.433000 CVE-2024-34731,0,0,dabcba1d59e1f025a63b5ba7e0e668c40ba804a6e53f3f2f1868cf15359d53cd,2024-12-17T18:12:43.217000 -CVE-2024-34732,0,0,1aa672530668c42431606c411b7d1dfffb8ade85062e53693f7a470fac63d036,2025-01-28T21:15:16.583000 -CVE-2024-34733,0,0,2fe660e769266b1fa5c93008fb27cabdb2d210c0d6d20c1e917b4b5a393b099f,2025-01-28T21:15:16.713000 +CVE-2024-34732,0,1,db9c67ac0e15eed45dc78b54e141347d014467effa0c4fbb519446fba55eefdf,2025-06-27T19:03:01.353000 +CVE-2024-34733,0,1,a6a73aeb0abed61d62b443dca5bf955c8feac0861ab0bd0157bd81955325132d,2025-06-27T19:02:20.730000 CVE-2024-34734,0,0,d30ceeebe447a9d3b85ba81bb31ffe8db8e1bfaa20f969b2a1722a59d0c81073,2024-12-17T18:49:54.800000 CVE-2024-34736,0,0,796d4e22dedbbf6a45bf78b4b61b6b991a6074c75d5a0d88ca4d35b7a87b1fd1,2024-12-17T18:49:00.327000 CVE-2024-34737,0,0,593f66ce741ff2e6b0ae794a6711b3f436177aea1f4a0a005ee528acb1b244a1,2024-12-17T18:41:50.840000 @@ -261580,7 +261601,7 @@ CVE-2024-34741,0,0,a200ff859f75cbb740f0c4700156237f5570a0c5a7e335eb045f98ab4ecf9 CVE-2024-34742,0,0,9fb58a874ed531eae6b8f87bbca2a07dd0fc59db4798ac22215d023539652d17,2024-11-25T18:15:11.980000 CVE-2024-34743,0,0,435ed3326ede6ddd67e461747dbe51de0c1ad4cc5af9b9a7445aee748ca92c8c,2024-12-17T17:47:48.797000 CVE-2024-34747,0,0,59f7ab211e0009fe0101ef2f22c321cd0b38ca2b0f6d0bc8b6a93b6fe1ddf0f0,2024-12-17T19:37:38.390000 -CVE-2024-34748,0,0,cac69878a35221ca5c0f4d6c64f1798c5965a19b352357f0dd828e1a72e21427,2025-01-28T21:15:16.840000 +CVE-2024-34748,0,1,24b19f5359713f71601838285d2805af27b883088f0a180cfc88c8195e2060b9,2025-06-27T19:01:38.090000 CVE-2024-34749,0,0,cb0ae1c30b46cd71904b8a0305cbab3813f7ebc1bb11dd4d5340ad9b8d9c0b38,2025-03-27T17:15:56.143000 CVE-2024-3475,0,0,1a5724164df65c3fee56639f1ac8d1ef7c02e025bb8d5f7f10279ac43300e74a,2025-05-08T17:52:48.277000 CVE-2024-34750,0,0,6fbd9d143e89f3e66afa354dc8913367b40cf75507bc89b9e9fcf76110f23309,2025-06-03T21:32:00.903000 @@ -262578,7 +262599,7 @@ CVE-2024-36047,0,0,793fcc6c774994a5002b23eb00aa9bbf541b93a5aded3aaa88e32ee8f8c13 CVE-2024-36048,0,0,6b6c5fd388f3c5986f4cdf4b3e4b8816859ba03c7b47f889f37c2525cf73f654,2024-11-21T09:21:30.610000 CVE-2024-36049,0,0,f9b51d86d685dfe1d063607d35006d32c1c838354d8d3473b5b37799f50e9f38,2024-11-21T09:21:30.857000 CVE-2024-3605,0,0,0fb02c5cf2e5e4c98134033d37fca28c8f48589ec9fb82d576232d111aa1b2cb,2024-11-21T09:29:58.370000 -CVE-2024-36050,0,0,1b0de961a3349d2888f179902537b26c4a1c69fd559c4f582ef3fc1d28140b88,2024-11-21T09:21:31.087000 +CVE-2024-36050,0,1,334c3edf479897eb18d10ff244ec758c79c04135320e5006a062eb155adde898,2025-06-27T12:15:29.660000 CVE-2024-36051,0,0,06185d929bcef5b726eebc24c04947ea1ae42bf1c0763bf9aef66e711c162238,2024-10-11T21:15:06.843000 CVE-2024-36052,0,0,dc92740a9664f9059f62dca2381cee908e14df47c88bf64f3887638c587c6fe5,2025-06-20T17:38:46.913000 CVE-2024-36053,0,0,e7bd49d7fedc70bdf94c44a58feb3b84672208d8ab4964a48ab4d5c82a737b0f,2024-11-21T09:21:31.580000 @@ -262609,7 +262630,7 @@ CVE-2024-3608,0,0,533abfb9caf6c85bb45ac7314a4e04c1f6bd190864c1d371d747c7fc94738c CVE-2024-36080,0,0,ea43093c672626993647f002322f59393785348e19e5ed87c484228fd3602554,2024-11-21T09:21:36.270000 CVE-2024-36081,0,0,2377c40f61bf7c24d9d085121c876319372742f1155bb647ba1d93e7a7f19977,2024-11-21T09:21:36.423000 CVE-2024-36082,0,0,84618df39662e6f548035ef1fadd39984357f9219f1ebdcfe533715584e1d555,2024-11-21T09:21:36.583000 -CVE-2024-3609,0,0,46b5b7ea168deae6d4ec1e5bade9c6b03d2e29f46ac72b5969ab9bc083c86f6a,2024-11-21T09:29:58.870000 +CVE-2024-3609,0,1,590eed5ea6d2c557b4bfe0bfb283c348c4f4cc1ebfa45c2de23394e200013d1f,2025-06-27T18:08:33.780000 CVE-2024-3610,0,0,328c5d24a8e4082d1f0716590e5074ddd632062b3f1cef58cb4b60189ca9185e,2024-11-21T09:29:59.003000 CVE-2024-36103,0,0,9abd9df6d5adbe63b2984155ccaa06a2516253c30f89f6395b127b87dd254baf,2024-11-21T09:21:36.770000 CVE-2024-36104,0,0,a7a29f7c1ee7d2077d75587b2943dbc9140ad10db298af679b0660e93bd4ee17,2025-02-13T18:18:06.047000 @@ -262815,7 +262836,7 @@ CVE-2024-36303,0,0,b4111938d128c9565d65f07c6c56322c350c793e76b61c6854b8deaf71b80 CVE-2024-36304,0,0,d672eea5735554868eaf67944f914e35802e168f9b1639f91b7e62cd1ea49d0e,2025-06-16T20:39:51.303000 CVE-2024-36305,0,0,6cfa43069ee33e00c30d8fa3baead3036438742e2cae79ef30cc5d5dbaececa6,2025-03-14T02:15:14.077000 CVE-2024-36306,0,0,64b14f3a298243574030100c00019e79538277aa5e06c79a15c2ad9d80646a47,2025-03-27T21:15:49.143000 -CVE-2024-36307,0,0,51d04be494c1bf54f841be1910d46ae0bb0c05ba90a56fa1759530c58c0d282e,2024-11-21T09:22:00.763000 +CVE-2024-36307,0,1,348c649a714fb281f44bd1e1c0f21efb8f0678eb8148aa8ba7b4b12dcddf87ef,2025-06-27T14:50:02.757000 CVE-2024-3631,0,0,4c69e579fe410e6de0150f6d10e606fe2242b1c9ef04fb593b3c1e8572ccb432,2025-05-15T14:05:08.167000 CVE-2024-3632,0,0,4869d6b429bc72c1a5b9d5a0e79c9365cb01fa1170a70181e5993b934014cd81,2025-05-15T18:33:22.770000 CVE-2024-36321,0,0,e23b32ff93e945470d7a3f5d4c5e01587f21275345b02bb4e46addd0126c31b9,2025-05-13T19:35:18.080000 @@ -262826,6 +262847,7 @@ CVE-2024-36337,0,0,4a5cbac57d86ad316e622ff250386ef0d9ab2a113d3c90bbfceafbae24e9c CVE-2024-36339,0,0,1b34ff5ccca3cdedd66bcf22531ed2f97591affc59a006dcedb42b8773702275,2025-05-13T19:35:18.080000 CVE-2024-3634,0,0,3383030fed20fc028b4b4484c7a11fba64d2ea257fb986bc506941077c30f176,2024-11-21T09:30:02.520000 CVE-2024-36340,0,0,199e523fb7080870f0938f9edebaec67a2499b220ae3b6249758953c6312289a,2025-05-13T19:35:18.080000 +CVE-2024-36347,1,1,7f0b2dcb35e468ae416c2e3f903c104f965f4577a2df49ee7eb855202285ace1,2025-06-27T23:15:26.037000 CVE-2024-3635,0,0,6b91ce08fb1c4fe8eb1c3b4b2db88c9ffd3abcddd772228d559fe4e3fab4a5b8,2024-10-02T14:30:24.627000 CVE-2024-36353,0,0,caf07d2a6c34feb51886f1ce6edb50e9937e103b379c80565763a756df3ec242,2025-03-02T18:15:34.033000 CVE-2024-36358,0,0,81b5623d6ec0aba632ed9ccbd9cbbeee602466b9c8b47e22ca90ce67f15c6d23,2025-03-13T14:15:26.933000 @@ -263001,12 +263023,12 @@ CVE-2024-36532,0,0,d4193996b0397e0a4dee577d3e251e2d9d6acc4697b78e5be5b0ad0f0577a CVE-2024-36533,0,0,7b37764a0b7853f615719a995566f68d7a7deee74def6781711cb81ae23e8665,2024-11-21T09:22:21.090000 CVE-2024-36534,0,0,2ccc9352f401338f7a13af480165921c3a497a579b8305661c53b267de31f42b,2024-11-21T09:22:21.297000 CVE-2024-36535,0,0,688d82b844583d158ea8c5b194cb18ec30a9aff36d9d49e7738da74c1fd7d86f,2024-11-21T09:22:21.503000 -CVE-2024-36536,0,0,8404dcd2219577bcc1bc4d20667ed45b3fa4b20d0001244e124d6e61741f69e8,2024-11-21T09:22:21.710000 -CVE-2024-36537,0,0,02a69cfafe7ebfa626fc76ceea3e398ba450be24944e6befc760cfb9e185fda6,2024-11-21T09:22:21.910000 -CVE-2024-36538,0,0,9d89a26106db98c7f06bf03acd6df8959b88cc102e52b854c05d48f15f36e085,2024-11-21T09:22:22.110000 -CVE-2024-36539,0,0,c22d1610ab25fa146327c6571b8756ccffeac69b307d286f165e47e3008e475e,2024-11-21T09:22:22.333000 +CVE-2024-36536,0,1,07bd3ac253db504d65bc7b809022cd7ddccdd65fb3aa9130f4608df8ff5b527d,2025-06-27T16:50:30.923000 +CVE-2024-36537,0,1,14637a2055af8ce4b1e83c096281e997c0732043390b71ca9336f96008f93b0a,2025-06-27T16:50:38.823000 +CVE-2024-36538,0,1,c688c68c5740521fc69537bd669099717227870363a28590a72a9a1d7d04071e,2025-06-27T16:50:47.197000 +CVE-2024-36539,0,1,9aca51b62654baaf73b5567316cd27f5a2edbc18a8ab3f7138bf0b3b55904ac5,2025-06-27T16:50:09.070000 CVE-2024-3654,0,0,7c8b79c66737c7631704ec16771294bc925c1580156cee9ccb89f77db70016c9,2024-11-21T09:30:06.590000 -CVE-2024-36540,0,0,8f7435287844fd84c342d60cd403c24151361e33382d6533766e06bec15dbf8b,2025-03-13T19:15:44.977000 +CVE-2024-36540,0,1,da01de63fd1f884333c5e831c48efeed310285e1589e5a4abdfb4f679374095d,2025-06-27T16:50:19.583000 CVE-2024-36541,0,0,9ab3858b635cefdcb3fe069351ca627b0635389de4a0f8339225e773696680c6,2024-11-21T09:22:22.763000 CVE-2024-36542,0,0,bec50e407cf96b2e675c0980302e442ea01f88699934911448c380c08a221b72,2025-03-13T21:15:40.137000 CVE-2024-36543,0,0,38ab37022c31f27de54dc63efdd9bb25bfbc9de6aa6fbfea9ff9763a05b57c7f,2024-11-21T09:22:23.217000 @@ -263371,8 +263393,8 @@ CVE-2024-37081,0,0,3433ceb91ab7520b4804f217c66be442f247428f84e034f3031fb05f84a36 CVE-2024-37082,0,0,6bf6931c6e4458306423d88f4c271b58742a49de22a708b3fa70ace5c58eee64,2024-11-21T09:23:09.607000 CVE-2024-37084,0,0,17b4d0ebb2893714179426a840ba58f383f2be234d957361f160ee486693c99f,2024-11-21T09:23:09.750000 CVE-2024-37085,0,0,a9ac54e9575fe85a29aaa945441fdb0d2c9bc9f2949737b6f857d56202f45ca8,2024-12-20T16:52:43.217000 -CVE-2024-37086,0,0,51393266ce5403e5884a98cf2ac2a25c8589b51040ef9f18f9c9f84eff93867d,2024-11-21T09:23:10.060000 -CVE-2024-37087,0,0,d414d3b3ff687626a17702c5c38fd0cc5ef1d98abb670fc6ad95e9e0370b0ebc,2024-11-21T09:23:10.200000 +CVE-2024-37086,0,1,584ab8c4a3410b80f08578057bbef6efed2b1204f94c3aa7687e4e7bc444b1c8,2025-06-27T13:39:14.217000 +CVE-2024-37087,0,1,f87b13702b7b723338fafcc7ece85794ab7b9762f2f3c1418a454760a333836f,2025-06-27T13:39:54.843000 CVE-2024-37089,0,0,8d387479d3a2a6e03e30baefa0716f09d2a1a735bef61b94a2cbba881bf018ea,2024-11-21T09:23:10.330000 CVE-2024-37090,0,0,c8c780f174a978437f3b8dd70e2e53729b421f624c42b5d0406b423c315ea8d0,2024-11-21T09:23:10.460000 CVE-2024-37091,0,0,516fee9b33edc9a2ec4e5cbefae8497129a19a168e7efc3b6e9674fd24788fb2,2024-11-21T09:23:10.593000 @@ -263691,7 +263713,7 @@ CVE-2024-37397,0,0,645394d57366af4d14bd72b0f709a5f25542d1f984f3b92daf1f425614dbe CVE-2024-37398,0,0,0f42760c0326cdea8f98f78b855bbf63b71770b97a72517371b459e84e271523,2024-11-18T15:23:23.543000 CVE-2024-37399,0,0,91513a99b1995bb678a44db233b24968cd7625f00c77086c4c8d80914d8fefca,2024-08-15T17:31:49.067000 CVE-2024-3740,0,0,f1db815ebd196c841f9a03e4af1f223458e4ef3810b51b1b12ab408848abbe0e,2024-11-21T09:30:17.230000 -CVE-2024-37400,0,0,44d4620048d68597390885c4489b34adf3ee284340996c671f0f07b4dbb0a17e,2024-11-13T17:35:04.687000 +CVE-2024-37400,0,1,1e14e88d44c848ea44c9bbe92279b9c2f34340798a2cb3eb210a97ba1aa452e9,2025-06-27T18:46:03.483000 CVE-2024-37401,0,0,5a3af3f5613cf18b6fb0d152156b5ab3157faa43dbf40e0bf8bbef7d6755b5e1,2024-12-12T15:15:13.877000 CVE-2024-37403,0,0,5e662ed809b0b10e6b99aa8c2f4ac8b35c922847c3b6d64b5b20add4d0709792,2025-03-25T17:15:57.523000 CVE-2024-37404,0,0,cb110a34d87f4812dc406a460298c89dd3f74daf508e6083996d73ed421121f5,2024-10-21T17:10:22.857000 @@ -263879,10 +263901,10 @@ CVE-2024-37575,0,0,fb41a93cda92e423debc2a813128d4d353bf25b2fe44666c8d6cd43b5e9b3 CVE-2024-3758,0,0,1181488ec82078110f1699579a12bafb88b2d59c08c0cadc1f8d0743c817c9b1,2025-01-02T19:04:15.777000 CVE-2024-3759,0,0,46624cef16e7230998500889df497f9ac3c7ef0f50d3eb513c1782b48bf6fa49,2025-01-02T19:03:20.700000 CVE-2024-3760,0,0,1d331199efa43ca30991198616569b583e4d5745c28ba3fbbb6d72d78d13e12a,2024-11-18T22:02:15.053000 -CVE-2024-37600,0,0,47f2604c93b4eded23effb23c83d082d60cc9d9a80c6e958a3edb91b9e18fe5f,2025-02-14T21:15:15.253000 -CVE-2024-37601,0,0,a7108fe4d8d669cb12ba7051153778fac25afaf23fa1c27251dbd1625a3f64b7,2025-02-18T14:15:27.900000 -CVE-2024-37602,0,0,9f467806b43dca929e6cfdf23af209d03820a3701220fb122cd0716cb2e6ff3f,2025-02-14T17:15:15.447000 -CVE-2024-37603,0,0,15bd2071bb829d1a53a3fd8b8864366965c8ac58f8c1c644016a2dae4bab8142,2025-02-18T14:15:28.070000 +CVE-2024-37600,0,1,5bbe7a95a3e358dd36c751fcf216fe307a788b1b99d8bcd53e0d9b73a99bf16d,2025-06-27T16:12:06.380000 +CVE-2024-37601,0,1,8f94003153be9411c9d3cdc392be55e8e8d12e4674500c4ebcfa6729a607966b,2025-06-27T16:12:20.587000 +CVE-2024-37602,0,1,29ee44ee266fc66533004d745004a72e055555b941df5505421c092c6b0d3ddc,2025-06-27T16:12:26.847000 +CVE-2024-37603,0,1,d072d19be73a32430f16cdd0e8e8e638faf5428749f05c75de7d4fd81f33a570,2025-06-27T16:12:30.230000 CVE-2024-37605,0,0,c838e538d754978f8c417ba24adbe85ba47016e4a5e7d17b41eb849dadadcafd,2025-05-21T15:29:32.967000 CVE-2024-37606,0,0,98e1b323d153d4734584711a2738812d553fc1fcbabe391867090928c563d054,2025-05-21T16:01:39.770000 CVE-2024-37607,0,0,e55cd22b4e534d98d6a1b38f2bb63718c9e0f241a240bd7634f6bfb4ae3c08de,2025-05-21T16:03:47 @@ -264787,9 +264809,9 @@ CVE-2024-38650,0,0,da1bf72205b29bbe2545a69ff549156d5a1e17afe61e2961a00820f282f1e CVE-2024-38651,0,0,b57d995dd4db4a11d7a33ead70165ad783488cfdd4a29cd191eccb8cc9fdf54a,2024-09-09T17:35:02.663000 CVE-2024-38652,0,0,8aae2722db7116f716edff952bde34dc5fb51302c3c577e6f371e03e39935c4b,2024-08-15T17:32:39.067000 CVE-2024-38653,0,0,e523aab1476ea94d5dabc706292fc0fd759279e8366cb1ac9b6db46f1b48550b,2024-08-15T17:32:57.587000 -CVE-2024-38654,0,0,ca9fd02c81f92d035bbda3976da1a8f0602f8a83a501777869aafa32900f0836,2024-11-13T17:35:06.447000 -CVE-2024-38655,0,0,964fd1eec58e9d88a93e97e9c3a61acc0dbeaa16c974275ef46e2bd52d60a331,2024-11-23T21:15:14.393000 -CVE-2024-38656,0,0,7a761f228145d4c9c0ed8d92c300e9df17f7d325bea623f24e15c901a006d981,2024-12-01T19:15:04.440000 +CVE-2024-38654,0,1,4f834b449c1be0488d03e56c2eb96f2263bd4a211be6cabc24937d886b2911cd,2025-06-27T18:45:18.467000 +CVE-2024-38655,0,1,29c436e44863c39a5dfc6dd954a1facaa895c3b30b158e3848fb302efd23ea94,2025-06-27T18:43:22 +CVE-2024-38656,0,1,e2eefc85d8c7b7f5971a46109448b68c074d1505a25992b3f5cf959084d375cb,2025-06-27T18:42:28.510000 CVE-2024-38657,0,0,33de91131ecfc9a0e25a093ba39c0fb12d01c8565b33009dad5e2fa49c0f40e2,2025-02-21T16:15:32.340000 CVE-2024-38658,0,0,e6ea9cd2600e863335625bfa75713e2218e611a3fa971502d028f479b505f7e3,2024-11-29T21:15:05.633000 CVE-2024-38659,0,0,82d734add9c8fe44d6c176df3c0f51f534c34dbe8895a35bd5c5151111066a4d,2024-11-21T09:26:34.527000 @@ -265173,7 +265195,7 @@ CVE-2024-39227,0,0,d180670ff6b1d7372dc5eed38b426d2d0535f283f8a4668a29746b0a4f85b CVE-2024-39228,0,0,fbe3b6960a96eb9fe32fa4f66a18a01501aaf645ebdb56b0fabd0a3df25fbae5,2024-08-15T16:15:19.800000 CVE-2024-39229,0,0,0ba144b76379836690d752be3610500a97e8f48b21df7b8b41b34939068fed7f,2024-11-21T19:15:09.887000 CVE-2024-3923,0,0,e5df35773bda20ed72d01c5fca237e586010813c9a75364a918eb66db931fa08,2025-01-08T18:43:59.440000 -CVE-2024-39236,0,0,2379829a31c2e85e5978bcc06d6e5b8ad0cf51794cafd0c6c7dedee2d80ca197,2024-11-21T09:27:21.240000 +CVE-2024-39236,0,1,aada020bad38e3ed6bc1f3f598568c19d6329245f59afb9e6564d85d449d097d,2025-06-27T17:32:17.003000 CVE-2024-3924,0,0,a7d7d2f179b70fee660a7c5121a05bb1bfb909c2c19095cfe92531fde96543ed,2024-11-21T09:30:42.713000 CVE-2024-39241,0,0,3a8c87ae8015b39a69a37b5490c2dc0915304915915bdf6f89069803556bf101,2025-03-18T19:15:42.903000 CVE-2024-39242,0,0,8fb181789081bdcd020f1e68f7a4ec07b2810a5d6d0828e0dbec295688fcba6d,2025-03-26T20:15:20.527000 @@ -265647,6 +265669,7 @@ CVE-2024-39727,0,0,c691980721e509e7f95918f482d6883a5f5ab54ba79b6c92b81f547495446 CVE-2024-39728,0,0,419d6522507eb930af7ae6835142d3dcdf46166050b6817f37759954abce17b8,2024-11-21T09:28:18.217000 CVE-2024-39729,0,0,17ef6112215ce540557fe392c3c226b8e791e3105e6cb641f6eb9b3c8bbe26c4,2024-11-21T09:28:18.363000 CVE-2024-3973,0,0,b601634fbcb6e5809201b226590e2edc1eea5d7ff4860b3a3603363fb0bfe87d,2025-05-28T19:36:57.993000 +CVE-2024-39730,1,1,85e5a3d8f665acb8780ad0e0f8bed16887954a0cec962fc3cb0ded770c42df46,2025-06-28T01:15:24.740000 CVE-2024-39731,0,0,1dcd7e56903a6949d01ed06ff2f1995b0ec86eafa7e21275042e3bc78aafd782,2024-11-21T09:28:18.503000 CVE-2024-39732,0,0,d47257c5e25e2f487ad9ff54180377826d9652929ba89210e27aaba3b80c6fc9,2024-11-21T09:28:18.637000 CVE-2024-39733,0,0,89054bd3b8e3268793590efb1f1adb1c644ea819b1a2bcb7541f24d025582226,2024-11-21T09:28:18.790000 @@ -266128,10 +266151,10 @@ CVE-2024-40644,0,0,a57ad1bfdf68296ce8a9539e505efa1809fefd866555c9c76d8987e02e0e4 CVE-2024-40645,0,0,a3f49b95b4c12b5444ede2f523391703502ab565df4a5cf2c506d73c2cde7df4,2024-09-05T17:09:16.947000 CVE-2024-40647,0,0,88935cfcec599678993a6403e316caa0b9a2d4c594531b02670b7f84c2cb6867,2024-11-21T09:31:25.587000 CVE-2024-40648,0,0,d1a60a844ec096d2fa051ae2f056504ecbdead31db11117a3172d5ff5e1a66d4,2024-11-21T09:31:25.720000 -CVE-2024-40649,0,0,cd017edd6e36db96b5d3af33391b8c1805c38b90d6fac0260ad15360321175cc,2025-01-28T21:15:17.117000 +CVE-2024-40649,0,1,b041c8a3b2865a0e88a9d3a1ace51f5f9f2d1de743b34abe404deadf042008ed,2025-06-27T19:01:28.370000 CVE-2024-4065,0,0,8104e642d3086741414933f46b271721462b9ac994c8f65befa5dad67209802e,2025-01-21T19:05:04.657000 CVE-2024-40650,0,0,78138be7e0cafd2635985c4e24ab654bf9d1895811ba8f47491211caaf20f74f,2024-12-17T19:08:50.857000 -CVE-2024-40651,0,0,059808f9aa3eb692288d55f1c33528a0da2526a2b5a14834823d328f0adf6296,2025-01-28T21:15:17.253000 +CVE-2024-40651,0,1,f7bb0b70c1581658eacdbe7c37149bed56e391d0f78e636dc0914ee60dcda779,2025-06-27T19:01:13.437000 CVE-2024-40652,0,0,3f440f86342c58e47996d56495558243ae5edd7e5b0d377daab8b5a46ab73bda,2024-12-17T19:09:03.173000 CVE-2024-40654,0,0,92b6520c587274abcdf8c0d347f6bea7ed6a9174c82ea6943ece9915b4ce4a3b,2024-12-17T19:09:27.327000 CVE-2024-40655,0,0,a15fc3c243ee33d14a1630f5ebfb8d892f6129653d6584b92148f34ba45fc732,2025-03-18T21:15:28.700000 @@ -266143,9 +266166,9 @@ CVE-2024-4066,0,0,3af5df6c145362d9851cd86a7d51e714cf54c4e6049b7ebef259e6d9cb06fb CVE-2024-40660,0,0,b7c78dc1f99c1908de45423562bff4e1020b202a8369eadb6ebe92a17540bbaa,2024-12-17T19:36:04.020000 CVE-2024-40661,0,0,e9311a0488c8beb4857508062f47da62f4761ca246a30ea7974cdfed1317449f,2024-12-17T19:32:42.070000 CVE-2024-40662,0,0,f930fc5956328b9ceaccc04df86a895546984aaffbdfff03287ccf231f34c2aa,2024-12-17T19:07:42.750000 -CVE-2024-40669,0,0,c04270fb30a7181c32de8a3b7ab800263bc874038550e38185e767ce97f4f2a4,2025-01-28T21:15:17.387000 +CVE-2024-40669,0,1,b6f6eebf40a5b1be309e95d5ef40aff71f0c52f855e1b5b9d3c2db246773b98b,2025-06-27T19:01:03.900000 CVE-2024-4067,0,0,06cf73941215eebfb58b3f7712c48b8f71a364f025c4b7e91b6494998e5c5a95,2024-11-21T09:42:07.587000 -CVE-2024-40670,0,0,865eb4e5a07857fa990b38cb66883e1af0d25fd9eb617b3cf24619f02ce8a4ff,2025-01-28T21:15:17.527000 +CVE-2024-40670,0,1,f890ec435f3284c6e75ea631c2b6bebbf0047f60511e4cc019189231df01e876,2025-06-27T19:00:51.030000 CVE-2024-40671,0,0,4520d06fdb2a855ee77cf9a82325fd4ddc6fdfedc3ecf68cb89582eb0d5cc2c7,2024-12-17T19:30:29.457000 CVE-2024-40672,0,0,d3743aadd79960e77effe0a6f9751b92a7870c95b6a5c2283fc8c7d25b6ee06c,2025-04-18T02:14:14.330000 CVE-2024-40673,0,0,986d27c15d8942220d686ac719e54d45fe7da72a19c8de771af715ad9b29e94a,2025-04-18T02:13:10.757000 @@ -266473,7 +266496,7 @@ CVE-2024-4101,0,0,1d6ed5ba97a2f1ad151466b3ca32875ace9a56e7c8d7d44c890b8b3ada994c CVE-2024-41010,0,0,7d2daef6e7d0ee3e0487437fe1a45624bf889ddd16049d1a5a89a934f340ee6a,2024-11-21T09:32:03.607000 CVE-2024-41011,0,0,9f4ff30565fcca32f4ad6c1fcd8959c5c6e4a1ef7a7a74225d8f93f4f9f215c1,2024-11-21T09:32:03.737000 CVE-2024-41012,0,0,eb5eeba32dbc20c53f5d8ec529e31bdb298f6fa48fa5e0e88492ead04150e399,2024-11-21T09:32:03.867000 -CVE-2024-41013,0,0,5d2d648bcd81be2d07c67cd7c293fb6286aeb556fc436fcb8cbc4e97f940239e,2024-12-27T14:15:23.343000 +CVE-2024-41013,0,1,09e1f606b33d5e169b858b9a16721c5d46eb365fbf70d7296ca0442694253bd1,2025-06-27T11:15:23.610000 CVE-2024-41014,0,0,22ec70bcd9c2147a233fbc228d676384c5b06fb848026037c24a21afff4a49e4,2025-03-05T19:02:36.107000 CVE-2024-41015,0,0,9b3ae1f79342e0b13e2fef94889a75a92c8d75d0a17ab7cd43a433c966ccfd17,2024-11-21T09:32:04.217000 CVE-2024-41016,0,0,8df47623ea6d364b67b323c6874ead4a0fb1cdd6a839c86e81c3f8df2e89dd14,2024-11-21T09:32:04.357000 @@ -267451,7 +267474,7 @@ CVE-2024-42256,0,0,edc05ef4c4b039205dd4742bda3b59e3c49c6b729d4308e507256e4cea132 CVE-2024-42257,0,0,b415d843839451616e89f8340d3d7be62471be77167f68aca6ee4280141a023c,2024-09-06T14:12:22.577000 CVE-2024-42258,0,0,93ed858e34adfb2f2b7138b436307015088b4e93c62ec1651e9d65ad013da5a0,2024-08-14T14:15:27.727000 CVE-2024-42259,0,0,e9713caf11c93b7425f967b5ffe4bef3a928272c3efcf5a08dfb842746044f62,2024-09-25T01:15:42.137000 -CVE-2024-4226,0,0,7ee0ee87b4ac6270a2404bff1eefdcb1a5da70abb12f9a337fd8ab9d673400ed,2024-12-04T18:15:15.330000 +CVE-2024-4226,0,1,5c166a90922c19540fb3c4ec789f34b3d57ccce1d27f4188cb8d9ad01977f058,2025-06-27T14:42:47.217000 CVE-2024-42260,0,0,eb52125b7ac8aa328b971df28fae3672970357ac79f1958c3b76d2a4939b79fc,2024-08-19T12:59:59.177000 CVE-2024-42261,0,0,72fe870a41ca864453ed4788fd4a91439d6c4b246a2a5f09a56b04af1e7ecbf8,2024-08-19T12:59:59.177000 CVE-2024-42262,0,0,7f3d17e5526185f5375daae7ba422211b70f3364ede237c89feab9ff5e43cedf,2024-08-19T20:05:15.407000 @@ -269298,7 +269321,7 @@ CVE-2024-4454,0,0,1e6371293057edf678c7077995a2115f685fb23dd798633163e8fe89ef2481 CVE-2024-44540,0,0,a3ed3256f272f75cb9da6472ccef92e78443ceab0d9d284cfb0ef32a1d8d4528,2024-09-26T13:32:55.343000 CVE-2024-44541,0,0,360d36038a09153826fdb7f75c9d2e58a990ae541d7e417f9aef6615b41fd219,2024-09-12T12:35:54.013000 CVE-2024-44542,0,0,69649467d837964ae89a10ea879537e85831463615e76c2141ca248d248803a6,2024-09-20T12:30:17.483000 -CVE-2024-44546,0,0,e2c66d94fd13e792ad683596bcac74d7412b12faf579386ee0b995b81a04d1c6,2024-11-19T20:35:24.240000 +CVE-2024-44546,0,1,28f2da12d0f2a9fc26600c5eda88fdb873bc66c37565a1d5178b6d4b0568a963,2025-06-27T18:51:21.760000 CVE-2024-44549,0,0,a5aaecd9ba75cc32cf841f25e868951de8e2b2b047d881486d13d5755c1993c4,2024-08-27T14:28:55.157000 CVE-2024-4455,0,0,86fb5ac865589bd6dbf1b2f040499164e25192c3199bbf5250acc72b40c8d8cd,2025-04-04T23:49:13.973000 CVE-2024-44550,0,0,6e5e7c90073553915c6cbf84e10c6c9591a0626baa58af3865b7686a30be241b,2024-08-27T14:29:02.370000 @@ -269969,7 +269992,7 @@ CVE-2024-45466,0,0,7ab6c9db5141ad0c1af4b2cb7b3f85c5be97bfe16784a09012ba2fbcaee63 CVE-2024-45467,0,0,23b9e5f03a7f9ec7ad1b24f4355fa7bf315e83438a70d394b1cb9d34a6dc68b0,2024-12-10T14:30:42.243000 CVE-2024-45468,0,0,b11e9f80b312ebe880f83b5fd91143c88ca41f5f06c5afccb20e1da8ddcee000,2024-12-10T14:30:42.633000 CVE-2024-45469,0,0,bafcc43cb5dbd061e0debf6373133a6cfbf233606e0cc79312f023b15d4f9345,2024-12-10T14:30:42.847000 -CVE-2024-4547,0,0,a1a3970e0fb16e48453b2b30113243fcc414c697abb7f98e5b0b3e057a578fc7,2024-11-21T09:43:04.813000 +CVE-2024-4547,0,1,135358d5a45de5ce105aa9a2fbd476caa02f01504acc7008828228304e789f9f,2025-06-27T14:44:45.050000 CVE-2024-45470,0,0,20d427a059c8ff4735cbe3fb9ba8a35cf7bd82fa1cd007481ef4546ad73d7ad0,2024-12-10T14:30:42.990000 CVE-2024-45471,0,0,10cfc8f4af1811ad697921c8de0dd6ed8f675febbb38779492994282256c0779,2024-12-10T14:30:43.137000 CVE-2024-45472,0,0,0b02cdc0cdba7118cd37bb6030441ae3050a31db7292676e268f164fcbf4f7eb,2024-12-10T14:30:43.263000 @@ -269980,7 +270003,7 @@ CVE-2024-45476,0,0,af2645c959f7fb40898aee3a6516acece8ac0169d007f0fa6a4f1b42b4456 CVE-2024-45477,0,0,e64486945a7233685155bac32e1cee1ee1baed194f1170f1d979f1137af05eea,2024-11-21T09:37:50.293000 CVE-2024-45478,0,0,88c76a6576896123f03dd4b9980d5337fc1f5a01d914774be128ca19ee9a54dd,2025-06-10T09:15:22.687000 CVE-2024-45479,0,0,84bec843f91bb21db5ef2ec2468b56bbd8299993819e1572bac37f7cb4bdb8be,2025-06-10T09:15:23.043000 -CVE-2024-4548,0,0,786d19cd58b88bcdfc19b80d93d3db48e97379f52e3e47e3044b662133078b90,2024-11-21T09:43:04.937000 +CVE-2024-4548,0,1,64d27d8c1798f091b5754f4ca8a6d06ab91e0b1000e843598bb4bb2756fc7f73,2025-06-27T14:44:50.180000 CVE-2024-45480,0,0,6f8c399265c28d8f30d1be5584149815f4f10b4a9a7604b6361eb6f6588833d9,2025-03-27T16:45:46.410000 CVE-2024-45481,0,0,af204bcc6a197076943be1004764d4663ee00d5011c570a2bf5a36bfaae8814c,2025-03-27T16:45:46.410000 CVE-2024-45482,0,0,d60188701de684b114aabd271be11b66cd1cae713200249995630a5c75bd4ff4,2025-03-27T16:45:46.410000 @@ -270854,7 +270877,7 @@ CVE-2024-46851,0,0,b0993c3439c6fdf7de7e13034429b55167ffbe1f88b2ed8118656fa5260e8 CVE-2024-46852,0,0,1e4dd009dbc248ae2fc9217a7cec4442d7b40b3f6c50166be19bd07dd05305a9,2025-06-19T13:15:46.410000 CVE-2024-46853,0,0,7013163bb0b0de8fcc4deccdec036fc108843e6740181da643a0cc828a7da7b8,2024-11-08T16:15:23.727000 CVE-2024-46854,0,0,d2b8ace374763a38df18b61a469d196e1746b4597f0027e5c9c667cf2f8fd171,2024-11-08T16:15:23.857000 -CVE-2024-46855,0,0,46b0faa9ce85540614181cf4962008995b9781bd009434c91e4d733a9654cd2a,2024-10-17T14:15:12.790000 +CVE-2024-46855,0,1,c36453e2e97c3147f106712134e4baef9b262a4dfeba1947955bb142b3128ffe,2025-06-27T11:15:23.747000 CVE-2024-46856,0,0,fc79baec1dd907d409f369701e0489f1abd5dff0ade3e1d9a2c6136e910ba1b5,2024-10-01T16:04:54.247000 CVE-2024-46857,0,0,9d43bcd60492be3bf55675eb3c30b6ba5a833c377a4f4bedac3814b378fa3b2b,2024-10-01T17:10:29.657000 CVE-2024-46858,0,0,c772f73c921db7b44797f218d27b29e0e7f1f8666d0f1c7218a487e9ef0feb7f,2024-12-27T13:15:20.603000 @@ -272024,7 +272047,7 @@ CVE-2024-48245,0,0,24922a2d7e07e6658bda8116d06f7d7a042d2aff2acd1eb5bf13301caf6d9 CVE-2024-48246,0,0,9e54d8ae569997b2da7f9b0bd6618b2d7111ed51e20372574de285e89a2b6c23,2025-05-21T15:34:19.317000 CVE-2024-48248,0,0,bfaaa427608ee7a1887b41f59bd89b64643bcbb880eb573595b1a553986426d5,2025-03-25T18:48:31.753000 CVE-2024-48249,0,0,e4e3a9ca6b896ed2486bc467d7bae3b81b45662dbbf5db69ff266497b3630e1b,2025-05-27T19:41:23.573000 -CVE-2024-4825,0,0,b141ae218433922683f0ccacbc61d7ee059f7a0887351d4d5d1cc8df22738ed0,2024-11-21T09:43:42.050000 +CVE-2024-4825,0,1,14dceba72a20169b0f1f7f0351344de9e8ae9cf46cec7e22681acdd32fc0aa70,2025-06-27T15:04:13.027000 CVE-2024-48251,0,0,c80def3e238ed0fab4e8dad7bc06f5b33b90fcccea2cf3bdaafbfe1c7c4fb67e,2024-10-17T18:35:12.280000 CVE-2024-48253,0,0,b70ff92c82c64cbe033ec2ad84ff058cb176628e12403ab6628076d415af96be,2024-10-16T14:27:17.693000 CVE-2024-48255,0,0,2b6f8774d72baafd1115de9bcbbc371853799070d2e0e0fa178370e9cb8145cb,2024-10-16T14:26:23.287000 @@ -272049,7 +272072,7 @@ CVE-2024-48291,0,0,85c099a44aa72580ec158c2dff9e10ad09460913e1a1523fe43732ab80c4e CVE-2024-48292,0,0,7f8838e82390766bc039b0ef3c145c9a3b0d547a1c16ba215a4c6efa9a2b18d1,2024-11-19T21:57:56.293000 CVE-2024-48293,0,0,8a90ee64d8e0a4016d250a132997b503f4e4629ba1cda5993d263cd1dc28000c,2024-11-19T21:57:56.293000 CVE-2024-48294,0,0,b81e296c829bb2fe4de4a0412fb8c7880c02529a65b2eb4833c50f9d6d79d02e,2024-11-19T21:57:56.293000 -CVE-2024-48307,0,0,c22be44a58172dc5d3cbbd2ec37d65d406965554da3ca5be5d01278c103946f3,2024-11-01T12:57:03.417000 +CVE-2024-48307,0,1,15b8b329b38924b2855e6d5991dc0adee85e0e45ba2e33cae6814a54bce57d13,2025-06-27T19:45:28.870000 CVE-2024-48310,0,0,8a9828d1eed59c21bd6b4c9391faa9afe915a803a4599d5f035bfa76a293843d,2025-03-25T14:15:26.223000 CVE-2024-48311,0,0,2eef2a1eff54218be81569e844c59764c3be30344a9c245dc780068f59081c63,2025-05-22T17:26:02.120000 CVE-2024-48312,0,0,16be675ed6d7db1e9ea949b11ad7528da4ef74c3da828eaa8f911e1d7178e590,2024-11-06T18:17:17.287000 @@ -272173,9 +272196,9 @@ CVE-2024-48637,0,0,cfc49b57046040dcdd6d5fc8e6e790af0f556f70799842ba3a72ebae262f4 CVE-2024-48638,0,0,246320ea1c35c1e6b3ad1a623c22277ca5ac24e6f210531b1fc30f74bf171f45,2025-05-07T15:50:44.803000 CVE-2024-48644,0,0,f45def5e74ab56408c21bc281376fa0f33b4a13ffa2e2dfdb21ba8565b82da3c,2024-10-23T19:35:12.593000 CVE-2024-48645,0,0,9152ba80924d9c92409f6703bb9c2d238b590d6f9b8c29d83efec7dae6452fba,2024-10-23T15:12:34.673000 -CVE-2024-48646,0,0,bf27b7220c78f47654099c0d09c9128370095b06177bd842d6c21d4ef1db924a,2024-11-01T12:57:03.417000 -CVE-2024-48647,0,0,b7696d94da9270a17d9207f6567d56381aaae72681124cf7f89fe2e76f29522d,2024-11-01T12:57:03.417000 -CVE-2024-48648,0,0,b4d8db028154fd4559a114bfba42dd1bdb7d1acca8b8710121b3d0a413885b7e,2024-11-01T12:57:03.417000 +CVE-2024-48646,0,1,fca47b1e485f9efb261ec59e5477ce714403a337bd72e94959c24595c39bd832,2025-06-27T19:52:09.540000 +CVE-2024-48647,0,1,ed65814784014d99c607c2eb095de6b40280deffd111b6e740a5addfe0af2617,2025-06-27T19:49:51.970000 +CVE-2024-48648,0,1,477ec9b092eb4968d90655295187759ddfe9c1bc857b547c06326069c1a9a71e,2025-06-27T19:49:02.747000 CVE-2024-4865,0,0,f1576ecc87ca7fee9298742cd01dc67deb3971b1f5088fdc5baa9a9828ba495a,2025-01-07T18:04:22.393000 CVE-2024-48651,0,0,ded4875402e721e0f54c65417ac3b7f0f0c3bcafee486e41a27af2c156a98d90,2025-03-17T17:15:32.143000 CVE-2024-48652,0,0,1f1ceb7278aed53b322a7fd62edb1a6f7a99113850dfb02458f6ee594abd4d39,2024-10-25T16:51:57.013000 @@ -273919,10 +273942,10 @@ CVE-2024-50616,0,0,f16f40ce12577bc20e6d17ff8fa15bd5a1f69a543581dc34546ce7e8ac772 CVE-2024-5062,0,0,cdc86dcd84c87200c0328afbc0b136b026f9aaa280f8620d87cfe6bc9e21b227,2024-11-21T09:46:53.077000 CVE-2024-50623,0,0,689897be2bf1eff885c220c68e780397d6277f6ae7515a9445eacbcffea8a3fc,2025-03-10T20:25:14.940000 CVE-2024-50624,0,0,4dbef642aecd79431dea3a468f89320966176b8885a0f54cdc3c9f8045e371ec,2025-05-31T08:15:19.793000 -CVE-2024-50625,0,0,e04716b58b85646e0047095f734370c4c20f25404834f8cd5d8b8ded178db678,2024-12-12T02:06:32.647000 -CVE-2024-50626,0,0,2f6bbbf1f6cbc2582724a838bd1830cf40db0c1234105b1e6f20e74933857ec7,2024-12-12T02:06:32.817000 -CVE-2024-50627,0,0,ff0b348c06797fe5e48e7d9d67e446eb1bc6295f54190d0f22bc9fb1af7d09bb,2024-12-11T17:15:17.200000 -CVE-2024-50628,0,0,4a553c5880c5f912e8807dcd32f61b35d93e6e26b90cd026128370309a80a103,2024-12-11T17:15:17.350000 +CVE-2024-50625,0,1,2d12ac69fce37f9194229639d79b8734ed5468c458c95fee9fcc15c701bf2d3f,2025-06-27T16:07:48.380000 +CVE-2024-50626,0,1,eb3b63296f660fee82c815b7d61665ba56a5f72e126835c0339233ebaf93854a,2025-06-27T16:08:05.093000 +CVE-2024-50627,0,1,131a13829121c5264bc52d116e88bc553215d2506ae448d696b1f82ee6d5bc9a,2025-06-27T16:08:12.680000 +CVE-2024-50628,0,1,41f83767b6a19e77422ff6f8f578bdad2797937e63562e7c8e62955f2df9fe51,2025-06-27T16:06:32.573000 CVE-2024-50629,0,0,3ab50aa19ebf689fe8d57d8f4de1f5774923cb743d9a1b552f7b21d6e2840ac2,2025-03-27T09:15:14.190000 CVE-2024-5063,0,0,c4410869e86851d742c625b6deef659a651b11dd076a037bf0676028b9f3f6c4,2025-03-03T16:05:23.833000 CVE-2024-50630,0,0,5c8281a1fa2d55a1383c52f2f4c6ed3a28e0d51d7e43af12525259f292ce7e7a,2025-03-19T06:15:15.620000 @@ -274841,7 +274864,7 @@ CVE-2024-51963,0,0,65d15561511f4792024c62d0c3dbbe1a84656f415b27a24cc7fcb099d4df1 CVE-2024-51966,0,0,69a0d46bcaa28466534ecd74cb2be650273566964ba1c75d7e0cb22b97d45b63,2025-04-10T20:15:21.850000 CVE-2024-5197,0,0,3ceed42f5112dd9bd5fe7184078d9498cb21faff4758f60f424f81f723a4d1f0,2024-11-21T09:47:10.363000 CVE-2024-51977,0,0,4f761c661b42c5f2ea392c2e78f80ddcfd980ce62a703a58f98178b982585c9e,2025-06-26T18:58:14.280000 -CVE-2024-51978,0,0,2e5488c8fcc87d31fbd78a7a4d6c0122173f65ce5d71abf3aa37e260f6a0ff6f,2025-06-26T18:58:14.280000 +CVE-2024-51978,0,1,03d1a503eed2ad93f0d9f75a5af0892a2c159c172e2ef3589fb908507d816f4b,2025-06-27T14:15:32.593000 CVE-2024-51979,0,0,66ea3af85b0be3e586bae0e0d9a1e50639e1aa59ecca4df614263a85bca7d862,2025-06-26T18:58:14.280000 CVE-2024-5198,0,0,3fa9ec394e1888d66e83812554066b455d9458d73cda1ea9275cc8bdd128d3dc,2025-06-10T16:12:09.340000 CVE-2024-51980,0,0,572f544401e25328be329256d6ac93c2ee2db5ef54d12c1aa92544388b677094,2025-06-26T18:58:14.280000 @@ -274874,7 +274897,7 @@ CVE-2024-52008,0,0,125a0322e7807666a756edc79cb1fa872c15ed4f33221b6e1b4fa26cf4ce4 CVE-2024-52009,0,0,cc8d0703961e087a98502702891833ecd954855c6a6517c8d696b5d24e6aa571,2024-11-12T13:56:54.483000 CVE-2024-5201,0,0,70f2a62b026d2275481fc1646adce1cc60a8e3612df3f1a182e7d38251323855,2024-11-21T09:47:10.680000 CVE-2024-52010,0,0,a4c46f7507e225ba5d49bf8c3431e11b3f2a00027caa082547561252d3f632bc,2024-11-21T17:15:23.350000 -CVE-2024-52012,0,0,dc7726d6f55976e17a58afd87c23683cc6ade0bd6d67f5575e49490169267c33,2025-02-06T17:15:19.480000 +CVE-2024-52012,0,1,1ee62f93e34e81e3c43dea29468d387ba6a3755617e4b3e35292bad0a13379af,2025-06-27T19:32:29.547000 CVE-2024-52013,0,0,d89edd05f415c555a8f914f0e8b20001d0a5a84b0b037e9f2231e7c966c23f69,2025-05-21T20:24:21.147000 CVE-2024-52014,0,0,45ab09acb094f13a7621d16d44a7467a7f4440f9d852aedec1fc2cc0bd7b2c68,2025-05-21T20:24:11.200000 CVE-2024-52015,0,0,0432deaaf2f61d9f4610b52dba8be93f626ec750c8da1755df6af4521ccb30d3,2025-05-21T20:24:01.020000 @@ -275456,6 +275479,7 @@ CVE-2024-52897,0,0,81ad80051d1322a8bfb61db68a23039003246d955567fed9fc0a8a2a809d5 CVE-2024-52898,0,0,d7b7f6b11bb044b80bea87d96314b701a1a2f838c26b331c4312588e6e64f889,2025-01-14T17:15:17.513000 CVE-2024-52899,0,0,fd381e4ffbd82c5c3ae3119791a451a008b2780104bd8e38b6962694cf0bd562,2024-11-26T01:15:07.153000 CVE-2024-5290,0,0,63b2ebbbc89fe3009e69f8f9e716432542a09cc7bbb7656b9181d2882b05d010,2024-09-17T13:09:13.683000 +CVE-2024-52900,1,1,0ad88d21343c84c80caef3a659e8962e900ca53cd23de98a09f862b4d2f72910,2025-06-28T01:15:24.957000 CVE-2024-52901,0,0,36d188f2446e50c3cb0f73c4dc9bb8995fd68fc57b5b23eb83b9c2e8f4d32395,2025-01-07T18:16:58.680000 CVE-2024-52902,0,0,a3380a1085a80da252bc071d60beac51ec60c4709d752c512c4410d14d967500,2025-02-19T15:15:14.660000 CVE-2024-52903,0,0,6a0a9d233707a4bee917ab563344bae0e8b52d03b0bb6127ca20fa079cd9456e,2025-05-02T13:52:51.693000 @@ -275478,7 +275502,7 @@ CVE-2024-52923,0,0,1238a4879a0bc2d925f8ecf6f96b3d1c816c52f29e36df61c25ed1ce84892 CVE-2024-52924,0,0,8b254b4a26863de18a0a4930d1f91105918cf608ca8edf047ba4e3990b61fb38,2025-03-07T20:15:37.240000 CVE-2024-52925,0,0,4d21065ff66a1748231e5c3543316979502c5f13302562a708f4fc89ea5a4eb2,2025-02-26T15:15:23.867000 CVE-2024-52926,0,0,5021ba3f217b734483a326034e850572aad7fe69e34251b753d7998240a26e61,2024-12-24T19:15:06.940000 -CVE-2024-52928,0,0,524f3676b2351f38748a169242bb2dc8bb9060b38616ec1508a2eda18e9c55ab,2025-06-26T18:57:43.670000 +CVE-2024-52928,0,1,dfabeea14619e134bd8e1f0f533a4854f76a27777285e20a75437f592f247fda,2025-06-27T14:15:33.280000 CVE-2024-5293,0,0,f489071fddfba63fc047e3d21a5cfec46b34b73b22b63f08d456cdba6a84add5,2024-11-21T09:47:22.487000 CVE-2024-52935,0,0,da218bbcf32aa8ee196d0cc84ac3289085c87dcfe3a543f2e97a81e0e8e7c479,2025-01-13T19:15:10.993000 CVE-2024-52936,0,0,fc5419fb37a8a058b0ac6dbc1882fd48de1fcccd6ca5038c660a45c78f704b96,2025-01-31T17:15:15.567000 @@ -275842,7 +275866,7 @@ CVE-2024-53292,0,0,bd619889663fd62d8e8cbaa5bfff01dfe8f5581c509f8c8b421edd00bad85 CVE-2024-53295,0,0,b8e985a8e27bd0c49159e8a0c89472687e5b7e5449b7c5ba70064bf994d363b3,2025-02-07T20:29:07.407000 CVE-2024-53296,0,0,be682d3eb2a02cb859d07bb38fd2cdf79c5c9c446624f27b1fefa1f7d7732c2c,2025-02-07T19:54:50.490000 CVE-2024-53298,0,0,b1119bbd1ef72d0156fb7b5de362820e1da35cbfc6b925dbc3fb560a655ecd2f,2025-06-23T20:16:40.143000 -CVE-2024-53299,0,0,2311d06f0f8179bedcf518ce1bde420954fcc87b5db6c467bb518cf92e75888f,2025-02-04T19:15:31.877000 +CVE-2024-53299,0,1,dced177fc9061c5231d451af174fecaf2d9f051bd09cf816211e9364dce8ffd9,2025-06-27T19:41:44.010000 CVE-2024-5330,0,0,d644a32144d291678dd5bb7f21b934bb851a049e1a1dcad7ed14bbc2171615fb,2024-11-21T22:46:26.800000 CVE-2024-53303,0,0,44eb46ee122a84c5c1f452e24167d9cd2b06057f7e2c70aed9bb7a3dfb9bebae,2025-04-17T20:22:16.240000 CVE-2024-53304,0,0,dce057b7c4bd674993960b00b0416503a4f3671388560dd0d4c713606113d491,2025-04-17T20:22:16.240000 @@ -275879,9 +275903,9 @@ CVE-2024-53375,0,0,03acfc3ce1465046824ce662fbf44dee8291f967ecd696fbbf82e7a2b1461 CVE-2024-53376,0,0,8911dbfc8997baa2a57cf32f34b4dcc9a56903a67bd0c4ffc9a41950a9065ad0,2024-12-17T20:15:22.380000 CVE-2024-53379,0,0,2b6df428322956cd20e5c553031d5487355c33ab4cabbe810e5c3a60725bbc7b,2025-02-27T19:15:48.927000 CVE-2024-5338,0,0,2afe684191c73468eff383b7ca370b5770f74a1aec9a85ac89128ddd56eac957,2024-11-21T09:47:26.997000 -CVE-2024-53382,0,0,c5104468b3ad78fd7953a09f821d9dffee4c25f17107a068d2d078b1d4aeab93,2025-03-03T22:15:35.637000 +CVE-2024-53382,0,1,34cf719787037e6f12d974bf13a6b542a722ed46c063f99e023d87bc4aaae973,2025-06-27T13:08:24.660000 CVE-2024-53384,0,0,b6866f3b6ed7c8eaef607e4d3e7fc2f2f1a05b909484b75d95782c7b2122e8b1,2025-03-05T19:15:37.560000 -CVE-2024-53386,0,0,4f740f73a87c193e520100cc93e13e2176358015da32a9b1618be2b00c67ed2e,2025-03-03T22:15:36.583000 +CVE-2024-53386,0,1,1d32776607446a935905b3b40d9f1528e7152f399521604259f5f644821a3af6,2025-06-27T13:01:00.597000 CVE-2024-53387,0,0,264b7c4136ae86fc011e3b043feb659c0b9ddd37f668a4f6020393264ee8d896,2025-03-04T17:15:13.043000 CVE-2024-53388,0,0,74c76ad7bc6f5ea963364a19f441da609f31d2dad038836a2072f637e7a0b0a6,2025-03-04T17:15:13.217000 CVE-2024-5339,0,0,0d824fdd75ea0024ca1d8121d180fa88d48321696b6a589d7b7ff1cb4a42c3e7,2024-11-21T09:47:27.133000 @@ -275939,7 +275963,7 @@ CVE-2024-53542,0,0,6e9c23f96ec3d5fd6bfac59677f096dfc6775a45a4ea9d157160d9f2250c5 CVE-2024-53543,0,0,a8ebd41f35a51bda8eb6ddefa5b93253790140c5dc00bad0e97ee1d8be8b1a1b,2025-02-25T21:15:15.787000 CVE-2024-53544,0,0,09495d46b75a40635beffbd9f5ca381f31e58e51162f9d7c92eda8e6222111f5,2025-02-25T15:15:21.900000 CVE-2024-5355,0,0,4811cb4ef1428213ba525fd17abd9ecd8ff4bfbab602627c6a21c8a4c0dfc10b,2025-03-01T01:56:45.997000 -CVE-2024-53552,0,0,c1aca801cff9908986dc63539f45de9da875f15c8f420733633676b31af7be69,2024-12-11T16:15:14.373000 +CVE-2024-53552,0,1,db474f9a88ac5ac3940efa231bcc848e183f4bfb5b3073d63ebe9b9780330b7e,2025-06-27T17:58:40.553000 CVE-2024-53553,0,0,f76cd837b8044f3ae7bee9c286ff4b43a72406724cd6dd80c83638da1316919f,2025-02-03T21:15:13.667000 CVE-2024-53554,0,0,21a54d7bc341c058102c672add5c6a39faba0998e6b5d3050bab27868ab5983b,2024-11-26T16:15:18.520000 CVE-2024-53555,0,0,98c9cd71300d5c5a0ee8cfe56c2efb641372e5ee4508b44193ca67680ed7c7bd,2024-11-26T21:15:08.560000 @@ -276296,9 +276320,9 @@ CVE-2024-53992,0,0,74fe78e5a88273e14dffe3fdfb7e10a1a6fdf88813b8627c1c6f9bdd85fd6 CVE-2024-53994,0,0,e4fd7d1433ea2d2045c5c35bea5f1bf7a01f256f2a3382035223ecd4f6dab31c,2025-02-04T22:15:40.640000 CVE-2024-53995,0,0,d8b5acaab823951d6e735842d2912758019cbe526552658ff96b8de90e099460,2025-01-08T21:15:12.703000 CVE-2024-53996,0,0,d36e247a06b1f41c7c1e65228887c2c12a82ebc001f7a83b885b351bf294ce08,2025-02-11T22:15:28.677000 -CVE-2024-53999,0,0,cdb0723e4074a3f663118dfa5769707390e8c59bc2c76550745f01c9818e6d0e,2024-12-03T16:15:24.250000 +CVE-2024-53999,0,1,93e548c3d51b8abe43fb04a30eaeef08a298940c9476f8a08aa475e41623541a,2025-06-27T15:16:59.273000 CVE-2024-5400,0,0,fa1089745765c8c92c3b698eeb8bc3e2fdf4bae4a68ce66e55e2111c1b051015,2024-11-21T09:47:34.830000 -CVE-2024-54000,0,0,147b048e4f7bad520bfc55ae8ff59beb0f9453169ce058d17d88f019184395f1,2024-12-03T16:15:24.380000 +CVE-2024-54000,0,1,cf321e0bc802a9fc5ba7b65637af5f95ee5f615ff560119c24c7a82fd4c57436,2025-06-27T15:17:02.040000 CVE-2024-54001,0,0,0aa818e3064cc2090ad8d04c48f2d63f6f249652e34aed2b9e823558a0954a5f,2025-03-10T17:33:24.633000 CVE-2024-54002,0,0,7c5a00df1d470c32b9eac42d93309bb19614d9762fa0f049a771979bb98949b7,2024-12-04T16:15:26.537000 CVE-2024-54003,0,0,b632b439005206974a2b4ec6ab08a78e134e0c09d892996aec7289d7221f0377,2024-11-27T20:15:26.133000 @@ -276351,7 +276375,7 @@ CVE-2024-5408,0,0,fa6b3cfb5fa0c30106c5ac3ea6add5195e2bf0919853555e00f52962c2a69b CVE-2024-54082,0,0,65aa9ae45e1268a98d7772f17453032df41f59a165b23f820cdeaede4b477a68,2024-12-23T01:15:07.840000 CVE-2024-54083,0,0,5fd9cfa9d541ec1d140263f1195469b624b1e1b6173ea5643199f37a0fe69372,2024-12-16T08:15:05.317000 CVE-2024-54084,0,0,c1aee3e143998bbdc982177558f44486e207fe61fab43f3469a59c234690bf0a,2025-03-11T14:15:22.730000 -CVE-2024-54085,0,0,b596a98d45d5788b4bb9f8c50f83954a17bbb2d6fc42081dba30be070a5e7786,2025-06-26T19:29:28.430000 +CVE-2024-54085,0,1,c17788900cd231476143e3f255e8b11cdd412b98376ba6329df57d275ce55a03,2025-06-27T16:57:49.563000 CVE-2024-54089,0,0,efd2198ce361ea992eb01ea5caf6a93dad81fb83e8cf416236617bce8d42af11,2025-02-11T11:15:15.423000 CVE-2024-5409,0,0,e57e1ade9406d6824e9de4b5fb59a028c0cc0d3b407f2e5791339282678e1347,2025-06-05T15:31:08.950000 CVE-2024-54090,0,0,66ce7fba27ae90aef333be57d6145501dc74f76ec68d084b34f2e2ffb0d19de5,2025-02-11T11:15:15.647000 @@ -276532,7 +276556,7 @@ CVE-2024-54277,0,0,58da62670567e73cbd217a4b30174c0d4ebedd4ee7d52fd8711526a15a096 CVE-2024-54278,0,0,d2f9853251f20f0f05fcd6886b5507e9eca80139b399c16e352d0cb160ff46ba,2024-12-13T15:15:32.177000 CVE-2024-54279,0,0,298cfe97df085fab29a544c73b4568c46aea9f248a68c8b66c34232ded900869,2024-12-16T16:15:07.717000 CVE-2024-5428,0,0,6e43202ea2dfbd8881842da2f042c07dfc64de971afc0db80eb3887200e1a70c,2024-12-09T22:51:14.763000 -CVE-2024-54280,0,0,8fa9225be925d106d93dcfd27e9a9a26f04c6b52a8546faa20315379988bf607,2024-12-16T16:15:07.880000 +CVE-2024-54280,0,1,b0cbbab2ab97c9ea5c544787b887a3b6a2bf59142358431c781d6e4721b7db99,2025-06-27T16:54:48.733000 CVE-2024-54282,0,0,c458be3282c58f5df1ede6bcf9698417994099e641ed6cb0a0897920ae17dfe7,2024-12-13T15:15:32.303000 CVE-2024-54283,0,0,a39f7e291dd31527b201be43b77f483d37791031247ec3d1781fd952c9391b00,2024-12-16T16:15:08.023000 CVE-2024-54284,0,0,2c9485367b20a97903cc3737328fbdda5e321fdd473e14bb134913f7d1779977,2024-12-16T16:15:08.153000 @@ -277468,14 +277492,14 @@ CVE-2024-5618,0,0,d2d97c727c060ec84f3174901af9ab7b075641151198c4f29457077453fd0c CVE-2024-56180,0,0,9a461075be1a2eaf70b03c0f7152f850619b8e5d7322fa7b2ca03c910642bb05,2025-02-18T15:15:16.500000 CVE-2024-56181,0,0,99320f5318c3c983e160c350f6cdf26bf8ee1c17fa626cf4ea95787b0c02e6c8,2025-06-10T16:15:35.567000 CVE-2024-56182,0,0,5ee1e5b1fdde49b3515b4dcb4f95321f9c089994e2beadf28f64a425c5cfca9a,2025-06-10T16:15:35.710000 -CVE-2024-56184,0,0,cfa96ecfb5fa8c21810ae009c6b4f3b06db71fb50957ff937e7c209966648dbe,2025-03-11T21:15:40.710000 -CVE-2024-56185,0,0,9bdd48ae93803b071e055266f51cbd1242ee40b4debb9c941d1cb0555b1a3a6c,2025-03-11T21:15:40.857000 -CVE-2024-56186,0,0,190ae1bf908514c2f9d2c38d3d34f604f6f1ac9115a2632a974d3e1689496671,2025-03-11T21:15:40.997000 -CVE-2024-56187,0,0,ceab08f75ef7a59c7aa38c4132f2b90e82f0b2516fe170752b1f40c9b881504d,2025-03-11T21:15:41.140000 -CVE-2024-56188,0,0,6099367b09e9f72857828188586bb8eaa038007ca5619c0920db3488b56664c2,2025-03-11T21:15:41.283000 +CVE-2024-56184,0,1,df08de2d0e77abe9a620c26cec85bcf657e65f9ff0a2b95c484a617af744c8b8,2025-06-27T16:21:56.450000 +CVE-2024-56185,0,1,437fa644d2f5ed990ad50923a5c3132e5c3601e7358d070dab45254e8bcadf0d,2025-06-27T16:21:27.090000 +CVE-2024-56186,0,1,1d2640fc682bcb7248ebf5f5185b09bda435fdfa7007006fc596d15b0c504ee2,2025-06-27T16:21:02.190000 +CVE-2024-56187,0,1,acb23fa328fc26c8d9ddee75bbba57e5a416db4cb4cdab1b3dd6cc618c6fee79,2025-06-27T16:20:41.487000 +CVE-2024-56188,0,1,507452022c73aa512baee28434daa80b6e49f52b09d9288759e9360c83a4e731,2025-06-27T16:12:37.583000 CVE-2024-5619,0,0,847b29035ced8b12638c0c9edc7633e1fcbe758edecd5717d697d3abb49553ce,2024-11-21T09:48:01.807000 -CVE-2024-56191,0,0,0fb9d43d2aaaca7bdbedab1ba367e431a3f49390befb6ab3c709e63306a9c5bc,2025-03-11T16:15:16.743000 -CVE-2024-56192,0,0,99f5ca3c1a3c284cfc963a8b1ab915badda47daead5c04280c54fa9daf64658c,2025-03-11T16:15:16.900000 +CVE-2024-56191,0,1,397271631e2db8e651731495d1cae7f518a39bf476d8e7795e621bf7049dd2a3,2025-06-27T16:12:14.970000 +CVE-2024-56192,0,1,c3883d2b624eb23d598b842143ba1b780531b10a7515cef233a08580303e9025,2025-06-27T16:12:02.787000 CVE-2024-56193,0,0,7c9a19ba8354a550c47164c59a66bafab11bdf9c03e60142e0f22160934e8078,2025-05-29T19:15:27.227000 CVE-2024-56195,0,0,117bdee532008d680faa0da635c50d38c0706d233f50ed3ca5625bbe8df3b1c0,2025-04-29T16:42:01.950000 CVE-2024-56196,0,0,3dc46641b7d7797aa7724d3fd1f15f00b35644ee07e2a2f891d282167bef80ea,2025-05-07T16:36:33.047000 @@ -278158,13 +278182,13 @@ CVE-2024-57035,0,0,fc128f708fa5ccc76197fcb36159086bf6daf8c8d85d358c9d8bafe0fb4b3 CVE-2024-57036,0,0,294e511f9e30b7948e16503f78b4d191862dd753fcf70aa88d3fb1cdba8a1979,2025-04-29T16:22:09.120000 CVE-2024-5704,0,0,cbccfff62486c3c4f34573a6ffedc788349c4048d54ed4b150463209e5b954e3,2024-11-21T09:48:12.583000 CVE-2024-57040,0,0,33933917891b5c81929460ab67ed0d7164ee900a0e5137644747b9fb793e41c5,2025-04-07T18:29:36.293000 -CVE-2024-57041,0,0,0979fe76d9e8316158a2a941acc94a8ef64339b0f6c4a4654fbbd04ce63283cd,2025-02-06T22:15:39 +CVE-2024-57041,0,1,f8b2d8898ee756cf88eed304f16d58a658ba1e1129c4ac1605f0a2faf4b74e69,2025-06-27T19:33:21.410000 CVE-2024-57045,0,0,fb5ea4e4f7a4b9889a1febeaf0802625e04c77b289c8befbcdbc515a09b01b01,2025-05-21T13:08:12.557000 CVE-2024-57046,0,0,fe99d44204f56661f0679c5d1ecb0fd6df526b6f6fc17cfa20ea09ee55d671c5,2025-02-19T22:15:23.207000 CVE-2024-57049,0,0,2a0005173d8041814a4147620684c257c9ca3c68d2751da229477245e15e8a12,2025-06-06T17:59:07.280000 CVE-2024-5705,0,0,f3b79a5d6cb194f0bd96745c53b497323f2e376cb2b6ea3a0bd2883a13683047,2025-02-19T23:15:10.823000 CVE-2024-57050,0,0,f6fe4502a7b18901ddf478890a963604732260de8ad7ae059ab03cc4eda5a419,2025-06-16T22:15:20.670000 -CVE-2024-57052,0,0,5683e7b641254ab70a5fb17d8461ee1673d426f59e2b3701e2e1d43626b51181,2025-01-28T20:15:54.727000 +CVE-2024-57052,0,1,df9e5cc81958baebe471b3978a81b12b05792434ec11d8f50b19c9db099624b6,2025-06-27T19:03:32.293000 CVE-2024-57055,0,0,10985f4d1644c583934097b7ec50c1a0dc3d6cc9f218e4bbfca50a2ea6ce6767,2025-02-19T21:15:15.227000 CVE-2024-57056,0,0,5fa1c6daac1c565c60219576528f65f5f288f5ab9fda6e5efedccb351b0ddf0d,2025-02-18T22:15:14.653000 CVE-2024-5706,0,0,f09a3fc0306ab86b2dee756b4e00346daa3fb01dc12c33d9d6fa100062bc19ae,2025-02-19T23:15:10.960000 @@ -278220,7 +278244,7 @@ CVE-2024-57176,0,0,f6b48d7368bea9a17183712b0b2f4847bda1b46032a5509ae05c1b2bc8565 CVE-2024-57177,0,0,06dae5d3ddad2a6c66f8afbd40a9c732b2a499e75a1412c2d2989dabc4f217a2,2025-02-10T22:15:36.257000 CVE-2024-57178,0,0,1f6e448ac583dbc5dc66b3e862fb64a834e1fd6ac65d6692ba488ccfc0af0396,2025-02-10T20:15:42.013000 CVE-2024-5718,0,0,5319c47b63a6835fedbdcd43dc1fd8b869ba81977081921f790378b370cee719,2024-11-22T20:15:10.340000 -CVE-2024-57184,0,0,3fd914158434721c2565c1759ef928a3f64e92f246b28f05ed1e4a71635f067b,2025-01-24T15:15:10.523000 +CVE-2024-57184,0,1,9a89edde5af5df4a39ac54a824b441b8471c275aa36b37f8272913dad16b4b3b,2025-06-27T19:34:05.420000 CVE-2024-57186,0,0,a4fea2c8b548f44104aa8433b1e86f86725652e7169fdbefb3b89b5054c1b7d7,2025-06-20T13:08:54.443000 CVE-2024-57189,0,0,5cc7b01a02490c7e0d836b6e78d98173efd58f4319d143e56ed6f78594f8b9cd,2025-06-20T13:08:09.060000 CVE-2024-5719,0,0,3d2db656c5d1f0a79b62bae36bd1cd10161f3160ac0d855266c2bbd4d021243f,2024-11-22T20:15:10.450000 @@ -278277,7 +278301,7 @@ CVE-2024-5729,0,0,9712e053e20ba870976caaea63cce0f316f110a23b58a4cec4427002ee2731 CVE-2024-5730,0,0,0507283d3fd0039f28b5387f17872e1d011f9c476b9bf84c5a6ed16cdb81583c,2025-05-19T20:49:26.063000 CVE-2024-5731,0,0,99cde3770eb4bb22d4df842ccd17736dc2c4de3b0872957b6cccc970f9aebbfd,2024-11-21T09:48:14.893000 CVE-2024-5732,0,0,ff8a179751dfbad7695b2a4db2adf6dff8e84fa7a5ba70bb4acd85a4f141c1df,2024-11-21T09:48:14.997000 -CVE-2024-57326,0,0,5a866ee4c14e1cdb19c3b5a682ce8d57b4762302f2ee442f12f08a1507822313,2025-01-24T22:15:34.017000 +CVE-2024-57326,0,1,34fc7f1a9189f85c75644cdf7fe6035dff355751c0af71c83ced49177c9c1f1e,2025-06-27T19:39:56.897000 CVE-2024-57328,0,0,19b4e50cbbdf72861c20532f2246e510dad0346800852a45ddbe4b096de9ae6c,2025-01-29T13:52:36.473000 CVE-2024-57329,0,0,0fef9f5ceda046114647cee1595a2f5f9e8310debafdf99a1a89de6298c7dfeb,2025-01-24T22:15:34.500000 CVE-2024-5733,0,0,0ed9cc5ec927ce007d5eb6b2465a64fa17df3754738a9c07a2ac2a71011fbe8b,2024-11-21T09:48:15.130000 @@ -278582,7 +278606,7 @@ CVE-2024-5788,0,0,26eba16faf8bba170e4c4924cd3861a76450b8d63d3d592b315f9dc173dd2a CVE-2024-57880,0,0,1164249640ccbae8f44ec0303ec00ce8897de783080074e0b0de1571b4e8f28b,2025-01-11T15:15:08.440000 CVE-2024-57881,0,0,6354b126b83992bf0d04724a87e51050df036e4588251687e71e2b731ced1e07,2025-01-16T15:20:10.900000 CVE-2024-57882,0,0,4c43867158e34d34e11244311c66ffe88463700fc29bcf87934a357a579fb0cf,2025-04-02T22:15:18.093000 -CVE-2024-57883,0,0,3d11082d7ec0dbb44b8c1430df79510b64bcb214ef5956c1802b3be147c414bb,2025-01-17T14:15:32.357000 +CVE-2024-57883,0,1,d79d7bcb7bf4c18c7dd0fd70daea1577dd38330d52877802c22e6e5d364f6cbd,2025-06-27T11:15:23.907000 CVE-2024-57884,0,0,482bcd20cfe19de2feec005e390fbcc76c6b829ae3fa822f3c8e13368b8c2723,2025-01-15T13:15:12.757000 CVE-2024-57885,0,0,d838707fb126368f8de15f11cb5ff919fce2a51564adfdf488871df2d794faab,2025-01-15T13:15:12.893000 CVE-2024-57886,0,0,6977c109ba5b94493b63db91c2ff30843c63254e757d9ba705b9d940f6ec57ef,2025-01-15T13:15:13.010000 @@ -278704,7 +278728,7 @@ CVE-2024-57992,0,0,b486ed157c0e9dc1e0f617cc27cb37e59627cf18b6c3ed0a677a0e520dbc7 CVE-2024-57993,0,0,d0bc8e0fb12400c3be039905539846f2055137bf1d0507e51299039c83fcf26f,2025-02-27T02:15:13.310000 CVE-2024-57994,0,0,b57cefe8103f1cdb7487aafdaf48c9648c8339c2c86607ad68f59782e856f288,2025-02-27T02:15:13.417000 CVE-2024-57995,0,0,72946462b0f0e55068bd901f8872da04f6b674f7ac61c3114cf9361c7de9d893,2025-03-07T15:00:33.117000 -CVE-2024-57996,0,0,05dfcf52a77d5f14e13819e03fdd55d8ebeeec16de3d22480af6e475445b7df3,2025-03-07T14:58:37.277000 +CVE-2024-57996,0,1,ab102f18e13c5d4aee3b45d8b6b5fad29a5dbd037e036bed7bc7433ae08cff91,2025-06-27T11:15:24.037000 CVE-2024-57997,0,0,8bb46a3bd71deb9503c7117821a798f0f30100646d4b5e36a8f9d1e65ec0397c,2025-03-07T14:52:55.130000 CVE-2024-57998,0,0,9a2f5b234a45c1aa14534a8e802d2d77984aa61066a605cc84fb19e78f6004c2,2025-02-27T02:15:13.820000 CVE-2024-57999,0,0,e7fa5ddca4736c27db0ad8d50f08fcd68766a710317c48d5881566d7ef301deb,2025-02-27T02:15:13.930000 @@ -278945,7 +278969,7 @@ CVE-2024-5917,0,0,574c026afaa932d1608fa90d7a194a4dc440887c0bfc0c0b5e5e230ce1a27a CVE-2024-5918,0,0,e7ca3f38eb38aac0b9c463007f19458fee1c6257baf6296eafaa1f20a4ddbd7f,2024-11-15T13:58:08.913000 CVE-2024-5919,0,0,c83edfebbf09209046a2d8782a0e7f138a1c895c2a69cc79066cc7ba16023a6f,2025-01-24T16:06:00.323000 CVE-2024-5920,0,0,99d2336d004584282a43141c7cf19114cee496059edc7baa391d1894ecf74789,2025-01-24T16:06:43.023000 -CVE-2024-5921,0,0,e35497651ac6b56d51d36fed5d7739cfdcc863cdb53f8dfa157d66e31148ca0b,2025-02-20T23:15:11.647000 +CVE-2024-5921,0,1,206755f2783b9d373e6b9582a8489334ddc04006cebf167de9e5fc06f02eb872,2025-06-27T16:55:15.100000 CVE-2024-5922,0,0,695f58e2e058442a55c514d990c8f571599bfa26e88ff8cd313f759acf5777fc,2024-11-21T09:48:35.113000 CVE-2024-5924,0,0,317522f79ef7e40c3687a78a629fe3c643f265f4648ccabd8de5057b9325f402,2024-11-23T00:42:38.983000 CVE-2024-5925,0,0,67af12bebc147252e0cd9548451ac5c5e1430e3a586e92065e0f774eeb53fd78,2024-11-21T09:48:35.373000 @@ -281871,7 +281895,7 @@ CVE-2024-8992,0,0,01b023c8fb7d1a29b2480f53ad2189fcbbea4ce707a4085d8cd10cdb7cf09d CVE-2024-8993,0,0,7ca3f4ce55668387881928424a1b7912edc1d280ff4b05f3044e3e19bdabc843,2025-06-05T15:42:22.020000 CVE-2024-8994,0,0,259c2729f870e2796e2f0c3668dd5798ef2d925d4e1b8e3b51012d15f5d871ba,2025-06-05T15:42:01.983000 CVE-2024-8996,0,0,cd0b990817d2076a00b5e7fddb7f69f718917b5a243671e20171ba3b0c170ebd,2024-10-01T19:16:02.793000 -CVE-2024-8997,0,0,0b48ff31a429248d1bf2ffcc35c0959949a86ef35a64758e5944b25e86f8afa2,2025-06-02T16:14:10.177000 +CVE-2024-8997,0,1,7da2b006c69764106469cce6fc17dc3730a2db3ed72a60cc49074bcf5f69dec3,2025-06-27T10:15:24.527000 CVE-2024-8998,0,0,664f8152850c4a51d44b7af86337ff997e00044f625ab11cea7462f9a71887c8,2025-04-04T09:15:16.440000 CVE-2024-8999,0,0,3c8e60a044044ab5591deec1a7eae6e048fa33169bdb3c562b3e89236cbadf50,2025-04-10T18:47:39.100000 CVE-2024-9000,0,0,907c469c8cb76de5fed2bcc63505f70ea61617f3e9058096bec58998cf2e7fb4,2025-04-10T18:46:42.957000 @@ -282188,7 +282212,7 @@ CVE-2024-9328,0,0,07f1dd248538cc1192d1da8dabc114dfeaa70254400c42a81b2c4be007b9fd CVE-2024-9329,0,0,669bfb011b48ad17266d0a3f049e046103b888554134593de7810884bc3deb81,2024-11-21T09:54:17.147000 CVE-2024-9333,0,0,25ab5640a6acc6d05c602e0c7a12246052f5f0a7b1493f17ea944ee31b84c052,2024-10-04T13:50:43.727000 CVE-2024-9334,0,0,0cf89f352a19e8a41734a022a708ce50ad3605afadd390780d5d52c816d00fec,2025-02-27T14:15:34.783000 -CVE-2024-9340,0,0,4a5bcd988e8ead9896e3eca3baac9877e0114192b9bc4536dd84fb18f36496f7,2025-03-20T10:15:48.100000 +CVE-2024-9340,0,1,a208ed2c1742782805b1ac38cdaa9091980d69c93b652dfdb39c28d9dff8e2c8,2025-06-27T15:28:07.330000 CVE-2024-9341,0,0,5cea099619e7fa2f4ed256c27bca353cc08b4ce4e33f48c6e26c59d466df3ec2,2024-12-11T04:15:06.090000 CVE-2024-9344,0,0,947aeadb28a081f51ccba5cfed355aa11f035786814ba0789ea30b60063bb469,2024-10-08T15:06:57.470000 CVE-2024-9345,0,0,1092198f3341340c84b195f1fb0718cf68fae0e79a30c397da7978c7a50c2c5b,2024-10-08T16:10:17.567000 @@ -282845,7 +282869,7 @@ CVE-2025-0104,0,0,dc4c81878786bc602ee20c50b1dae485c1da904352cbab72ccb96b2a9dcd9e CVE-2025-0105,0,0,06eb71f16599e7ae8629718f901478ad68364254538fe5e092751226e1b94cb6,2025-01-11T03:15:22.317000 CVE-2025-0106,0,0,4fa5b1fae50cdaa5f369aea2ce1d6cb2fad0ef7bc07026463190abcdfafae928,2025-01-11T03:15:22.490000 CVE-2025-0107,0,0,fd8c25451851f9164910ade952a5bc7b463ed8cb8343e87e23b14c61db13477c,2025-01-15T23:15:10.273000 -CVE-2025-0108,0,0,ca082780adbeb6682365e434641bf2425c6a84f37e77eb4725c63cfc140aeff9,2025-04-17T18:30:29.477000 +CVE-2025-0108,0,1,996747c75ccb3b011f8bc671eddb09fa712296b626a8bdb7b045244678c41baa,2025-06-27T20:39:59.717000 CVE-2025-0109,0,0,2e853bcf58425a25e5b4158bfb9a2d075f81368d739b6fac481373e32bd783f9,2025-02-12T21:15:16.470000 CVE-2025-0110,0,0,c3ac9b0b128c9831e4e798f5fdfacaa8fa1c3a2720d10fc1e81c539868dea8c2,2025-02-12T21:15:16.630000 CVE-2025-0111,0,0,fa87128f8743ee0b93c8a212e891effe55c90e93acf7499903b7f1e0affbf4bd,2025-02-21T14:50:23.877000 @@ -282855,9 +282879,9 @@ CVE-2025-0114,0,0,aaf9815abc316bfc82e18e8bfc870f3ec11d2275990f2182975b2854e5844e CVE-2025-0115,0,0,afde9450c6a9a3c952e2cc5bf26fc5be7906a5e6783c860dcea8a013cdf1d3d8,2025-03-15T00:15:11.800000 CVE-2025-0116,0,0,755d3babec7a4fcd8fc3f5dd9f72be7aec497d243dc731232b3ce6e1fc0a553f,2025-03-18T00:15:12.860000 CVE-2025-0117,0,0,c368ae59fb321c63f810db1cb0ec2feda0287727ba4def77cb7fd0f7f9859486,2025-03-12T19:15:37.883000 -CVE-2025-0118,0,0,2549278d26918d76bbeca0606d91920cad877d84c662cacbfb360849c8582ba7,2025-03-12T19:15:38.040000 +CVE-2025-0118,0,1,81eeb000a9c9b755daf0320ba558bc6657d3cc398e8affe26a1e70a947ad18ed,2025-06-27T16:52:34.327000 CVE-2025-0119,0,0,99dc1f45be2b4bdea8f1e2452f281b9f9eb73e4ecad40dc75fe88d97504c4759,2025-04-15T18:39:43.697000 -CVE-2025-0120,0,0,a71d3a1a4937cf377933679e94f42c26db7ae6a866f56967f3e6058c59f88b4c,2025-04-11T15:39:52.920000 +CVE-2025-0120,0,1,2fd1a763f2a8d85ef8fea084d8b102a4bdd89808df8f46a4b6710ba980018c6e,2025-06-27T16:51:19.773000 CVE-2025-0121,0,0,ab1b5f513492b32da52a345b509b42810605f75413b2320c976db919e45e2e95,2025-04-11T15:39:52.920000 CVE-2025-0122,0,0,8a7047ba6772458fc769cae5828f4011d52f01fea8b67b5172f392f80be1dd9e,2025-04-11T15:39:52.920000 CVE-2025-0123,0,0,7955b8d39e8dabbf3776f921ee563ac83e82fce9930b7eed029f73d3cc6b5c7a,2025-04-15T18:39:43.697000 @@ -282872,7 +282896,7 @@ CVE-2025-0131,0,0,72805228620815c23b9ed746c533e73e9f7ffe5288b86ae6fea272ca18571c CVE-2025-0132,0,0,c5eaf0dce2a68000eef4f52849b027e2a926f4561b36107aaf03bfeddb481a26,2025-05-16T14:43:56.797000 CVE-2025-0133,0,0,cf474337749626762f8b865b6be2880d220e21960fc6a91b5c653f2d9d7aa57d,2025-05-16T14:43:56.797000 CVE-2025-0134,0,0,c55d3fbc2b9a203289e7cd5595f7816f499be814d84c2691372e13c7c0f1bda6,2025-05-16T14:43:56.797000 -CVE-2025-0135,0,0,334dcff645efe6095e3cc0300e4e8e2088a5ed4574747cef1dcb48b4710f4ba8,2025-05-16T14:43:56.797000 +CVE-2025-0135,0,1,257d7f07e07cbcb718c722a2bd60bd156964eb1edb75a1e1cf5d1f96c8d1ee39,2025-06-27T16:50:37.817000 CVE-2025-0136,0,0,7e7088e36b8518e203bf3e47dcfd9beeb921eacf89428ec421f2fa70bf249a5f,2025-05-16T14:43:56.797000 CVE-2025-0137,0,0,0f35fd4a29b05b75bedf73cfbfac760011c8b40fc8567a2a2f4b3f7c9ad5ed70,2025-05-16T14:43:56.797000 CVE-2025-0138,0,0,0669e3171035d9b301f434542c10e49913b1bdff79a8623463997950a1d410f6,2025-05-16T14:43:56.797000 @@ -283042,7 +283066,7 @@ CVE-2025-0353,0,0,fefe78eacfc73b3da0e296010fc7bc87595c20639bad926c14a54ed0a611d0 CVE-2025-0354,0,0,55d23a0a87a8729e983746f1f043f903439316639d87df33d11e2f4253dd49f1,2025-02-17T10:15:08.767000 CVE-2025-0355,0,0,60139aab38184d5553deea3c96ee67451ff405f2b0f65acb32b8c01c91586866,2025-01-21T04:15:07.877000 CVE-2025-0356,0,0,7e522859a3d0689ccb777c8fef64a1b2b2f878cb4a2c9cceba026470a39874f6,2025-02-17T10:15:08.973000 -CVE-2025-0357,0,0,df5c0a6ac781af75cafd196fb09095118363aace417f54bcacf4fa1ca90a90ea,2025-05-28T20:40:49.010000 +CVE-2025-0357,0,1,177bdebd1111c46576cf0c1011973e930940f92abfb5629ed06e510bf5f7ba43,2025-06-27T17:38:07.010000 CVE-2025-0358,0,0,305848186611eb33fc8a2a77944ae0afe02cbc26f97a8925d344c70ad96a608e,2025-06-02T17:32:17.397000 CVE-2025-0359,0,0,5d195c4a796a9d61c5445ec078ba210735f7a70ba6be4fd93632b7b4f6027f55,2025-03-04T06:15:30.023000 CVE-2025-0360,0,0,6206f28ff4cea73a7524a4842bc2375d59423b5ee65bea65d99ad80bb9353d1b,2025-03-04T06:15:30.180000 @@ -283276,6 +283300,7 @@ CVE-2025-0630,0,0,bb04cf8ef857d76c3a37bf8a5fa23865f63bacce52c7cbeba321e37955a961 CVE-2025-0631,0,0,f678fe6dd09f7e9ac50fdb058244ff83ef796d29890119e12d088befc24858a0,2025-01-28T19:15:14.270000 CVE-2025-0632,0,0,116a78a4ecafb2eff0d1fcf266f43bd66a9f05a302e980fadcc1496f2f0b35ab,2025-04-28T03:15:18.253000 CVE-2025-0633,0,0,d99126f9166a4e84d3e57050e6aafa26d9cc8a19aa8e9fa3be65f2f9a812f3e1,2025-02-19T07:15:33.537000 +CVE-2025-0634,1,1,12772bc0d1bf2d98f224a5dc8d89405f6896b869aae678835a87a0ed6ae86886,2025-06-30T02:15:20.920000 CVE-2025-0635,0,0,97c2ba48a72c7101c06a2ce11947aa32804795ad5ed76ef5586cdf1bab2602b3,2025-01-23T11:15:10.890000 CVE-2025-0637,0,0,527088f0979b18ce444b6ef69464399256b011e8d9eae0913ca1205a9c4503aa,2025-01-23T16:15:36.617000 CVE-2025-0638,0,0,d2f28f2eed7bea7b9f8ec19bd8fd1769a6b74ef8696049ed8fd676bfab511c4b,2025-01-22T16:15:29.977000 @@ -283344,7 +283369,7 @@ CVE-2025-0721,0,0,db22e1630c351fba355df37357f5feb45f1852c9040ea8b8aa2b54d6a6fee9 CVE-2025-0722,0,0,c9c24be950ff93b5151cdab68af4eb0f25cca0b4d685aeadd762fbc951dbdf6d,2025-02-25T20:12:27.810000 CVE-2025-0723,0,0,c2af30324effc3ac4f4b6023d11a149c38fbbb0e9af3ca6439cce7251e459c80,2025-03-27T00:47:32.027000 CVE-2025-0724,0,0,60dde571d90e3096714fce5006fa40b930ebbae30bcdc38599a48eefc427f3cc,2025-03-27T00:43:04.040000 -CVE-2025-0725,0,0,389b6ba63f717720744194f64e452cd78a2c3f80672fc3d91ada9e3edd12bd62,2025-06-12T16:15:22.467000 +CVE-2025-0725,0,1,2e08d7fd05626eb22401e01bc8d954d106ed84bcfdd58b0569263f0c2eafe044,2025-06-27T19:24:08.327000 CVE-2025-0726,0,0,739ea1d1541d6b26153a964e4e4136a3057eaa8274a2f66ba7a27171ffa2b087,2025-02-21T08:15:28.417000 CVE-2025-0727,0,0,89665f1801b7a5f4bd56958ba24239f6773c6fef24507ea8f637acdf839ad9ca,2025-02-21T09:15:09.010000 CVE-2025-0728,0,0,c5ade298244d1796a7a7e7f33b62e53d6c928f9a2bbee06730bd7bcf52127f3a,2025-02-21T09:15:10.077000 @@ -283864,10 +283889,10 @@ CVE-2025-1363,0,0,5ef0e630eb65fc9fde4bf7834b0bc1238fb20723c9b2f8f7080acc6a649d8f CVE-2025-1364,0,0,65dc29b185f996c94288640d016e6ff7390ce593ff33d623924f6210375596ec,2025-02-16T23:15:09.087000 CVE-2025-1365,0,0,813fc9e0260c87b81bfe6c46903683e2e4d13197329a0af18f56252f992c77d8,2025-02-17T00:15:09.140000 CVE-2025-1366,0,0,f077a2c0632d4ef86caccb2d0fb29590ceb278eb30f80c1449c20989373c5e08,2025-02-17T01:15:10.280000 -CVE-2025-1367,0,0,6c4fd624ddddec04310c920334af5a3e9d2d7ed19f166a199f16aedbd25317bb,2025-02-18T20:15:23.930000 -CVE-2025-1368,0,0,1b12f6bf0dfc81d5af0d88848bf17276b7bdfad8c05fd3381fe8fddc501688f1,2025-02-18T20:15:24.037000 -CVE-2025-1369,0,0,4298067127e0a1d94cb684c5b6e1312fc5f053767b744d456022663998f5c112,2025-02-18T20:15:24.143000 -CVE-2025-1370,0,0,048e53daf7f9fa93c35147aa0f94d9b4b1108443f03954f54de4b783b2a16846,2025-02-18T20:15:24.253000 +CVE-2025-1367,0,1,be2af0ac582e5ab97208ad342acc7ce8a63bb0539c316ea33d8d4cc331759352,2025-06-27T17:46:00.413000 +CVE-2025-1368,0,1,47271c6ae43804dd7cb5b927f858cf116bc6b6b4ed41b123e09335b3d17d94d6,2025-06-27T17:45:48.730000 +CVE-2025-1369,0,1,22a8e7c39c9b40c279ced62c189601215b55a9153a1a00c08375d438f7e2ed3b,2025-06-27T17:45:37.233000 +CVE-2025-1370,0,1,6c02702042de3c3f09f6c7855cb184e94c3fe67ff949753c809091df370d2817,2025-06-27T17:45:14.213000 CVE-2025-1371,0,0,a2bfda676ca1bad4d0f42505c5bc1b528eff9a82d3d5d6dda38a2e986271dcd8,2025-02-18T20:15:24.360000 CVE-2025-1372,0,0,cb3af2a232ccfe87f5a20f8df16a702b684fa1fbde6a8e1d3d18cac212cd2da5,2025-02-17T03:15:09.573000 CVE-2025-1373,0,0,77cfaa3a6771902b072de962115d7552a47b140ae8333a2256741e5279e5fefb,2025-06-03T17:53:41.843000 @@ -284237,7 +284262,7 @@ CVE-2025-1818,0,0,e3642ffae20559fe6631f005faf3028b93f4281e3186628c4b8086f02e560e CVE-2025-1819,0,0,30aaf321bf598a632d335efe867dfbf1c954d81c19dbf59077d00052427f6e82,2025-03-02T17:15:11.483000 CVE-2025-1820,0,0,7f680bd05b300f4d6e45b6558a55c9520d096f85cdc70d57a8114990fb83a1f1,2025-05-26T01:14:32.353000 CVE-2025-1821,0,0,3ff65b53fcec7721c7aab47d599058f68918694327ea059ffd2530c9b6abec14,2025-05-26T01:41:39.667000 -CVE-2025-1828,0,0,6336494f159e2aab4f8ff5b8f853f474cebe8651934831188a6cb50a3e4d076e,2025-03-26T02:15:25.633000 +CVE-2025-1828,0,1,2e1ee075e1e9c4970816323ceee0b4fee27c09f9f251d4e1eaf52a2f7ad8d54c,2025-06-27T16:11:22.767000 CVE-2025-1829,0,0,799ede601e3eb13c0f1fe5362f235ed56966e1f8bb8fc50f0460c3d0c6f83b09,2025-04-03T15:35:58.310000 CVE-2025-1830,0,0,bb426c043c5ed7a9215219e12338d436df4f8cbe7156a087ec9e92cbc40d785a,2025-05-26T00:59:14.090000 CVE-2025-1831,0,0,b6486ed2479a2333efb8b2a316b9cdf3aef8c7c922637fc77a946d7760ae6890,2025-05-26T00:57:22.287000 @@ -284386,6 +284411,7 @@ CVE-2025-1984,0,0,9c3841609345cdbc038774b45498dc390a4f9eba4042b93fef2b069dfe4494 CVE-2025-1985,0,0,4ffdbac0d26e1471a14176bc9434556c5b29dab614d77fc4aad8694095a6def1,2025-05-28T15:01:30.720000 CVE-2025-1986,0,0,9ce2b14337b22a581b34a818b054e13cb4e2ea01e7c82ab0b4045cd40f48f650,2025-05-28T15:55:16.960000 CVE-2025-1987,0,0,7a2cb159d923162cbb861fcd24d5d389ec35e3730ce84204ea3469edfe6a2be8,2025-06-23T20:16:21.633000 +CVE-2025-1991,1,1,4f3a97addcc2ac00553e959097d64fdda7979ac4255c4c78485f86bdbfec111f,2025-06-28T13:15:23.900000 CVE-2025-1992,0,0,0af2ea688587765257ed9f7059d6c1312f1c590028ff15abda68c50e681fb7cd,2025-05-05T20:54:19.760000 CVE-2025-1993,0,0,cc38e952c65d052c82178ffa099a41c9554ba3ffc8216755b6ee79ded066b7ff,2025-05-12T17:32:32.760000 CVE-2025-1997,0,0,2320e8fae7a90840d951f0ca1bf029eb0495106dea7a57ba1224c981543ab87d,2025-03-27T16:45:12.210000 @@ -284891,7 +284917,7 @@ CVE-2025-21107,0,0,0827735892f4001f988a0739aad719c8ee1fb9144fe1da312da1da34f24b5 CVE-2025-2111,0,0,93b0cace527ce206c3f5846ee1cf9b51ea5fa959bcb651cdf957c9114fe2bab3,2025-04-21T14:23:45.950000 CVE-2025-21111,0,0,36449c466fabe660f3fc2f10d8992e6a7d9c5e3d2cf72d3dce2cc840c6da552b,2025-01-24T19:11:42.417000 CVE-2025-21117,0,0,645b1da2e8af06c5f3d21bae0eae50f754102ea2f31528d1d042846d09e2ec44,2025-03-28T13:24:51.620000 -CVE-2025-2112,0,0,12876043094c79f81e904e1d2257170a373b17e7d0d24c6eb1a19e93cc051c0d,2025-03-10T16:15:13.817000 +CVE-2025-2112,0,1,1a58310db507e711f5424c3eb035f2a7fc769652f18e54ae8bffba1daee2165e,2025-06-27T16:25:36.963000 CVE-2025-21121,0,0,802c8ab06cca7a283fc5df774dee22f4815bee93ce4d27eceff64530964239b4,2025-03-03T14:59:35.637000 CVE-2025-21122,0,0,969e44e0224fb47d95b87aed16b2a93d9ca09db3ac6fe7fd40cad9e935dc7db9,2025-02-11T14:47:41.453000 CVE-2025-21123,0,0,7d050d428ece87748cc2896773de869c6afa1729b2b81b8709cb33cb14f5e482,2025-03-03T14:57:57.167000 @@ -284901,7 +284927,7 @@ CVE-2025-21126,0,0,352dd78e87adcff66965a55ee4ce3211de03e316e566f81f81cbce339a8d3 CVE-2025-21127,0,0,6ca3d8cc02cdac3fbe512e4c8a13fe7008821b139ef240ca0adb0f0fb4680f8f,2025-02-11T14:55:09.333000 CVE-2025-21128,0,0,40945503866b9130c6c67e813bc72623208ffdfcd3f68f3f78dadfd34ec95930,2025-01-17T20:37:35.437000 CVE-2025-21129,0,0,e461eb72d0798775b4431b992e70379c16a549ecff183ae810c30304f7444aa5,2025-01-17T20:37:33.603000 -CVE-2025-2113,0,0,e3b8fbd768e3ef344fa1b689aa10c4a493798bc912feba7b6a44bdf3ce08c4e6,2025-03-10T16:15:13.950000 +CVE-2025-2113,0,1,ff069d566968eb6f1240ff584b79571f923f6201bd17d333c323413aa84bd239,2025-06-27T16:24:38.260000 CVE-2025-21130,0,0,0a403dcee067b476ce6e2b56e8043f657d644fdd57d4c6dc048a515a53142fc0,2025-01-17T20:37:32.137000 CVE-2025-21131,0,0,bd9947447c6eaa1cc16f247aee5cb76a0ae540007c1234492add7170f98e9ee8,2025-01-17T20:37:30.750000 CVE-2025-21132,0,0,638462d9be187051a18a689c12e2e1ce1ddef5c76aec080f6deef373f9d944d3,2025-01-17T20:37:29.347000 @@ -284913,7 +284939,7 @@ CVE-2025-21137,0,0,45139b02243d4b1da14a9edb94333c11b50a8560016fecd32028ca2a6372f CVE-2025-21138,0,0,9175fd36c28710bcae9acb351f078e58c4e36962afaf9695ab07299ddfe97cfb,2025-01-21T17:49:57.513000 CVE-2025-21139,0,0,2997f9c80c926e4a0ccbf0529ea4d9ee2a8d2178744e4927ee6a077f342903ba,2025-01-21T17:50:10.023000 CVE-2025-2114,0,0,86c1a9190b64c88768125f095ec6dc8a18ad8b8e2766a155a3e5e728458eaab8,2025-03-09T05:15:30.270000 -CVE-2025-2115,0,0,cda9c0576c1e5c6064d35cd52ea115eb31c3a9bbcc572dc72948959e63c97b16,2025-03-10T16:15:14.147000 +CVE-2025-2115,0,1,07cfbe96f056264efea390e17377f7145a9ad0808604598733603c45803178ab,2025-06-27T16:23:16.817000 CVE-2025-21155,0,0,dfeff3acb79058f845881ff79c97bb70f8216f72230190efcdb5ac6fa667c2c7,2025-03-03T17:10:49.833000 CVE-2025-21156,0,0,0e3557fa3dd413655873c471e9ea45797492079b9f3b9f02412f45f38138000f,2025-03-03T15:21:56.050000 CVE-2025-21157,0,0,193b2bc6d19e2666af6e233bcaab596c43b6045322145dd6fdc8ddbdb95c3c8d,2025-03-03T14:55:27.907000 @@ -285895,14 +285921,14 @@ CVE-2025-22109,0,0,6c017c0d55ef11fe8a3ae2a70d312106a6c60128a1f8df941c03aa07e42fb CVE-2025-2211,0,0,d0a0677e6cd516c736c3bbe6053d50bdb4bd5283a11fe61433711487003884cf,2025-05-21T18:04:30.523000 CVE-2025-22110,0,0,e551e5b01fb42a6e69da52d1b66d3b49b4ecb8419a86a1e44cedaf0e6807524e,2025-04-17T20:22:16.240000 CVE-2025-22111,0,0,ecf50c4a37189d591678845f8630fee7e4eb7b7c4d6d7863f77ad38a58717e75,2025-04-17T20:22:16.240000 -CVE-2025-22112,0,0,c06aafc15e07793b118af41afb6ef9ecefbf17e65166462b1554baa20c2ffce0,2025-04-17T20:22:16.240000 +CVE-2025-22112,0,1,07436c59368bdea6ed6f181f31ea086bc2ba2669ca725e0c27dfe21ba9115b75,2025-06-27T11:15:24.190000 CVE-2025-22113,0,0,b06e6619390e46c75db3f08a88bda52f6f463fe9db5dc8df9064f471a45e1636,2025-04-17T20:22:16.240000 CVE-2025-22114,0,0,736c18ed030f84ddeb2f9a2b4db85ec722b2912ede8c61ea0a0e482ae61b7b39,2025-04-17T20:22:16.240000 CVE-2025-22115,0,0,e375af3445d81eb4cef6cb8bf582715088df84c3ed7c64baae47ecf86a248ee9,2025-04-17T20:22:16.240000 CVE-2025-22116,0,0,4b4c40fa8b0e5532b6916075362fb3c440ab2faa83c9dbbd9b69a4b243add11c,2025-04-17T20:22:16.240000 CVE-2025-22117,0,0,c5b45a9d281a946fc59306aeccb9c25e6e3bed210f9e0a7f8655f3401c8e79be,2025-04-17T20:22:16.240000 CVE-2025-22118,0,0,8b4dddf28f3234545541a3a206469ba510eacbc54e949989cffd3ddcfe4f4cda,2025-04-17T20:22:16.240000 -CVE-2025-22119,0,0,2f09d65d442eb8e910f07964987dcbbe390d5a22774502925136f0f5e2432e35,2025-04-17T20:22:16.240000 +CVE-2025-22119,0,1,be5e4219178f516f0ae8f9bedf3e6aba01fbb3ad2f1b6ad595b452b93a468e17,2025-06-27T11:15:24.310000 CVE-2025-2212,0,0,347acd7cefc790885b47aec20e274251fda79a418815081e1cb51978df1bcde5,2025-03-11T23:15:38.253000 CVE-2025-22120,0,0,56b604066f8d00919ad540ee4d7bb8d05d7f16e6e7e47b03157a55c7abcc60af,2025-05-02T07:15:59.640000 CVE-2025-22121,0,0,0fb672ef784beaceffd7562b0d835f70da34c25516b143ecaaff12a8d6fe22c8,2025-04-17T20:22:16.240000 @@ -285912,7 +285938,7 @@ CVE-2025-22124,0,0,09a256b2c17dbd18800ac7e1feaad9e930636f4d0b9fc0ef1d0f63fe3b204 CVE-2025-22125,0,0,4e16b6bb1574e3a218f15739af16c15ef140ff8d253a467b4d70d5fb76ed7c28,2025-04-17T20:22:16.240000 CVE-2025-22126,0,0,d69a5c7dd72e14d4efa2f34c1be80ca5e4fba4822f184eaebcbe35636daca26c,2025-04-25T11:15:45.880000 CVE-2025-22127,0,0,898c5f8b6d6c3ee9b5b4ca10ac404b174d880ebee4737f16cb9da67b382ebfa3,2025-04-17T20:22:16.240000 -CVE-2025-22128,0,0,a5a0ad5d10dc89f968f2d0dbbb9371c24f5446c6f4793923529604e01f7dd9ea,2025-04-17T20:22:16.240000 +CVE-2025-22128,0,1,c22e8b1eb8d0add888c8393c1230acb32d4575dba49ea4835eebe607557b8796,2025-06-27T11:15:24.440000 CVE-2025-22129,0,0,d84466451eb5813ecdb45d579943a91ad86a0d891b836c8fd8053b0ece067119,2025-02-04T19:15:33.360000 CVE-2025-2213,0,0,7ebf2026b9bf93eb20c6ae8c15cd12311e1e77c6d1080f4262c739f27920a245,2025-03-11T23:15:38.430000 CVE-2025-22130,0,0,fe16d9f63e9545f97bce7adcca434385cbaf054f6f17003be6f1b5abf3fc1663,2025-01-08T16:15:38.543000 @@ -286759,7 +286785,7 @@ CVE-2025-23133,0,0,f0c210193e25521018af43b8946839c1ce7ce45d02b90d37f2d5bf5657d79 CVE-2025-23134,0,0,668001ac60877a9f02eb6faf7e02487689bbe369e5709ca5677ede462e8bc145,2025-04-29T18:51:59.833000 CVE-2025-23135,0,0,296db62624eee1811a0964c3e1083cb2234b903e7d9b1e51b6bfe253d45346cb,2025-04-17T20:22:16.240000 CVE-2025-23136,0,0,61005a13c2a63500eb5d16129da64fdcb21418cc16820bec486f0d9a0afaf989,2025-04-29T18:53:02.607000 -CVE-2025-23137,0,0,2f6de023d458cbc94b5a4d2e8590bb7a61b8ca8cbadf5082cac9bed96418b98d,2025-04-29T18:53:31.417000 +CVE-2025-23137,0,1,33c2e94364fde46c5c884ec61faa2f14d5b4f3e6f591a17ea8272532a759f240,2025-06-27T11:15:24.557000 CVE-2025-23138,0,0,c16db113cdb0a874ec5a72e943048cdb54dff27bc5f98bac6f1f4e8e58ff4fbe,2025-04-17T20:22:16.240000 CVE-2025-23139,0,0,753785d9061aa8ea9c30c4ba3e47982a504aa1d9625d1fa980a4662acc60c863,2025-05-08T11:15:53.113000 CVE-2025-2314,0,0,da0d16bd7cdf67126af9cb8b7b9eae653178ef2aa94ef32791352e7cdd49eda9,2025-04-16T13:25:37.340000 @@ -287531,9 +287557,11 @@ CVE-2025-23963,0,0,b25e75626ec56255a41425e6f3edd3e3aea1c19b7ee658d0d0b26b28ec1f0 CVE-2025-23964,0,0,5329b05c42aea8add2b00e40cec17b27a1ae63702685a3839a52b5da9454e56f,2025-03-27T16:45:27.850000 CVE-2025-23965,0,0,53fb1e10aaa7ebd57bd7f00633a90cd803f03e00b4bc8c44e50c428b42627500,2025-01-16T21:15:38.023000 CVE-2025-23966,0,0,7be907c83ff5fc724c156b1fa35d79f9d45ca14741abf1d0664a82e4e926bedb,2025-01-22T15:15:26.950000 +CVE-2025-23967,1,1,6cddf89804986facd0d3b434d7f6110876e8b467d83424b56b6defe14e5e3d1f,2025-06-27T12:15:30.247000 CVE-2025-23969,0,0,487de04033365abaa60e5ffa75aa91d7c86b6db89eb8475ac28535f85fa6cbae,2025-06-06T14:06:58.193000 CVE-2025-2397,0,0,1d9d522b7da574d99450a0c926cba6b95d7f81a170fb089caa03fceac1350b83,2025-03-18T15:16:01.257000 CVE-2025-23971,0,0,b92b26502e7bf23962c464265b1f8680f1f27660b2e187da01a8acb71a6d5407,2025-06-06T14:06:58.193000 +CVE-2025-23973,1,1,ea1174208bdcf47323de2499d1d64343e6e2e26f040472cfeb3961694492924d,2025-06-27T12:15:30.430000 CVE-2025-23974,0,0,a5334512eb7b36e0cdd2f467f3cfd98d4a8e5f19afdeefafc45f76677608bc17,2025-06-12T16:06:47.857000 CVE-2025-23975,0,0,e8001c46a9ccc486b1a86f3be17fa5f6b3ce26422e7bdcae0080fc4ebd4b6ef7,2025-02-16T23:15:10.477000 CVE-2025-23976,0,0,a29eb82e0663b02bfaa3596cfe2622c511331a5578d509b2b4b465f1a7a97d91,2025-01-31T09:15:08.530000 @@ -287824,7 +287852,10 @@ CVE-2025-24283,0,0,4df1743210499b8e21375ec5fdb7750825951563a76a92a49e54d06df6734 CVE-2025-24286,0,0,034f4735b759c015af5127b9d89110614ed8c3049acfff1bc50c8bca6cd7a637,2025-06-23T20:16:59.783000 CVE-2025-24287,0,0,e4c9267ee4e2b809f604587bc5eee6cd21e2e71c2e8466a037bfa9610f808d26,2025-06-23T20:16:59.783000 CVE-2025-24288,0,0,8c53ac1108832d48dced15925414d69bc16e0b8a3d66fa9e2b712aa001a0f223,2025-06-23T20:16:59.783000 +CVE-2025-24289,1,1,7a9d75f0942936f1135be131979bfd172806164db7cf1822ac832af863c7f8b9,2025-06-29T20:15:24.787000 +CVE-2025-24290,1,1,88b6a2977309d56cc1b02c27aaeab5f8bd770adfe3712af6ae24277dec4930c5,2025-06-29T20:15:24.930000 CVE-2025-24291,0,0,d4490b4985dc9d06931a7bcb82a7ddf2b131bc34df9f31211f4bbc696cfeaab8,2025-06-23T20:16:59.783000 +CVE-2025-24292,1,1,18c73d82a0e7f420b76f8dfe566e71ff70119f73bb06a70a032a6a7d16374920,2025-06-29T20:15:25.050000 CVE-2025-24297,0,0,5d4a74f3648dba475a9505a338d2107001df4a92611f1e742f9c3b8bc6fc9e4e,2025-04-16T13:25:37.340000 CVE-2025-24301,0,0,7b7c3fba06b103a537ce7db06429d9d2300d69047940e33831c6830c359206c5,2025-03-04T17:15:48.160000 CVE-2025-24304,0,0,d93e512a7b4aa7125a9d9a3a56f58a274a5675b50a430e59bfee24f84fb92162,2025-04-07T14:17:50.220000 @@ -287861,7 +287892,7 @@ CVE-2025-24353,0,0,73a00e82e652255c53e1c9aa441604ca19c4f6e89dc8a22b2403655764d58 CVE-2025-24354,0,0,33e96f6ab404cf45f0a4405c77520b82358348aceacdc778687814571e590be5,2025-01-27T18:15:41.197000 CVE-2025-24355,0,0,2b68b163db748dec99ff55b2d4d371492d44a4482a7f15b8973aa6b3a0f994c5,2025-01-24T17:15:16.047000 CVE-2025-24356,0,0,d0b82c0018364f3dc83d637e30ca6c64f4be25093ccf7468d678a6ec3efd7022,2025-01-27T18:15:41.347000 -CVE-2025-24357,0,0,33b4b3c939c862c35be8fbd83a4f327fbd80fdaea485d698b2dba1d8e5ecb167,2025-01-27T18:15:41.523000 +CVE-2025-24357,0,1,c729434435a6d3db914215d24f54482f6cf7bb91d029e01b9eccf945b5547303,2025-06-27T19:30:59.223000 CVE-2025-24358,0,0,cb156030162fa2c7bf6dbd49aaf71a23c1384a691e07ea90b834ee6ce37085dc,2025-05-01T11:15:53.613000 CVE-2025-24359,0,0,1ef1d48aa16d3d1524839190f2a92e68f271b7bbb06dbb86c77c3115b6a414ab,2025-01-24T17:15:16.197000 CVE-2025-24360,0,0,9b8d13d61afdc9c82b83c3501ec96029794286adee2fcfad926404556ff5277e,2025-01-25T01:15:24.047000 @@ -288227,15 +288258,19 @@ CVE-2025-24755,0,0,817a6f4676c47a1165c3ef71cf774d5099a4b3fffe7ab21f2fd661b2cbf35 CVE-2025-24756,0,0,00090c21b036cb18f500635475c1d0d07432c00656603d0706e690db1dac0d4c,2025-01-24T18:15:49.307000 CVE-2025-24758,0,0,32f18f9fde7b9c98057db303ccb0ef7fae2b4bd1295433bfb8994fab92023627,2025-03-03T14:15:49.300000 CVE-2025-2476,0,0,cb20178503f5107240f603d37b12152fa4cba62b4b4f5e2e6646619a7113db65,2025-04-01T20:37:56.963000 +CVE-2025-24760,1,1,3e217505ec4d6a0257aaaaae93fd8df1ac95684ad97fd2290e61af2ff3a715c1,2025-06-27T12:15:30.623000 CVE-2025-24761,0,0,bfd9a3bfd9f2aaa49e2578444f78aae9b7b0d47f9afa6cdd690af464d5534216,2025-06-17T20:50:23.507000 CVE-2025-24762,0,0,894e659a1a178aa9d531cd7df56fa726ae70cf96ed97a3663ab30f3dfab73a43,2025-06-06T14:06:58.193000 CVE-2025-24763,0,0,79f7b62e2c27806e3f9461410effa35fd2516a997202c5333c9106a47a7186ce,2025-06-06T14:06:58.193000 +CVE-2025-24765,1,1,51e24e09af2070cd3ffb66d5a5c69a15a78e1a1195c7a90b3ca965e9031ebf8e,2025-06-27T12:15:30.817000 CVE-2025-24767,0,0,1c214db83a47e8769c514849bbcc4d5986d7655cf1c36824fb9639640f04fe8e,2025-06-12T16:06:47.857000 CVE-2025-24768,0,0,9189c2bd9d601f25f78d69a9ed75ee394b9e6a5a348dad3498cc8567cf03accd,2025-06-12T16:06:47.857000 +CVE-2025-24769,1,1,a53f1d85427a61a1c41a5a5b707d8c184a634176ec31bfe4e9832c7304499d68,2025-06-27T12:15:31.003000 CVE-2025-2477,0,0,3686d026975337c8b88c9fe51616f10734ea4310f92df921905ea60f68804787,2025-03-22T07:15:24.780000 CVE-2025-24770,0,0,fdf52f6ec826aca9cec8dc178d0c6ac549801c2a9257299df2336712d666c437,2025-06-12T16:06:47.857000 CVE-2025-24772,0,0,547afdd5349c8fcce2c64d6c10c715e5d3569a1830eade75c5bf4072200b32a0,2025-06-06T14:06:58.193000 CVE-2025-24773,0,0,b249e5165b2867fb7b2f87de8edfe0070c6d22c19362fd6848e57861d099e364,2025-06-17T20:50:23.507000 +CVE-2025-24774,1,1,4211761a260a735b437383da74000735263963f1ef50567b2573f706f03342a5,2025-06-27T12:15:31.200000 CVE-2025-24776,0,0,c9ddd5a50b6ab340b7f808209038fd5f4594e33d9ce5f72a4815066c12e3c3b8,2025-06-06T14:06:58.193000 CVE-2025-24778,0,0,882f4200212085da2b27c56d01fef020fd88d760c8f828c4b6e08199c67ae033,2025-06-06T14:06:58.193000 CVE-2025-2478,0,0,1f250b1c3a01cc2aeb8f8a30a3c88313a7c6df2af4f8c1676f1452abfadd344c,2025-03-22T07:15:24.963000 @@ -288567,6 +288602,8 @@ CVE-2025-25168,0,0,93fb1477ac0fd147322a0beee26e3b74949bd1187f727ff11033ff5c83939 CVE-2025-25169,0,0,b2c2eae9e9728260a10cbcd3cd6ed185b5ee51c8c2c4bd8b669b60e645fe9781,2025-03-03T14:15:54.477000 CVE-2025-2517,0,0,d5f18489614869649cdda48e18fead9184cb1c42970b5856b1c4b6d2f7bf53bf,2025-04-23T14:08:13.383000 CVE-2025-25170,0,0,10b2b5d5b1d8e09a883b23033bc8ac75abe37fde2151575888a21edb35483c78,2025-03-03T14:15:54.613000 +CVE-2025-25171,1,1,9dac766b8116e2ca3e18ef122f77bb277c6ac95a2f0a1589451a28cd03b35dd7,2025-06-27T12:15:31.387000 +CVE-2025-25173,1,1,a3370dc46dd6be1cc2b019eed66dfd17969b537112ce88152945366e758096df,2025-06-27T12:15:31.563000 CVE-2025-25175,0,0,57f52436a99f7fed27112577d2b540c306e155b82b661017f91c9191eec841c4,2025-03-13T09:15:14.123000 CVE-2025-25178,0,0,4d3495fd89869cab43d2d5601ae744320ec1fbb133f1b7ab10bcd79797aa78af,2025-04-15T15:16:07.543000 CVE-2025-25179,0,0,85fb447806670ebd1c5d1bfbca1f8c6323a5c7423a40bb05e292c30fd33891ee,2025-06-02T17:32:17.397000 @@ -288948,10 +288985,10 @@ CVE-2025-25947,0,0,4b3e49b1df763151bc3b61c2fd860ac99961ccbe5ecbe2bfb03cae7f03a6b CVE-2025-25948,0,0,ca5ca8099c123ac40ced025637b0c72774b2e5cd1ecdf3abb66470a227375ec8,2025-04-18T14:15:21.417000 CVE-2025-25949,0,0,37ed88dfaf3dea8d3aac537831aa5ed4f56df128e0b320c9512e04a3c222a74b,2025-04-18T14:15:21.573000 CVE-2025-2595,0,0,329339ac4f26b135dd4e865e5c1cc9f5fd4030276bde901a806e179e58ec89f7,2025-04-23T14:08:13.383000 -CVE-2025-25950,0,0,627c1adb760a61f2a2b9bbc6a6d509a87ff3bb95240fb9b362077447b6b83cd7,2025-04-18T14:15:21.737000 -CVE-2025-25951,0,0,36590502128c2f462b2193bb1de5b4041627daeba96b84368d0be8f1fe9d0f66,2025-04-18T14:15:21.937000 -CVE-2025-25952,0,0,cbe43ab15287a101ee4ca95bd9e2f758ef9364a9bb5d1471af4f5540683b58da,2025-04-18T14:15:22.117000 -CVE-2025-25953,0,0,8e96e2596004dac3f95960828a0ae24a2db99b2d061ca952632259284529075a,2025-04-23T16:15:35.790000 +CVE-2025-25950,0,1,eb71d41bd11581f3b5f02001435cae6a4b0535669794809ebd6a5a2368871655,2025-06-27T14:06:20.450000 +CVE-2025-25951,0,1,12b5af7308eb530405634af2900e033dd73f971ac1294c8e4a5751d529e6f0d8,2025-06-27T14:03:44.713000 +CVE-2025-25952,0,1,0fbdc7d96d1ff25a6c2b81e89451e899b7790d6675a2b30bd44620b218a66198,2025-06-27T13:56:41.940000 +CVE-2025-25953,0,1,123d08679da36c298adac70f243ee329df294bea6076e9e771199578ef1555ef,2025-06-27T13:41:19.777000 CVE-2025-25957,0,0,b65136edccab78b78b9c909881827ed1ed034886966746fcab259eb6d692acae,2025-02-21T15:15:13.067000 CVE-2025-25958,0,0,177c6eb34465ffc8aac17021df235670914f868dfddc4be469bb5e241da9eab3,2025-04-22T13:09:31.147000 CVE-2025-2596,0,0,95591cddf94618143e623a63fbb26d2f99203e6a4b78fbe2714bba0e0a1ddf6a,2025-03-27T16:45:27.850000 @@ -289507,7 +289544,7 @@ CVE-2025-26907,0,0,12cbcc5c8b9c8102e25a8b6b26b7cf51a11f16a102e0d9c393e6b591cd646 CVE-2025-26908,0,0,763803b7c362ec974948dac75bcd81ddbcb27c7125b98d9f0ea263864bc023bc,2025-04-16T13:25:37.340000 CVE-2025-26909,0,0,07de82f16d0a4fdbc9c93d867e8501c0f520da73bf3ddb07d2e243f52a4c717a,2025-06-25T20:47:07.753000 CVE-2025-2691,0,0,3e0c7bb9b74b91cc1c7f226007a0a4b2765523a838b6451534f4d7af5747b3db,2025-03-26T15:06:35.310000 -CVE-2025-26910,0,0,b833418b0d88c01a32fb19919d336b1e87e068a486abb348014bd54f3dc7a322,2025-05-21T18:22:55.520000 +CVE-2025-26910,0,1,4d3012504c7475d1b8726fd7af05296d21686922840033f400fd40c7eeac82a5,2025-06-27T17:39:43.517000 CVE-2025-26911,0,0,69bc9028618de684f0fd93e47f869e941f72b06df9e8d8d5b5d7c83ef9d05729,2025-02-25T15:15:26.393000 CVE-2025-26912,0,0,e79b24db34788e23307e263a850245edf07e94d4a7f854cf9650116a3ca5b4f5,2025-02-25T15:15:26.530000 CVE-2025-26913,0,0,6404f4027080b1b189a02d4823943b3cde1c26a6a1695b9a80537c5a912ca3cc,2025-02-25T15:15:26.663000 @@ -289871,6 +289908,7 @@ CVE-2025-27357,0,0,906169a569eb5a8ab170c576da5f537f983e8f3b76fbc6f0db581847c8ddd CVE-2025-27359,0,0,bc075bb86fca4f63cce935506a3dbbf1e76155fbe5cec01080355e7b3cf26a58,2025-06-06T14:06:58.193000 CVE-2025-2736,0,0,33c3006167b33de591f1a27264763826544e0569703dfd7d13e6e1e623d6c471,2025-05-15T19:29:57.387000 CVE-2025-27360,0,0,fc7c10146447c977dacf60af6e89aa6249adc1ba87fdcfe0e5e9aa04faaa557f,2025-06-06T14:06:58.193000 +CVE-2025-27361,1,1,c83582fb52674ba57acbf44f32e96f969e2ffb1ee2738466fd14211a1efdc4d2,2025-06-27T12:15:31.760000 CVE-2025-27362,0,0,ea009f9b6dd72574d0c931ef6b0637b1702c82a6de7ab17887bff589dd848c10,2025-06-12T16:06:47.857000 CVE-2025-27363,0,0,5fc805dcd373aa41b8bfe41b0acc4a7eed4f5eae147e5b3770b01d8700da6b78,2025-05-07T16:00:55.577000 CVE-2025-27364,0,0,9286c5546baa0d62309d5b0261f0843f04abf72743b73d703ec5236da175e8e1,2025-02-24T20:15:34.180000 @@ -289996,7 +290034,7 @@ CVE-2025-27517,0,0,0c6e1cbd03f08aa0c28a052f1a961fd35d2b58b4844c0e34e3b438f6bc1c8 CVE-2025-27518,0,0,33c2ec7c1e9790b801dd04e89fd77042adb014555e9a900add53790edfc9f15c,2025-03-07T16:15:39.187000 CVE-2025-27519,0,0,ccdb73c39ee93a016094b17abcf363c0c91c0cb8a87d6bd768900a706722d9f7,2025-03-07T16:15:39.623000 CVE-2025-2752,0,0,2f419f61cff45431dc494e5de187ba8801ef12bb80b36cdd91ab6ec55e9d9f14,2025-03-27T16:45:46.410000 -CVE-2025-27520,0,0,eb3d510e2ec71b4e6facfc8b91a612963b703d70470ba5885965b0fab915d40f,2025-04-07T14:18:15.560000 +CVE-2025-27520,0,1,7e8c61c130132dd9aee680b150bc24d58d89f9de50408c9be2f3f269ede36b12,2025-06-27T12:48:46.350000 CVE-2025-27521,0,0,3b64245e66b6009e2ff156d542cd7e2067920fb3d6a5d36cfbeb94f5872a522c,2025-03-05T14:00:54.577000 CVE-2025-27522,0,0,696458a683e55fef610b49e4469bf149a24c3d2db9dc4de0c90e10cb90e511a7,2025-06-03T14:09:41.360000 CVE-2025-27523,0,0,bb9bf879a4a84d072dc50ee133463ba6132b66b8ea0e902d92b1b9d5ddef4012,2025-05-16T14:43:26.160000 @@ -290035,9 +290073,9 @@ CVE-2025-27578,0,0,d80544c29ffd24ea35a1c870af9fef0dcc3fab1268ed459f69e30f2f4e898 CVE-2025-27579,0,0,e37901d639203dabeb0abb1f8d25952e3d9090042ecc93a0b94bf072c75c186f,2025-03-04T19:15:38.800000 CVE-2025-27580,0,0,0bd24fcbf47b4c9a9c826ca465ababed421a472a1a82079a97bb7effa8c4b653,2025-04-29T13:52:47.470000 CVE-2025-27581,0,0,010725d7ecbfe0dd212b958a3a5bd2c7e9f3630c39f4e0964f9540d0003214f7,2025-04-29T13:52:47.470000 -CVE-2025-27583,0,0,0323a5ab9427edc3fc5fcf52b07bbd68cd541b31029bf0b1077e85dabad17762,2025-03-05T17:15:16.693000 -CVE-2025-27584,0,0,f03e6726bedccad19322a88f13d717b29a57c1713f548b043d4f11c0c134f427,2025-03-04T17:15:20.527000 -CVE-2025-27585,0,0,720b68d2eda984711942f08d1f5d1c3e9ff08ec0907ec239e78ca92044ae9f6a,2025-03-04T17:15:20.690000 +CVE-2025-27583,0,1,cc90b7e18d86da39d369862460f1da09e533eb31debcc18f24934f1b7d933ffe,2025-06-27T13:43:45.653000 +CVE-2025-27584,0,1,660b269dd561760fa3b0c57102f9f0ba4e9af0760e26b4b2e710d1400803997c,2025-06-27T13:43:35.210000 +CVE-2025-27585,0,1,96f6d49c09a7b25d0ac68463bd6f17a9fcf59744b6285e9c2263ba282031fede,2025-06-27T13:23:31.990000 CVE-2025-27587,0,0,c6b99f6544f7fddd6a84845f540214401821374f565d374449096dc905b663ad,2025-06-26T17:15:30.497000 CVE-2025-2759,0,0,6df40746bca0a076cfdd89fceb7edae074243de43f4b4548050e4f6a4f49b153,2025-05-23T15:55:02.040000 CVE-2025-27590,0,0,967f795bd4c85a7326c3accbc97af4e437c14d446f9275cd756d84bf07c7deb5,2025-03-10T14:01:33.053000 @@ -290180,13 +290218,13 @@ CVE-2025-27746,0,0,27bda466f0f0096172c16d3402d005be6b5e804efd3933b2ee358a0c69a9e CVE-2025-27747,0,0,e991ac328e8d43ca3aeff100f539da202956e51280976fba234aa2db4ba1e0d8,2025-04-09T20:03:01.577000 CVE-2025-27748,0,0,2df6c858970b85c04ee1baf84dadf15e1e5236c367844c91b0b867c994c3a01f,2025-04-09T20:03:01.577000 CVE-2025-27749,0,0,9151cf5f2a88eef0ed25629ce8b7c11fbb935f86673a8f1fe21301a67d7b7676,2025-04-09T20:03:01.577000 -CVE-2025-2775,0,0,d5f9b3837bd119727ad366eb5457ece8400d34743a14eacef1e0d8e95723a92d,2025-05-08T14:39:18.800000 +CVE-2025-2775,0,1,e3985943c146fec7ab00dbdd108c82b06671f3cbec3541352231cdc93eeab584,2025-06-27T15:15:25.843000 CVE-2025-27750,0,0,c49e7838a047c70074ca1fd708fbe03cea7fd5443c4589c2bf5448b768717bb8,2025-04-09T20:03:01.577000 CVE-2025-27751,0,0,36c5cc9e4d832930e3d2ea6604a87330c3d6ffd9449d78c43c541281cbb4c7f9,2025-04-09T20:03:01.577000 CVE-2025-27752,0,0,54cced6b2e69e45f557903f0bba541e39850c9499c8c472acdeb4ca42171d046,2025-04-09T20:03:01.577000 CVE-2025-27753,0,0,ad64e425556d2bd13a06db96ec5e668a8951c13ddb39a10e988828543b4f1eff,2025-06-17T21:15:37.440000 CVE-2025-27754,0,0,2e1a777982e6851e1d4f29d2ac37d888e216bc00bf468f3dfb711e53ccdfd585,2025-06-16T17:28:53.470000 -CVE-2025-2776,0,0,311fc4dd3d3afb54d9f169ab5ee5a53c819535a8d6163040b8c5dcace7256648,2025-05-08T14:39:18.800000 +CVE-2025-2776,0,1,167020001ff099988a107575e0d76cea1e6ecde9e72930345c0360049b850f37,2025-06-27T15:22:41.477000 CVE-2025-27760,0,0,0fe214e27ee00978be2b2db20453752d3c587e2a097907bcd7b6f52eec4fd67b,2025-03-17T23:15:17.740000 CVE-2025-27761,0,0,ccacd385546f9e849c6762c7104b07eacb4ee137232b68db7722ae4c039dd182,2025-03-17T23:15:17.807000 CVE-2025-27762,0,0,2807d546b38a9bbaac57f4b35c24d7978c6bb44d3e22ed6d6636bd10822c6fbe,2025-03-17T23:15:17.863000 @@ -290196,7 +290234,7 @@ CVE-2025-27765,0,0,e201761c45c78324a7ee55b0097cb606e1a254c53ab191c1992cab32c12e6 CVE-2025-27766,0,0,61781d5b00bf353d98952ca2a182b0c31378fd2104051032e4d8bad4b5d8d977,2025-03-17T23:15:18.107000 CVE-2025-27767,0,0,634a74d81b2e8f08304e0fd4fd83347e91013a75a221a9aaf99f79622bdfaf23,2025-03-17T23:15:18.173000 CVE-2025-27768,0,0,7d876630e6aa8c3044733398cd2e9610b0d302f60f4ff90919f7926031901f06,2025-03-17T23:15:18.237000 -CVE-2025-2777,0,0,35bd98bbc42b8dbb979fb0a67afdacf58721f0eab54049f287308700951636cf,2025-05-08T14:39:18.800000 +CVE-2025-2777,0,1,160dbff9d5491335e9a9092de1319984bca1e357b487d363f6d32cde943f7b61,2025-06-27T14:35:46.827000 CVE-2025-27773,0,0,3be7d5e8715f793e38f08b7be054c32575a0b7a20862807f3fc7ee529062fad1,2025-05-09T20:15:38.887000 CVE-2025-27774,0,0,d69c9d26fb2ce1b25ff7585e8eb09be76ec4e60f9033edfe7ca5a4ec4af5b215,2025-03-19T21:15:39.240000 CVE-2025-27775,0,0,0ba015cfa3213f7c7c99098f240c75f6d1c15ab2cc8429282de69f966573003a,2025-03-19T21:15:39.360000 @@ -290586,14 +290624,19 @@ CVE-2025-28942,0,0,13661206a69e4d0b8a31139510417b818a8d6f6daa40fe60ee4e3d972c089 CVE-2025-28943,0,0,f13533c6ec40779f6c4eb31c17c71b8bf7e67bb9305109da8899c164336e7b7c,2025-03-11T21:15:52.187000 CVE-2025-28944,0,0,874c3bc421a20524ae243554be18773ee061733e13ef5e07adce5ca27299bbf5,2025-06-12T16:06:47.857000 CVE-2025-28945,0,0,9f465a176543fd155026fb6120e51b48e6dd14d6da31887b407335eb5292f399,2025-06-12T16:06:47.857000 +CVE-2025-28946,1,1,7886de75db013f5ad0071e06e43615f0345b600df2c97716e8030ef52c835b88,2025-06-27T12:15:31.950000 +CVE-2025-28947,1,1,f214098fdabb579993c13bf7b73485ca0269a2d95d30b6a4d629d9a88d98eaac,2025-06-27T12:15:32.120000 CVE-2025-28948,0,0,4d297b75c70e34b4f1f934c39f9e9a15f431eb4dd554bce73695cd2e9278acd1,2025-06-06T14:06:58.193000 CVE-2025-28950,0,0,95165f9c1a939415b93ab4b82b6c9d0ac3c413eca61b0efe3dd2ef6e35397ed6,2025-06-06T14:06:58.193000 CVE-2025-28952,0,0,36a2d7e90e0ea02d7a032d500231cfdd2aabec1fc4b51f58a9dcb0a5dc7dfaf2,2025-06-06T14:06:58.193000 CVE-2025-28954,0,0,5e1648f3e4f3b4c2a3d29f98809dccb3c28ca26ee065ae7467a201e3a5a261fd,2025-06-06T14:06:58.193000 +CVE-2025-28956,1,1,549a20f61aacda7c4e4b9a0925be9112364a7d779d23ab505ce453860b1259a4,2025-06-27T12:15:32.297000 CVE-2025-28958,0,0,d9eebea06aebd4f4602b4099a0e69e3b14141e06d1b195456acb942884339933,2025-06-06T14:06:58.193000 CVE-2025-2896,0,0,4558970bb5260d917e5a373371764eb8c9ff16148bd2cda59741f4495076314c,2025-06-09T18:08:36.257000 +CVE-2025-28960,1,1,93e2205136ae5038b7b3d6ebb93a2c1079abb69de550d53eb36accda84317a97,2025-06-27T12:15:32.473000 CVE-2025-28964,0,0,5941c6471c783811f736b1cd6a2de0d6e846c0f5ab5d7f88d39ac0e5c46376df,2025-06-06T14:06:58.193000 CVE-2025-28966,0,0,a9a888da79337c47e1f2f230b623b8e1e6b96aab7deecf98c76f3f9f345b2049,2025-06-06T14:06:58.193000 +CVE-2025-28970,1,1,5db9445da5cb76e080cb99f299b379d9c4c3ecbecd3e6173112d8b890cffbd85,2025-06-27T12:15:32.653000 CVE-2025-28972,0,0,ceb2fdbef9f785f49da61607523e4567ff2674a64e5cbd6022403b56031ab79d,2025-06-17T20:50:23.507000 CVE-2025-28974,0,0,e17e6dc9b84000fcffa09ada9585e56145630617cef399b7f12d810b2629175f,2025-06-06T14:06:58.193000 CVE-2025-2898,0,0,47f67442cb55ba411e4669d13ef4529f1239e4e6ba72061becfb6f7e592e31cd,2025-05-16T20:02:07.950000 @@ -290601,13 +290644,17 @@ CVE-2025-28981,0,0,bb036b80f7f84e8c41aa9257be84aaa70ba5720599d544c5ddd5af62806b9 CVE-2025-28984,0,0,9ef7f986d96117439d40b90e2fda225b43bc8fa4b7f4173f4395b7739bf2f93b,2025-06-06T14:06:58.193000 CVE-2025-28985,0,0,9bc036525a100347f01ae377d4a458e90eef123681201c669ca0c05249f59f10,2025-06-06T14:06:58.193000 CVE-2025-28986,0,0,1361618036e60c533ef72231d02393dbc213b1b36c2bad113d5bda9efbecbc7b,2025-06-06T14:06:58.193000 +CVE-2025-28988,1,1,3cbe2a870b76e6452831f2034620eea2f2e1ae0d016f74091b12f94277f2f9d6,2025-06-27T12:15:32.850000 CVE-2025-28989,0,0,19a3ef0d3dd79134e204deb24321bd5754c79f734cf16a54fa973556acc63098,2025-06-06T14:06:58.193000 +CVE-2025-28990,1,1,53b1f2b6ae8c66fe31f7795c949ca101cad2d3f45c4b9818772774a7115671fc,2025-06-27T12:15:33.033000 CVE-2025-28991,0,0,8026b5bfd720e0183eda5a3f3f2c78cb24f14ba6ae9926d0e0b83906455f93cd,2025-06-17T20:50:23.507000 CVE-2025-28992,0,0,975452dd424789c44f98e5723c5be288820ccbde23b860ee6a47de096ae298a3,2025-06-12T16:06:47.857000 +CVE-2025-28993,1,1,6eacf04fca3beb55c1606a48bce418935263f5052c0b5429236cad3e108532f9,2025-06-27T12:15:33.230000 CVE-2025-28994,0,0,21e3ebe28dc6630edd4ea4ad98bcf7da4cc2a4a2824176016aa8ed83181cb3ed,2025-06-06T14:06:58.193000 CVE-2025-28995,0,0,ecd926ca3e5c3a5f04ab68c4217c460f382af91580ada1d8a950fc6b44ffa870,2025-06-06T14:06:58.193000 CVE-2025-28996,0,0,a3c81f0844ae31cf1718dfeab90e32c3f1e46bce363be53a0629b3286d4565ed,2025-06-06T14:06:58.193000 CVE-2025-28997,0,0,201cbfd0ddb9fce280a7e07e55636b02e759e63e03e9f9c18fe553768df5e39d,2025-06-06T14:06:58.193000 +CVE-2025-28998,1,1,72c505266f59a5fbdfb1864a5ac2b5d16055949526b1298fecc554395de3cf63,2025-06-27T12:15:34.273000 CVE-2025-2900,0,0,7fae831f047ecd7346a160d93b21af917548a04e8f5cc7bcbad0aaded0bb8d22,2025-05-16T14:43:56.797000 CVE-2025-29002,0,0,2a3126cdaab012e22d907568d3924f7f8675b2f5613f35dcde20a809cb0a17c1,2025-06-17T20:50:23.507000 CVE-2025-29003,0,0,ac4e6c10cc78a574f687bbb129b00b12f05050f35ac2c9c265488283397963d9,2025-06-06T14:06:58.193000 @@ -290735,6 +290782,7 @@ CVE-2025-2939,0,0,a3ebd06eae4e5495bfbe13ec19e9ce588d7c4e7533feaf938870f87d184967 CVE-2025-29390,0,0,2af3ceeb0b0e4ec487468d0265cf4f9bf7105f9f26e650a3615e67390bc16783,2025-04-22T17:06:50.490000 CVE-2025-29391,0,0,3957a6f12658ba0f8a64a4509b31e9cff0f721c7269083a2c5583c8497158773,2025-04-22T17:02:50.427000 CVE-2025-29394,0,0,4090687a0b04adebceb5be059956dcab0a952bc601580bcce43cec2c0d6a13ba,2025-04-22T21:15:45.123000 +CVE-2025-2940,1,1,2b95993b05b730bcfc129814f26b938961e5f2995985adcb22460839506bd1df,2025-06-27T09:15:25.250000 CVE-2025-29401,0,0,8eec97c0e583ffcefa21d512d6bfedeb6f6fb577b1c7a15dc9fcb78fc87bec51,2025-06-16T18:49:10.790000 CVE-2025-29405,0,0,dbff6f02c7d3961c2ff49d86cdc612e92f920fa0a3d3e5bcc752c3341cc24474,2025-06-12T19:35:35.770000 CVE-2025-2941,0,0,2a30ba06bce9faeb159e65a42eddbce7a23fc7e73f8564bd02faf3032a157758,2025-04-07T14:17:50.220000 @@ -290761,7 +290809,7 @@ CVE-2025-29455,0,0,7c7fd95c8b96fce1e3a46a57b9278141e5725af12d8a7f99040a2596bafdd CVE-2025-29456,0,0,eba1f73a5baa6c4daebd731d2aa12dd7114d7f1d3bce445a720c1b21c290d08d,2025-04-22T16:27:12.397000 CVE-2025-29457,0,0,8a23485043b3dbf7f31f598d733d28ffd4879b2d7b45d8b07f407ab70038a06e,2025-04-24T14:13:52.253000 CVE-2025-29458,0,0,64053e1bc8dd708edf920853d772375164ee8c78f32be3e67d25fce4ac79f17b,2025-04-24T14:14:21.430000 -CVE-2025-29459,0,0,fa1fdc6ebb081daaa9506526b5dfa912d7a25c80aa85df29c2316140280462b6,2025-04-23T13:15:57.230000 +CVE-2025-29459,0,1,39b8200badff7bda53f91ac4fdac5ed695297fcd6bd88bb5d3ca6764bd172ae9,2025-06-27T15:45:56.820000 CVE-2025-2946,0,0,57048e6987aa91934f12caac8524ce46db72506a3b71f36fd88cffedcdd964cd,2025-04-23T22:24:39.353000 CVE-2025-29460,0,0,78849095dae6e7a95d6012013131e0f0b4786ba7ffeb3342e29cc5d3a2db8483,2025-04-25T16:27:20.303000 CVE-2025-29461,0,0,a4f972c3e193eaa0854b2d502be249ee47ca972f1c4f3d9a07f9be52a163a125,2025-04-23T18:04:28.763000 @@ -291604,9 +291652,9 @@ CVE-2025-30717,0,0,20fcc5e5543aa06aae400db89ef16c93d314b5ab28af64d362ff7e07eb0d5 CVE-2025-30718,0,0,944202aaf21711f19fdf126642b9661d6053a49013db765ef74f18272b56a12f,2025-04-16T13:25:37.340000 CVE-2025-30719,0,0,edab994f531ba68b03fcc013f401b3a76edb4b2ca9dfb5fdfc0fb3955a7d0db7,2025-04-16T13:25:37.340000 CVE-2025-3072,0,0,d1caa910590e8025a4289630319dc63796e41718e0eae21fffc8f025a0a51825,2025-04-21T20:48:41.270000 -CVE-2025-30720,0,0,abf5635f797042efad8bb697933f1423e667d989a7cafdf71e570009b2139c45,2025-04-16T13:25:37.340000 +CVE-2025-30720,0,1,13c6aa7f7ec128214b71f46b647d4934976c5298dde760774a00515320adcc05,2025-06-27T16:04:52.240000 CVE-2025-30721,0,0,b236f78e5258404dc89a9a742cb2d840bb0a214355a80b7584f58c4a796dd753,2025-06-23T17:54:26.630000 -CVE-2025-30722,0,0,d35cc7d93759fa520308fb04a5cac95b086be1d818c00c0c3566ab5bf20dddc0,2025-04-19T01:15:45.090000 +CVE-2025-30722,0,1,32096f6391f4f8f5fd51d0d62ebaf01919b986101111e3f81e48b7a3d0883e83,2025-06-27T16:03:10.617000 CVE-2025-30723,0,0,f3ce0f8907ce557eebb1d9efe4010f18e1d0083692563d13901adba136d7fc9f,2025-05-21T19:45:51.613000 CVE-2025-30724,0,0,73e3779855f4c0ce56cb272c82dc73f4c24758d0a2b43f9070f538c2a0b6afda,2025-04-21T19:55:24.077000 CVE-2025-30725,0,0,5b36fb2ba9ab0dbf9cb63bf21314aeb877f7e046010af4dd9aa8933b4c2672ca,2025-04-21T19:55:50 @@ -291621,7 +291669,7 @@ CVE-2025-30732,0,0,9eb227d8278ca3e8800f9d9bed67d31afdb37e86a7e0328769b6a12fb68cf CVE-2025-30733,0,0,fa01d15beed514de3551fafd2ddefc4944d7c145a7eed564365e468a7beb5989,2025-05-19T14:15:24.187000 CVE-2025-30735,0,0,6bac10212874028a98fefa6c7b9c51190042ddc50f191828fdfca5a244b45d99,2025-04-21T19:16:40.527000 CVE-2025-30736,0,0,f363c68af747af41045faa709765d08bb356abac52c2bb8a825eacd4b0585e58,2025-04-21T19:16:54.987000 -CVE-2025-30737,0,0,5bc86acdfba00308a1fe44455ebc9c8249de2afe7326b86556cf07a4fa2c3833,2025-04-16T13:25:37.340000 +CVE-2025-30737,0,1,3e49f2ecdf4041e0a62dc4c493b76d1f2b083964784171dd936606a6784ab0be,2025-06-27T15:57:53.103000 CVE-2025-3074,0,0,d69ef3f25f99151a78aec61757586e7933094482b036c8ca2d58b4730d248027,2025-04-21T20:49:26.853000 CVE-2025-30740,0,0,c1996fd4f11ae45fb45e60e2a09090c033caf9e010b7aa14d0c4e920a51d9467,2025-04-21T19:17:51.487000 CVE-2025-30741,0,0,a7ba724d5523a4cf0c1b38678a2ee1b0c99bfb24f80e0249782577c8771159ad,2025-03-27T16:45:46.410000 @@ -291839,6 +291887,7 @@ CVE-2025-30968,0,0,4942f6133733c0ddce430f0d6dc938c90008237c0010d8b395295fc1dc006 CVE-2025-3097,0,0,a56f46f6ab586feb1d3c504e3ae22e548d2acd2889f7f29233e79a32e7240220,2025-04-02T14:58:07.527000 CVE-2025-30970,0,0,0383c09158983a94697a54299bf3565b5884c0a46522c56908d558692c246209,2025-04-16T13:25:37.340000 CVE-2025-30971,0,0,bdaa81d5f90f891b35dfd2da44198cf771c61350682b9305a17f8bc2d53e966d,2025-04-01T20:26:11.547000 +CVE-2025-30972,1,1,4e4cc2db5e07ca3cebdfaf7f18cfae85f89520fe413e963dcceb84b1ad1d0367,2025-06-27T12:15:35.073000 CVE-2025-30974,0,0,270ff5ae321eaf381312745d2453ca8ba421e2c52150d2c2759071c771de910d,2025-06-06T14:06:58.193000 CVE-2025-30976,0,0,e305772f271bf5b9639627a467b70709bf0677558a54adb084f239e6182fb20a,2025-06-06T14:06:58.193000 CVE-2025-30977,0,0,0f384b592ea7d49d38cf172ba61071dd2f79b1646bf53550bc464c43bf7983b5,2025-06-06T14:06:58.193000 @@ -291856,6 +291905,7 @@ CVE-2025-30989,0,0,f4c6fe15be31d7920318067cf3efac06086078422a7fd774f7af0404eee6b CVE-2025-3099,0,0,8b5b94044c5b312a61081eb6466602886f5edc420174286cf66115736f8de591,2025-04-02T14:58:07.527000 CVE-2025-30990,0,0,bc20a697a44ebb291e68137290fbf14f5126715b241c976deca618ed994e463d,2025-06-06T14:06:58.193000 CVE-2025-30991,0,0,cd15d3530a4fdc230e6a2248d46908f47ee8d626a5d2fedd52e3edb51f2fdf05,2025-06-06T14:06:58.193000 +CVE-2025-30992,1,1,9b91d541e618135b2b8fe264eb5c741fb6663561d135de3a0e02a79cba3ae4da,2025-06-27T12:15:35.260000 CVE-2025-30994,0,0,6f5ee9600589ff1de5f3dcc2f5f33b2aee44dc66a029652a93e6557edca7e80b,2025-06-06T14:06:58.193000 CVE-2025-30995,0,0,b5c6b8ecb50d52195d095fe3d5c375fc25c45ae7830e7422c91934581e6a6ad5,2025-06-06T14:06:58.193000 CVE-2025-30997,0,0,c559729833e132731b6a5caee9c5b0719b29a2eef0ea77266409fe14c38d01ff,2025-06-06T14:06:58.193000 @@ -291923,6 +291973,7 @@ CVE-2025-31063,0,0,be9751fa8856dcb655215b1c0c605485498375e33bf37c7975c1f55c8d0ac CVE-2025-31064,0,0,4d930332b9fb6c7b8a1e44ca5119b76fea2f8237189f8ce394559d7db087a22d,2025-05-23T15:54:42.643000 CVE-2025-31065,0,0,37e21d8e20b2423c5c7cf0224a0d29f05db64ddce7d087324682188c3a9667a9,2025-05-19T13:35:50.497000 CVE-2025-31066,0,0,036b2d27adeb2459465bf225feee79cec2f870b4c18bfde4d9eade318408c7b2,2025-05-19T13:35:50.497000 +CVE-2025-31067,1,1,1cd19a10f3bdc81a4bbde2d3299774a7cf5421576fd85ab5215efff3c81afcc2,2025-06-27T12:15:35.447000 CVE-2025-31068,0,0,df5884ecb139c520ec13ec8c91f3e8fe42bb76ad6f188fb4e63605090734b004,2025-05-19T13:35:50.497000 CVE-2025-31069,0,0,907335e8b1578216f43b055ef31369148e6f03073fb2847f688f14a104849949,2025-05-23T15:54:42.643000 CVE-2025-3107,0,0,6976ad91f9d9e97a90ece385a7c26fd8ad8b769641113c923f75abc846f967d7,2025-05-13T19:35:18.080000 @@ -292199,6 +292250,7 @@ CVE-2025-31421,0,0,7e33fda4666889d6391294873e088571cbaa504e495b35bac6915192a2dd8 CVE-2025-31423,0,0,a55e32bc40db484fc9913b8823ac397a77ec9501d03bf76356489dfa77a92eb3,2025-05-23T15:54:42.643000 CVE-2025-31424,0,0,677aa746fbd92c536e3c66a52eaebd81bb69fe4a644ac33e60cc2e7cbe8c87c2,2025-06-12T16:06:47.857000 CVE-2025-31426,0,0,06ef49e9b7c89bfc85a09393847423b84859f39a5af1eb2e06b3300f58ba2e56,2025-06-12T16:06:47.857000 +CVE-2025-31428,1,1,0e17ad358ed37e2a2905fd9f18167298bd60d20dfd7e9cbf3b33c2584e835f19,2025-06-27T12:15:35.643000 CVE-2025-31429,0,0,8627dcda64b12ccfe655871c9338e93651b27e9a99ce5e3dfd5ed73930d915d2,2025-06-12T16:06:47.857000 CVE-2025-3143,0,0,0d12bd465535fc01b21d2fafc9f08653aefeba4bc2621612339ffe2e350cc35c,2025-05-14T21:06:29.300000 CVE-2025-31430,0,0,d908a2efe04e8c81ec0f7951d988fd6ab32765bd61024b0c47d35989cc539a05,2025-05-23T15:54:42.643000 @@ -292922,7 +292974,7 @@ CVE-2025-32250,0,0,5b65026d5b7900354f67df291c93dfbcf40a31e291957b7b2b193e0f08a73 CVE-2025-32251,0,0,db9e83682192d1c9ea6c6eb3ac5a5992ef43dadbd98f75e240c797354c7129f6,2025-04-07T14:18:15.560000 CVE-2025-32252,0,0,00dd1f6e7f173ba4ff86679e2c6bc51fcd619cdfd9d0c4d1e5a69ec083c8b123,2025-04-07T14:18:15.560000 CVE-2025-32253,0,0,3311e9bc9294781f2008f8b116861a2f16d4abaf10099b41ed2f2dbbb6633afa,2025-04-07T14:18:15.560000 -CVE-2025-32254,0,0,ab70eb013abf2b5ee36e61cf45f9c32770cd106bbdb873c1a602dacf7c535a2d,2025-06-09T16:53:01.463000 +CVE-2025-32254,0,1,ed1894521300eec5e4a3133e698f7fbd3d2b69cba65b8177383b20e08a89b0c0,2025-06-27T17:39:06.673000 CVE-2025-32255,0,0,9d8f3638dee293cb3c08fabd20cdcf55a71cfeac9287460a23b40d3e29f8f979,2025-04-07T14:18:15.560000 CVE-2025-32256,0,0,0c12360eaf50a3f0897df626a3ae786b0223754319d73596c006152e378ec308,2025-04-07T14:18:15.560000 CVE-2025-32257,0,0,f9521ce3ab4477aceb6e76fe6cc87b2f944d0591e7dcafd4d04864969e57878c,2025-04-07T14:18:15.560000 @@ -292951,6 +293003,7 @@ CVE-2025-32278,0,0,211d6ed6ada58eb335634d812d6f25038c2a3c7f1bf1fde12b2879747a714 CVE-2025-32279,0,0,c8621d6c038bd552e5f86ac94833c9e696ca47f07d059658ea9fd536b7f0199a,2025-04-08T18:13:53.347000 CVE-2025-3228,0,0,cc93f627d02e5ee519dcf513620682a407185b50ce05e8f8aa8ca75b06e007c6,2025-06-23T20:16:40.143000 CVE-2025-32280,0,0,51a846a5a42c043aab0e6fac915214336a31c77ee73a0ba45d8879819031b4bd,2025-04-09T16:24:47.373000 +CVE-2025-32281,1,1,aa5334a32ca833cafeec3e932cc1a0e54978d8005ad611f4326af882e649e5cf,2025-06-27T12:15:35.850000 CVE-2025-32282,0,0,4c53220555eedeae13ce6f318e3c3f0db70bd45e8d4e3f3e7970ecccd4879e13,2025-04-11T15:39:52.920000 CVE-2025-32284,0,0,c6c409bf78de0be6dacf6f02b11afe1875b860843882ef4088c29e36571e2681,2025-05-23T15:54:42.643000 CVE-2025-32285,0,0,a4220f34e85774d9d813e1f3540215c861be5c9d5d52c32a399fabdc3e2e16c8,2025-05-23T15:54:42.643000 @@ -292965,6 +293018,7 @@ CVE-2025-32293,0,0,9a78105b18f8a0c6c5de1f8fe7dabe6d94082dabce45b1c06d974558f6494 CVE-2025-32294,0,0,9398a189e417d8f1d02011e09df57d4ffe10a67d2827545633f1e29d8a0f8f0c,2025-05-23T15:54:42.643000 CVE-2025-32295,0,0,53c433306ea7dc97c36184a382b23df1b7d58def930436bb6fff2c7acee5a45e,2025-05-19T13:35:50.497000 CVE-2025-32296,0,0,55e4b32b240a3fefbe017324691d07e50cbce68d67ba40dfedaf61401ab7943b,2025-05-19T13:35:50.497000 +CVE-2025-32298,1,1,ea33625d02c003ba51e56d7b6bec5901be3f679bfb3bade26471405550551d2d,2025-06-27T12:15:36.060000 CVE-2025-32299,0,0,49c4147c6d2449192d55c98739bc9eec8c1be87420b29ae76c69f17ee126a9c1,2025-05-19T13:35:50.497000 CVE-2025-3230,0,0,d3629a3e2161163bd15af1432474f4fcf2513cb10a5452b9803677814dc453de,2025-05-30T16:31:03.107000 CVE-2025-32301,0,0,52135e6aca642aca8fa3971eadef3fc4c2f67fc19715effb0157897b8f5f6d1c,2025-05-19T13:35:50.497000 @@ -293007,7 +293061,7 @@ CVE-2025-32380,0,0,c8e502ca2a1d7848aa29488649458187bb1c1a319841e66316c941fb4f151 CVE-2025-32381,0,0,9a021bccb8055e9ac06ab545154eb07d7cb170bef3ba75a0a61768987e904be0,2025-04-09T20:02:41.860000 CVE-2025-32382,0,0,500e2233bfdde4ca81f1cd7422b1483ead79a7537a8327f54eb95ab0c00c34d0,2025-04-11T15:39:52.920000 CVE-2025-32383,0,0,0af06fa6169ce711a7266c3fcbd3f7c3bdf408f8bfe0c4ec49d8139c73ec676b,2025-04-11T15:39:52.920000 -CVE-2025-32385,0,0,871cc088ecb38998563a7e6abdf2496fab6f587a5dc58dfbfe2dce7b9fa8499a,2025-04-16T13:25:37.340000 +CVE-2025-32385,0,1,0df820a34d98872ae3857ea8866fc3db17eca64ac0d2167492166d3bff3cd322,2025-06-27T15:51:15.417000 CVE-2025-32386,0,0,35fa478ec866097c61376bec0ef1c1b1fc66dbd01bb69c1c6b6e024f68419ecd,2025-04-11T15:40:10.277000 CVE-2025-32387,0,0,d79aab09e55ea3579243a6297cec6b2889716102a81419246cfea55d51fc569c,2025-04-11T15:40:10.277000 CVE-2025-32388,0,0,5761246ce985a7eafedebc4f0456afdc6153971f351241992f6fe04253859380,2025-04-16T13:25:37.340000 @@ -293377,7 +293431,7 @@ CVE-2025-32782,0,0,ea3e82903e807a520de4c91c10f7d08fd70839175e235aa475d1b12f4a8b1 CVE-2025-32783,0,0,4027bdb576fbefefd69801d71dffe5732fc72b2eb57e330484f01b9f44e4bc50,2025-04-30T15:56:09.633000 CVE-2025-32784,0,0,f07e1bae891c8076c2e74beba24dfa0a792bdc8c6b542f23984d9697f06bd191,2025-04-16T13:25:37.340000 CVE-2025-32787,0,0,8a246667f42b8c93bdf6ea46fc5b0e98103cc9f313dbb1cf2d73b44e0183e974,2025-04-17T20:21:48.243000 -CVE-2025-32788,0,0,cebc5cd0039e46d666bc72b974aa2129ecda5527e4c21f72222322773942a165,2025-04-23T14:08:13.383000 +CVE-2025-32788,0,1,8c0b479d6352e75b6a5b687186a2dbbb76826c53be3245a9e0027282d09b8764,2025-06-27T15:40:23.867000 CVE-2025-32789,0,0,15497d5966ffa6957462c2b50b8826e589c0a55241d8772e97d18438454b376f,2025-06-18T13:08:03.067000 CVE-2025-3279,0,0,063460257446f5b0ff36e5be44afcbd793b5428938d25a5f43c92f30677ae5f9,2025-06-26T18:57:43.670000 CVE-2025-32790,0,0,ad704aba084f587745e00b79fe34454c0424370ee4217d2aeeeb26c85bddfc96,2025-06-19T00:36:04.717000 @@ -293484,6 +293538,7 @@ CVE-2025-32889,0,0,1758151af4b145b593cac5bce0174518afb9f62175456015713f13270f9e4 CVE-2025-3289,0,0,2dce3ef8eb88e8d6d3c6bdcdd7b6d448658ce48e819de5faca8e16dde3fc5df6,2025-04-08T18:13:53.347000 CVE-2025-32890,0,0,f2c41c451f0f9806b1ea692a8d179705ea340cd405232ede792930108ac7f581,2025-06-20T16:28:33.357000 CVE-2025-32896,0,0,dbfbc7924e8ba4745e61a6194439a531988d3ba9592f604f77799bc3cdf2b49d,2025-06-23T20:16:59.783000 +CVE-2025-32897,1,1,2cfeadc3208e6055a7882b0e72566da490f7f14c2bfaa9166965d9bbaf9015b6,2025-06-28T19:15:21.917000 CVE-2025-32906,0,0,ed269622d928bd2aa475c3656dbb221e908c6bab45b25018cc828ee7bd119edc,2025-06-17T12:15:24.950000 CVE-2025-32907,0,0,213f7e42abba53cbe091599b6e08ac02e165cca9f4b70fa3a4b5acdea9942c00,2025-05-29T07:15:24.333000 CVE-2025-32908,0,0,d04d5cbb3961125d5a394946a9211c5953b759f1c35584196afe4caf2db9d0fd,2025-05-13T21:16:14.597000 @@ -293858,9 +293913,9 @@ CVE-2025-3527,0,0,05deae287ffcef21351ef18cde41e4a9979d8d697532bc7167589a17ec18c6 CVE-2025-3528,0,0,7fc06d9e22fe034153acc196e6a094bc79ea372e7575b66f5507d6771a68b368,2025-05-12T17:32:32.760000 CVE-2025-3529,0,0,6644439b76d19892b1d8bc457a3082e6b3f827c749b34bc0f6fc88082e3eb922,2025-04-23T14:08:13.383000 CVE-2025-3530,0,0,94c8f0b62334b42e9be0343658daa413979dfaca8e91bd71547c38ef21a88cbb,2025-04-23T14:08:13.383000 -CVE-2025-3531,0,0,a1decdd234168eb76bc68bc5b83f3982cca53fa01cc6afb6bd923d1aa0236709,2025-04-15T18:39:27.967000 -CVE-2025-3532,0,0,a2f5d1e1aeeff6c317e31a6e6d9145846fef7ec6ec6973517901d1a73b613717,2025-04-15T18:39:27.967000 -CVE-2025-3533,0,0,0517ee64c7ed259e758d3f181da415a253b558981950122d1448e5774aae3999,2025-04-15T18:39:27.967000 +CVE-2025-3531,0,1,d33805d076fd5c90bbe4802f27a0b6a7fde1e72ccbc3635259106467306ab595,2025-06-27T12:38:40.727000 +CVE-2025-3532,0,1,d70e8bcbcb3c1709d656bf1a18876bc8d01feac88f3c957bc6c8675f165b4bb4,2025-06-27T12:37:44.880000 +CVE-2025-3533,0,1,373c76f4c7dc372d0db14a5f5b99ac9fa7f5d2750f726013df81efe44d8d5027,2025-06-27T12:18:44.910000 CVE-2025-3534,0,0,2272ee5251cae38598be241c56971c979c5200bb3e067a8d10aed0694d3aed07,2025-04-15T18:39:27.967000 CVE-2025-3535,0,0,f999a89f76aec7b751bc0506d7eea783fe36cff05bacd7f9284f3dd0ef46110d,2025-04-15T18:39:27.967000 CVE-2025-3536,0,0,47374e886ed77e1f30c8dfe7ae7747514b22ea59a630aca3bcd1d366a1b4fa5c,2025-06-05T19:26:38.817000 @@ -293937,6 +293992,8 @@ CVE-2025-3600,0,0,7cb206206065fd210a153f067dfc260287fb233b025f8a59e4c30ab1efc7f6 CVE-2025-36004,0,0,0a01f92ec8ed981f105aaa2da46bf8f144b50e5b88bce227ac7752c1ea333d5a,2025-06-26T18:58:14.280000 CVE-2025-36016,0,0,af37919821fdd574b942ee9d20d1ecfb430b58097892e9a643523ecf7010f2dd,2025-06-23T20:16:21.633000 CVE-2025-3602,0,0,9dae34871a5aa21ddbebfa01b8417ba4c26394066febdada550c394e6505596c,2025-06-17T20:50:23.507000 +CVE-2025-36026,1,1,5655459ec30cddaf1b901bb51fab05a797f5974d13b1b47f1683ee450417ff43,2025-06-28T01:15:25.153000 +CVE-2025-36027,1,1,75aa3ccd5a68ddeb92f6cbd9969bad912a2a3a33714afcc010afe0ccb8ba8c55,2025-06-28T01:15:25.343000 CVE-2025-3603,0,0,8fc219493265409dea0354ed582a157fa1e4783601045e446f4ea74d7c8f20d5,2025-04-29T13:52:47.470000 CVE-2025-36034,0,0,5f80e07bb6b6aa33326dfbddb0719aec9c1bd787d83fbe31e1057c24f1dca868,2025-06-26T18:57:43.670000 CVE-2025-36038,0,0,69f5fd3e4201273cba0430f9128c4aa6d52d10299a08efd70de0ef7f659c2821,2025-06-26T18:57:43.670000 @@ -293990,6 +294047,7 @@ CVE-2025-36521,0,0,76dbe5c9e005eebc45d03f4e270884a68d88e62c1e707e433be80dfc20224 CVE-2025-36525,0,0,304058dc6057ec0d8f22d43f92f7c943e71e5e18bc158b199ea34013a3ed45ac,2025-05-08T14:39:09.683000 CVE-2025-36527,0,0,760bc907999d36f8a046dc03eb19c07cc3891fbdfc35cb8c53858aa720a6ac60,2025-06-16T15:15:28.320000 CVE-2025-36528,0,0,8cc5e94db4f898b6df57b60f4eabfb85cbf2d0b38d981f1163ef01852ec4f727,2025-06-16T15:14:39.797000 +CVE-2025-36529,1,1,8af4a71b0e62dc0f2847d94576321f765c11fbe819504f69a2a42f4e6b5a85c3,2025-06-27T06:15:24.587000 CVE-2025-36535,0,0,c9bb02422d586f784be4fd92873208eebb00e7be6f50c78d2e7b7d5656e18b71,2025-05-21T20:24:58.133000 CVE-2025-36537,0,0,fc5a08fdfa77d0aeb87f05a014617c8ee5a221c302cbc25a3d0850b6d16caa92,2025-06-26T18:58:14.280000 CVE-2025-36539,0,0,c0894e36c5a4bf5ae06107887e6e7bc4869da6fc581815f366cc900be9ce130c,2025-06-16T12:32:18.840000 @@ -294007,6 +294065,7 @@ CVE-2025-36577,0,0,6243bfe1d2369f618db6592da5441f8430c30d96eac3ffb12a15d36f1e385 CVE-2025-36578,0,0,af01e7c4648495e715ac9877b737ce2d64f63a484af5efdc6899b701c5fa231e,2025-06-12T16:06:29.520000 CVE-2025-36580,0,0,35f4a0a540c67da9afd60127d5baff68fbdbab9f0e61d0af87b9f8823c7e015b,2025-06-12T16:06:29.520000 CVE-2025-3659,0,0,039e45884228ee6931146a26d674c81218c137b52a98fba4b25ba26a78f9ee4c,2025-05-13T19:35:25.503000 +CVE-2025-36595,1,1,7c97e6d1f3c6b1d553ab676fb16eaa8c2c30ad4078589094860f3f0b35360d59,2025-06-27T14:15:36.517000 CVE-2025-3661,0,0,dd52ef0b5adcc429dab993fa8b0a07866db488604856f931ffdf953b111b0450,2025-04-21T14:23:45.950000 CVE-2025-3662,0,0,3e1dd0745f4aafb27713ee2b3d9daccf1be19770e4b95d3787e2f2ca8d2c3c07,2025-06-05T14:09:58.017000 CVE-2025-36625,0,0,45de53deee0dce100ce8c109fcd29d898f18f9e0ae3fd1f38ff75bfff7ae47fe,2025-04-21T14:23:45.950000 @@ -294046,7 +294105,7 @@ CVE-2025-3694,0,0,1283a918047c9f6e22f9aa3f4b011f182a05bec0513767c10b421df04d393e CVE-2025-3696,0,0,7fdb9b0cabe429a7d591b9514cc5a2b8602875f81b912338d2415db3302af172,2025-05-14T21:04:53.343000 CVE-2025-3697,0,0,016a36f864524accbafaf295ad97be566b6d7d71f4f9f5814923e821cb7e35f1,2025-05-14T21:05:11.930000 CVE-2025-3698,0,0,3410d174ae31c43abb68f418121b89dca3911c4e48575a9281b05507afa201de,2025-04-23T16:25:56.830000 -CVE-2025-3699,1,1,cd14a6619f6ff96fb27ce08996e082af4b73e39cdc078e2faac870a261f64242,2025-06-26T23:15:22.177000 +CVE-2025-3699,0,1,b72aa0160222d6ad49d8aebef5c5e6f776eca66f2968df45d17632d3e80c5dda,2025-06-27T10:15:26.300000 CVE-2025-3704,0,0,fa4a3eb7f97cc05cb29111ef6884110e54a213e5cd6aeb5d02530af4ecd14db2,2025-05-28T15:01:30.720000 CVE-2025-3706,0,0,af36967002cae35edc22a037b5e4639098ca61a00f66dc40237f6cb847234a6c,2025-04-29T13:52:10.697000 CVE-2025-3707,0,0,19f2a3789a7c8f868baebd7065af2264b477a736f48157fc6f27b30ec7dd06ec,2025-05-07T16:50:32.967000 @@ -294089,6 +294148,7 @@ CVE-2025-3739,0,0,c20f4aca2c0a8df0588a76c17e3004096c75325e3c3bf21ce4a7604371a82b CVE-2025-3742,0,0,aaf7851ce53d110895e8265735e7eec8e2dbf1d4b7f6a6990a4c43b467223934,2025-06-04T16:25:29.643000 CVE-2025-3743,0,0,e4b0fc5c53e1bd6e1e419c4ccb097ac3bed2922baecd6ca0a82e08283400199b,2025-04-29T13:52:28.490000 CVE-2025-3744,0,0,3f73082b9469ff058968c99eb56071f754893aafb95f1532497931c7d3ca6eee,2025-05-15T16:45:32.517000 +CVE-2025-3745,1,1,1a0856c9881c49e6ab7edf124540adeee6d9343cceafe8f22fd7267ea59ea8eb,2025-06-30T06:15:27.593000 CVE-2025-3746,0,0,a86a651df3282f85719d4a575f858bc382b89f41f2a44ddb9edbfecb08dfd910,2025-05-02T13:52:51.693000 CVE-2025-3748,0,0,f656b45b9de08724a85050ecaaed385b8f387fc0302b2168ae266799199d4f28,2025-05-06T15:19:46.247000 CVE-2025-3749,0,0,14aaad335c014cbeccb261defa731183a6eb2ae9c2ac67520874b6a4993af798,2025-04-29T13:52:28.490000 @@ -294128,7 +294188,7 @@ CVE-2025-37749,0,0,cdb4ed3939550757c77ebf4321a2d3f9befc7b71c74b90ba3fd2f22a17b90 CVE-2025-3775,0,0,20bc664b0f69129d68331aeb5d33b9dfe8093b6db4e47568c03fcca515e2ea9e,2025-04-29T13:52:28.490000 CVE-2025-37750,0,0,49268ba90a4a34d6ac91596d984a2652525914dd92ab0ff6a2075f46e1bd37f1,2025-05-02T13:53:20.943000 CVE-2025-37751,0,0,2280e48a65f4e4ae5422bf8d0dde7c0645d583d02ac85ecf2649d4036b6cdbd8,2025-05-02T13:53:20.943000 -CVE-2025-37752,0,0,e7711e327801f287ae50960f7add3ec565c91ae4d0f9c6ff66501a2e0d715499,2025-05-02T13:53:20.943000 +CVE-2025-37752,0,1,a13219ffba2c8bf55647b2491c1e80ca6d2697e53efc98cc53a1e0364166774e,2025-06-27T11:15:24.693000 CVE-2025-37753,0,0,275b17ead1fac547bb7e5ee57adb2671274d01c84b04679072eb78ce97c1d644,2025-05-26T11:15:24.393000 CVE-2025-37754,0,0,bee41ba6c0da3399894540f1dbd603d49e106e6c623af57facf90d0789b2410b,2025-05-02T13:53:20.943000 CVE-2025-37755,0,0,8ac47e934f25f6e933d743f694ffc1189c4424aa6d8b7c885be18aa976ffe0f9,2025-05-02T13:53:20.943000 @@ -294318,7 +294378,7 @@ CVE-2025-37925,0,0,f9576aed7c518b4f5aed7f76e7af003aca63baedaee9d9ef54d00e1623484 CVE-2025-37926,0,0,0db68f314498f5ce3030e6ed36c29158ffd0c1c682538766b07862045049da78,2025-05-21T20:25:16.407000 CVE-2025-37927,0,0,672441108a2edbb0440eb11102b0fd4d5a526f7acc04867ad6e92e941483aa30,2025-06-04T13:15:26.970000 CVE-2025-37928,0,0,d8ac99563646ec7da9bdb178b0de5755dfecc7abcd2cf9e3aa153e0eaef42879,2025-05-21T20:25:16.407000 -CVE-2025-37929,0,0,70ef1abd670144c0539d8d2e83064f1b02315e3557933bd631249dea78262049,2025-05-21T20:25:16.407000 +CVE-2025-37929,0,1,233a42c03d9fc67c2e3938241b0c1bdb6f106f292dc78f92d1aba343f4cb0c71,2025-06-27T11:15:24.827000 CVE-2025-3793,0,0,3fbdfdae3ba2312385d1e55e1013c3bba14ef84080933b19af3e5f161d0c534e,2025-04-29T13:52:47.470000 CVE-2025-37930,0,0,a71c4531278bedb85da54e4d54566b10d2dfe62854843f9ab9b07cd86363e648,2025-06-04T13:15:27.087000 CVE-2025-37931,0,0,014de349b476a30edaee40d5b8f26a30278ec2b5798290d6c384bd353256f410,2025-05-21T20:25:16.407000 @@ -294339,7 +294399,7 @@ CVE-2025-37944,0,0,8eac172e5d28aafab850bb7610c6a7f5e4f4d6dfc8c00cca53ab64c88530a CVE-2025-37945,0,0,5e8404902bfb92e4ab915987778a98c7cc4ea7aa145324cfccd5caa79cc92e1e,2025-05-21T20:24:58.133000 CVE-2025-37946,0,0,8fb31f11d448e88aa233be66096b812a67e07de7585a485a90fc6530edbc9122,2025-05-21T20:24:58.133000 CVE-2025-37947,0,0,0e7060e1dfc725875c5c6a697df71c440b65488418c3ebc515395f22996575d8,2025-05-21T20:24:58.133000 -CVE-2025-37948,0,0,a7eb8c602eca8711c4f74e1ef92c559bb0a071e57c88693866be24671f03b5bc,2025-05-21T20:24:58.133000 +CVE-2025-37948,0,1,c471e5c7e249fd47cb1cb1e6ecb0b344d789223789f8d9d5e4f6a82c00f487c3,2025-06-27T11:15:24.947000 CVE-2025-37949,0,0,6781a543704e9c013f18da825905061806d97ec67924a9c9ebcb6596075df88c,2025-06-04T13:15:27.320000 CVE-2025-3795,0,0,cfb24d96a08fb1db282b05eac25f26880a35f952bb65bbd68b5a1ac5682f0bd6,2025-06-23T19:49:33.320000 CVE-2025-37950,0,0,7dd34153c93b256b4603b83fe921bd259fcb53bbfd822ed55f05670c1a551689,2025-05-21T20:24:58.133000 @@ -294350,13 +294410,13 @@ CVE-2025-37954,0,0,c8304842483255c84056910b5f41e9fefcdb60675fe160363df0dde6a3322 CVE-2025-37955,0,0,16b831f7b5b17e72654b35ebec9fb3e64c8140d878682a27805610895061fa5e,2025-05-21T20:24:58.133000 CVE-2025-37956,0,0,59f25ce65fedcad266851257ed4310cb62aa89d15e82a2b7edca1bd1be257fdd,2025-05-21T20:24:58.133000 CVE-2025-37957,0,0,c9a4624a8b6af051b01f96d3bd4ef29e338cf21d78918e3d48019a1e7793432f,2025-05-22T13:15:55.897000 -CVE-2025-37958,0,0,1a36c2bae5363cfdcf58d4ae99dbad14f534723a250d8d06f5f13b2379668506,2025-05-21T20:24:58.133000 +CVE-2025-37958,0,1,63f125e72c25cdc972d865b54405434e27f5d8a1e2a533ecfcfd4060ab16b74e,2025-06-27T11:15:25.057000 CVE-2025-37959,0,0,b1be55939ada3c954385a963a4c30458444b178e9b1d5e6d665cc1b32f5024ac,2025-05-21T20:24:58.133000 CVE-2025-3796,0,0,46980b990e95570c2007f7fd087add80241a773729e5fb091bc01e676a7ab20a,2025-05-28T15:51:05.293000 CVE-2025-37960,0,0,8935a3142c7d78a16e8e214ff7b1e7ceeb183b0eacf7e38d04abf010f6571059,2025-05-22T13:15:56.003000 CVE-2025-37961,0,0,e700865619a0d04cf29051c73f87eddb84ee8786bbe17439ce17406fa9f4e4b6,2025-05-21T20:24:58.133000 CVE-2025-37962,0,0,605944225a5773ad6571feeb5578831395f78bbc509d48b54a2bb49e4d8bf166,2025-05-21T20:24:58.133000 -CVE-2025-37963,0,0,4238278c4f614ee056a34be6f6c45a0a1f8c5a7d2dd3881347f8a0ff76632213,2025-05-21T20:24:58.133000 +CVE-2025-37963,0,1,f280f0154c28f4f0c0bedd8b17048356bf9f5fd15f071aa13eb0da95ecb946cd,2025-06-27T11:15:25.160000 CVE-2025-37964,0,0,f27b42049e9fd15fcfe7eecaf8278336bcede9ed885241643712af5a2dcc56f4,2025-05-21T20:24:58.133000 CVE-2025-37965,0,0,611e088d3be8c9e054c909e6d461516531481b516ac1ae832b3fabc5bd340656,2025-05-21T20:24:58.133000 CVE-2025-37966,0,0,5c8084ef4b16dd32444c0e83039a9c9a7f5e76822662eef8063d1e5943442e73,2025-05-21T20:24:58.133000 @@ -294488,11 +294548,18 @@ CVE-2025-3808,0,0,c9d9b38c3b98d0e004f3d362b1c7affeec1437a2f1dff864304e4ff67e8ee1 CVE-2025-38080,0,0,e00e96fa173f4982c0f68473198cf4b255f45cca4e7210641334f9df42962a1a,2025-06-18T13:46:52.973000 CVE-2025-38081,0,0,510cb4d9f47dcfb17b58f7c2e83ccf68290c19ee4b91dac241315d78f17312cd,2025-06-18T13:46:52.973000 CVE-2025-38082,0,0,aaafb161848f298937b6a47f65e2883d0867c50015d2e09e42baef5b672cffaa,2025-06-18T13:46:52.973000 -CVE-2025-38083,0,0,73402995c0904a4b7b03d7090e64cfd6f502ceb192fe317b082df1d0fc65a4c8,2025-06-23T20:16:40.143000 +CVE-2025-38083,0,1,3534e9c58db1ef79ae221087e3ae0954eeafbf4827f362f163cdbbf772f5dcd6,2025-06-27T11:15:25.267000 +CVE-2025-38084,1,1,feac010bc89c7c06766bd5ff328a8dd9a28c35211912f16a122557bde8a1ff59,2025-06-28T08:15:23.970000 +CVE-2025-38085,1,1,70280add38ac562c52715e195f96d1a3a1b3073171b8f3073e9f6aff31d07712,2025-06-28T08:15:24.843000 +CVE-2025-38086,1,1,15ec27807607bf61102f48a36aea742b9b3acde07b38772ec1d71f2b87ea7441,2025-06-28T08:15:24.997000 +CVE-2025-38087,1,1,fad320f4444927bc0bf47777f746bab6ff0206060610de4bef50fa938d9a91d7,2025-06-30T08:15:22.607000 +CVE-2025-38088,1,1,2c8555356b6df8bcbd51858305cfdd0a11c6faeca3af943955082e27d180cc04,2025-06-30T08:15:23.470000 +CVE-2025-38089,1,1,4ec644ccfa67c2676b8e30999d215ede494bccbbcd76ef8df9be052dd4576016,2025-06-30T08:15:23.590000 CVE-2025-3809,0,0,b0f7ce143ffe6fc36f9bbc17873d1316b0e5d9337b65e2cd57e88fbec5f74a76,2025-04-21T14:23:45.950000 -CVE-2025-3810,0,0,969f6ac87070c4164f54ddbb008c2e0ea10a92995f12f2bba35fa71773ee21b8,2025-05-21T14:39:49.083000 +CVE-2025-38090,1,1,bba02370ea96c656d27bdd1e3129b102a7a0a640f153622a14bffb2e38cf7f58,2025-06-30T08:15:23.707000 +CVE-2025-3810,0,1,c09636d61adf0ea2e7e3abe190febe3e38531dd71134cb03c3ac4cb7c56d634d,2025-06-27T17:39:17.577000 CVE-2025-38104,0,0,95fa066b9b297f0f71658bda9667ee4683e7719a8295e0ac6102597f6b2d67e5,2025-04-21T14:23:45.950000 -CVE-2025-3811,0,0,d8e5c197c987fa9a87399054dc44bee083db8a738da2ad57d0bfbdc6a9a31512,2025-05-21T14:08:03.370000 +CVE-2025-3811,0,1,42c8bc37cb79bec823ed73bb03fc4422ed8eea640dadd9c0e84b52f3069662e4,2025-06-27T17:39:22.693000 CVE-2025-3812,0,0,0f66093f84eb06bf3e1833106e7d524992fb03c23cda567c6a3d9deec629a713,2025-05-19T13:35:20.460000 CVE-2025-3813,0,0,2f034211403c409cde138743e01d616b9e22ce2520c6c56d6e239cc129f30c6d,2025-06-02T17:32:17.397000 CVE-2025-3814,0,0,11c279efbeec4fa23a54b22cf013841136b5f0f0ea6d94e898bb584de2240f97,2025-04-23T14:08:13.383000 @@ -294744,14 +294811,17 @@ CVE-2025-39470,0,0,e010fc0801cd6bb4936cb1b65898bdce69bac41af3bf33793e9451cff50a9 CVE-2025-39471,0,0,21ed7a6e1899b30a1a56f084c0c39ef4da03cd3bced83cdf5407e02bb87fb289,2025-04-21T14:23:45.950000 CVE-2025-39472,0,0,bb2f2cb88d690511a4cd39d1b1efb90424abbd9f68741fae65c0ada4798552a8,2025-06-09T13:15:22.357000 CVE-2025-39473,0,0,2ff3a01ad82077d7df867b6a19d016b90c40ef786295af9896c63bca19c18aac,2025-06-12T16:06:47.857000 +CVE-2025-39474,1,1,743b26fe62661587f54438f88978f6a6f253fe4d41a015a19c57db5dab1d10f8,2025-06-27T12:15:36.243000 CVE-2025-39475,0,0,32a5b659afe4d538721756c664ed7a7e24f3a64283f6baeaa96b7cd3a0bed85e,2025-06-12T16:06:47.857000 CVE-2025-39476,0,0,3723c4b08f699d2cbc1541947de3107a0f53bcdf6ee1fe9b6aaa8efeee3bc345,2025-06-12T16:06:47.857000 +CVE-2025-39478,1,1,a239c329fbf2a6f75f458fbdba15d1a9b5fd51766a8018810690ac9d1c091c02,2025-06-27T12:15:36.443000 CVE-2025-39479,0,0,1fd84d4721bb2b7d4fd3976d55d99dd38aacede01aee957dca3f668ae2dc5f2c,2025-06-17T20:50:23.507000 CVE-2025-39480,0,0,339ca3a785b41e56bc901bd68b8ae900170b561cf9584e47581955799fe339b6,2025-05-23T15:54:42.643000 CVE-2025-39481,0,0,ffc38075b9c9e137d0a9f220b07f654268d9b6b192ff077aaa96738d747f33c5,2025-05-21T14:23:08.503000 CVE-2025-39482,0,0,f44ca390a511cc4fa9864ad222a12fd65c81c88e214777e055d5294de44cc742,2025-06-06T21:54:00.823000 CVE-2025-39485,0,0,70335b3403cfdaaf341612abdd2f1cd24b67724d9af1078263285d5edb296bf1,2025-05-23T15:54:42.643000 CVE-2025-39486,0,0,1a5bf0d54b393953a2981b7d722be529e2899f1eb7efd4bc047395019cabf8ac,2025-06-17T20:50:23.507000 +CVE-2025-39488,1,1,45a70bf20845055febba18272939f7bdaec9b648545316f5ef9aadadeee4d6fb,2025-06-27T12:15:36.637000 CVE-2025-39489,0,0,b80eceb8e17f53f167eb1f01a46351e47168a0eeeb436f1c1624f43d9e9a40e7,2025-05-23T15:54:42.643000 CVE-2025-3949,0,0,168e2abe66849b76f108d2275699dc7aa3f34d482497d50c4cedde8b889e7a83,2025-05-12T17:32:32.760000 CVE-2025-39490,0,0,f0d25e79c4e7c5558bc8cb946406ec85778837a0f23ea484a78138e93c7f9ab1,2025-05-23T15:54:42.643000 @@ -295059,6 +295129,10 @@ CVE-2025-40727,0,0,2df5ca63ef8e4109dd8647b45a130fc57acc0369c9ce97676942524e407d7 CVE-2025-40728,0,0,bdb76fd49b6306a75f42baf3d308e3134ca65ae5d1359edce01c72fe50aa6cd7,2025-06-16T12:32:18.840000 CVE-2025-40729,0,0,cdcc0488c7e62a2d0d4e1dec1450866396d878da5f5f173d17e13df908288a60,2025-06-16T12:32:18.840000 CVE-2025-4073,0,0,5b07f84aef869ff97a5846e761decacb25d1866933f52ae6973131cfce282ea0,2025-05-09T13:51:33.337000 +CVE-2025-40731,1,1,91932b349f0b09f7d86784e6e56ff87c26331b2bf7e98b03348980192e2f1643,2025-06-30T09:15:24.450000 +CVE-2025-40732,1,1,2da6161b4862667e4fa8b621a2b601e14b407fa12b98158f3467cfe6f820437d,2025-06-30T09:15:25.567000 +CVE-2025-40733,1,1,7a6dc56a7bebb2eb3b62fc9d1d897c21453063fcca31283b2c83fc78d47deaef,2025-06-30T09:15:25.760000 +CVE-2025-40734,1,1,8897bbc9acf5e98b5e59440f8d98c3f7be6b2463507af88ce38bb1ffcd530abc,2025-06-30T09:15:25.947000 CVE-2025-4074,0,0,67c949a36ba05d695588494a1af59c90dcd6f218e799b578e62cc10508e92154,2025-05-09T13:49:25.337000 CVE-2025-4075,0,0,980439803ac2a564a1211ca7907d1f8cd24fb9992986c85d77b9d15e9738b3a9,2025-05-02T13:53:40.163000 CVE-2025-4076,0,0,15e359152ac3968e95f76736d18611ed85f132cae7da09b8e96a2ab1cfc7b92d,2025-05-02T13:53:40.163000 @@ -295083,6 +295157,7 @@ CVE-2025-40907,0,0,fc8961930804abbdf8c2654bf7455da84377fdb22b765ae2e7c144996003b CVE-2025-40908,0,0,91c9c68cf03ca27da56ba2aec4b379519e7063cfa4c8bc0832dfb5079fdf60af,2025-06-02T17:32:17.397000 CVE-2025-40909,0,0,0168f158a69247acbaffa8dbdbed8b439b77a336030b06418e5511e5db476ff8,2025-06-03T04:15:40.470000 CVE-2025-4091,0,0,798a4cccfe2006913bea941ae05240fec836c7335fe01bd824f887f2a82ba4a5,2025-05-09T19:32:09.470000 +CVE-2025-40910,1,1,a54b33131062eaba9a72c9a995ddc84fecf8575b01784570b023413e61ce3e87,2025-06-27T20:15:23.493000 CVE-2025-40911,0,0,fcf4deedf6cc79e67d521479df45c4b1f5ac81bf8605fcf0e3b318f0c121b089,2025-05-28T15:01:30.720000 CVE-2025-40912,0,0,9ba3f2cd315b774e22eefeae7f50556e7e21969b27b3e56a0182e075b776e0e8,2025-06-12T16:06:20.180000 CVE-2025-40914,0,0,d97f0218886a2196b25d92bce59ddded5460306f920589ecc2b10f196fdbc150,2025-06-12T16:06:20.180000 @@ -295169,6 +295244,7 @@ CVE-2025-41407,0,0,6247b950f0c0166f2230d6a124266ea3a874057920a3c3768debb417b2132 CVE-2025-4141,0,0,7b2e3326ccaf27d38d41c324ef2e3f6ee1e91c0da08a23e7b4e578c8215ac150,2025-05-12T19:40:05.830000 CVE-2025-41413,0,0,e9b31783e06f12055f686f320ec5d71b8b8c60c5af4840883030cae8b5babc52,2025-06-18T13:47:10.020000 CVE-2025-41414,0,0,e15bca7d4059421d15d5cb35dc483cbefc52e8d9cd9f55b31b9d84f79a125499,2025-05-08T14:39:09.683000 +CVE-2025-41418,1,1,381ed25e1492459e5d7f5297d0f87174476c74772fa70fd972488d351fe3d15f,2025-06-27T06:15:26.180000 CVE-2025-4142,0,0,78a1ea715ae46e4bda0a693a8542472224c3dca467cf3911b9ec4f409b46b000,2025-05-12T19:39:50.053000 CVE-2025-41423,0,0,3ae1e637900a2dfc5b6bacaa494e26a0b5d8e1e48accef6073153be61f7a9347,2025-04-29T13:52:47.470000 CVE-2025-41426,0,0,43242131e19ec18f330497e91493c38832fad38a58a843ab859c1d5a86371244,2025-05-21T20:24:58.133000 @@ -295273,12 +295349,12 @@ CVE-2025-4222,0,0,0ac402cc845bab4a30e9252ea588813619c6f19618452a717b52c67067208b CVE-2025-4223,0,0,956f48551f11f91b052ecedb14a153aceab464c078b4bc0b79be148ceb74f438,2025-05-28T14:58:52.920000 CVE-2025-4224,0,0,1207737d79a1e90fb6c077a6a1097540732fecbc5b6d096024f04eb01ab32d8d,2025-06-04T14:54:33.783000 CVE-2025-4226,0,0,553848fc8965850ce01d7354687a65a57c667ad58d4e47460cbb85b0387517fd,2025-05-30T10:15:23.343000 -CVE-2025-4227,0,0,ea1742b41c984d4256b891f5a0a89c911048ac6da225cc090ad7f443f7b97afc,2025-06-16T12:32:18.840000 +CVE-2025-4227,0,1,105b1ca71279e59ed88dc1dfe5842363a5f3015c5289c484dc2e88f2b0bb639f,2025-06-27T16:49:37.187000 CVE-2025-4228,0,0,90c02a591037aa40f9ece4eb659ecae52c5a691b8f4e48310cb273be7c3aa6f3,2025-06-16T12:32:18.840000 CVE-2025-4229,0,0,3bd92ad8c64429307b7c6c36e06712a2c67022ff6d91c7998dc375c0c4c1388a,2025-06-16T12:32:18.840000 CVE-2025-4230,0,0,330f57a6b301dc0a43ed84235888c62032b00c01ef28ec1510f32bcba6cabfec,2025-06-16T12:32:18.840000 CVE-2025-4231,0,0,ae70aeb69774d4aea1837e88f50377238e2d6835a41e3ff8fdf68cca64de2171,2025-06-16T12:32:18.840000 -CVE-2025-4232,0,0,ad6f93a9f12c055931e32a7b79931e31c41dc64f7d3d044b29567155ded9ca18,2025-06-16T12:32:18.840000 +CVE-2025-4232,0,1,d05f6b8ac2e7b8c48b08379a8ee1e5ddacf612f94637a3e1bffb02b1a14e94de,2025-06-27T16:47:32.383000 CVE-2025-4233,0,0,261f5ee076c2b7aa87ec5405182d9289e244da6be5aae3a4af764564fe747d4e,2025-06-16T12:32:18.840000 CVE-2025-4236,0,0,4a998b3d009e2e5b8d6c745dec0a05483fadfb16e9111b778387c6694f340a68,2025-05-16T15:04:03.170000 CVE-2025-4237,0,0,6e9102316b2d9622f5dbc1640c375fa9a5bfea77a1257bb79b559d426c098991,2025-05-16T15:03:54.820000 @@ -295433,7 +295509,7 @@ CVE-2025-43547,0,0,6a488cda754d55f995203b3823845f8cd3b3b66516230bb29ed9007896e9d CVE-2025-43548,0,0,13920673fb4b3975743a58a5a587ee86a07ff7f4cb5c4d72c708afd2e4970874,2025-05-19T17:01:58.257000 CVE-2025-43549,0,0,b4273b740de66933093f8b3ba976fa992b8ce6c49a9d46845ac0fd26eee75006,2025-05-19T17:05:36.717000 CVE-2025-4355,0,0,6dc91d458ed065023b11afe3affc209e389d213bb73587a0b00003bdf2c58078,2025-05-13T20:24:22.710000 -CVE-2025-43550,0,0,888af28badef38e91a7ca9de52f3a9d3ea5de9ff236b12701a68beca855e071b,2025-06-12T16:06:29.520000 +CVE-2025-43550,0,1,99bbe47269ce24ae4b7b0a14664d80f91b7b4072896dee080208237e4c312ffd,2025-06-27T15:15:03.817000 CVE-2025-43551,0,0,74c68fb3c46c40b60e9d54573853d0b03d4cab74789f458ab5c8408710c609d3,2025-05-19T17:05:39.537000 CVE-2025-43553,0,0,87ec4b93260460a2cbb640bd57e8ba139e8be34a46d0c1b7a03855a5f554e6e7,2025-05-19T17:13:02.587000 CVE-2025-43554,0,0,72f8a55aa3016b7b98602aea28c96ba8387be55ce503a81731ea16020f85c56e,2025-05-19T17:12:53.610000 @@ -295457,13 +295533,13 @@ CVE-2025-4357,0,0,91b239efa30bec23fb574abf1096f71b882e8528c2289837ab32873dcf633d CVE-2025-43570,0,0,0c8efc2d054886dd381bb66546f1a26190dc1ece1eec1ae7fb83991db60a56d0,2025-05-19T17:05:23.670000 CVE-2025-43571,0,0,c2bcae4b1f89ddf1d102789dbe6cd3adc50327d32e5f767a09d399069834bc12,2025-05-19T17:05:42.667000 CVE-2025-43572,0,0,327243895386af4b0dde8e2106b9c865928e6a67412132d0e25900a6625c554a,2025-05-19T17:01:49.553000 -CVE-2025-43573,0,0,61fb4fe67ed5eed323b0e42b14b00d6dbf611c680bd93640729ba38ab7b643db,2025-06-12T16:06:29.520000 -CVE-2025-43574,0,0,34f887fd216e6f4253f4b5de9392e1afbea44a8cdc0ae22746257760a9191f99,2025-06-12T16:06:29.520000 -CVE-2025-43575,0,0,ba6ff67234ff6011a05415912e309798c2b724f86fdb2a276cc7ce9a146ed9ae,2025-06-12T16:06:29.520000 -CVE-2025-43576,0,0,724837cca482676bd18e96f461a6203de702058679926bb0c1655087862978b5,2025-06-12T16:06:29.520000 -CVE-2025-43577,0,0,6117f0672fbeaf175635f1482a3f529c5721b5a4f748e81c771a213824baaafc,2025-06-12T16:06:29.520000 -CVE-2025-43578,0,0,135314467393db826bd42d9b2223b35f518a5f0da7a40e9553eb21e509052216,2025-06-12T16:06:29.520000 -CVE-2025-43579,0,0,bb1ef939694dbe2d20c6a4535b8eb84a7ba80bd68099eaf055c281efd237453b,2025-06-12T16:06:29.520000 +CVE-2025-43573,0,1,72e510545e2d91c511df1f9da477791ab5aa8f32757a520c55875eec43124cca,2025-06-27T15:15:01.003000 +CVE-2025-43574,0,1,bbf5099ae332d3f6ab32cb3775bd6c4f8a1c3c0bcc65ec41dfd3b88d47f5fb07,2025-06-27T15:14:59.243000 +CVE-2025-43575,0,1,45f3655b86dacb633edb141ecc268fcb85c40af21a24ad5f5382a119f34cd62f,2025-06-27T15:14:57.577000 +CVE-2025-43576,0,1,1e57bc7263d47d0f67208ea5f818a92edadb66443ce5069e01286724bd288a5b,2025-06-27T15:14:56.033000 +CVE-2025-43577,0,1,98cc1204a6a3385cac3ba56c2bc27124f101e6345d86422dc654b29802404433,2025-06-27T15:14:54.320000 +CVE-2025-43578,0,1,ac577744e3d75036a3fd7c0e9fd3722cd95372fe477a953b923836178d2be5b8,2025-06-27T15:14:52.487000 +CVE-2025-43579,0,1,7eef94019923cdf7523c797919be9d42cfebb3f84c4aac09a8b6180f71a5fd59,2025-06-27T15:14:49.923000 CVE-2025-4358,0,0,d3722602427908cbcfc83920c5bb8690b3edbc0005f687a90c096634472fae17,2025-05-15T07:15:50.917000 CVE-2025-43581,0,0,be2c63dd2c1987721d4f59f8519c99d785cb988dc2b859928d2cddedf0fc15f2,2025-06-12T16:06:29.520000 CVE-2025-43585,0,0,6df4e3a17a9131e321c50e0e04cd2c0725f7cea66af401580d79eb104580f09e,2025-06-23T19:22:41.517000 @@ -295625,6 +295701,7 @@ CVE-2025-44141,0,0,249db5369f10926efe8571f5a16b1df4b578c5f1df1c148fe408742bc5e29 CVE-2025-44148,0,0,440749a71814d76edeed70dd30fc58f3e0b75eaee931968ee8c88b7d1e24e11d,2025-06-09T18:04:33.580000 CVE-2025-4415,0,0,14ae76cc14cb7c5f3c4c963406f20e07ac9834ebdb3d6a3c4d84f73bfd11e915,2025-05-21T20:24:58.133000 CVE-2025-4416,0,0,a5c38ae8bb1fb36b46a6d4b035c3955bb8e9a586409097b52f155ce641ec588f,2025-05-21T20:24:58.133000 +CVE-2025-44163,1,1,ee5e67bd61424a0ed02b3898fd43063ac2211f5710bc51516257f9fe45111e69,2025-06-27T20:15:25.547000 CVE-2025-4417,0,0,bc62e46078e8192920dbaf1b9b76f02565222568b177611f95eaef56f98ccc29,2025-06-16T12:32:18.840000 CVE-2025-44172,0,0,c78f9d9932a5093f6fd2dd92edb0ece1c73f28734d84b3772f8246b249ade2e9,2025-06-03T15:55:33.757000 CVE-2025-44175,0,0,5b6789f40968dc5ea2171c87d80e31a88f2e561b1b44c9c7141157b74ccbf57c,2025-06-13T13:39:01.420000 @@ -295671,6 +295748,8 @@ CVE-2025-4453,0,0,17e7f2032ab18ade514049189b71ae429256843d9863fdf6f0e71917f98a25 CVE-2025-44531,0,0,c991a9c5361374117866dd32c254839ede6351cc9253e1833b0f71853e2e9afb,2025-06-26T18:58:14.280000 CVE-2025-4454,0,0,0824340d2335f0221b12fbeabb29b5c209c67a1c502e8896c89c5f037561d2e0,2025-05-13T18:27:36.160000 CVE-2025-4455,0,0,05a1a98b2065f53be9218ed1130540464e36b521788d55ad2e6b4dc77e4298ca,2025-05-12T17:32:52.810000 +CVE-2025-44557,1,1,c8147569b29f6dd7bfd81cecc5208985c54e851cfc088f5314b186fbb7bca979,2025-06-27T17:15:33.040000 +CVE-2025-44559,1,1,df194494eaf4e0f423665102db6dded4d2159ca91e305681bfe10e63da0c5343,2025-06-27T17:15:33.290000 CVE-2025-4456,0,0,e7ef7ea8d16290e794f525db2ea37bc8abc1615ee5fb21b539df1843139a93b5,2025-05-12T17:32:52.810000 CVE-2025-4457,0,0,40524cd0b9a08c087d854535b5b570a75f2ee7cb9f2feb4718f44d4c27122935,2025-05-12T17:32:52.810000 CVE-2025-4458,0,0,eea9d140dad4a90fff730d46462b27320b6a68017f06012fa50cfa447315cc65,2025-05-16T15:36:22.513000 @@ -295815,7 +295894,7 @@ CVE-2025-4524,0,0,9f2ebfa9f8ca01d98c78b645fd8edee7f81ea49ceedcaa7d6aa7658167675b CVE-2025-45240,0,0,6c0fe819ab7a4c1498c5fdd6d23a12d4d5c435ed3c03b2f01a54119a7edb3de9,2025-06-12T17:44:27.277000 CVE-2025-45242,0,0,091207a637e01f16df70ef5f92ff2ddd497dba1d44742f24f47b6101007a10bf,2025-06-17T14:12:39.773000 CVE-2025-4525,0,0,e5068efff3345b6299bf1d3b4c556a2d330551e5529391b80301dc64e770c372,2025-05-12T17:32:32.760000 -CVE-2025-45250,0,0,1295737dd945a4b775ec304e443102ab54877a6f262027aa1c35545a3ea136c4,2025-05-07T14:13:20.483000 +CVE-2025-45250,0,1,625ca51f603879f08bd2836e530fd42b14dcc1deb45bffc7c3261bdfd84f8b70,2025-06-27T15:33:18.710000 CVE-2025-4526,0,0,f2bf7395bd181059c847672fe1aa1c5f9c6c13bc21884d0e91df36f089d2f9b6,2025-05-12T17:32:32.760000 CVE-2025-4527,0,0,a52594613ee9894c6b796cc904a25558bc2c540a54050c8b311cca8beeb7d288,2025-05-12T17:32:32.760000 CVE-2025-4528,0,0,c085c8458fe36a71cd97668681c38ccc896dc35880fc1e533513caa5598af8db,2025-05-12T17:32:32.760000 @@ -295901,7 +295980,9 @@ CVE-2025-45661,0,0,0e20e96b84d71f79af2b00427e27793cd9647ed73c7004357e7252dcc2988 CVE-2025-4567,0,0,121a90467be941d9ad01a97d3e24fb32b96a7e829013a214205341e8c0284209,2025-06-05T14:09:17.020000 CVE-2025-4568,0,0,a7dc4015dc0dc8a1d051ca0a0c8659f2aa00a001767db9893b5b3f88ebbd1af5,2025-06-05T20:12:23.777000 CVE-2025-4571,0,0,cfaf6e0f0966147161fbd50ba7ab7242473c58c0fee9a367c407b586b3a394d5,2025-06-23T20:16:59.783000 +CVE-2025-45729,1,1,e53e01cf24ae8df3fa424ede6e5b1c332280aec9fa93943f4936c9bad5a12811,2025-06-27T20:15:26.353000 CVE-2025-4573,0,0,0d573fb0cacdd281e28bc5c9943a8fc5e68cc59a1800ffb046dd0a624e090a9c,2025-06-12T16:06:20.180000 +CVE-2025-45737,1,1,cf75028ec0b2140b140b81e6243ef6b4d19046af5d4a8ff1f1a64e9e4d8bbeb1,2025-06-27T20:15:27.223000 CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000 CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000 CVE-2025-4575,0,0,0624d6300232d42a9f90f1e62069c560ca8ea8d361bea47508069c55d62ec0b1,2025-05-23T15:55:02.040000 @@ -295938,6 +296019,7 @@ CVE-2025-45845,0,0,93cb9b992f3083f016f98f51918ecbc05e2ba26a62766c25f0e76aaacb981 CVE-2025-45846,0,0,51d693d14f22c6c735df1fa76b25052e8a11d20981dbbc646066d2d29016b231,2025-06-02T17:27:55.547000 CVE-2025-45847,0,0,4ed18ef753848179b985042a19837700c8f0cb1a81c7d5ce45292d9f94eadadb,2025-06-02T17:27:39.587000 CVE-2025-4585,0,0,de0ef46eb68a7bfcdbe12487f0dad42760c4b1425908d33a0156dee60d09c3e8,2025-06-16T12:32:18.840000 +CVE-2025-45851,1,1,5c40d2ab32358f79e99b36d50739797d7879554e89e75e97fc98440875b73508,2025-06-27T20:15:27.997000 CVE-2025-45854,0,0,8da6ea0519a831e65c7cd6df3945ca62dff794f0b2efeba768b2f0909531788a,2025-06-09T15:14:23.153000 CVE-2025-45855,0,0,f83acc46039ebb0726b90a3363a04a3275d7490e0c2ce1bd0670de0c97f6346c,2025-06-23T14:25:39.560000 CVE-2025-45857,0,0,dcf851c628b00f7cbf7f9997f2bbb8d1869ef466c2968b3bd76ff4947bdcf23b,2025-05-14T14:15:29.737000 @@ -295951,6 +296033,7 @@ CVE-2025-45864,0,0,b32f79c80f948a5502c692222ba63db7db0d85fc0944e6f9a68e63f94b3a1 CVE-2025-45865,0,0,367062564ab2fabd14817d58b3e7095878e7c26afaa0eb1dd77e8dfb0a65054e,2025-05-15T18:37:31.917000 CVE-2025-45866,0,0,48c16ba2c1a450558a2d650800240d515297efe6c8338a7502e000a11c7cf020,2025-06-17T19:39:56.640000 CVE-2025-45867,0,0,a78de81cad59bbc316e2ff4eacf13da0ca81d5efbf89eb838fbfcc576cba1eb1,2025-06-17T19:39:47.240000 +CVE-2025-4587,1,1,df5d0a6babacb91c3c4c32373334d13ef188832da9089b6465b4b4a0a7f16dd0,2025-06-27T08:15:22.030000 CVE-2025-45878,0,0,76479685a387cf61a43f7a306424fbb1613728900c34c34b117627476b791297,2025-06-24T20:15:25.250000 CVE-2025-45879,0,0,a523ea1be4f66a907ee86b9ebd07662f0a00641a69e4600b6fb7654b16a506de,2025-06-19T01:17:35.180000 CVE-2025-45880,0,0,3705fe6fc368f2fbd94d197728c7493a9d3bdf0bf25c0a8940fe6c0fa1b87358,2025-06-24T20:15:25.410000 @@ -295978,6 +296061,7 @@ CVE-2025-45997,0,0,6427fb401720f5a1ec9f9ddb9a7287b863d0733096e213df5c6d6f0eb039c CVE-2025-4600,0,0,026383a000ee9b132f9dd97af63a0401be9be3b21241dcdc822424d27f013326,2025-05-16T14:42:18.700000 CVE-2025-4601,0,0,420ee2c846cf84b8070c3dfb7dddc6fbabb1090be5e1b7c4bf957aa0ce301eee,2025-06-12T16:06:39.330000 CVE-2025-46011,0,0,c1776a78cb3800147b82714f56c78717ef81a5a9688b212486314b16953839ea,2025-06-09T21:15:46.517000 +CVE-2025-46014,1,1,339242950fa7f5cbde721d1e7f6f5bde04e6158e20cedf68b467b26893584939,2025-06-30T02:15:21.077000 CVE-2025-4602,0,0,409776dd4d3f5aa956641458acdab541ced8aee4cc4b0cac3a447338c59994d1,2025-05-28T14:58:52.920000 CVE-2025-4603,0,0,353abd9188b7471dff5b9b62f88597abbd29f78728037be18e8dafefcd5f4d4e,2025-05-28T14:58:52.920000 CVE-2025-46035,0,0,9f1a3c83a5b792a1c1c188b51250b415f15a289195e306748247efc3597a83c4,2025-06-17T20:32:44.497000 @@ -296115,6 +296199,8 @@ CVE-2025-4640,0,0,34e02d1891a71362d01680ccff64a6e97e6a35e6ee372582f3c84b16a1f601 CVE-2025-46400,0,0,87d0bafc29349d46692df94887922262d95c9535e4d8bd79895b706589ba6977,2025-05-16T14:43:56.797000 CVE-2025-4641,0,0,979d18a96ca002b56795411b6cefd7b8a3dae8c5b417e82cdf647677ad62735b,2025-05-16T14:43:26.160000 CVE-2025-46412,0,0,6888bc82092698cbe9fce3044c8197ac748158b7e85a292ec20736d7f46fd4a5,2025-05-21T20:24:58.133000 +CVE-2025-46415,1,1,cfaef3d3785cf5a543f5867dabc759c8d5baa6f0aeb30524a27d2f3f1239f3a7,2025-06-27T14:15:37.870000 +CVE-2025-46416,1,1,b285a30de6fdeeb3e011de288b3847ac46159ef0ce589719cf7f4dc8976f71e0,2025-06-27T14:15:38.163000 CVE-2025-46417,0,0,ad7ff5c6ffee3535e65a55f7e9290be428eaeb98b1b1f7c01724f6c95ec200a1,2025-04-29T13:52:47.470000 CVE-2025-46419,0,0,643f83fb9a3ca710fac94c57401beaf44cefb801fc477c996c5dd6b42168ed4c,2025-04-29T13:52:47.470000 CVE-2025-4642,0,0,eef2cf0ca797296d0625f7a9dd751ea73f5d49ed61a91e41541a7b77dd95cf8d,2025-05-22T23:15:19.750000 @@ -296326,6 +296412,8 @@ CVE-2025-4669,0,0,89694c55d9fd313842642068b4e7d93ae57ac47c416a461a97faccb3f92a74 CVE-2025-46690,0,0,973a37c2db031d79f10319288b5777f494d38cd710bbcf14cf819512ce030af8,2025-05-12T19:31:51.950000 CVE-2025-4670,0,0,b10edf3b6f71bdf8699eb65a94c6cf4caaaea0ef9ffd3b5514b32f41c78e11d6,2025-05-29T14:29:50.247000 CVE-2025-46701,0,0,deda192404567412c4b0078d632358a2acbdb043d7c4dcfd46aed0b54a6719a4,2025-05-30T16:31:03.107000 +CVE-2025-46707,1,1,68f258fb4800848567172a5bf4ad7ca90470d981ecc9a31a947e7cda20a45deb,2025-06-27T17:15:33.597000 +CVE-2025-46708,1,1,1de11b457b230df8f6ca184f4fbbcc606aa1617587d5187a45ff405c493561f1,2025-06-27T17:15:33.803000 CVE-2025-4671,0,0,6a90a1a21db3f0dd064a3ae6cf47d91b222f79983dd36d1d7a9509d95c189f20,2025-06-04T14:54:33.783000 CVE-2025-46710,0,0,a9a6fb252c7f2d0fcde6d5629e5edd5a8bfd6a2beee2b468fbb826cf520f8f78,2025-06-23T18:15:21.103000 CVE-2025-46712,0,0,0c073dcafa656dd770ca6df4993eba5d01868e4680b3acd34dd6f33ce4c7aa2a,2025-05-12T17:32:52.810000 @@ -296909,6 +296997,7 @@ CVE-2025-47568,0,0,816122bf6ee3258a91c70b57c27a64864503daf9f011fa2dfdbf1808df01c CVE-2025-4757,0,0,aff32a5dd8531f1cf16b47f2eaa3e2f3dcb4fa067452c943f1a1e24c22fb61c9,2025-05-27T19:49:21.437000 CVE-2025-47572,0,0,776731dd9167ee9e1e91f3be71e5a7464fe1041ed6da16b9cf94bcd541c2db1d,2025-06-17T20:50:23.507000 CVE-2025-47573,0,0,c337e6c3a3d55da845f117e11564079bc93b4352d6e1e0e8f7bca37b00aa0a64,2025-06-17T20:50:23.507000 +CVE-2025-47574,1,1,f2e2051d4a8247a1709fe0436e20f065afdec77dee35f3c5d3cbf3f1c25c9a1c,2025-06-27T12:15:37.030000 CVE-2025-47575,0,0,3856dc014fc47893d7ef5712b0e151680734365e77cbdf4b14af12b94f83ad85,2025-05-23T15:54:42.643000 CVE-2025-47576,0,0,edb28b0afb2590818e704b2b702bc94672987057adfe446ab20f50ce396f0510,2025-05-21T20:25:16.407000 CVE-2025-47577,0,0,e6bf35f708db79d6247522f1af460f531b906a5c3729299a5379bdb63ca6b1e2,2025-06-05T09:15:22.680000 @@ -296984,6 +297073,7 @@ CVE-2025-47649,0,0,a6998300a5795198f0b6b91104fdb10fcb7520b0214faea4aa3bc9ecd0a8e CVE-2025-4765,0,0,0837302015ce28868a75e726316131d572747335e54f82acac56a10423fbdc52,2025-05-27T19:48:26.970000 CVE-2025-47651,0,0,375abd539d22db8e0b20a8e0d74dac0b2e7eb8b3d0ae7b53538d78123fcf253c,2025-06-12T16:06:47.857000 CVE-2025-47653,0,0,aea902577b09981d2973dd34a3653642f8f6a296f13c8d372934fa816515c5f5,2025-05-08T14:39:09.683000 +CVE-2025-47654,1,1,5023462d56f1814b579d6d590990c77f8758da418ab05ac64ba289552c6d674c,2025-06-27T12:15:37.207000 CVE-2025-47655,0,0,99fda0bc4baa99ff4898982663410a7b72875bb40b9b47ae6767967697d041a7,2025-05-08T14:39:09.683000 CVE-2025-47656,0,0,64ca96af8ea55f69cb93b539d6deb78f0569be7b208cfa2a28c459de3d2e34ca,2025-05-08T14:39:09.683000 CVE-2025-47657,0,0,06a2b44f0a707dc400085c3e8217ffb9d92c15cc5ff3349c79d56a0255aed3fa,2025-05-08T14:39:09.683000 @@ -297109,7 +297199,14 @@ CVE-2025-47814,0,0,9adc376562e26f07846dbee62d965d38fea5fb027e0e2bec35e0c30901eb5 CVE-2025-47815,0,0,2d9b8f0482279acc08f64b8fdb9e80c06935773ec9e81d25500eabd26a7e003a,2025-06-12T16:13:37.013000 CVE-2025-47816,0,0,124aecf0baf2217b0562288701fabae09f094142c59db5cb663f96e90bd84324,2025-06-16T18:36:10.487000 CVE-2025-47817,0,0,a9608fe19de2055ccc53db5d916ab7446a11a0159ceb8cb3f751e656accab718,2025-05-12T17:32:32.760000 +CVE-2025-47818,1,1,4ac04c7a36ffaa119cbdff996d6bd0ea1251fb92af085d0c158fa4a4318f7a01,2025-06-27T02:15:23.570000 +CVE-2025-47819,1,1,269ed10806a2e21bfd8ee99fbec4c82bc2661ddfa6d885719c279df945eddb30,2025-06-27T02:15:23.757000 CVE-2025-4782,0,0,7ad1545eb9e016317ccf1371b442ca29cb62e72aa504ad708f7f276790913468,2025-05-23T13:04:40.253000 +CVE-2025-47820,1,1,29b27cd40da727d609bf6accfb152145856ec16766a38f9fc6cf977e3e029a71,2025-06-27T03:15:21.990000 +CVE-2025-47821,1,1,00f45618901af6f60e048b2e86152b97a13aa1dcbecab23e35042524337981f0,2025-06-27T03:15:22.160000 +CVE-2025-47822,1,1,ffdfdfaa7ffb103ca867ca6bea6dab6e447fa2da2b7ecb36e70444cba149d432,2025-06-27T03:15:22.323000 +CVE-2025-47823,1,1,0570a08cb70d071108fdc733510c4dce5755f836fd01ca14e40f980fe54ffba5,2025-06-27T03:15:22.487000 +CVE-2025-47824,1,1,26f7386602b7148227040409e0cdc674267e3776c9d32471293d298e36b1c293,2025-06-27T03:15:22.650000 CVE-2025-47827,0,0,e8e7d1db0126d69a3b1ce4ce3cd4a43b2b63ba3f83e4b78ec9433a4d6806ed2f,2025-06-10T15:15:25.270000 CVE-2025-47828,0,0,164436fe84b8d833a71f3fa8e7f3f39b64e2df889f4579512ca4cd1f99b4e769,2025-05-12T17:32:32.760000 CVE-2025-4783,0,0,bd5695c741cd6c06c07a958617e5fade1eea7d7c38bb9f2f382e0e33491cd176,2025-05-28T15:01:30.720000 @@ -297288,7 +297385,7 @@ CVE-2025-4815,0,0,31cc1cd9ba179e2e20111ed224a5d1f55b5f28081bf7ef82d4c48c2315ce9f CVE-2025-4816,0,0,1d7865e0cbbb0c318cb8ea40d3a767abd03ec76e1a6022bd94025fd37d41588b,2025-05-28T00:59:43.940000 CVE-2025-4817,0,0,f265475ef28de63b3868387a0ba8131291fd27201dee770829df62b575e6a51c,2025-05-28T00:59:22.280000 CVE-2025-48174,0,0,c3e8083f71af16819d1dd271b42b6299c82ce55401fe37929ced2b9ea25ef1fa,2025-06-04T20:02:37.147000 -CVE-2025-48175,0,0,6ead55096c8c33942432e9134de8e8e1e3ada82e07b8efd3900a835d80a4249f,2025-05-16T14:42:18.700000 +CVE-2025-48175,0,1,c27d60fa36a5115b45f4438bfaf90b1bca9400541c8b0eefea9c65d281f833e1,2025-06-27T15:21:28.030000 CVE-2025-4818,0,0,46d731a7fb69ff2dcbbabe2b3a403a7f0fce04438dcb8f5cef1cb1fefa0dfdd7,2025-05-28T00:58:53.250000 CVE-2025-48187,0,0,f37dd3811af6d80c0df7e10e6288b448e3ddde624708aa0a99e3755a134c4b19,2025-06-12T16:29:12.860000 CVE-2025-48188,0,0,9338f093747813e06d902a44455aea29fdf3a611a5e401cd7c2e67e28da8d86c,2025-05-19T13:35:20.460000 @@ -297748,12 +297845,12 @@ CVE-2025-49163,0,0,643a72915169b3c81852832f164c7ce28984b32bf8cbac1ededba1c30e43e CVE-2025-49164,0,0,d5b91c5cc8e76d4adf3dda6a9132b65234dcdefc36da28ceddedfd5530304934,2025-06-04T14:54:33.783000 CVE-2025-4917,0,0,402a8702a0d07685076d8d3bbf70a58c8189448c063fea494a0fac6dd2626eee,2025-05-19T17:38:05.883000 CVE-2025-49175,0,0,0c9478558e5d1b07aed0e76150de057d502edcded84253f101ac41e420899270,2025-06-23T19:15:23.943000 -CVE-2025-49176,0,0,b0b0333012041a370fdc924b9eff1da0937c7a21c796f6feb270c4ee4d1089b1,2025-06-23T19:15:24.090000 +CVE-2025-49176,0,1,f467e11062635f8eb63db14b90116a77d30cb0248847ec16bf9eaf05f13e7753,2025-06-30T09:15:26.127000 CVE-2025-49177,0,0,1d56d21984347f0dbb44d71fe743cd7551256b21e02bc145de16d3a5c3ae9c6f,2025-06-23T07:15:20.117000 CVE-2025-49178,0,0,e4fb6ce0929358432020763be5250c2ea6d91b6083c4b5bd6829bd000ed10195,2025-06-23T19:15:24.233000 -CVE-2025-49179,0,0,8a52ee20b9b8bfff10f006e1c2ca4a82ac1db033fc3aacfce4da024f0517baa6,2025-06-23T19:15:24.383000 +CVE-2025-49179,0,1,8f9fdad12485d4fb2023a4f9b31411e477397ff16c55efa8f1088ed6f55f2837,2025-06-30T09:15:26.510000 CVE-2025-4918,0,0,ab4c079e1da6cd4dfa69cf1fcc57b5e852fcef00a973643da3dd71ab3f3ec47e,2025-05-28T14:05:35.853000 -CVE-2025-49180,0,0,a3e87394dd987a3ec093395aa704165267b7ba2cce5b94f61aeb6a841c52d8cf,2025-06-23T19:15:24.517000 +CVE-2025-49180,0,1,97af8e85ac3ee5a9e249ae0dca37c028f7b17bdb8dde57825346f6d56f8fb494,2025-06-30T09:15:26.713000 CVE-2025-49181,0,0,65f8ea01de63d019d8688de775c40b302b8c0b1e44c040e53e46324e69435218,2025-06-12T16:06:20.180000 CVE-2025-49182,0,0,8adc8833944dbbffb6c925bafc811eee2574582f2d7b7b09537e334080770141,2025-06-13T09:15:20.130000 CVE-2025-49183,0,0,c9c3ab65e477d8e9a4d5c9adaf45822d49f0873835d0971680386eb894e72562,2025-06-12T16:06:20.180000 @@ -297854,6 +297951,7 @@ CVE-2025-49287,0,0,2db064a7088008b4c0f418936fa1282cb97321fbdb39ece58779ebfd6db56 CVE-2025-49288,0,0,fd55b6e659457965b044763d373bc487f4f85d0422ecf0bdb451203ab3005be0,2025-06-06T14:06:58.193000 CVE-2025-49289,0,0,6db9920d9566ce3cab2322c92454f3a08523c9da68abd3449538cf2f7bf511af,2025-06-06T14:06:58.193000 CVE-2025-4929,0,0,a8e593e93f40512d4e00d2cf8b1f6bcbb5d53e9a2cd29f3fc687456ae4295712,2025-06-11T14:54:00.567000 +CVE-2025-49290,1,1,0f359460b49a329abf5de9a4463e6d1886642f3c36dfb16c1948f5e58c3397b9,2025-06-27T12:15:37.397000 CVE-2025-49291,0,0,9daa3b20fed7cc8f0088dbb844645608b4c71dd2f7cfa859b6d976a11504f1d4,2025-06-06T14:06:58.193000 CVE-2025-49292,0,0,1b2cdbc10ccaf92dc3f2c2fa167a6bb6220406e291e936a3a5a6ab308c52f19a,2025-06-06T14:06:58.193000 CVE-2025-49293,0,0,306999d754a56fe33b1688646f3766e55e4d4cf04e569fd466480109a4867d8c,2025-06-06T14:06:58.193000 @@ -297883,6 +297981,7 @@ CVE-2025-49317,0,0,a76f4807ead6e3634025a6dec4eefb6c0436f24a416114bf7c2a4410e3b6c CVE-2025-49318,0,0,e5c0f86272b2bd1ebdfc069dc27de22b8462fec25e92bb0457eb7358a6bd25e3,2025-06-06T14:06:58.193000 CVE-2025-4932,0,0,cc74071416333ac0a75c5334272714813fd0375ba687afd5ec3f00a34f35afed,2025-06-17T14:09:35.493000 CVE-2025-49320,0,0,cbceaa89252364f62a21623de389b25103307a69ca7df1a12cb36905fc71f7ae,2025-06-06T14:06:58.193000 +CVE-2025-49321,1,1,72c5bca666bb3fb7e088a24f7cd901a7de862d0f9a82ec984ebd7160e113647a,2025-06-27T12:15:37.587000 CVE-2025-49322,0,0,38a19d165ed906aa86d8cc9f9e5726bc4a2e215eea107d7a353651c373805e2e,2025-06-06T14:06:58.193000 CVE-2025-49323,0,0,b895262833147fad70a1259f437c18b4212e269748ef150a9e31d85282ddf653,2025-06-06T14:06:58.193000 CVE-2025-49324,0,0,5c2bf7b7e37f8694461a19eea6e12949ba3b2dbf021b1a276196a6ff1d19abc4,2025-06-06T14:06:58.193000 @@ -297907,8 +298006,10 @@ CVE-2025-4939,0,0,5ec31620a920403386badd8ed8c9ad70156a6e4853cf1462dcd01754dc60b7 CVE-2025-4940,0,0,260d8b62a32cfda7d1f9cdbe4bba3d30912c7644fed6c87e919fb1700ed93983,2025-06-12T16:24:13.067000 CVE-2025-4941,0,0,7ee6643b2dca5855a4c8910cf9fb3433ecd0901f54d071fbb7ffd69250830b9c,2025-05-28T01:31:03.773000 CVE-2025-49415,0,0,68566d7977c1215376be0012202fa62cf118a6497fd62b530424bc30f9fa3712,2025-06-17T20:50:23.507000 +CVE-2025-49416,1,1,9326e8c278d59d13d255769203a02029c4d301b77eebab0e21ee712f1ea70fe1,2025-06-27T12:15:37.763000 CVE-2025-49419,0,0,85038d062ad76809afc89d292d3481b55710d3abc066574e74740256fb04fd24,2025-06-06T14:06:58.193000 CVE-2025-49421,0,0,44f56b132253671d91321e10d79bc87df372212fcb6d1bb27ad166d07a72fc32,2025-06-06T14:06:58.193000 +CVE-2025-49423,1,1,596d991af1767e91bd68e68a97e3b6e1e9a4d978584cabc168f9fa1a996bd604,2025-06-27T12:15:37.950000 CVE-2025-49425,0,0,e1fe97c376de5a4e19ac419b1615599b7ee42807d954ef5670e99aa67f0186aa,2025-06-06T14:06:58.193000 CVE-2025-49427,0,0,fc8aa2cea4178b9be9c92854da4245673ac0828517420b90ee0d5a6af5e8695b,2025-06-06T14:06:58.193000 CVE-2025-49429,0,0,72e428471408646b43b87d752d84f4119c531c2054284b1fa2ca291913599aae,2025-06-06T14:06:58.193000 @@ -297924,6 +298025,7 @@ CVE-2025-49444,0,0,5ac45215768c9d4f953c591ddf4af26681a8eaecb541bfad4d2ade40dbdc4 CVE-2025-49445,0,0,f60bf669c0e4e5a0e35c6a92e30aa1bfda3f3fd2fad4b5eb42991763bd7b5eee,2025-06-06T14:06:58.193000 CVE-2025-49446,0,0,4a60c84d6d9edfc5bac793b7fa075e27f2b5d546a1d935927e4891fdf1b2b3f5,2025-06-06T14:06:58.193000 CVE-2025-49447,0,0,75d8acd8e8e1f0060087fc99f3c7a934cf66aeeca00be751467d6366af45dd53,2025-06-17T20:50:23.507000 +CVE-2025-49448,1,1,7fe8835634e8c2347d08deeb7d4f3fa53624670c78503c9c90d63043a32e6cae,2025-06-27T12:15:38.130000 CVE-2025-49449,0,0,0d697cd8e2657fa1de80516a3f9d24c8d0aece4b7b6ce292b70d5d242971d137,2025-06-06T14:06:58.193000 CVE-2025-4945,0,0,7c1921d824c0ffc4efae3fdac0f07df6ef4c8b0fbdbb004d6249658d4756d858,2025-05-21T20:25:16.407000 CVE-2025-49450,0,0,90130af9185941b6c9463f758e97094467c86e05a17a9bfaaa1b7426680ecb37,2025-06-06T14:06:58.193000 @@ -298031,8 +298133,8 @@ CVE-2025-49849,0,0,8297db97c7fc15aa30d3cd9f82603f74eb8025767596630d8a5943b91e562 CVE-2025-4985,0,0,88151f8f37213547b95261cc34f75717fde2a8ef982c36b2d93a8904176e3178,2025-05-30T16:31:03.107000 CVE-2025-49850,0,0,12adad2ef0b8f2b8f84392dc49cc67ba3aaa7a82a61194bcc9f25e9e29ca770a,2025-06-17T20:50:23.507000 CVE-2025-49851,0,0,46e12ff221505fea2aa5871e9a3935a19a21a0ef3ea224e3a7aa9a91439ad464,2025-06-26T18:58:14.280000 -CVE-2025-49852,0,0,4162a4ecfe87920b9bd9ae7dbed041ffe4a93a6a845e1d2c1b69dcb5edf314ae,2025-06-26T18:58:14.280000 -CVE-2025-49853,0,0,9bc8f0b1ea3738b8a497018d42a132e10ffab999b857082b3a66269394617c4e,2025-06-26T18:58:14.280000 +CVE-2025-49852,0,1,a6cfc028708aaef78027863c54d9e8ecc8ba43b1a48c16f82d0e7aef5d93a770,2025-06-27T18:15:47.070000 +CVE-2025-49853,0,1,32b6ce4cb214fbd4eab0369a6e9ded81b5054074e14bcc40c10c82389df0949d,2025-06-27T18:15:49.777000 CVE-2025-49854,0,0,f5d12af17846f0fca9e71d9d31730f998dce4ab78a93a5d3453eac74f8fffd56,2025-06-17T20:50:23.507000 CVE-2025-49855,0,0,12a30fead2c10e8a1f16941c2d9bd96761a3083b3c6087644c0beee9652251c1,2025-06-17T20:50:23.507000 CVE-2025-49856,0,0,65b96385792b64182569a68dca6312790744d597250b91f428a4357b1b5a6881,2025-06-17T20:50:23.507000 @@ -298059,6 +298161,9 @@ CVE-2025-4988,0,0,a7c799add205e04161903a2f90e2fafc16c75a5a4daac88e051c1af2ef2020 CVE-2025-49880,0,0,04b30c4e6cd89a7fd379c48fce5ae76d3cc34463e1880d1f1c84727782deecc6,2025-06-17T20:50:23.507000 CVE-2025-49881,0,0,4239ccd1171bb8759449c57d7f9bd83602738f3f3f21c8104e53d30abea0cb5b,2025-06-17T20:50:23.507000 CVE-2025-49882,0,0,76e436db02e2c54f62799530bb44458edd5deaa61a2affb55071c9cf2670c9fc,2025-06-17T20:50:23.507000 +CVE-2025-49883,1,1,f8c966f224c8a4db0892bec6ed27300b09c0a51e50b8992c991634e989336fb5,2025-06-27T12:15:38.307000 +CVE-2025-49885,1,1,c6eb7999ef6eed504d0cecdada4262aa0e35ee81ee57fde3f0d9190bb6b0455e,2025-06-27T12:15:38.477000 +CVE-2025-49886,1,1,c2b1771ce18b81a4e86dc948c4f69767b9667d389b719043d106113a827603ce,2025-06-27T12:15:38.663000 CVE-2025-4989,0,0,74686f3d4372e905fa27c624734660eade1cfc1a7c1d6b7d7fe07ac62f07c46a,2025-05-30T16:31:03.107000 CVE-2025-4990,0,0,11128ad236ff0bbb6407ba12ca704aae39e79d15ca91d8e93c05e36bda39beb6,2025-05-30T16:31:03.107000 CVE-2025-4991,0,0,67056c54ed0af796c00b82147df15690931ae5839b2ce0ae3dfbe8c6af0dc82c,2025-05-30T16:31:03.107000 @@ -298143,6 +298248,7 @@ CVE-2025-50048,0,0,04e1a20c3d58de8d3a98a0fb8d7a84f02fa873a91af6ec128cb965b812faf CVE-2025-50049,0,0,2f21916b17aecda8a1935bb1e80dee9791d3c5f3a85102237c506ab22e6db43a,2025-06-23T20:16:40.143000 CVE-2025-50050,0,0,be18b1c2487515ae9bcc282ff1cc8912d93c642e8ce00f0818c24ad1aef8d5ee,2025-06-23T20:16:40.143000 CVE-2025-50051,0,0,8e504e1074b1a8606283959a5c7f384affb577c9ec02175e496fabd7ba6603b1,2025-06-23T20:16:40.143000 +CVE-2025-50052,1,1,7eddf83838806db92aba07c01dd67189ee4bf9fb49f2ece98f2957c4eb54f793,2025-06-27T12:15:38.837000 CVE-2025-50054,0,0,c0f36318c0ae9691127547660026f7ef7113606ad56ee7f0c360343a85da58a9,2025-06-23T20:16:40.143000 CVE-2025-5006,0,0,681cabb0d000288ea3de1bc96c248c8dc62af67d94cda924b490a24cb5ce4b87,2025-05-28T01:16:17.537000 CVE-2025-5007,0,0,90fd6cc505f919e9193a4f785ead55c22de48a03da4d584106515fa806e84a62,2025-05-21T20:24:58.133000 @@ -298185,12 +298291,17 @@ CVE-2025-5033,0,0,06c9afb9196a99dd4f0b3020a989f4b3254b2b9e05cd3f3304d140aa64b94a CVE-2025-5034,0,0,32c24ba6ccd75156344e37a326a475bfa55837c0e754ff953557111ff3de4bc2,2025-06-23T20:16:21.633000 CVE-2025-50348,0,0,5081ba7593ae8342ef6e03ff05001a5e9251f0737e546d04330fd65ae4fb2e2a,2025-06-25T13:08:13.867000 CVE-2025-50349,0,0,15e0e70949273fa56afdfb5bd13043f639cdede12bd48e56cc46a914f6d4ad3a,2025-06-25T13:01:11.240000 +CVE-2025-5035,1,1,9ae9ae6fb32207f7459b0ae6ab156dbd6b9679ca100146c3edf1bed95c977f25,2025-06-27T15:15:27.523000 CVE-2025-50350,0,0,ccfe1d064c3bcaf2010a62598cc4058bbf4e2c72518e4963462e401d7de4c922,2025-06-26T19:15:20.960000 CVE-2025-5036,0,0,c38e53ab36341883513f1bc0436ec7cb62abd108008baba46460fded702f863e,2025-06-02T18:15:24.783000 +CVE-2025-50367,1,1,34f21ad0e2f8e0f3da4d39b4f69081997c074b6f7e2a07c5b66ce8dc282d0e55,2025-06-27T20:15:29.910000 +CVE-2025-50369,1,1,fc7e71a8e8654795e7a5e6f76f11936dff84e0f7fd64476b958e1e1d217b7e6c,2025-06-27T20:15:31.667000 +CVE-2025-50370,1,1,56c5417ebb0d50af4b2cc816d0f87f79b84b75066beb2774855389ff00542f74,2025-06-27T20:15:33.300000 CVE-2025-5049,0,0,44cfcf3aff795ef24e83417940f428248f6dbe73d228a2445e4d18a251d64c21,2025-06-23T14:51:34.223000 CVE-2025-5050,0,0,18c722bc6b5f548b69eef0fffd3878fac15ddedca7de625378de12e31e056210,2025-06-23T14:51:31.630000 CVE-2025-5051,0,0,5142d535b5dcabf799858265cb0a073c54ecb398a0506990f7cead12fe67b40e,2025-06-23T14:51:29.537000 CVE-2025-5052,0,0,fb14f53f59872f2ab4cd272c068cbf989da6288adaf09d4f876ce8e48ca81915,2025-06-23T14:51:27.970000 +CVE-2025-50528,1,1,f3eb8079cc77447f11e7c58e02583a9e4484073c66c85cf113d40c2f5e8b0ac4,2025-06-27T20:15:34.387000 CVE-2025-5053,0,0,3d2b70b4aa9309898ac88338d0e45e48032f9ef01b4619e69e4f80270305e3ac,2025-06-10T19:34:33.830000 CVE-2025-5054,0,0,68d095110a6b2be331697a8699cb10ea98d7a65a96add11ba5059f95d872a268,2025-06-02T17:32:17.397000 CVE-2025-5055,0,0,2813a40f904a4d38c72314bdeb0478f12eb76957b4f05117bb45d588d4e24d35,2025-05-28T14:58:52.920000 @@ -298205,8 +298316,8 @@ CVE-2025-5065,0,0,8fc53b66fe42da4959811ef54b22b91af2bd35c9f4f954731cade0848a818f CVE-2025-5066,0,0,c2e1df9fe6cae5990ac135a3976d91b02429d110b23d2797a3b2dababf03dd2d,2025-05-29T15:50:51.310000 CVE-2025-5067,0,0,cf2723dbc4b2f797991ebafc1c2cb069497cee2d74a6a84ebec9dcde1e0dd29e,2025-05-29T15:50:43.240000 CVE-2025-5068,0,0,743f6f8e9f7972849bbf135b58a69c40f5a6f921a1bb6da952423dea4534ee5a,2025-06-05T14:11:10.430000 -CVE-2025-50693,0,0,ecd19eeb7351acfccc718aee62544f4a3cbab41f68c45dffef78ba7ef5139024,2025-06-26T18:58:14.280000 -CVE-2025-50695,0,0,19e05662dbd27d6ad4db26ecf29413c4911e0a9aa3e9743195b896b4b004e819,2025-06-26T18:58:14.280000 +CVE-2025-50693,0,1,e45af4df59709862d79fed94eba81f3c720eac46d3c47878fa15d033f0971882,2025-06-27T16:35:39.350000 +CVE-2025-50695,0,1,accd627332da7d97b76cb5783ee219c402d198efaa23d938427a710819f5d635,2025-06-27T16:33:31.330000 CVE-2025-50699,0,0,4c0bde2fe08640f9876a0abd6c636cb9368d5a8798725bda59edf0ef6036f8a0,2025-06-26T18:58:14.280000 CVE-2025-5071,0,0,884ba5d773bfa631189c2fa39c9690b3ec846f53f569c43eb315d4166f9f7924,2025-06-23T20:16:59.783000 CVE-2025-5073,0,0,a1230535d583b5f466b5fe2615cca31afcba55333f600b324f190ec047a41d18,2025-06-05T20:13:49.707000 @@ -298221,6 +298332,7 @@ CVE-2025-5081,0,0,56e144a5135781dc7a75ef9199aeb5fe24273a7eabc4acb8988f02e0c511fd CVE-2025-5082,0,0,654b6f5ca85bdee04f191b4415361841f39b64a4d62ac7e373566ed9502c800a,2025-05-28T15:01:30.720000 CVE-2025-5086,0,0,a6cd7e037b880807c2087a0cc62e18cec32dfcc1b05281e63e13ff759a08d643,2025-06-04T14:54:53.980000 CVE-2025-5087,0,0,97a04c259a7da6b0eb13bd0d940d2df5ae422311799538d80f20cb07d97cb949,2025-06-26T18:58:14.280000 +CVE-2025-5093,1,1,5051de5918f1d98b3078251ed332be444b5fc1e42066e45600436bbad0c92795,2025-06-27T15:15:27.717000 CVE-2025-5096,0,0,42fe716f1efce968dc8e29663c380993b2461be601464bb005e7e57e1c939443,2025-05-23T15:54:42.643000 CVE-2025-5097,0,0,56796bb8120929c8a6a0858cf0e395b320ecbafdfb6f27c42e47f8367c9df40c,2025-06-07T23:15:22 CVE-2025-5098,0,0,e792975c992e79d3f869380d6027059665b6a277fad36b72dc800d8cb0d75190,2025-05-23T16:15:27.730000 @@ -298311,6 +298423,7 @@ CVE-2025-5185,0,0,38d3e8df6b4bf723f8b7c203881d74ed487013508bbfe062800873a9ef9389 CVE-2025-5186,0,0,f1c0dc9e00200ceb159990b282fc6fc2adc0cb5ea875d85c26223f5d5865c3f8,2025-05-28T18:15:33.550000 CVE-2025-5190,0,0,b83fcbe64867ed5f66064afe0985f0f8e1099ccb823b90fa56196e26e3f4bf39,2025-05-30T16:31:03.107000 CVE-2025-5192,0,0,60cab63e53de16bf0d2b760f814c5b69c2d153aa1edfa79d1c5ac599f5bf94f5,2025-06-06T14:07:28.330000 +CVE-2025-5194,1,1,f86cc078d8d46bfff3db761396487c34018490da28fd912546578ef6b5a05a13,2025-06-27T06:15:26.633000 CVE-2025-5195,0,0,67ed4f2b8401a12100a4ab10d4477eb555cb25ae77229fa0c172cda09b715498,2025-06-12T16:06:20.180000 CVE-2025-5196,0,0,e0938db7c97745bb3f3070e04c267d2314060f49f00cd38492cd5b468ae94740,2025-05-28T18:15:33.670000 CVE-2025-5198,0,0,c8124bf615d24cf9474c96b9bd6d16252727b696641a4975ae527719f7fa40f3,2025-06-19T00:08:12.993000 @@ -298335,6 +298448,7 @@ CVE-2025-5217,0,0,845e58cc2a7cf7d636f8550dca345401beab30372e211227ca46148f5ec722 CVE-2025-5218,0,0,1e3c0e444a44984ee7f56e05d3f73c2542844250923c93b4721e1f91900b8427,2025-06-05T15:58:31.370000 CVE-2025-5219,0,0,2081601d8939f5d6337ed630438f1a3172ebd9c52c60ff332c68c99c6021cf87,2025-06-09T18:49:18.863000 CVE-2025-5220,0,0,ca8719b73e05e3a64cdaf661849659bbba90900daa5a58289d407fc8b4c518ec,2025-06-09T18:49:40.400000 +CVE-2025-52207,1,1,528afa9e560388ba9c2deca07042eaaf902882765dd63e2704ca42a571139c83,2025-06-27T17:15:34.333000 CVE-2025-5221,0,0,5a2dd0331ff8433e2c074f426a2523778ed7c1b1e9bbe1fa503ef6a4cc13e8d3,2025-06-24T15:20:08.253000 CVE-2025-5222,0,0,7b3ffb2bb94b783ee19172644121ae71e8258d56bf5704fba115c9deaec45071,2025-06-15T23:15:18.303000 CVE-2025-5223,0,0,eedcac5c929aac409f34f81cc2ec2de352a7f5b73ed89921b6a7fb323152d259,2025-06-07T23:15:22.067000 @@ -298389,6 +298503,7 @@ CVE-2025-5252,0,0,befcffbe58a6c748b51a32dbfdb428108ffe2b16ca817a921564fafd634c86 CVE-2025-52542,0,0,6a356dbb016e8c78bba3561542110106778fbb5f08761ae704acc7dfbd8bdd74,2025-06-23T14:15:26.753000 CVE-2025-5255,0,0,b023caeeba2421cb86c7482514e264205e254122220d82c6bc67ef741a68d935,2025-06-23T20:16:40.143000 CVE-2025-52552,0,0,355ff6e466a39f4325662bbaa49db2816c79c0533f84f99cc3e34c03831df356,2025-06-23T20:16:21.633000 +CVE-2025-52553,1,1,b2cf37a7aeba29d9d73e66b9e0c942d8c635e46a710119fcc6a5cfb8aed68edc,2025-06-27T15:15:25.143000 CVE-2025-52555,0,0,29c9e091859a6c3a3cc09c9b9a5dab3d34d23fcf0387acac9bec6660b539a715,2025-06-26T21:15:28.310000 CVE-2025-52556,0,0,01d14cdcd651409b8ec6f2a117321e576266f60affdb5d61d3b6cf66da0be9ba,2025-06-23T20:16:21.633000 CVE-2025-52557,0,0,d6ac46828bdd4bd5689e0ed9e6db622a0cd2c5e50b4932c5603e932a5d57d26a,2025-06-23T20:16:21.633000 @@ -298420,19 +298535,30 @@ CVE-2025-5269,0,0,b922f617fbcbba106d44af23edcbb0031488ab18b41d436f84ab0997558985 CVE-2025-5270,0,0,96297246b7606c4dbbeaaf8f99515d023221026a42fbd39003eb5516a389c3ab,2025-06-11T12:15:28.457000 CVE-2025-52707,0,0,b224806a614f003a32f8b156ef579db51fae5de3f658f856c45c631859fa33c4,2025-06-23T20:16:40.143000 CVE-2025-52708,0,0,07371d3e6763c031627e7d58d2301539bbfa662c5efb39e7673730c3c856cc5b,2025-06-23T20:16:40.143000 +CVE-2025-52709,1,1,a09468e11d71fb8571c2530e766c4713034c5d1d1297204362c3921ff8a7f504,2025-06-27T12:15:39.030000 CVE-2025-5271,0,0,e8162e6d0dc193ebe9401a5dcd034fa2e97416454d77b1504f9845da76fee3ef,2025-06-11T12:15:28.647000 CVE-2025-52710,0,0,9052ccf3e099379fd0b0d4582ba513b1277a37a92a12a5a543c4398ec675d3c6,2025-06-23T20:16:40.143000 CVE-2025-52711,0,0,74fd556cda73fae6f70a4060c835dd6f7decff8154a0b5a6da061454e660fa9e,2025-06-23T20:16:40.143000 CVE-2025-52713,0,0,dd903bf26897039ff2663d3fa53844a1463ba8229d49746f6dc30423c84667ea,2025-06-23T20:16:40.143000 CVE-2025-52715,0,0,a4815f001b2ab15993c3ab0dbb5671632e88731698b4eae1f2c32fc42830020f,2025-06-23T20:16:40.143000 +CVE-2025-52717,1,1,e1033a5d4175cc0f96fd9b0c818164dfd436740fcd324a8de66988c96a3ad73d,2025-06-27T12:15:39.220000 CVE-2025-52719,0,0,5255f49aee70f7be6419c1cdeb90569664f1a4ea7bb1bbf43ecce1b8104ccab6,2025-06-23T20:16:40.143000 CVE-2025-5272,0,0,b1d0c7e19ac36597fb989e72bcee09751441797b45636fb052ca12e726df56d9,2025-06-11T12:15:28.840000 +CVE-2025-52722,1,1,949c46be20f1f759dbc8686f3c0883e71f2bffa82c315e47bbd4a06f18b2313a,2025-06-27T12:15:39.403000 +CVE-2025-52723,1,1,a727102c57e06ba7f323373cc4f3d05e20c83a925a59d6e8f324321d795b9f52,2025-06-27T12:15:39.590000 +CVE-2025-52724,1,1,98782131a5232edc1b0f0805ee16f6dc7ced3e6657213d502d8521c1e9da4880,2025-06-27T12:15:39.760000 +CVE-2025-52725,1,1,0fcabd19e7a697b740e9f8b4736f11ef922b5fdd6b1f5178f516ae8181ac1b4f,2025-06-27T12:15:39.950000 +CVE-2025-52726,1,1,8ce83d752831c87dc084cfc1a8283b6ccc9e922352a2865138241af9a4621275,2025-06-27T12:15:40.120000 +CVE-2025-52727,1,1,c99d903b4bfed1e4eac15dc982b195b7f66a1babcc491b9dbeb3fa22a61e8860,2025-06-27T12:15:40.960000 +CVE-2025-52729,1,1,5aa42fea2780bc85de0813e756356266b8419c1f152164da88f4832d4c6755c3,2025-06-27T12:15:41.430000 CVE-2025-5273,0,0,7a172885547dbfa68292354132d6eab77847bfdd0e0f37bfe0a33c637c28685a,2025-05-29T14:29:50.247000 CVE-2025-52733,0,0,7b459b7ccea847e17c1de3d7bfd534831df085ed8c830c3122c8262c5439f0d8,2025-06-23T20:16:40.143000 CVE-2025-5275,0,0,733cc86e33c8fe8731b5db89b9256a8988a34b8294fb1ade1c57eb38b5716d43,2025-06-26T18:57:43.670000 CVE-2025-5276,0,0,39d67915dab7ad2300f3ccd3a288fcee1075e32b914c45ad140eb6b7725be52b,2025-05-29T14:29:50.247000 CVE-2025-5277,0,0,ba5aa3a145e9e2e34ac18c63e7fe60e94ac49ba4d7121cc0bc36eebe3309abbf,2025-05-28T15:01:30.720000 CVE-2025-52772,0,0,deb02b2d983c296f8b89a2559d4d4f189f1c6c676131c9feadcc246a08a5cc14,2025-06-23T20:16:40.143000 +CVE-2025-52774,1,1,c01ee40063d3bcd0f9b8167cba3de7e89a59c25bad0a808755ba98f8ef366104,2025-06-27T12:15:41.720000 +CVE-2025-52778,1,1,dfe5b0d0623f5a143cc2151769de21b2988f15fbe1f1664a2eb3d92d02f756b2,2025-06-27T12:15:41.910000 CVE-2025-5278,0,0,1a1d872b476a4e1ede71f599ba5ea7954cfb91958da7bd7ccf42fc9ce864efd1,2025-05-29T18:15:24.290000 CVE-2025-52780,0,0,beda9d0e83d0e69352f6224f37e355d5bbb032dccdf392d8666399c5db09bf24,2025-06-23T20:16:40.143000 CVE-2025-52781,0,0,062bfd46d45a4489a826a38b9a3abe7d4f421aee0592b108277399e47a90ccf2,2025-06-23T20:16:40.143000 @@ -298447,14 +298573,30 @@ CVE-2025-52792,0,0,54a43e5c19c532f6b49f3b5ecdc987ba818c53d017f06190cee2cbed041fe CVE-2025-52793,0,0,1cecd933b153bc60d3b7b2eddac537905bfaa72ae4b2b195599beb64ec31374e,2025-06-23T20:16:40.143000 CVE-2025-52794,0,0,502cc6110b8b76b562cb28e051a1f9b818d5407c3da5396bd730f9e6d63ac1d5,2025-06-23T20:16:40.143000 CVE-2025-52795,0,0,11006411d1510cee1a98b263384d48fe90a25a6ec4d2d4cab3514b4f857e57ac,2025-06-23T20:16:40.143000 +CVE-2025-52799,1,1,9c39985dca9cc7152eb40df40d72126b62442d039714496fa59a9f7177755f8f,2025-06-27T12:15:42.120000 CVE-2025-5280,0,0,3c6af0d30a51ecb706066ad212af1114fdaaf7f2415af1fe946985167145905d,2025-05-29T15:50:31.610000 CVE-2025-52802,0,0,3bbd213c305ded541c93d6153b658373bf8ce9d75ca7fde959b797d174cbb307,2025-06-23T20:16:40.143000 +CVE-2025-52808,1,1,85b2bb44dafe7926274d78ab60b1c1b7023f4dcb92765a77c1023e5798b416bd,2025-06-27T12:15:42.293000 +CVE-2025-52809,1,1,19cc7e25c06e5f6a15e96f0ea033260db1d10e9f906b45dcf846e297ea10878d,2025-06-27T12:15:42.463000 CVE-2025-5281,0,0,4065baa6ec2536bda486e7298d71ac521380ba5a3be043da1b14156c61e3ebd6,2025-05-29T15:50:25.993000 +CVE-2025-52810,1,1,90248a7eeb0d3db593eb5d25785b8511c0e9eb38e8235d03f6dba3ca7873af4d,2025-06-27T12:15:42.643000 +CVE-2025-52811,1,1,e6e0dff158556e56bcdc72c99c5c6e517e75405da8f819699e830b6e916f5489,2025-06-27T12:15:42.830000 +CVE-2025-52812,1,1,9cd3c019277d85fec8b40d2df9e349d6b39ec0433bc987695a0286929d0b6ff0,2025-06-27T12:15:43.037000 +CVE-2025-52814,1,1,25bb6b942328bd894173179aa0812b87e63da0aed02c287eed683cf86d4c2279,2025-06-27T12:15:43.213000 +CVE-2025-52815,1,1,4655e91080074738c8ef3edecbcd7a1563dfd701357df07c831016db61a7ecc4,2025-06-27T12:15:43.377000 +CVE-2025-52816,1,1,953bafdee8420c054e4c17919435eb427483de617daf886c3f3a262a4498faae,2025-06-27T12:15:43.610000 +CVE-2025-52817,1,1,0b0c8d173a6f89db6b6d1abb7244083cad5c983f0f7458c0b303107edf9af4b4,2025-06-27T12:15:43.803000 +CVE-2025-52818,1,1,ddf7e3f068cc8a80d2dcacab70053972af5729b35e8eb78eb109d2c144641359,2025-06-27T12:15:43.993000 CVE-2025-5282,0,0,9477fe741c28f7d8eb82ac198e365a707539279366a622694c761108b4b278c9,2025-06-16T12:32:18.840000 CVE-2025-52821,0,0,d0a0ca4ececf1180151c371bd9db002260e4d5f13386a3eb8f1e098fc9a9f3fa,2025-06-23T20:16:40.143000 CVE-2025-52822,0,0,51ffaae48b7bd9ea17e39dc81e552968f0258b8e43f7b033eb61a490efd6d2bc,2025-06-23T20:16:40.143000 +CVE-2025-52824,1,1,45c0bbfca257432db0dcd7ea485afdd7fd011ffaa911ee7fbb5a5a183d9810f2,2025-06-27T12:15:44.170000 CVE-2025-52825,0,0,bfd2129b50cd02ba73ac261df6839665ee9fca96e334d577f196302dba30baad,2025-06-23T20:16:40.143000 +CVE-2025-52826,1,1,6279ec2408821671f0da4ac45c4c10b56ab628f7815b0c91b8a8123fe3db3679,2025-06-27T12:15:44.350000 +CVE-2025-52827,1,1,6c3728387c5581a67d868b98aefe05d85480ac347ef188a9c49470bfb73759d2,2025-06-27T12:15:44.637000 +CVE-2025-52829,1,1,ae457268e3d050224d441a69a733ec2055706ec779b0a05fa2a9bd073299b097,2025-06-27T12:15:44.803000 CVE-2025-5283,0,0,a8169db79b4666d05c59f16c729749cd032f3753a6abd4a1bda7e79d017ef3ab,2025-05-31T23:15:20.553000 +CVE-2025-52834,1,1,01ad1c4fcc149c061355a96346de551bbdbbae64c6af4775060181f031dc0d20,2025-06-27T12:15:44.977000 CVE-2025-5285,0,0,44bcec87abafcefe0886e878731e41dce32b0fc09d4f84e223174bcbfeb5ce09,2025-06-02T17:32:17.397000 CVE-2025-5286,0,0,05e7ca3386f0ef15ac2b01314d8e06913e02de8c1752e75b99b02bac23121404,2025-05-29T14:29:50.247000 CVE-2025-5287,0,0,b8300f230839e0ad3335fdc92731d9b07abc7f3405256834dd55febc4f9b0133,2025-05-28T15:01:30.720000 @@ -298513,38 +298655,152 @@ CVE-2025-52978,0,0,536489d1a428144098c443cda432c2d1561802f8cd5aef013e6017d271275 CVE-2025-52979,0,0,52505f03c11370107b014986dc0342ab4c8462260c5f831736e7ef7e18fd3712,2025-06-24T03:15:35.453000 CVE-2025-5298,0,0,db5fe80cdf57c0cc24fb51e7a48139d5b1b81a3a48561037cf1b32b8be34d74f,2025-05-28T20:37:48.440000 CVE-2025-5299,0,0,1f89fdfea84380ce22c226fdfd1b89a6ae1b920a9c80e662b58b6ab3dafee162,2025-06-10T15:46:55.753000 +CVE-2025-52991,1,1,e560d6b407c21d06c476113dfa3f606c3e1c73bb04583599a07c5042c96954aa,2025-06-27T14:15:41.253000 +CVE-2025-52992,1,1,53f9aa17a8569c408b2d1a0f07321acb4feba1844b7db5069cff6e1fbf629363,2025-06-27T14:15:41.990000 +CVE-2025-52993,1,1,f064186136b5d7a818bdefbad4439a642f942e91d98b55f57a976cf9246df29c,2025-06-27T14:15:42.283000 CVE-2025-52999,0,0,8e3ffe270e9e0f4f311570c01291b88502def8da5bc3d26946c9776265012b0e,2025-06-26T18:57:43.670000 CVE-2025-53002,0,0,88ca888237f37e4e624e68585cc923f4d5409fd291622a596533223ce1e1a8f6,2025-06-26T18:57:43.670000 CVE-2025-53007,0,0,a4076fc87f8a0924938a60c1b4d21b89458fde7ab2bc0e9913efaa46d339ee87,2025-06-26T18:57:43.670000 CVE-2025-5301,0,0,172c3938c2a9928b9f8edd9f7241e7981b7b3a36108e0e0149558a51f65a1594,2025-06-18T05:15:50.287000 CVE-2025-53013,0,0,ee406bf23bf1a0f5f249e7eb22f810b8cfccae8c849cf03bf7e4a61df66a8caa,2025-06-26T18:57:43.670000 +CVE-2025-53018,1,1,93f41f11a2a29dbdde5d3b613f544ec88cc07abdd85f3977a742f34e7f8db668,2025-06-27T14:15:42.560000 CVE-2025-53021,0,0,925b6e742df67e2887bb94091affc674575865f87c7ccef0bf1c60e479640a66,2025-06-26T18:58:14.280000 CVE-2025-5303,0,0,546057fa156dd0bfd15529f37c8ab9dae75346583c1c67316386c3461de42474,2025-06-09T12:15:47.880000 +CVE-2025-5304,1,1,b640fbe785a0aa89e8bbc8d702825cf30e88cd09b79713c63ffa47b50f09da3f,2025-06-28T06:15:22.173000 +CVE-2025-5306,1,1,25b8c146e2e9478ea3ab8dd25437842be238c31a72a294864ee562419a58a968,2025-06-27T08:15:22.277000 CVE-2025-5307,0,0,7244ff154b85c92ca09019f8de869bb0541c220b74776be3851e4cfba38a0ca8,2025-05-30T16:31:03.107000 CVE-2025-53073,0,0,dc72ce506142801c8b0cea2579e988f3f6c38bb40bb41e7362bf91b362c4103c,2025-06-26T18:58:14.280000 +CVE-2025-53074,1,1,d26493cebd66a0f9dda5d80e98dbf7b46220ff5f2603cd2e37e2415d77e0176b,2025-06-30T03:15:25.680000 +CVE-2025-53075,1,1,0e09bd88963fb2f00b3d5b179194e9921058b517807785847b9e3205050f517f,2025-06-30T02:15:21.237000 +CVE-2025-53076,1,1,5d0ee67b18e68593197b6fbe4daa7ee7bf031c4de273afeb291f94be92eb5c30,2025-06-30T03:15:25.843000 CVE-2025-5309,0,0,4f40b16e57161a0b02ce9c3f4d7e0ba4cf08b0282b7954a09175078f67da41cb,2025-06-17T20:50:23.507000 +CVE-2025-53091,1,1,c81f4b824f4453c1d40e987cd7baa9083f1a57c534bd70a7094041ef61caee31,2025-06-27T15:15:25.957000 +CVE-2025-53093,1,1,85053bce9fb848fb6277c5db976a2f0ffc8392f998aa383a76fa444ced313da9,2025-06-27T18:15:50.773000 +CVE-2025-53094,1,1,c76c2e0e8986471abdf83034fb446ee2de445a0e399720e025e6993cf294e6c5,2025-06-27T20:15:35.173000 +CVE-2025-53097,1,1,dfcf55c5322cf95bee3c1bcccf9b0cd4406513a7872b2e53ec40139dfcaea095,2025-06-27T22:15:25.803000 +CVE-2025-53098,1,1,a3eff812a6299a772b53f0a31bf8a4821466c8fb1857e659c7f1a3686f8bc889,2025-06-27T22:15:25.993000 +CVE-2025-5310,1,1,2adb5bf3622b6d46816b33dab56e070879e8a4fc62dfd837ed14704bc6ae30c7,2025-06-27T18:15:52.310000 CVE-2025-53121,0,0,4bb01fa6d772c96dfd1beb829866b6802c23c192c6c506d93270fd71dea8c9b4,2025-06-26T19:15:21.960000 CVE-2025-53122,0,0,d01762dd8940b4cc14b50a274075f97d0ff7041008e75fa24462ad1787f8b2ee,2025-06-26T20:15:32.063000 CVE-2025-5315,0,0,32a057a1d304031b7446b391c0140edb118b5446f79010fd8a4bb894c0637dd1,2025-06-26T18:57:43.670000 +CVE-2025-53157,1,1,c1041ce4bd6c376e5c3636f3cc86c5004bcaa6c1f1a47499192b7c2a18f1b26c,2025-06-27T04:15:46.420000 +CVE-2025-53158,1,1,e5dcfb19b768af9e50542339c0cde28d80e3eeeeb6452e00f3355a73e57a6292,2025-06-27T04:15:50.040000 +CVE-2025-53159,1,1,e4069e3f8ff6c744e071077490b458339c5e74e625ed1814ba03f837ce999e24,2025-06-27T04:15:50.637000 +CVE-2025-53160,1,1,688046dfd57635f14af3253813c7a973414105e0d14b00639e20bd0985007283,2025-06-27T04:15:52.530000 +CVE-2025-53161,1,1,66a7b27af75c6749dfa7b80933b04d72ff9440d43d3bcff5534e02245df1569e,2025-06-27T04:15:54.820000 +CVE-2025-53162,1,1,8388d301424f06c02ae71593f2b77e36d2ed043f92568a5434e3ba8686d9fe8b,2025-06-27T04:15:54.897000 +CVE-2025-53163,1,1,7560bfbb1d4a318f63439c9ad14a4ee4c5e29027e65aabf45449f4c1d2064c32,2025-06-27T04:15:54.987000 +CVE-2025-53164,1,1,1735ea93a314f58b5aca6d47f409e0ec1efb1092c3281e940e457ba7f02ca816,2025-06-27T04:15:55.077000 +CVE-2025-53165,1,1,c18d3f0bac2527c4fc3c5949699939aade6fdfa1fc95f118b55a9226740ab740,2025-06-27T04:15:55.547000 +CVE-2025-53166,1,1,009194b1e4d6b1b25c951d276d80052562e14b1709dfd02dd967ce379d64ab51,2025-06-27T04:15:55.620000 CVE-2025-5318,0,0,d95c49f8bb6d9b056310845ea915af91d8a36448ea3684ee98fec4064c982b12,2025-06-26T18:58:14.280000 +CVE-2025-53193,1,1,1806136a027aa266a48ef4bd676aaaf099b538bcb59e859f09cef94a1820f0ba,2025-06-27T14:15:42.713000 +CVE-2025-53197,1,1,a589ce8d946d08c359fa44442feed00acd5dcb7898337932a0a300f72a9b5284,2025-06-27T14:15:42.973000 +CVE-2025-53199,1,1,9aff035adfde7a090c78abb27e8ff7bd68e1f4840eb3a76916efaff81a0ed9aa,2025-06-27T14:15:43.180000 CVE-2025-5320,0,0,772070621ad15a70df6397a0142dc45fe5fca6b991b5410b5c6912332a34a15a,2025-06-01T05:15:19.883000 +CVE-2025-53200,1,1,ef2da7b54ae92b8d6192a2df411379961524e9aea1e0bcc4da38afab79d46f23,2025-06-27T14:15:43.350000 +CVE-2025-53202,1,1,034dd8e6b5e0aef6431b16dc0be55477a94ac58f7a797fc48845fa52d0e4b50c,2025-06-27T14:15:43.577000 +CVE-2025-53203,1,1,54636b2d64e305d6dff5f1426f50c9f20d567bbb2e58c219941896143b0fb14e,2025-06-27T14:15:43.783000 +CVE-2025-53206,1,1,ab252ea4aa9e5aa581ee2f837fa8c4b577897057cfb31c97ce5bf28cec71c462,2025-06-27T14:15:43.980000 CVE-2025-5321,0,0,31d96e00ea1024b8084a7837ef9bf0b4fd55d789d529b1f4fae375684c451003,2025-06-01T05:15:20.947000 +CVE-2025-53211,1,1,17d41a7c2dbb3a24a5fb97a4ad00542f611280bc1797273fb3b20f775bc87c1c,2025-06-27T14:15:44.167000 CVE-2025-5323,0,0,b0785ba87cd1215b18904af4ecc0dec4461f38599fcb91263ef5f63563e48a70,2025-05-30T16:31:03.107000 CVE-2025-5324,0,0,78e349d2bd14065297b1365314e2e0d4a2b731776a4275b89f97d27f39ee4fa3,2025-05-30T16:31:03.107000 CVE-2025-5325,0,0,c13176172452a62b2dce96df66b8263f391e2e94fbea914673cf01de62808a2d,2025-05-30T16:31:03.107000 +CVE-2025-53253,1,1,30f9af0b1155eadbbcd18415be2f0d739e75f24daa13c68a36f3252ca52fe0ed,2025-06-27T14:15:44.370000 +CVE-2025-53254,1,1,961f458b16624d9a8fb5cd75bb9cd79bba1949e369e5d36f2fbc552a12d2b920,2025-06-27T14:15:44.560000 +CVE-2025-53255,1,1,0045be745a4147f00a9a68e8764a0a0ee2a7f29bdf5f0565db18f232f6ff08f9,2025-06-27T14:15:44.747000 +CVE-2025-53256,1,1,e9800c4d05f2a1b8b7c62a25b17b55cba9ed3d39674a5c93a338fcdf880c4162,2025-06-27T14:15:44.917000 +CVE-2025-53257,1,1,b2e8dadeff0bd737f2ad146a4046bfbc07268e5e689ee3da13a0882744482624,2025-06-27T14:15:45.103000 +CVE-2025-53258,1,1,6bf8bee9892306646f22fb0044d66de9187661ae18ca1bb816f4bd8823446a80,2025-06-27T14:15:45.290000 +CVE-2025-53259,1,1,10e03097d20d69f5f1ae4b21f4804050e05f7ba8fc13dab62d48acc6b2e1e77a,2025-06-27T14:15:45.467000 CVE-2025-5326,0,0,44e560162f190407a031d43fb109d883b338df688e809a58566da260b71fd2ba,2025-05-30T16:31:03.107000 +CVE-2025-53260,1,1,8c61503f1ffd79c2cf99b71b3540d7a35a464a9ffed0564a20c103113f450ddd,2025-06-27T14:15:45.647000 +CVE-2025-53261,1,1,a3a5ba87421cb49d76c99f04ff6d225a0184bcb2cc9578ba4b72ff055cc44c7f,2025-06-27T14:15:45.850000 +CVE-2025-53262,1,1,2d25230123d73747d7feb9a54291242663afae9ced97cd893591efb9d01ea90b,2025-06-27T14:15:46.010000 +CVE-2025-53263,1,1,a5c8413d4adfd66a38310781879ece5eb3f202a89229402107b29eb84cef43dd,2025-06-27T14:15:46.180000 +CVE-2025-53264,1,1,39071e06ff38fc358a2e912c8985522e25b2e8009778f129173dec8fdac97c14,2025-06-27T14:15:46.360000 +CVE-2025-53265,1,1,f1408281d89d741e1545e202eb91f9f647b432825dbf656a30ec6757e2632ee2,2025-06-27T14:15:46.547000 +CVE-2025-53266,1,1,2a6c6300e74a2ef5baf80a670522353e752ef7f08b8726ff9702e1ae0176f8d3,2025-06-27T14:15:46.750000 +CVE-2025-53267,1,1,f4169a07d61e9fd57ca65e6dbdff4541e7ccf93d9bf2e4096c012e1faa0723e5,2025-06-27T14:15:46.943000 +CVE-2025-53268,1,1,989a50e34eb75611362c6602662318288cef6aeef19fdb86cb7db7bb90a2d9e3,2025-06-27T14:15:47.127000 +CVE-2025-53269,1,1,797236e3f7424886a8b7bb0fe92a05ebb2b6ab965e0b7ab731365a54f97a576b,2025-06-27T14:15:47.307000 CVE-2025-5327,0,0,a8b880c32053a31de283f5a9cad582c296c544f77211624787db5b92e0d637e7,2025-06-10T15:13:37.533000 +CVE-2025-53270,1,1,f310154bbfac153babf44b521d29d7d315f7ebbc1219fe8ac50d4b4cd6a747d0,2025-06-27T14:15:47.487000 +CVE-2025-53271,1,1,5fc2d6f2a6b71419f16dce274c036ed4fd4c474694f72e253c2822e65fbfe467,2025-06-27T14:15:47.647000 +CVE-2025-53272,1,1,6de8a2c084d470ee925aa21b3fc549d24024874a6968581a6a77bf4fcbea6f6d,2025-06-27T14:15:47.850000 +CVE-2025-53273,1,1,9441e25d3ff9a374687fc4645439ed6b1f927f2289fa0dad409ec90e4e7617fe,2025-06-27T14:15:48.010000 +CVE-2025-53274,1,1,670985644a9041c13346cd25537e1d310114e984c429e85aa6bf72b9b25161ba,2025-06-27T14:15:48.193000 +CVE-2025-53275,1,1,54ecfcbfb02a3b2f2972b3670d63f251aacadf7351bf154dd529ec9eac543e8d,2025-06-27T14:15:48.383000 +CVE-2025-53276,1,1,620e3ebf246a37c787d8a86e4fdfebf173db1b13f9440309b95f0878ac20987c,2025-06-27T14:15:48.567000 +CVE-2025-53277,1,1,4a879b1c93c6013727cfc2c0183e683eed581d2a0038dbd1d3ce40ee630b80ec,2025-06-27T14:15:48.750000 +CVE-2025-53278,1,1,1511ef5d4d7a7dd560a734b06bbf3d3a8a38eafb8f6dde24c67ae6d04aeb33b4,2025-06-27T14:15:48.960000 +CVE-2025-53279,1,1,fed30282bdb3aa98acf78c1680cb24c3e078a30e66bf2b8f8aa244767360c23f,2025-06-27T14:15:49.133000 CVE-2025-5328,0,0,69e2dcbfc2b85f6314db4745b576ea63b045f3b89808be8d33ed6e2b70669005,2025-06-10T15:14:10.110000 +CVE-2025-53280,1,1,c726f743793f8b5018b850d6268cd9ce33d38c93d78463836c5719b679f6dca2,2025-06-27T14:15:49.303000 +CVE-2025-53281,1,1,2e72391ecadee439c72d5d95bbdb0c20fdaf9b5c461749f39d11607462ed89f0,2025-06-27T14:15:49.487000 +CVE-2025-53282,1,1,29c884a07ef02ac9072a758ab2a01cc61fbd81752dba55cfe3737638b73fb463,2025-06-27T14:15:49.673000 +CVE-2025-53284,1,1,c7c35791763c5d3cbac3d4251183968674af294da0aede2305b0570c95e637b6,2025-06-27T14:15:49.870000 +CVE-2025-53285,1,1,0a0c05e92af469ddac838e01e8b79ea71c31b7a7260f11518dcc635e1e2e958e,2025-06-27T14:15:50.070000 +CVE-2025-53287,1,1,854dffd6f1d6bab96981eadc84301f9085fd917d3dc8e9b071dcb234abb02d0a,2025-06-27T14:15:50.250000 +CVE-2025-53288,1,1,ee07da019bcb239bd266afa3e65708473441c8d102f0fb6f01783fed216a9014,2025-06-27T14:15:50.420000 +CVE-2025-53290,1,1,78008c0811d38e2068cc0cba4f26a64505c02f2c5a4c08a51549c6e259d6ec16,2025-06-27T14:15:50.597000 +CVE-2025-53292,1,1,ff894a20d1af2cb2a62a1fb2cc0443bb9f88fb840d37abb97e39f19465bca26c,2025-06-27T14:15:50.777000 +CVE-2025-53293,1,1,1b926095ee272ebee5e8c8463de84c256461e5fcec5b9b7e0472d339663321b6,2025-06-27T14:15:50.973000 +CVE-2025-53294,1,1,78b8460eddf235616c0b6caf4d8e1a60f2d92ed2ce1efe12a10e770d89d34fdc,2025-06-27T14:15:51.143000 +CVE-2025-53295,1,1,b50eae7f97b44e5e4a6979bd5746b34ea7c5d4aa1a04ee4a59863c5240e36199,2025-06-27T14:15:51.317000 +CVE-2025-53296,1,1,61daddfba9bbb590990c19b5208629e821f05ae97d6a5f719c927bec6cdc8cdd,2025-06-27T14:15:51.500000 +CVE-2025-53298,1,1,54c6988f6977f2c0b5fcb880952f5ca323e50727558bb0330e8063bc28b3912c,2025-06-27T14:15:51.697000 CVE-2025-5330,0,0,e7ffe160dd4f6c3817c7e36e2e683e91c9ad47396ef2482f8a3aba919f7252b8,2025-06-23T14:37:01.860000 +CVE-2025-53300,1,1,86bf8e046164e167fa0bef745b69fcc4ccca6d662082be5dc422b3f540bb5e8f,2025-06-27T14:15:51.893000 +CVE-2025-53301,1,1,1211a1cebb130800b734ecbf9129c88680fae9ab802ed065ba91bf5e482b6ab3,2025-06-27T14:15:52.073000 +CVE-2025-53304,1,1,8934980632354c0f33744394cac242d47f72eb4975b3848317b8ac07217b26b1,2025-06-27T14:15:52.253000 +CVE-2025-53305,1,1,f41f68cc43f72bc99036db0c9f5d7c1874c25bf36a46d64f71681f41185e96d1,2025-06-27T14:15:52.440000 +CVE-2025-53306,1,1,e321052ef0640e69436fe257febf38d0de37b7dc266daf404050141a1ae6a7b9,2025-06-27T14:15:52.603000 +CVE-2025-53308,1,1,8f9452b350e4ec186791144366d0dede789661507c801ddc4509284ff550c9fb,2025-06-27T14:15:52.777000 +CVE-2025-53309,1,1,e0f1f8e341833af8e2d1b308ff3e1cd5b7558ec6e9993b872b148ca88e47b82b,2025-06-27T14:15:52.953000 CVE-2025-5331,0,0,3e528485905d1d35c61ee15111a6c2d55d98c95985d2190c3f8dd98dcd93e3b2,2025-06-23T14:35:13.397000 +CVE-2025-53310,1,1,0c6ea81818e27339c44df909d4b38cfeee155fdb2fec74ca4fbd19c96b93c42a,2025-06-27T14:15:53.120000 +CVE-2025-53311,1,1,bef32f9f2c464fc47b237fd9aba7412d693f95b3371c16760812f351516aa2ce,2025-06-27T14:15:53.280000 +CVE-2025-53312,1,1,657f9d98645c2655cbb8a67543b1fae3f0b22879898431eeeda7af1920b57e10,2025-06-27T14:15:53.470000 +CVE-2025-53313,1,1,1b99109c6964dab7132b8c7f1e3c3e9661151de9bbb7a1e5ed694f1179970868,2025-06-27T14:15:53.663000 +CVE-2025-53314,1,1,cfbbc2e03be0e38b74ff3d47140bc6b6a65a301da058c1a4873b1a4c5cd9e8dd,2025-06-27T14:15:53.857000 +CVE-2025-53315,1,1,33b4539b89cfd474048c3032e13e39b752efce3d489f3eadcaea84b4ebceb680,2025-06-27T14:15:54.050000 +CVE-2025-53317,1,1,d2d250afe9f72323ea2a038e6b6e7df64ad76827cc7626e4350b9868c167f8a1,2025-06-27T14:15:54.243000 +CVE-2025-53318,1,1,f1154a0a8b573b61d60e73607de1f62edadde17e0316bdb64284344872562a1c,2025-06-27T14:15:54.410000 CVE-2025-5332,0,0,e1def175621c4e1d1942302bd613c0906cf0d988637a95edef4cbf91efd49e74,2025-06-04T15:37:02.583000 +CVE-2025-53320,1,1,042cbd0744f8dd640c3f80777ec41065be36e152340b469ded42fd75c4ac64e5,2025-06-27T14:15:54.590000 +CVE-2025-53321,1,1,950e7b1376e254a4812e820ba7fe63b89320d6085f6e116faf45bd3bde06d5cb,2025-06-27T14:15:54.767000 +CVE-2025-53322,1,1,a4e2f88f571086343a1b1c56f84cc8c8ab29fee4b801880cc3edad71ba2695a0,2025-06-27T14:15:54.967000 +CVE-2025-53323,1,1,6f26b96747f033bc2ff2dd5be06e7daa7aee8186d72d1ca3f649ec1fbe6b9065,2025-06-27T14:15:55.163000 +CVE-2025-53325,1,1,1472b492107d90f3fd2c1d43398340a4a10b29ceccc321fe232a14dc7eaa3dec,2025-06-27T14:15:55.350000 +CVE-2025-53327,1,1,54542813a2df1935050e60267e63d27f29943ec71ba1e34a32574fc6b8cd541f,2025-06-27T14:15:55.527000 +CVE-2025-53329,1,1,3f301078725099c720071f98bc29d8974aa5ce418196cf2a61faad0f029b9799,2025-06-27T14:15:55.687000 +CVE-2025-53331,1,1,da289d97109e76e499c7f6b97046ab4ccc43b369ebef495f3ca97c01b61b71f7,2025-06-27T14:15:55.863000 +CVE-2025-53332,1,1,7b4baf1630534acf70ea132155264550aa6f2687895894939a8aad24f24fc37f,2025-06-27T14:15:56.027000 +CVE-2025-53336,1,1,2e4da66f48bca537933269354a43813965d922d74e13cdb7e9f860204165595b,2025-06-27T14:15:56.413000 +CVE-2025-53338,1,1,4906bd932183c7ce03b02f3c6d409e29b48e025126f15dbc0494312c6d33c7df,2025-06-27T14:15:56.610000 +CVE-2025-53339,1,1,a69ba7d136951a48f51a37dcf1650f45e71092316c7e49684a6bc4f2811ab281,2025-06-27T14:15:56.797000 CVE-2025-5334,0,0,3b25ffa10fa68a37bf0e18657dc7cc96e971a33e8fade936cdd130170872987d,2025-06-10T19:15:35.243000 CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad95934637,2025-06-12T16:06:39.330000 CVE-2025-5336,0,0,51ebbfc8a6c001d043ad92fbb70974a3ccedacbc8290bd5643cc8faeb9732c02,2025-06-16T12:32:18.840000 CVE-2025-5337,0,0,f5b214301a56cadaeebc0b9a86ddeaf885fbd4e9b8e681558e7ccfb718bae2b0,2025-06-16T12:32:18.840000 CVE-2025-5338,0,0,7d03b6675327abe3166794a3aea1334fe78b5ed9861d33098569022851345f63,2025-06-26T18:57:43.670000 +CVE-2025-53380,1,1,778a4ed3b4b51402648379b0a66e0653fc3388939d52b44cfb536c593d391f6d,2025-06-28T03:15:24.373000 +CVE-2025-53381,1,1,5bca2379c91be4fadf0c25a7392b9c1b3f109e154b7525c42492575516c349ca,2025-06-28T03:15:25.393000 +CVE-2025-53382,1,1,4695e14174a7cc685cd3ded81df4de7cc22e0d73407b891865d54a432fde8f3b,2025-06-28T03:15:25.470000 +CVE-2025-53383,1,1,bda272ce8aadf6815cc0ea73e6ad65e6683a0ec0c2136c70179f0660763743cd,2025-06-28T03:15:25.563000 +CVE-2025-53384,1,1,edc1abae5d61e8ce0cbe60766a7d8163fe9c4e8027aaa35b22acd12262730645,2025-06-28T03:15:25.630000 +CVE-2025-53385,1,1,6919cbbce415f6a7965892da59e02c2851818e452a8966594003b8317f9804bb,2025-06-28T03:15:25.710000 +CVE-2025-53386,1,1,421cd769cbad85964ce345c4647b4d8effb0b5cc08970d5238cc9cb8e91646c3,2025-06-28T03:15:25.790000 +CVE-2025-53387,1,1,e2764bb76f8a0fc53098c27eec0c194d10d953d856450579213a555deedd9d56,2025-06-28T03:15:25.860000 +CVE-2025-53388,1,1,a892e721c397f4ad48b104d8840965c60b9650055c4b0c4a9cdb65c7fe578d48,2025-06-28T03:15:25.933000 +CVE-2025-53391,1,1,5bb04639b2fdb2e9aec8d4b0f32263a170900311f834c0cbed6f8532ae6b4440,2025-06-28T22:15:23.600000 +CVE-2025-53392,1,1,8547d3ba04db245ff769782c5f28ad17dc797b5d8c8ad024b115da29d5cd748e,2025-06-28T23:15:21.503000 +CVE-2025-53393,1,1,fb13ac251ec592ad13d4a1e4669c330156dada86640bb9801a39334f38a5732a,2025-06-28T23:15:21.760000 CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2ceb,2025-06-04T14:54:33.783000 CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000 +CVE-2025-53415,1,1,c4708271a70e55921ab3490830a1865abfbcb89a63aa07808daf9ebd198163ff,2025-06-30T09:15:26.903000 CVE-2025-5349,0,0,c3dba6df59d2293dc5933fab4b44180a83c69961191d6e1c8668a3b028af5d72,2025-06-17T20:50:23.507000 CVE-2025-5353,0,0,a9d9e9f405a59eeaccd7ee5466c700cdd9eae2ba20f2bc9c98c5c42953abdf75,2025-06-12T16:06:39.330000 CVE-2025-5356,0,0,230423e916dccb3eed4f4eea6b8b3a9d8afef34a102c6f9d5aed25dc46913046,2025-06-24T15:20:27.113000 @@ -298582,6 +298838,7 @@ CVE-2025-5388,0,0,a0253f0c3333e57e30f53ca748c2f786064d252af030391460f61763742994 CVE-2025-5389,0,0,260909efcc6b6b292bffdc65b5b0e9633781d0b5c8c5ea87a3dce1c6319b67ab,2025-06-02T17:32:17.397000 CVE-2025-5390,0,0,039345fdea46e1731d2841f7a4397db225f36b8f7cd62f23d1ae898d97067564,2025-06-02T17:32:17.397000 CVE-2025-5395,0,0,4adbdf3099b8b5dab4e4f6463ed756f4d425b2051f900904089759b88a3b79e9,2025-06-12T16:06:20.180000 +CVE-2025-5398,1,1,3e3c885d3d513bf33ee6694c9192ee14f5152ad3bfc49bc4d0212c8c495e030d,2025-06-27T10:15:26.470000 CVE-2025-5399,0,0,0ecebfde69eb11c2808a3eee614685de2e5fb1417c4788dd2b728d39b531d7cf,2025-06-09T14:15:23.470000 CVE-2025-5400,0,0,7cd289b1f8796f433468abfa83e965b2ae8c6d02300bfc34aeb9a97484dcc2f7,2025-06-02T17:32:17.397000 CVE-2025-5401,0,0,7191cee0bc77ec5bd67bfc250972477b89f2f18db54f39596b26be9c1bb1595c,2025-06-02T17:32:17.397000 @@ -298672,6 +298929,7 @@ CVE-2025-5522,0,0,a6f0feb7c3dd1459fe736f4f5982460ecbcab99d78d309661631c0ee8cbfc4 CVE-2025-5523,0,0,5efa29e7b7bd4b4641984376098bb78d90287d527ffeb481b2aac415b7a4bb5c,2025-06-09T15:12:42.317000 CVE-2025-5524,0,0,9b54382a0d40419b36cb1a6dfd4d91e27c5e0b8cc8a8a2eaa1401782bff3e506,2025-06-23T20:16:59.783000 CVE-2025-5525,0,0,8a6fda70c73f8d7caf337b44e8088af73f34b5d808b601ef429b01e524913c40,2025-06-06T17:27:21.350000 +CVE-2025-5526,1,1,6b5887acfc6b7e738df1b8287ee96573c8e8c8e5d84d952f0cff5f051e43df59,2025-06-27T06:15:26.763000 CVE-2025-5527,0,0,23d619a74aea1abe1b9173eba88fa2a07d22ff2b8b371596fe573cc187fab574,2025-06-09T15:11:48.217000 CVE-2025-5528,0,0,9ff6f51c97698d79ccf64d3644dee7c04924a371e5162b7f2b385dd7df42f941,2025-06-09T12:15:47.880000 CVE-2025-5531,0,0,6d27f31038761ad0a1ccad441f88039d5d4e8afb6e2422d32c208713130619d5,2025-06-04T14:54:33.783000 @@ -298857,7 +299115,8 @@ CVE-2025-5726,0,0,ee7c2168fc4df99ae26ff1928c673572570d2b73b7f2f8583cd52149422b0e CVE-2025-5727,0,0,233f39774007ec048ab823ce132d5d9a0383f240e79c4b766b8268e460e699b9,2025-06-10T19:30:49.890000 CVE-2025-5728,0,0,a2734432c6d5c9718e73264aec800c40d10a3b1f503cc6a36bad0f61d236849e,2025-06-10T14:58:21.970000 CVE-2025-5729,0,0,cbf15c12a32ee71e58b14fb7ddeab4ea9839aa7fe6f43bb43e4a6224f7c4508f,2025-06-25T20:41:36.720000 -CVE-2025-5731,1,1,74faf62df78f7f98ba63a7b446adeff3568de9b0fb9b2a72225ed66ee00a8728,2025-06-26T22:15:24.917000 +CVE-2025-5730,1,1,fdead208f1219125615b2a225ac0449c6f227da036d27c27ab389c83e54d03f7,2025-06-30T06:15:28.713000 +CVE-2025-5731,0,0,74faf62df78f7f98ba63a7b446adeff3568de9b0fb9b2a72225ed66ee00a8728,2025-06-26T22:15:24.917000 CVE-2025-5732,0,0,e44c4abf488eb73f34cf4fc12053fa1034be5ba1cd633b45abb888bfd8cfede8,2025-06-10T14:58:00.633000 CVE-2025-5733,0,0,f9414f378c72883d276dec17aff75405246e3e34329518fe5887772f8c216d63,2025-06-06T14:07:28.330000 CVE-2025-5734,0,0,7cdd81331c25c23698c2a802d4084a8a8caa095eaafc613e4054697ce885751f,2025-06-17T20:38:23.730000 @@ -298967,6 +299226,7 @@ CVE-2025-5874,0,0,726c9df65c566725a510f5c58b0c057c9bdfc295fa5f1ff3d2641c2157e020 CVE-2025-5875,0,0,c25b34ccfcd613e0dc066c8ac82a22ec084260cbb2bc3930454841ae31515b22,2025-06-23T14:21:01.890000 CVE-2025-5876,0,0,32a8af4e9cd8f7d2c246abe46c081e26ff3051e42e928a128210a8c01026ea88,2025-06-09T13:15:25.777000 CVE-2025-5877,0,0,e0dce4f1c575be2988ae468fd3b9f298d5610dc4a16b678a804d86d9b1adf31b,2025-06-12T16:06:47.857000 +CVE-2025-5878,1,1,dcc8b0ca60aee653002e25946536280ec097cb6c5ef19a26d63b30448a4dfde7,2025-06-29T12:15:23.633000 CVE-2025-5879,0,0,756604528009a19f95fc6aaf90273ff5d2ceec0a3e555d776ee81b7d6b78c298,2025-06-12T16:06:47.857000 CVE-2025-5880,0,0,30053a977ddbe5e71c046af93902c42d00bc2985c0890b6525775f4d57544340,2025-06-12T16:06:47.857000 CVE-2025-5881,0,0,3438668634295d42105deec2767619dff3476990785eaa8f8d6da73c06db318c,2025-06-25T20:26:45.010000 @@ -299015,11 +299275,15 @@ CVE-2025-5930,0,0,f247db24f36bcbf2f7d81e18a82d068f64b444dc019b1b0b868d92f5ff3fa3 CVE-2025-5932,0,0,d1195345b3e2262847f1a971fa34210f177c9a6a4f5dfc87432b0985fe39715a,2025-06-26T18:57:43.670000 CVE-2025-5934,0,0,2b04aea49be1b2e817d664c8d52ff126b146b95757a60bd9875f5715a4755cac,2025-06-20T13:11:11.560000 CVE-2025-5935,0,0,c15a5d20553ffc7a7c30ae68f0e5f38be384091a8a588ccb546a6d6a87a9c526,2025-06-12T16:06:39.330000 +CVE-2025-5936,1,1,559019b9e8154586588be921ef35b33916a805421fb8710aacbb619d117a0c8e,2025-06-27T08:15:22.497000 +CVE-2025-5937,1,1,8d3b3acfa5f52cacf6f3aad1688696052d3442e18b65c5eb510dc5f3a138af43,2025-06-28T08:15:25.143000 CVE-2025-5938,0,0,de6ba49470711279279f27a904465957f8293ec15c3176c20b2597289d4c7b40,2025-06-16T12:32:18.840000 CVE-2025-5939,0,0,fae4e42cb7ec096d2eda48ac42042deaadc4d81bda29462ec7008261e2cabbf5,2025-06-16T12:32:18.840000 +CVE-2025-5940,1,1,8d042165beed958a7dfe961df7138fd0c77572719937a084179d6a605356deac,2025-06-27T08:15:22.857000 CVE-2025-5943,0,0,35b1a03e31f4997e71998954ee281c02ada0936b00fc64cfacb7aa84cfa29429,2025-06-12T16:06:29.520000 CVE-2025-5945,0,0,c7e4d5fd43d260b09c3d268ba39649757ca6834ec123b67f85c953ef50c7c56d,2025-06-10T09:15:25.930000 CVE-2025-5950,0,0,760fa6d42f3c866c98b5e3438e6c6f00bd5fd5520537943b3e544b07838ccbee,2025-06-16T12:32:18.840000 +CVE-2025-5951,1,1,8284d36183b5c5a20ce1ccc5cb7415a68b49193aca2a0e8df993129c1d1d98e3,2025-06-28T23:15:21.963000 CVE-2025-5952,0,0,80f5810e94a735443b1add4b87f50d30096f6ed0c46ddf37bebc56b27e945b75,2025-06-12T16:06:39.330000 CVE-2025-5958,0,0,a36b78799dbbd1551f96c1bff1614591c13905c454c0b07d9b02e19316c76c99,2025-06-16T14:50:15.493000 CVE-2025-5959,0,0,a39e129e58512bcee45e4710589bda0209f85db251e85a57b71fd6de1e661083,2025-06-16T14:49:13.623000 @@ -299056,7 +299320,7 @@ CVE-2025-6007,0,0,ad7217a46edf88f3122f03c09e2fdcfd31382468cbe1002c4a5de402899399 CVE-2025-6008,0,0,cf45d1b8877307f98a5e962959db4dd8b70df84c99522375a10c3d04cde0826f,2025-06-19T01:26:01.867000 CVE-2025-6009,0,0,78abb2d4f36e6029b865859c44e8b3b2ae426316eb8bf2e15ca3e33565c4ca16,2025-06-19T01:25:17.743000 CVE-2025-6012,0,0,26f2f66d87f45d6aa756cc004552cfa11ed42d44708395d664a6658fe8d21b45,2025-06-16T12:32:18.840000 -CVE-2025-6019,0,0,75f7b9a6441bde9d23f3280f372789289893c4b264a698bdbb1ec39f610d4315,2025-06-23T20:16:59.783000 +CVE-2025-6019,0,1,5477ec15a82be0c2a93ed9a3473af3a8dab5cb2afdbbfee75cdeb137fdc5af5e,2025-06-30T03:15:25.990000 CVE-2025-6020,0,0,abdab1613cff203ff4225a4e83eb5a681c34a8b5248c090e738170300c0f3bd4,2025-06-24T19:15:23.937000 CVE-2025-6021,0,0,4d6c316d6b2265feaa5a1f1976caab5acbb233a1583e3791720a0a82dcf439c4,2025-06-12T16:06:20.180000 CVE-2025-6029,0,0,e9108be7e98d0780991a9dbc9771d79381463de686ea76ad25b1212ca465841e,2025-06-16T12:32:18.840000 @@ -299118,7 +299382,7 @@ CVE-2025-6124,0,0,182f443b3dae3d5c1247d45e79bef173f9714760ba9efbc0541c94f55ad4ed CVE-2025-6125,0,0,5970139c3a7232cc38ae30cfaf06d3e6e8652a495caadea4bc949c7056e7b9ac,2025-06-24T15:55:55.897000 CVE-2025-6126,0,0,3cecc13780f04c9d6e12cff3225a1c82a52d01b6e334f4c31582b486f92d1a99,2025-06-24T15:56:04.113000 CVE-2025-6127,0,0,8dab39e6a86d655538962f0fbccf53772eb4e509addd8914bf2b696eca5c0d0f,2025-06-24T15:52:30.757000 -CVE-2025-6128,0,0,1e377ac73a59a167c73fcf96e4c6971eb9041bf3cc73e824932eb4a056ae1f9f,2025-06-17T20:50:23.507000 +CVE-2025-6128,0,1,ef745006225bb9675a4a26298cdf9e404f3a8edfd46396f0207f11b259b591ed,2025-06-27T14:46:05.487000 CVE-2025-6129,0,0,c11fcf3a911a2d8d8c4b37d8252afa26669376fbb7214d4fcbed546932aa455b,2025-06-17T20:50:23.507000 CVE-2025-6130,0,0,cb569be39f5f1da076d06669e0896e22c8cd60dff8ebc57d155295bc5acb6c81,2025-06-20T14:39:23.200000 CVE-2025-6131,0,0,2866309ab3a411ed34af4bfc174dd80cc2f38df6ce0809f56ec34a44e1386fa4,2025-06-17T20:50:23.507000 @@ -299177,6 +299441,7 @@ CVE-2025-6217,0,0,0d2c65c94d7cc4fabd9027df56e983345e1f33543f29c53f0c45cf319713d1 CVE-2025-6218,0,0,0c57dc44b918f69aa41dfa2cd45995e68693308920cd967c81e00d12734bb127,2025-06-25T19:03:33.817000 CVE-2025-6220,0,0,5f7d83b19f9a74deb42015750f7b5335a45a31dba8653fadb3cf8eaf78a671be,2025-06-18T13:47:40.833000 CVE-2025-6240,0,0,ba4da5fd605eca3c919532cf0a8a1661ebda5a87c35d4010c4dddeaa23d93e9a,2025-06-23T20:16:59.783000 +CVE-2025-6252,1,1,f8d2c98a36fad6a21e427565cc17caa8692d044999ea827e204698951bd242d6,2025-06-28T05:15:24.710000 CVE-2025-6257,0,0,cc91b7557b526c88672e08add1b684bde89a65ab4dd7fa052a99a1c1c9c823b5,2025-06-23T20:16:40.143000 CVE-2025-6258,0,0,a4b6be5935c4432c7a129304f469494da82c625050798afddedddfa563a7fe1e,2025-06-26T18:57:43.670000 CVE-2025-6264,0,0,f32dcf95c634dc2f1ab86702d3943727ebae8018b2fa6b536fe8be4f7c817392,2025-06-23T20:16:40.143000 @@ -299254,6 +299519,7 @@ CVE-2025-6344,0,0,d4ebe8546071c6f599337efb2154e70f6fbd03816d527c4e2779e3b0d26229 CVE-2025-6345,0,0,b33f24903860f4767c24c3b23695242ccd8af4a1055fa40f0a8676c27b00f49a,2025-06-20T15:15:35.800000 CVE-2025-6346,0,0,011bc8a262555edab4b20ddcee756fa3b3eb6e2997e406cc2e1d1d0357f55b38,2025-06-20T15:15:35.983000 CVE-2025-6347,0,0,314d9452b387c10ac762b3b1128a41f845645f5c30e1ff2ca81e9f93cc334357,2025-06-23T20:16:21.633000 +CVE-2025-6350,1,1,7a6082cebfcf6fe40bbd64f161b7b25d293b460ed2360e5bcf97e3fcafb51a18,2025-06-28T04:15:45.190000 CVE-2025-6351,0,0,0b04aaa7d086b3fc46c47903a32227c30f140a645f1c0f92929b974615781879,2025-06-20T16:15:30.250000 CVE-2025-6352,0,0,9d15046a1965b14eb3ab7c9082bc02622d7ca5d63392e4ee8604e05d4ffdeda2,2025-06-26T13:50:10.427000 CVE-2025-6353,0,0,629fe18bcfbf2dd023d18f9e595e887b68dcd365925026ba25f8edb8b1dcbbd9,2025-06-23T20:16:21.633000 @@ -299279,6 +299545,8 @@ CVE-2025-6373,0,0,fc3916a56b7bebb7f4afd8db9623b0c0b7ca6d04a407f196c28a44bfa23b95 CVE-2025-6374,0,0,52c2a3762c3febff3f7133c40521ec4205f6d9bad96026808a9cc8ac3a049376,2025-06-25T20:10:23.920000 CVE-2025-6375,0,0,c5c7694dc72a40d77b42ca7bdac2085f0219ee2826ef00eb4a9804c963c5103e,2025-06-23T20:16:21.633000 CVE-2025-6378,0,0,da81929627ca41dfedced9811023613c15a40b0d55e0bd556aab3cf407bd3f73,2025-06-26T18:57:43.670000 +CVE-2025-6379,1,1,7fc1e9830073470b9066a4378564ef1634bdb8213e175fae8d22ec1cb935756b,2025-06-28T04:15:45.700000 +CVE-2025-6381,1,1,2aa669c4af6f5be0e913e433c01d100074b8da115103fa92bbfd0973bb9129dd,2025-06-28T04:15:46.110000 CVE-2025-6383,0,0,35d6eb846a0e7ad29c61cf4ec7b91041c35953e0c591ccd388d602b918bec848,2025-06-26T18:57:43.670000 CVE-2025-6384,0,0,97aa0c1b3518730f2ff1ac0c6e40e6df53f12abb019ae8c41f191d17b86f6691,2025-06-23T20:16:40.143000 CVE-2025-6393,0,0,32247b5db96e134f65a8c77173062a4edd972dbb6c0ac396c8f0bf9ce435cde7,2025-06-23T20:16:21.633000 @@ -299326,29 +299594,30 @@ CVE-2025-6444,0,0,37705057457fe7179db85da84838ca3b56fe8ff63e8fcdb240ff0b99358193 CVE-2025-6445,0,0,f99b123e574fa4e59daea983acb9603622fc84af3252757bbdb2c3411966afec,2025-06-26T18:57:43.670000 CVE-2025-6446,0,0,3600b7ecc27e2374ecf53656a0787999f8467a509514c75f50c495fcd2cddda1,2025-06-23T20:16:21.633000 CVE-2025-6447,0,0,ccb7491a53a65edb2a46fa34f91bfc98d3e4b5a673ea57cbc2e7809ed2b6f681,2025-06-23T20:16:21.633000 -CVE-2025-6448,0,0,8222bc4acb92d0f776e1d0bca83e07196c49a6462816bce44b6bf839e1dbed85,2025-06-23T20:16:21.633000 -CVE-2025-6449,0,0,ad8f96433cb6f1573eef28c4ff98e558c49643132e3524c9869df6509e5de65d,2025-06-23T20:16:21.633000 -CVE-2025-6450,0,0,67c51a6d6323841f800b9f07d4abf30d6eb76923976682d825e285bd42e38a36,2025-06-23T20:16:21.633000 -CVE-2025-6451,0,0,1c1ee6574252f017397edae8cf6110c72ac9b8be9dba12f11df6aa950d2bb8f0,2025-06-23T20:16:21.633000 -CVE-2025-6452,0,0,02bd87e15c5cf00b5fce1e376f457a04c32cd07bd006894d777375ec1ba9a948,2025-06-23T20:16:21.633000 +CVE-2025-6448,0,1,5a0a3ee3d9f4340542c17b153af4b14314a4d2b8a9a47066bf08ed33363fd48a,2025-06-27T16:58:56.890000 +CVE-2025-6449,0,1,7b1cdc99f16ea600bb8750d2b6d082ed5fc5e753ed757d63ed225090755d0c8d,2025-06-27T16:59:11.193000 +CVE-2025-6450,0,1,08d07073e69e5d11efa66a56b9a50f9dbeb64a9dc7ddde1cd9563a1194634076,2025-06-27T16:59:51.930000 +CVE-2025-6451,0,1,04c62c64dc294050a6c6b4d1e990f6e6541b744c2aef681364bc97a97609b22c,2025-06-27T17:00:53.823000 +CVE-2025-6452,0,1,083940287f0c582bcbbebe584d67638d9b0c0f407a2a8fc444d58915e8359f7f,2025-06-27T17:01:21.663000 CVE-2025-6453,0,0,fd00a509fde83ffb8dc87e91d1ef6f6a42205887332904c731c5e5cfca51f7a0,2025-06-23T20:16:21.633000 -CVE-2025-6455,0,0,265d0815d428cc0332c6f668217ec8a1936104b978c66942178c340270d7e0ee,2025-06-23T20:16:21.633000 -CVE-2025-6456,0,0,f94955378138668eeddcf0643df7e80491ded0e1de5b6f79022b52b828de9738,2025-06-23T20:16:21.633000 -CVE-2025-6457,0,0,ebb78003380f70547fbe74682acbe42e81ed1cd074968557a5247b806014978e,2025-06-23T20:16:21.633000 +CVE-2025-6455,0,1,c3bdac595580f2d51688455030c4e776910361c0f01b217f8c0fd502d1ac42aa,2025-06-27T17:02:14.733000 +CVE-2025-6456,0,1,31edf54365c40ca692dc828ecd2cae22754fd4157ef8b7b05f96d0280c2dbfba,2025-06-27T17:02:28.953000 +CVE-2025-6457,0,1,ec2a9dd42c1bcf669254ec6afca5da44ae8e8abdf8ae4d1d4071cff11bb8a640,2025-06-27T17:02:36.347000 CVE-2025-6458,0,0,083518c79650bb4c88fc42ff0fa6cfc761ce82844b15365e5e4b749048d96c50,2025-06-25T20:00:54.297000 +CVE-2025-6462,1,1,d8cac8af8f9fd1d70529e34c38f93794353bf1782105707c8db160f069227a1d,2025-06-29T05:15:20.663000 CVE-2025-6466,0,0,02dda139ebc87521cef69d237c47fae4cb16f9d5a4fcba111e2a9a76c60a2e10,2025-06-23T20:16:21.633000 -CVE-2025-6467,0,0,7689241b9dd7345290f573e56d1ebc8c10c915268120539591432826a1af4380,2025-06-23T20:16:21.633000 -CVE-2025-6468,0,0,1845b4082a91b449a76bde9baa14b86a11a77c0b10b331ab65d3e65c2e23afbb,2025-06-23T20:16:21.633000 -CVE-2025-6469,0,0,83a2d2f2e5e6485157d5b7bdaa0d82e61ec7d695fed15d7d94efe7de355d177c,2025-06-23T20:16:21.633000 -CVE-2025-6470,0,0,3072ae13c663df61e4a9e0a80f8ab3a7a714c313d9a510bbfea6641ebef68093,2025-06-23T20:16:21.633000 -CVE-2025-6471,0,0,d28e88e216194e1d4a69d1c07a616ba3d9f104a98822b5c0784ad67535c62147,2025-06-23T20:16:21.633000 -CVE-2025-6472,0,0,7be29641df306cfeb39a003c7df9102622cd0a8c07cfda5fdebf78e39d4ecb52,2025-06-23T20:16:21.633000 +CVE-2025-6467,0,1,2111c66db0969d1c41fc8564ca68139c60962dcd1f7bb6c000aa2a277af3863e,2025-06-27T16:30:42.310000 +CVE-2025-6468,0,1,b609e6c1f1cb2cca716729822e4b5563b8a9898d707e405d1e94b0c4142dd708,2025-06-27T16:37:25.340000 +CVE-2025-6469,0,1,9cd77930f9b2369d6669566b43b3fe85ebe6323bc97ef9943f87cf9740efbf6c,2025-06-27T16:54:31.290000 +CVE-2025-6470,0,1,d936e13b78f915da134ff47fa6c3b0ce8e10f680a7830df1f48298672cd185e1,2025-06-27T16:55:15 +CVE-2025-6471,0,1,823bb5c08f1030bf06097a1583657417cbcc72c669862ecd9d2d6ca53319b71f,2025-06-27T16:56:34.050000 +CVE-2025-6472,0,1,c97da6600cdcc39f2ef6e7ee5beb7c062c2fe0bce6f28aa79dd4ea5cf615cd9b,2025-06-27T16:56:41.610000 CVE-2025-6473,0,0,f821ace141e7154584a5b72f1adebfe8462fb064a2672193822b96783f6d8a75,2025-06-25T19:27:31.730000 -CVE-2025-6474,0,0,ab188f09f0a4e137326cbf1eb98ac56db23d545a6aeac89464fb4cc91222e613,2025-06-23T20:16:21.633000 -CVE-2025-6475,0,0,dca16a683d20010a85900288f75a3de83ba9a3b4422e79f680677aec00cdaec7,2025-06-23T20:16:21.633000 -CVE-2025-6476,0,0,0bde69972fd7d4d715236588866dbd079ae31b0d16a0101bbc35bab247de9426,2025-06-23T20:16:21.633000 +CVE-2025-6474,0,1,34f2cdc646f0fdfac764e66e3140f858fbf31974233afdd9a8f8817759fa4f09,2025-06-27T17:29:34.393000 +CVE-2025-6475,0,1,3f426cf1651995de981716ed0ce59ff04720b4c8d7d4d43d75adecd6f0735dbd,2025-06-27T17:20:59.637000 +CVE-2025-6476,0,1,88c9d4c09f8a99588e03924e5dd1181761a91a2ea6d53c95f7cf80fed6da32d7,2025-06-27T17:14:29.533000 CVE-2025-6477,0,0,718d8ccaacc87e1c57765c6643de1f27af3dbe6e78ffbb21600c33723313882d,2025-06-25T19:25:44.190000 -CVE-2025-6478,0,0,d774f1cad8b6a052d9c9d66872d7e1882d2cd9753c27522c8e48c07fe14fb0d7,2025-06-23T20:16:21.633000 +CVE-2025-6478,0,1,31ec8a10802d4265d3843ba47157156e1cd48721db6d3f2b4bbfa8dcfc5414f1,2025-06-27T17:13:26.643000 CVE-2025-6479,0,0,2c5b2471154f56ce282446555e3678e22ea4cd2374f79e129a80d30240de1c44,2025-06-25T19:19:01.967000 CVE-2025-6480,0,0,93237f12d754008f7fd67ea5d034bb783649924c98eaa92f468d9844c78fedc5,2025-06-25T19:18:18.497000 CVE-2025-6481,0,0,1cd9ac72b2551a82a6ec3b44ea1539e5705eb042de1232a95404e2239e6bab0b,2025-06-25T19:17:25.407000 @@ -299358,6 +299627,7 @@ CVE-2025-6484,0,0,a6d61d15a4e77f3663222170cf96ffb28eeb3ee03303971384acc6bb6b1e7c CVE-2025-6485,0,0,fbaabbcf16b6f45dad70787ff83c2f2a40a9d66713f014579d4bf4c3d0b9ecf7,2025-06-25T19:31:46.050000 CVE-2025-6486,0,0,9279349c7782d4462e26da818de9d0c7bcf2cfb484b863830cae3c45969d1782,2025-06-25T19:31:37.533000 CVE-2025-6487,0,0,29e0a7237d62fc67ee05c71aab1c7439f3b9715b366fd94f580ddf8afdfdbd57,2025-06-25T19:31:27.433000 +CVE-2025-6488,1,1,053afc0aaffdfd385044eacf536b7d8b5bc2add2b7729d921b1df8cc03ed48df,2025-06-27T05:15:34.203000 CVE-2025-6489,0,0,76ec524cc88748434edd32da385ea8c072cc94c0dd99ce64a004c4e1e23c404b,2025-06-25T19:31:16.637000 CVE-2025-6490,0,0,712875650a18bc82ee42534b81765312cd07e271d860b7988f6e06a27f515abe,2025-06-23T20:16:21.633000 CVE-2025-6492,0,0,f4c450e5238d0b6066bddd75aa5d427fff899ce0a5a143de6c2c6c6e80c1f5f1,2025-06-23T20:16:21.633000 @@ -299367,10 +299637,10 @@ CVE-2025-6496,0,0,41dc145f9a02ba783f2ed330080b0df94da07c3c130615dd33f85880edf7aa CVE-2025-6497,0,0,085a542a1200fd4aa6eb1522dd911d9a98ef8c5a6df00f38adf93948fb0f75bd,2025-06-23T20:16:21.633000 CVE-2025-6498,0,0,11f74f8785056a6e7a545d5e8f3aeedffc98d72b787c795f6ceff6211b41f5d2,2025-06-23T20:16:21.633000 CVE-2025-6499,0,0,6f461c1d87da9b46bab3b0b9135c5fe22e9e801a65b393f3fc56e5a67a44e835,2025-06-23T20:16:21.633000 -CVE-2025-6500,0,0,e747e98474554647addbacfb0f78f5d9fda33b8b5a09fc1b5dee7c5b501656b7,2025-06-23T20:16:21.633000 -CVE-2025-6501,0,0,21c8702aea93b20af2956a2b849cc2c4ed934e081e8fcf79e0c1fd3f27b3d911,2025-06-23T20:16:21.633000 -CVE-2025-6502,0,0,3cc4732dfba27732e60ecb94c22cd8faf493b6d992695349494a736c26de1004,2025-06-23T20:16:21.633000 -CVE-2025-6503,0,0,0a98363833da2416aba217365867064f5250ae4c665f2d613afce6b1badc39bd,2025-06-23T20:16:21.633000 +CVE-2025-6500,0,1,dd478ef461721857580232a73712a51eddaa3493fa181e03c5e8d31a21cf04f4,2025-06-27T16:58:31.480000 +CVE-2025-6501,0,1,591def2261ed5fcc841b9c04799c6fa610cec6ce768ede25e1ae9a7521130f5f,2025-06-27T16:57:09.610000 +CVE-2025-6502,0,1,ecb07cc46151c2d4b33c0de3fb40627a8c80f86f6e7f693ee66a4e5afe98bc9c,2025-06-27T16:56:37.683000 +CVE-2025-6503,0,1,c2a21229bf5fcd8f3ca88b6589dc5779b7f0f61c193d234a8ed4fe650a41751e,2025-06-27T16:55:49.877000 CVE-2025-6509,0,0,44a17cbe2518b85359fece5add564808a08c0e71504aa0b86b50f12f7d74b1e2,2025-06-23T20:16:21.633000 CVE-2025-6510,0,0,d1486db7e8d1151f5ce1658da33a5ba03e1ee1444a409ac9c44923596a7551c3,2025-06-23T20:16:21.633000 CVE-2025-6511,0,0,cc8ab409e471e104e8e1fc80b5595697eff632bcca500a8d8c88c3888c668622,2025-06-23T20:16:21.633000 @@ -299379,6 +299649,8 @@ CVE-2025-6513,0,0,6fcda6ec8fe8d4d7a71ff944570d0aef3cd920458f304839d1b1f59be7ed3d CVE-2025-6516,0,0,ac0b558987c235b3e9cca99c9b3e31ea02676d4ebf55b1f2d4bc9503aa512a0c,2025-06-26T12:25:51.530000 CVE-2025-6517,0,0,ccb7b7977bc47f9b2f5f57f3b073cd6f70cdee9c4ad69519d93767dd6116a3b9,2025-06-24T14:15:31.093000 CVE-2025-6518,0,0,79913a6994b5a0cfc1a00cf4e1af2784faaece099aa53440c6a31b8bb0c63ace,2025-06-23T20:16:21.633000 +CVE-2025-6521,1,1,020195f129884486cf5970a13db4bacf2b7c7749eb0d50ea0ef62b5f7a8c18bf,2025-06-27T17:15:35.073000 +CVE-2025-6522,1,1,7053d40614ef1b5220e6af7383e7c720bb3add5d579e5137a78ad4946c9cbbf0,2025-06-27T18:15:52.580000 CVE-2025-6524,0,0,a7275ea041ffa7e979afd064b5baf753a7b8d034996389a1d24dc2a4b9f0ab13,2025-06-26T18:58:14.280000 CVE-2025-6525,0,0,f9a4484f271973188d980443d7c340a5c21c022439185d3e11e100f20a1e0b89,2025-06-26T18:58:14.280000 CVE-2025-6526,0,0,237dd2b6b7317839645fc76c98f0a5fe755dfdbc15e5c734032a915e25f5fcf6,2025-06-26T18:58:14.280000 @@ -299399,6 +299671,7 @@ CVE-2025-6543,0,0,a55929b5c8b39038198e6dcb5f98881c83e134e5862da06680aadb605be267 CVE-2025-6545,0,0,4a2e9a49fc7908d94e6672d7a2b53a6f95fca2e09b0d849d624a1d4044dc33c8,2025-06-23T20:16:21.633000 CVE-2025-6546,0,0,494de40d7df6c2443041022672d90acb8494a980877b137f48c23d5cab87487a,2025-06-26T18:57:43.670000 CVE-2025-6547,0,0,308fc321cf1c1a3e1d4bfaae0194d79b5c51460bd5056b984e695544d81bad19,2025-06-23T20:16:21.633000 +CVE-2025-6550,1,1,ad902cd79d08670eacc49f7f81d5dcaf8aaf4e8c75e6da314f4ae1f88d57adc9,2025-06-27T08:15:23.053000 CVE-2025-6551,0,0,9449985e7a9055bc84479e0b0f2b57fed721bbaf75a59a8d5b22bb237a895a0a,2025-06-26T18:58:14.280000 CVE-2025-6552,0,0,8717beff1ed0b4c67a4a3bc77f60be53e5be3c4b231cbc45b02cbdea4703f774,2025-06-26T18:58:14.280000 CVE-2025-6555,0,0,778b8348c64662c8e4459061cabbb632e36dc7c09a92710349fb4cd01cbc0fbb,2025-06-26T18:58:14.280000 @@ -299410,8 +299683,8 @@ CVE-2025-6561,0,0,83d61226b99ac74707dce5abf1d8af5092a5760229e6f24fe4f0f3e6827849 CVE-2025-6562,0,0,fcfea14579c71c21a6c3fc7d5a6452ec3f1bf58bce45fcf51ede3f433e3f3646,2025-06-26T18:57:43.670000 CVE-2025-6565,0,0,edbd540d511b85519129c288260b1fc37f33ec2182d67f9f0be78d5a0f7f9423,2025-06-26T18:58:14.280000 CVE-2025-6566,0,0,affe36b1d137bfbb12f982c13c1f5a07ceb2d195d5a802635829756c7ce109c5,2025-06-26T18:58:14.280000 -CVE-2025-6567,0,0,f1c5a742877d71455ab4c64eb3fa2011895cb0259527253ca16b63462404b0fc,2025-06-26T18:58:14.280000 -CVE-2025-6568,0,0,8d64944cd6368c30908cec4c45e5899ab1ce98e146261518ccd258b3c441246b,2025-06-26T18:58:14.280000 +CVE-2025-6567,0,1,14a2a071a0db80b9d7b89b6f2738bddcf0dd4b44cc731a017fe21ac626971c3b,2025-06-27T16:48:39.390000 +CVE-2025-6568,0,1,a4540d7c2520ddc46cfd36d840f1c3e8a02d8624a298126e252d8f82930ddab7,2025-06-27T16:43:42.703000 CVE-2025-6569,0,0,b43ce3c7fe66b936da7e514a37487a1a6951013e9fe5039c6b5b6ecfa14d08be,2025-06-26T18:58:14.280000 CVE-2025-6570,0,0,86fd6f220acf2e34b4511f55c74b16c6c32c529a6a8aa0a3aaf0a9c23a79e3c3,2025-06-26T18:58:14.280000 CVE-2025-6578,0,0,a99a9e383f515c0ced0d32ac616ed9a1ed673d64f2ed9cf85426f8c304e13984,2025-06-26T18:58:14.280000 @@ -299428,17 +299701,17 @@ CVE-2025-6607,0,0,9e95f24a170c749bf60cc453874f0b4d7835c5a09a107c323fa38812702e1c CVE-2025-6608,0,0,967354f559996510bef491a0d05047fcdfac415b57714ddaaa11f3c04616ad99,2025-06-26T18:57:43.670000 CVE-2025-6609,0,0,a406e575a5c2ffb8fc5198701ac5b2f3624407964d8ab958c4c0499fd3d5611f,2025-06-26T18:57:43.670000 CVE-2025-6610,0,0,7ac0c5f8b62677e960fead6fef9bb9ea0a34318fbe0db1a558c946a0c869eea8,2025-06-26T18:57:43.670000 -CVE-2025-6611,0,0,bcf05ff0e6408f67ffcc63f5c13b52527db31ac2bf2a37d14ca1ace700e6fe6d,2025-06-26T18:57:43.670000 -CVE-2025-6612,0,0,3a88c61eb049430673d0675332c40719f5068505766a0c6f11643434ed2eec63,2025-06-26T18:57:43.670000 +CVE-2025-6611,0,1,7995f1edc0c30b62b1f03248a1d743ad11e83dfc62a7cad6296156bfe59bddfa,2025-06-27T18:35:43.527000 +CVE-2025-6612,0,1,07b59bf2a678137703650a46707e7aec19f5fdbc648bdd54e33c6dd2e18a3de4,2025-06-27T18:22:07.427000 CVE-2025-6613,0,0,2e7c43b82890b2054fa8481e396a7928fc15bd0ab3df4af72681d06c0d318e90,2025-06-26T18:57:43.670000 CVE-2025-6614,0,0,a4b9447cf67084a28ef80ddd77c6e65b60c53838ca782ac41e50ad5065d7f351,2025-06-26T18:57:43.670000 CVE-2025-6615,0,0,3651b75930c9681780e305958075806e7ca9142b41bab149e34353d8688a7da9,2025-06-26T18:57:43.670000 CVE-2025-6616,0,0,3a04106cb0212a6b452c724425ed252c342e526d90d0ef8f1c016a8413a5888c,2025-06-26T18:57:43.670000 CVE-2025-6617,0,0,456dd71a6327ab9987b88d431349a93d6eee2211c965d5f50eafe528689fd4ef,2025-06-26T18:57:43.670000 -CVE-2025-6618,0,0,39beaef839f14ed1701c3e424756460822808d135305d9f1314272038dc78181,2025-06-26T18:57:43.670000 -CVE-2025-6619,0,0,69f4d3d46e4ba4fc84b6efe21f4c025991d8e36ba80cebbae72419ad47d8a228,2025-06-26T18:57:43.670000 -CVE-2025-6620,0,0,70ad3f7f82c3b3404fa550124cfb9cf012311af9544c43d1051cc90b777c26fa,2025-06-26T18:57:43.670000 -CVE-2025-6621,0,0,c14570ee0be9830722abdb762c29f08b171c425cb2f54ec456e97f267bf1bfe4,2025-06-26T18:57:43.670000 +CVE-2025-6618,0,1,ac84ed701dfbb11771905f4697e0e0a71f186854515a35f2977ac9cfae5f6e4d,2025-06-27T18:20:53.133000 +CVE-2025-6619,0,1,7d502e0f9c280ac237d264ea47e9d56f2c9f885e9391d98b4346ea7561f6a820,2025-06-27T18:19:19.447000 +CVE-2025-6620,0,1,a58ab2b80e3779d32d4e3358d3d356ad6dfc021a674a6471533aa7b324e1ebbe,2025-06-27T18:11:26.180000 +CVE-2025-6621,0,1,31225189b3a0ed561d6ef4522df51388559053b3febb508a0b1393ddfa4112ad,2025-06-27T18:10:30.697000 CVE-2025-6624,0,0,ad8986c87013536a274498ca793121da00adb88754b57afa396d119e431e868e,2025-06-26T18:57:43.670000 CVE-2025-6627,0,0,c950ca730fdda26763ea49bcaeaa58a8e259e8625f1aa8961e7113f9a899f207,2025-06-26T18:57:43.670000 CVE-2025-6640,0,0,471afa23fd9f677655ba3091d4561086fd25783236eff4b8e6ea16357a74d351,2025-06-26T18:57:43.670000 @@ -299464,16 +299737,18 @@ CVE-2025-6659,0,0,f20d81e77d02663066b29d10e19c3f0d72db3ef3ee3efbe159692a82a1568d CVE-2025-6660,0,0,b2c46ef9b749eb1a8739407c0aa2f1fa7c4800bbba340aa11fafd16fad30fdd5,2025-06-26T18:57:43.670000 CVE-2025-6661,0,0,0a6fd1ca8bda3f42faed49a1521f09e40d46a36c8e217b4ea47710e8104723b6,2025-06-26T18:57:43.670000 CVE-2025-6662,0,0,5c5166ff9346183b32a70db53aef827fb54827f9b31eed5d0663faf254f2a0be,2025-06-26T18:57:43.670000 -CVE-2025-6664,0,0,b59c5ac0ffd12f26f1667bb3b1f1d70586046e2737dd9c43ca73c0160fe59d9d,2025-06-26T18:57:43.670000 -CVE-2025-6665,0,0,cae6f38614e95a90e82f8e14bc52bf6444590cc7c1ea73a256bc3d9f6f237d0e,2025-06-26T18:57:43.670000 +CVE-2025-6664,0,1,255c7bbda244ee1c6cb8ea0927bfc65b2c2f80bee216e706a66f1a5aec92db63,2025-06-27T17:57:43.810000 +CVE-2025-6665,0,1,819e0fbbba720c6c224657e5e3d234dfe09f50d6f19ea31a4a8557c46f9ecfaf,2025-06-27T17:56:25.200000 CVE-2025-6667,0,0,e82ef3fbeea1dbd55ce0228b1929adbf6445027fc60dc89264a9f923a5f56596,2025-06-26T18:57:43.670000 -CVE-2025-6668,0,0,1831199a665c7e44444fabd551eda27ff15d58ffffcfa5bed9602759b1fd5c21,2025-06-26T18:57:43.670000 -CVE-2025-6669,0,0,6c280accb485f2bdac69ab15c960422951086f832fb2d91dff44be7e2db418d2,2025-06-26T18:57:43.670000 +CVE-2025-6668,0,1,2c668ab21380ad28d26e4a71eb753799465f7ccb1ef8018c5159319921192efe,2025-06-27T17:49:20.193000 +CVE-2025-6669,0,1,910a314b076194cb451db40c00cbeb61d557257d78d120caf65549dfd156af45,2025-06-27T11:15:25.547000 CVE-2025-6674,0,0,2a96b77d18a3ed5a15d1217808f66635d48de16e05f22c39a4ae455ffcadc0f2,2025-06-26T18:57:43.670000 CVE-2025-6675,0,0,da67a1c2004e5cc5e54b7c0644d8650536b661cde378d828659935fe26d9ab2b,2025-06-26T18:57:43.670000 CVE-2025-6676,0,0,bd087b07cf4f670b55016364756fd99233a6c207f4660c77a1d02dfb21e7e185,2025-06-26T18:57:43.670000 CVE-2025-6677,0,0,acebdee1bab1b9696bbe1cc2728cc921d110c8667bb322e4e70895d16ae25d3b,2025-06-26T18:57:43.670000 CVE-2025-6678,0,0,015887ea893979c5601a9a5730f4adfb06aac901dd851eeda9fa3abff9762944,2025-06-26T18:57:43.670000 +CVE-2025-6688,1,1,d6e71dee78805834d9b0971b0646efbc3f27e6b142269e6fdc22f32aca60fbae,2025-06-27T08:15:23.243000 +CVE-2025-6689,1,1,1408e7fe6c8faf03d31ddee7420eb7d26879396505ca6636eb8ee15c09b1e817,2025-06-27T08:15:23.440000 CVE-2025-6693,0,0,c745d625a09de6a80b2525f9479d58ae097165e28dcd3ffee9a8c3e54ca98445,2025-06-26T18:57:43.670000 CVE-2025-6694,0,0,5f5323fcc40d9fa4cc7d77fb9721c6f22d813f802bb1e02959014ac7ffa13287,2025-06-26T18:57:43.670000 CVE-2025-6695,0,0,3b63ab5fa439fc8617ded8a85f65d7efe89651b3c92e95dcfdbaa2456877b964,2025-06-26T18:57:43.670000 @@ -299482,14 +299757,113 @@ CVE-2025-6697,0,0,c312aff8b3da9d8c40e639743d93939ff4620f442215f038fa5ff73f94267f CVE-2025-6698,0,0,40cbdfa815fbc9a2c0a8b50b505d8d22b791fafd9e35bd7a3dabc9bfb902cd44,2025-06-26T18:57:43.670000 CVE-2025-6699,0,0,aa672e3cdf7975f9a48fcafa883642a308d9755fcb3cd6d2bd41d7072ee7b07b,2025-06-26T18:57:43.670000 CVE-2025-6700,0,0,ec5745583eb140cd6e26feee4053d027111d4002634d3b2809beb12abbf16312,2025-06-26T18:57:43.670000 -CVE-2025-6701,0,0,ba0c2c3999d3ff1b57f63dd06df7d9ef802800de260bc43bd881fe5ea929ec1b,2025-06-26T18:57:43.670000 -CVE-2025-6702,0,0,940f551a41ee91b1945b77159a65aab51f94a182ac33d1e10592b85ba816cd2a,2025-06-26T18:57:43.670000 +CVE-2025-6701,0,1,a2b9f73092ff21b75d30180c6bdfa3afa17be30c5d5819f4bd36ae185260ce2e,2025-06-27T14:15:57.400000 +CVE-2025-6702,0,1,13231e4711014b4c1e2bcb464a07a77f1c3df71f881feb5132d2eb6cd4917cee,2025-06-27T14:15:57.553000 CVE-2025-6703,0,0,0d9be36ef80bdf06400d3f3c9d49c1e852425f26caf80a96158d35b6fe0baf1a,2025-06-26T18:57:43.670000 +CVE-2025-6705,1,1,7a9d7ece78199dd38e1c4d5fc85beb624221ab75e6971a7e09d4347222b1a3b1,2025-06-27T17:15:35.300000 CVE-2025-6706,0,0,e1ad2661eb0b2cc00595c80c51f437664f432617b81595d4eee5ef9e521b3ca6,2025-06-26T18:57:43.670000 CVE-2025-6707,0,0,aef66556c55eec41bae463c7faf45c123c97efb1da15664a3018a0cfbb06ba4a,2025-06-26T18:57:43.670000 CVE-2025-6709,0,0,90498322242e290afd27889d9cfd65fddf909a1cfa7b78d899a4f3639a3f1253,2025-06-26T18:57:43.670000 CVE-2025-6710,0,0,97fb861af21f82df37e774a622e381a13202757cf11269e05074cb8b8b77bc3d,2025-06-26T18:57:43.670000 -CVE-2025-6731,1,1,77c0d227c388f84913241764ea0f1f8c638b1646926a5a451900be21af50421d,2025-06-26T22:15:25.073000 -CVE-2025-6732,1,1,16fc51bd8a443c0dc988761b8d8e4981641a0545e841529a8fb7f9287b9daa9e,2025-06-26T22:15:25.267000 -CVE-2025-6733,1,1,e0d551821e51a298d358de5604ef52e4a769cbe2798854e597d8ae6efaa4da19,2025-06-26T23:15:22.560000 -CVE-2025-6734,1,1,65867914f2b879dfcc550bc863f1c1a74ae9bd3d26bea757d611ab3913c0d277,2025-06-26T23:15:22.743000 +CVE-2025-6731,0,1,6985b359eecb9af16fe9d43e7b1b44ac0fdaaa5b357eb148156791a0766db107,2025-06-27T14:15:57.707000 +CVE-2025-6732,0,0,16fc51bd8a443c0dc988761b8d8e4981641a0545e841529a8fb7f9287b9daa9e,2025-06-26T22:15:25.267000 +CVE-2025-6733,0,0,e0d551821e51a298d358de5604ef52e4a769cbe2798854e597d8ae6efaa4da19,2025-06-26T23:15:22.560000 +CVE-2025-6734,0,1,677ecdc2f62d04c180078791802a5a4d6fa965a47f379dd4fc12d3a171001153,2025-06-26T23:15:22.743000 +CVE-2025-6735,1,1,2166eb736541a825755f52a1a8f11a5c2bc86ecd8a43c09b8bca444f900292ce,2025-06-27T00:15:37.793000 +CVE-2025-6736,1,1,44087691b4c9487fd18e07e223eb7a7ac8b5da590426f636bcb83da2bfd9b8d4,2025-06-27T00:15:38.790000 +CVE-2025-6738,1,1,712ed5afd2000f9039929605800e3b84a9512f0b5a538b401f3763ea5a2a3336,2025-06-27T01:15:23.533000 +CVE-2025-6748,1,1,8ff364f88929ad779b2c0f4f0db76ec810b72f107fd71a8e2077717250238298,2025-06-27T02:15:24.053000 +CVE-2025-6749,1,1,695b9c5d6245b68ce096ed7098de9edf010760b4c301653ce21fd184b10ce053,2025-06-27T02:15:24.260000 +CVE-2025-6750,1,1,b9f2d0d3947c39d5e69f1ec01d5e325d7c6fec09951f1c7f45905452e877a4b2,2025-06-27T14:15:58.180000 +CVE-2025-6751,1,1,2fd2bb2d9df1d3a1672eb7b87b60977f8f2d86a79bb7ed898fcee995d2a30796,2025-06-27T04:15:56.977000 +CVE-2025-6752,1,1,85316a19d26f2ff2bfc5a0d188f3022ae178fd086e2df00e27660469ec4d73ee,2025-06-27T04:16:01.407000 +CVE-2025-6753,1,1,feb0f6e8cf921eb441e3ca2f9526db73aa3184bac933f0cea21dce070a119a1a,2025-06-27T05:15:34.450000 +CVE-2025-6755,1,1,5325ea417015ef50b78235a2118fe538c138b0d385e71847ba276e6b1d77cc70,2025-06-28T06:15:23.910000 +CVE-2025-6761,1,1,05084b44b36330a8de55c83a2e23562aab992ca3c0835e362e40e0388a59acfc,2025-06-27T11:15:25.740000 +CVE-2025-6762,1,1,9f8df19a2e75002cdf4ca69e3085dc907a80c194b218d9b6625153d03a0b990d,2025-06-27T14:15:58.520000 +CVE-2025-6763,1,1,ace13da6edba439facd5f3bac803178d2f6e7c320a3ab51ccdcee2b49787491b,2025-06-27T14:15:58.687000 +CVE-2025-6765,1,1,a08022000d960feb7fd164ec9ca0f4620bcafcd605b2fa2efeb3c69c3b9472e4,2025-06-27T13:15:24.990000 +CVE-2025-6766,1,1,0954fdb1c35799eab1cb036b76474b8051c0356d9f92b07a771167b3dd1f7c5d,2025-06-27T13:15:25.153000 +CVE-2025-6767,1,1,6d2918e4e0a4166adb0c1be8574c876871b52edb01e9110112bf3b6ccc1c2139,2025-06-27T13:15:25.367000 +CVE-2025-6768,1,1,5a78ba50045fa6e45609b808f9ab6a42933a0d2c615032d756f128492ff500c1,2025-06-27T14:15:58.930000 +CVE-2025-6772,1,1,7b62995317f9f236fb793317d669fe822732974f1be0b52bb362d50d000408f3,2025-06-27T19:15:31.500000 +CVE-2025-6773,1,1,22ffda55419ef7f52b398869bad4ef6ea10219224821032b571fe1846eb6b451,2025-06-27T19:15:31.737000 +CVE-2025-6774,1,1,fdcdd65177491da48e86e3d968f029803cf37013f642ae0024dccc9f0ba211be,2025-06-27T20:15:35.510000 +CVE-2025-6775,1,1,8c9f56a1f1b413c61b4055cd5ed82926484bfc742263f4644b42521a34c51644,2025-06-27T20:15:35.750000 +CVE-2025-6776,1,1,5e222f2433575e6024685a84f0ab4e6145671d0542e8ae5934c76bd546e89345,2025-06-27T20:15:35.990000 +CVE-2025-6777,1,1,60bbcf34f7304c58bb2542a153dbcf5710367fffccded3ade030acdfdec8cc3a,2025-06-27T21:15:24.830000 +CVE-2025-6778,1,1,6bf46c2d47a08a3e659a891d5d76729942367811cabf08fee65ae87a30e3ba19,2025-06-27T21:15:25.087000 +CVE-2025-6816,1,1,7179eca7dadde45b95de6fdbaef5c96a87f5b7642c0414b0d735b503cb16fbe3,2025-06-28T08:15:25.343000 +CVE-2025-6817,1,1,1196bb98999a5b90d685d51364d5a6898a73e2a63766043d173dd15f57615ccc,2025-06-28T12:15:20.790000 +CVE-2025-6818,1,1,36644f37f9dd376cdef7cd78e0212d5565b1852cbd31e82975a9651fdb652247,2025-06-28T16:15:23.977000 +CVE-2025-6819,1,1,518155c14d03d358e0b9f13b815dee0792681b876c79f4dbf13c165865ae107d,2025-06-28T17:15:24.960000 +CVE-2025-6820,1,1,44d0e3f5755694a1101dd9857c71646168cf1d7e881421ea47cb23fecd5ecc15,2025-06-28T18:15:21.033000 +CVE-2025-6821,1,1,f70a15aab7c6126816aec8ebc6095da115b25b14d5eac59c3f8c3830db6bd5f3,2025-06-28T18:15:22.400000 +CVE-2025-6822,1,1,4c48e272367a7029ae91a9420367ac0c6039b54d3aa8dd3d013d9f2c6095e7b7,2025-06-28T19:15:23.143000 +CVE-2025-6823,1,1,90ee33a124ee9466c543e596496b617a90a1729b59612f1471cb59a43e3c55c7,2025-06-28T20:15:22.973000 +CVE-2025-6824,1,1,78095bbda602b6bd4cb7f86741de01c769689e333de49ab4a6f887b692b2ed8f,2025-06-28T20:15:23.917000 +CVE-2025-6825,1,1,f65296f94c61fd32293b525eaf83456ea15306ce0947dd39336d3083b90a6fe2,2025-06-28T21:15:29.613000 +CVE-2025-6826,1,1,955d658fc1fd80c15ecca23c7e61cde8e41eacd67d247ef0f259f8e8a142ce6d,2025-06-28T21:15:30.627000 +CVE-2025-6827,1,1,f3c4cdfc846f60d6c13cb91788bd9fa261578a2012d02ae7e2434810d786a943,2025-06-28T22:15:24.560000 +CVE-2025-6828,1,1,f61b101d5ab9721d8a171ba7576cbc11e2ad865c767070f1bbc2f7928544b716,2025-06-28T23:15:22.053000 +CVE-2025-6829,1,1,52d7dfba009680bc349b67fafb3253b7760d8f602e77d18f9f62729922ff80bf,2025-06-28T23:15:22.277000 +CVE-2025-6834,1,1,9a15888cbc59e3e84b7e30c039bd9c10d9aca45f418e4121c701a344ec688a75,2025-06-29T00:15:20.953000 +CVE-2025-6835,1,1,f48b85aa577d8ec2d93aac857fb495b09faf8c77bc7dcf08090a592a9df10b2b,2025-06-29T00:15:21.207000 +CVE-2025-6836,1,1,890077e3c970575f9a274486ba0b2cd30c160ccf2f3f872eafdd4eee016e2c3f,2025-06-29T01:15:21.267000 +CVE-2025-6837,1,1,5a88c8eae33c3b4b126135f9c909978773bb64bfd453489b93319d99c65c2e12,2025-06-29T01:15:21.527000 +CVE-2025-6839,1,1,06a5b98e1dd8688114571cb32ef5d832025c45ab4884acdd75e2423230976eae,2025-06-29T02:15:21.747000 +CVE-2025-6840,1,1,d1a9c9b0e3f0fe88ca0a47d2d1e293026c6f3501c958ee98e41ad9b0c1949798,2025-06-29T03:15:21.580000 +CVE-2025-6841,1,1,8b89b1c3544a1601d06bd1f6765731c7e7b85c4e54002610af1fb01d947cf017,2025-06-29T03:15:21.843000 +CVE-2025-6842,1,1,cf77c3808730eebf548914d5644b9a08e5fdc036d4a744d6e6eba4cf4f7f179a,2025-06-29T04:15:29.417000 +CVE-2025-6843,1,1,e8849ac6cd436ddeb0ef0724b6509653469a1a1da24b405d5d7b4f3295164d6b,2025-06-29T04:15:34.907000 +CVE-2025-6844,1,1,81183a750f3242508612d81f8cbbeda06dd257ce3abc15d8147a969be931d847,2025-06-29T04:15:38.570000 +CVE-2025-6845,1,1,6c1e882c77ca44ed0353476ecaae92b3499b1f3d10191e7d1580fff87c878f6b,2025-06-29T05:15:21.687000 +CVE-2025-6846,1,1,c256a855e194ba1e712a40961a2b38f97d775b85b1c3ba1193822b801fd912c4,2025-06-29T05:15:21.923000 +CVE-2025-6847,1,1,456e5b25fad0564cef1ce25e0c181735c59845aafbf628474bc4e78482e193ec,2025-06-29T06:15:21.230000 +CVE-2025-6848,1,1,54e231c181c2ecd5ae79fe5c0017ec2b06a67090355d7ea74f0aea29317543b7,2025-06-29T06:15:23.457000 +CVE-2025-6849,1,1,b7e804eeb5ed292371ec33347c5ebf6282aef615670f3095bca544bcce1566bb,2025-06-29T07:15:24.343000 +CVE-2025-6850,1,1,1ad51bb1fcb3fd560eaf472ad1b00459f472b2cd18e83649e4929aea6197da7e,2025-06-29T07:15:25.450000 +CVE-2025-6853,1,1,07e11ae168ad671fd79653b7f58b821dd1ebbc16f81796071727242814bab4f0,2025-06-29T08:15:21.550000 +CVE-2025-6854,1,1,f2078f82be9805ca28f98da24d46f5fe2825ca638b6f1416ccadfc7f21e92001,2025-06-29T09:15:24.020000 +CVE-2025-6855,1,1,22fb27c0ca6fa110438fe22295ced1573a8b1604fc8930dd421ee6274a649c59,2025-06-29T09:15:24.290000 +CVE-2025-6856,1,1,eacf8cbf0e2d40a8d4376ae6d82220c5e55aa971650a35c843f8cb75ca400cad,2025-06-29T10:15:21.443000 +CVE-2025-6857,1,1,f9c3c6fcc9d10a47e509c28f8237e390d72e795f3bb72922a0dbbad0a23d9a38,2025-06-29T10:15:22.800000 +CVE-2025-6858,1,1,ef2b20cc5870029de952bf1b0d8e93b841691381c65b6bc2c2821d4c7619aa98,2025-06-29T11:15:24.313000 +CVE-2025-6859,1,1,224c2f35595f6cc3d43107c9bfd603aa83c1ee4bb9a5bfd9576cceeeb0d0fd63,2025-06-29T13:15:23.577000 +CVE-2025-6860,1,1,3e4cafe0a0d7bdc2724d349b5406c261f48d17d1a1ea5acf6f6ae24a3217eae1,2025-06-29T13:15:24.617000 +CVE-2025-6861,1,1,69db78b5e2ab0b0cb30e71ef90983c5697e1b8dcb36ec0d21b28e4819b01c38b,2025-06-29T14:15:21.617000 +CVE-2025-6862,1,1,04974b2aa1df57b1c7cece64f4bf253b7311f464abb60cd4b2d130f921a1f3d4,2025-06-29T15:15:29.510000 +CVE-2025-6863,1,1,676cbb08d66a2c038186bda04b6ab9ae53e59bf25c06c87d5241b3c960b91260,2025-06-29T15:15:30.550000 +CVE-2025-6864,1,1,cd99140f9989575050dd4492b44ced87aee591b6931eb21c0845abd4dbad2f3a,2025-06-29T16:15:23.420000 +CVE-2025-6865,1,1,5f1c45378786de5dbc7af1d17f779c13712f784b665d595645aa87d3bdb7a13c,2025-06-29T17:15:21.677000 +CVE-2025-6866,1,1,5e62af3e8cb6bc3f0f91fd8bb24ac73bf41ae725280ddc0d16fe71807db54521,2025-06-29T18:15:21.020000 +CVE-2025-6867,1,1,3758818c2c84140b1c446b622b0552ee567a70b7e295935faa623e8f5e0319c2,2025-06-29T19:15:22.187000 +CVE-2025-6868,1,1,0438f7b61573a7a940a7bfe242d4513ddc6dff3038f175813c15c9176127a805,2025-06-29T19:15:22.720000 +CVE-2025-6869,1,1,6290225e4f72ca6e51a3257c8c94e5b50d2b4d07f6d5932323c7edbeb0b70013,2025-06-29T20:15:25.160000 +CVE-2025-6870,1,1,8b3cc541bd0443470c4da7afae3462ce283caece09f5ea29b92869027c9e96f2,2025-06-29T20:15:25.330000 +CVE-2025-6871,1,1,bc12752bd732fd1bb31610291cad7db0c23b586aa87043596b6ce7d84b26363c,2025-06-29T21:15:22.587000 +CVE-2025-6872,1,1,95520d5183ced14f07633bd71087ba143413269f4c289372f109c48544aa1acd,2025-06-29T21:15:22.790000 +CVE-2025-6873,1,1,0ea5121455c4fa69289ddd8cdf70b97878a95cb3d24b5b8cdfeca05df4ab6aa3,2025-06-29T22:15:21.593000 +CVE-2025-6874,1,1,8e2988d5ebdcd7e0ea4354121201307091b22a4b7f631517d2d529e9340449b4,2025-06-29T22:15:22.637000 +CVE-2025-6875,1,1,1ac52c526b7598ca13de0c3e592d0228967505d6038c74635ed029b9213688db,2025-06-29T23:15:21.067000 +CVE-2025-6876,1,1,9f67d848b05d307d40d69a4e4edd9316004a714294a3cdc1ce21908ce6f4eea3,2025-06-29T23:15:21.277000 +CVE-2025-6877,1,1,bcf4d15bce41e4ba790d569bcc792c782741e3ebaf6be1ebd81702b280f27c58,2025-06-30T00:15:22.443000 +CVE-2025-6878,1,1,3af3bda0d59b0327966273c2f5a5586f5db12b35289361ea1e1dbbecc3254045,2025-06-30T01:15:25.080000 +CVE-2025-6879,1,1,2e984b9bfa350b9aaf68f5200400533089ec6750672b3c9a234d455e21ddff58,2025-06-30T01:15:25.280000 +CVE-2025-6880,1,1,b73213fd940db85e6f690a379da59d30c86aec09c2234979526373132be6c4b1,2025-06-30T01:15:25.463000 +CVE-2025-6881,1,1,f018d95d2c55ed0705ffb8cde1e73b85c544ec03ea410ce4a033d18d75017def,2025-06-30T02:15:21.420000 +CVE-2025-6882,1,1,3acae31908810685484f845c1bb6993f0d54b24a5fbfcd4914ccff6f3dabead4,2025-06-30T03:15:26.287000 +CVE-2025-6883,1,1,50c54e4cbb15bf5ca0f4c2595bf5684fdb76bc35c5f7e9a6bdff6378fd01cbf1,2025-06-30T03:15:26.507000 +CVE-2025-6884,1,1,8ee74dda614a17f5a3d2eddbdd51dbac6a599b5b5629219ffdaeda5076675707,2025-06-30T03:15:26.687000 +CVE-2025-6885,1,1,cca64bd5ec5ed0228f51c1885ed18b5747d7f9f2085717ab2f0139ee43f7b0c3,2025-06-30T04:15:33.767000 +CVE-2025-6886,1,1,379723f42bbb4c3d1713afbd99fd3d0d090e0b3ba78b3655a1cad83394558de1,2025-06-30T05:15:40.763000 +CVE-2025-6887,1,1,8b7209b06aff5ecd6510cb53f7094f62ba69b4b50161a8de7a4a9a413c8ee1a9,2025-06-30T05:15:41.103000 +CVE-2025-6888,1,1,a1cf53604f3ecc83c752a07a7580a4cb9f9478e575ffe5a86b6c3aec1921b9e5,2025-06-30T05:15:41.340000 +CVE-2025-6889,1,1,1cdbef44dba40b65cf9a4c855a707cc08073c154f81f824fea1cec127d30a57a,2025-06-30T06:15:28.847000 +CVE-2025-6890,1,1,3709ba1167c5b20406b995206582993333368703771a54767af50cfb461ec34e,2025-06-30T06:15:29.353000 +CVE-2025-6891,1,1,89cb140659fd1f884f0aea42b9571bde4bbc1775c63529c923d074b3dcf02a91,2025-06-30T07:15:23.280000 +CVE-2025-6896,1,1,ec73b52e70368c7568580a693a5fc6c46cd1203d6988c2237123d8386c8309e5,2025-06-30T07:15:23.543000 +CVE-2025-6897,1,1,fd3d4691f9771ff731fc81be778162ac1f6d60fc5c879069fc9da7a1519b2592,2025-06-30T08:15:23.843000 +CVE-2025-6898,1,1,c17e93f6ab96b1f0bb15a774e95978c4d17892744f49e22310a4cd49e8dad90e,2025-06-30T08:15:24.113000 +CVE-2025-6899,1,1,708be7afe3108221176196997fdfc8c20d5820acbb493d8435df5508536c9ae6,2025-06-30T09:15:27.160000 +CVE-2025-6900,1,1,ceb4806521c7d8c4e6ddcf96133b6ce1dc24d5982ddfccb45edb79fee4e426fe,2025-06-30T09:15:27.380000