diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1268.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1268.json index 3e7756beb54..b14525e5254 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1268.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1268.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1268", "sourceIdentifier": "f98c90f0-e9bd-4fa7-911b-51993f3571fd", "published": "2025-03-31T02:15:17.097", - "lastModified": "2025-05-09T01:15:49.557", + "lastModified": "2025-06-16T09:15:18.870", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver" + "value": "Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / PDF Driver" }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2091.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2091.json new file mode 100644 index 00000000000..21ae5eb42df --- /dev/null +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2091.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-2091", + "sourceIdentifier": "security@m-files.com", + "published": "2025-06-16T09:15:19.067", + "lastModified": "2025-06-16T09:15:19.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "GREEN" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://product.m-files.com/security-advisories/cve-2025-2091", + "source": "security@m-files.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3464.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3464.json new file mode 100644 index 00000000000..38d3741d78c --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3464.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-3464", + "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "published": "2025-06-16T09:15:19.233", + "lastModified": "2025-06-16T09:15:19.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.\nRefer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2150", + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1" + }, + { + "url": "https://www.asus.com/content/asus-product-security-advisory/", + "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40726.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40726.json new file mode 100644 index 00000000000..8f69795b07b --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40726.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40726", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-16T09:15:19.427", + "lastModified": "2025-06-16T09:15:19.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-reflected-nosto", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40727.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40727.json new file mode 100644 index 00000000000..a73d6e5a024 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40727.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40727", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-16T09:15:19.587", + "lastModified": "2025-06-16T09:15:19.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search'\u00a0in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's'\u00a0GET parameter." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-phoenix-cms", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40728.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40728.json new file mode 100644 index 00000000000..c555e0a9000 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40728.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40728", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-16T09:15:19.733", + "lastModified": "2025-06-16T09:15:19.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40729.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40729.json new file mode 100644 index 00000000000..7c186c24528 --- /dev/null +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40729.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40729", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-06-16T09:15:19.873", + "lastModified": "2025-06-16T09:15:19.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-customer-support-system", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4987.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4987.json new file mode 100644 index 00000000000..d942bd4355a --- /dev/null +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4987.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4987", + "sourceIdentifier": "3DS.Information-Security@3ds.com", + "published": "2025-06-16T08:15:18.787", + "lastModified": "2025-06-16T08:15:18.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-site Scripting (XSS) almacenado que afecta a Opportunity Management en Project Portfolio Manager desde la versi\u00f3n 3DEXPERIENCE R2023x hasta la versi\u00f3n 3DEXPERIENCE R2025x permite que un atacante ejecute c\u00f3digo de script arbitrario en la sesi\u00f3n del navegador del usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "3DS.Information-Security@3ds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "source": "3DS.Information-Security@3ds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6112.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6112.json new file mode 100644 index 00000000000..49be02a3fc8 --- /dev/null +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6112.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6112", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-16T08:15:20.010", + "lastModified": "2025-06-16T08:15:20.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Tenda FH1205 2.0.0.7. Este problema afecta a la funci\u00f3n fromadvsetlanip del archivo /goform/AdvSetLanip. La manipulaci\u00f3n del argumento lanMask provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1205-fromadvsetlanip-20b53a41781f80bf850ff39f88ad7f2b?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312581", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312581", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.592472", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6113.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6113.json new file mode 100644 index 00000000000..c9b8aacd49c --- /dev/null +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6113.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-6113", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-16T08:15:20.227", + "lastModified": "2025-06-16T08:15:20.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en Tenda FH1203 2.0.1.6. La funci\u00f3n fromadvsetlanip del archivo /goform/AdvSetLanip se ve afectada. La manipulaci\u00f3n del argumento lanMask provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1203-fromadvsetlanip-20b53a41781f8070bc65ffadd1ed6bf1?source=copy_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312582", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312582", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.592478", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6114.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6114.json new file mode 100644 index 00000000000..5a7ba679b75 --- /dev/null +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6114.json @@ -0,0 +1,156 @@ +{ + "id": "CVE-2025-6114", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-16T09:15:20.013", + "lastModified": "2025-06-16T09:15:20.013", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_60/60.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_60/60.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312583", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312583", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.592568", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6115.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6115.json new file mode 100644 index 00000000000..960bea663fd --- /dev/null +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6115.json @@ -0,0 +1,156 @@ +{ + "id": "CVE-2025-6115", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-16T09:15:20.300", + "lastModified": "2025-06-16T09:15:20.300", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_62/62.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_62/62.md#poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312584", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312584", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.592570", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6172.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6172.json new file mode 100644 index 00000000000..8a27aa12314 --- /dev/null +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6172.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-6172", + "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "published": "2025-06-16T09:15:20.493", + "lastModified": "2025-06-16T09:15:20.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.tecno.com/SRC/blogdetail/424?lang=en_US", + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + }, + { + "url": "https://security.tecno.com/SRC/securityUpdates", + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9b3ccda2254..cb2f58eb908 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-16T08:00:20.611770+00:00 +2025-06-16T10:00:20.163144+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-16T07:15:20.077000+00:00 +2025-06-16T09:15:20.493000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297985 +297997 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `12` -- [CVE-2025-6108](CVE-2025/CVE-2025-61xx/CVE-2025-6108.json) (`2025-06-16T06:15:18.307`) -- [CVE-2025-6109](CVE-2025/CVE-2025-61xx/CVE-2025-6109.json) (`2025-06-16T06:15:20.213`) -- [CVE-2025-6110](CVE-2025/CVE-2025-61xx/CVE-2025-6110.json) (`2025-06-16T07:15:18.373`) -- [CVE-2025-6111](CVE-2025/CVE-2025-61xx/CVE-2025-6111.json) (`2025-06-16T07:15:19.870`) -- [CVE-2025-6169](CVE-2025/CVE-2025-61xx/CVE-2025-6169.json) (`2025-06-16T07:15:20.077`) +- [CVE-2025-2091](CVE-2025/CVE-2025-20xx/CVE-2025-2091.json) (`2025-06-16T09:15:19.067`) +- [CVE-2025-3464](CVE-2025/CVE-2025-34xx/CVE-2025-3464.json) (`2025-06-16T09:15:19.233`) +- [CVE-2025-40726](CVE-2025/CVE-2025-407xx/CVE-2025-40726.json) (`2025-06-16T09:15:19.427`) +- [CVE-2025-40727](CVE-2025/CVE-2025-407xx/CVE-2025-40727.json) (`2025-06-16T09:15:19.587`) +- [CVE-2025-40728](CVE-2025/CVE-2025-407xx/CVE-2025-40728.json) (`2025-06-16T09:15:19.733`) +- [CVE-2025-40729](CVE-2025/CVE-2025-407xx/CVE-2025-40729.json) (`2025-06-16T09:15:19.873`) +- [CVE-2025-4987](CVE-2025/CVE-2025-49xx/CVE-2025-4987.json) (`2025-06-16T08:15:18.787`) +- [CVE-2025-6112](CVE-2025/CVE-2025-61xx/CVE-2025-6112.json) (`2025-06-16T08:15:20.010`) +- [CVE-2025-6113](CVE-2025/CVE-2025-61xx/CVE-2025-6113.json) (`2025-06-16T08:15:20.227`) +- [CVE-2025-6114](CVE-2025/CVE-2025-61xx/CVE-2025-6114.json) (`2025-06-16T09:15:20.013`) +- [CVE-2025-6115](CVE-2025/CVE-2025-61xx/CVE-2025-6115.json) (`2025-06-16T09:15:20.300`) +- [CVE-2025-6172](CVE-2025/CVE-2025-61xx/CVE-2025-6172.json) (`2025-06-16T09:15:20.493`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-1268](CVE-2025/CVE-2025-12xx/CVE-2025-1268.json) (`2025-06-16T09:15:18.870`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 21bdeeb4cba..408a69aaac8 100644 --- a/_state.csv +++ b/_state.csv @@ -283418,7 +283418,7 @@ CVE-2025-1264,0,0,28c40552206eb9f5a0b03a9cca8beeb7d7df89ca0a5becb5749e460941f9fd CVE-2025-1265,0,0,bc018ef071fadf7e153cbb8aa96a03eb4bac560d27730ea77e8eae7baedae9e8,2025-02-20T20:15:46.537000 CVE-2025-1266,0,0,4994c9c1e87b7dedc2dce4e0a436027ae116cf2eed8bcb3d9cc4ca13f9be4407,2025-03-13T22:15:14.907000 CVE-2025-1267,0,0,8185c9604ff0d1aa86b9cea920d82bd8037570ce9b9b7776f5513234b5775eda,2025-04-01T20:26:11.547000 -CVE-2025-1268,0,0,24b31e8e7b6c23a12032a9eed037cd3c1ba639197e51a5064cf5bd995e47ac18,2025-05-09T01:15:49.557000 +CVE-2025-1268,0,1,b26cb2e3f9391aa1deea3c60085ffe6961c8fdb9f9fd34bf05939dcfc884b2c4,2025-06-16T09:15:18.870000 CVE-2025-1269,0,0,3d8990f3f321bb84afc5ce31cc37206b4dfeae7b9639d4320eceb6f39d26cfbc,2025-02-18T14:15:28.513000 CVE-2025-1270,0,0,a0fba4bca59afda304bf8335640266a3acf6a1624640bee675db51d94e9fc436,2025-02-13T13:15:09.273000 CVE-2025-1271,0,0,0359319eae8a142a0720b34e58c3d3808902c47ddd06a524c0e8a18f2f2f366a,2025-02-13T13:15:09.433000 @@ -284387,6 +284387,7 @@ CVE-2025-20906,0,0,227b94242ada97f5f1b38d2297103a593c8ae5078c64d6e33b6eecd693ed4 CVE-2025-20907,0,0,379c340eb54b31b9cb5f71668b76a83cd25f313f0ca982b642024600b12637ce,2025-02-12T13:49:49.460000 CVE-2025-20908,0,0,576d0c932c62fad7894b616fe95f3b3030f52a9c25cc8141c044406a0e0a7fc0,2025-03-06T05:15:17.150000 CVE-2025-20909,0,0,661128f74b5e1570cc0c738206adeffe7913c3464aea431885d2b5b77ff6aec8,2025-03-06T05:15:17.307000 +CVE-2025-2091,1,1,1100ba577be997cc84f23a5d8de969b9672830c14158077dbaea0ab8a2fe46cb,2025-06-16T09:15:19.067000 CVE-2025-20910,0,0,8eeef360bd8ee8e6ea808c95de07cab8422342433bb9ea5f3273d310585c156c,2025-03-06T05:15:17.480000 CVE-2025-20911,0,0,48bf673220f74bc55aa347d4893646bb5408aef810bd43f32e472aa676cc2420,2025-03-06T05:15:17.653000 CVE-2025-20912,0,0,f7767b1d03f69e82598a74f1eeca9546a2bd4c871a4556075c66e1b7bf13c7d1,2025-03-06T05:15:17.860000 @@ -293303,6 +293304,7 @@ CVE-2025-3460,0,0,a6918e85be5e4f2f6bd8b4089f3f654f6c5d78ba27d378dcd7c473c63506e9 CVE-2025-3461,0,0,b711842f3138044403b9c62c870e92a946a81dbd27b6e170abe8935ae6232ced,2025-06-09T19:15:24.923000 CVE-2025-3462,0,0,96a08229937a9712440a065f7abf8858b2712ba35f45d182986e12e301979bf4,2025-05-12T17:32:52.810000 CVE-2025-3463,0,0,b9c293fc915bcaaa130da553f49fb5680a86dfb762948cd4b867acf35ebae4a2,2025-05-12T17:32:52.810000 +CVE-2025-3464,1,1,f761b82c82eea0b93334397438eaaecbc92df6f30dac7cf49538babc36a751ec,2025-06-16T09:15:19.233000 CVE-2025-3468,0,0,136950783d88ce0e5a3cbb5efc9cbb24284feffc83746ee503e38c1107465276,2025-06-04T22:54:54.960000 CVE-2025-3469,0,0,4bca5426f9919f93dad9a4b1c330f34d47eacab0082cc9b29903729bbc139092,2025-04-11T15:39:52.920000 CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a39093,2025-04-15T18:39:27.967000 @@ -294446,6 +294448,10 @@ CVE-2025-4069,0,0,72c3e148c8cf8c4d5070733c3b3e33573ee47e1d4dc46e158ed5117d25968f CVE-2025-4070,0,0,95239c8a358b05c88e31535f0df25ceb69331749309a950b338783db56336302,2025-05-09T13:50:22.543000 CVE-2025-4071,0,0,68547b4133937980d039f29a0abcfa60e8d56aeeed72b73dfe6880158fc5f6a5,2025-05-09T13:51:10.523000 CVE-2025-4072,0,0,d0cf8b7d2285b873c553b1cc40373ece79b00a96b5dd7782b5277899efb2c1fa,2025-05-09T13:51:19.130000 +CVE-2025-40726,1,1,1af41231384f6012aa660a6b373a378c828e9aa5b462b91f2ba4a3ed87c37abf,2025-06-16T09:15:19.427000 +CVE-2025-40727,1,1,667d0fac5d54ea5f12a9fe24fa479f6d4ec4f4b9185a88f1e1a0a20a286abf68,2025-06-16T09:15:19.587000 +CVE-2025-40728,1,1,29460beadecfc1574da29cb5197853ba6bce1dc9e59afa3f271b244b5bd94337,2025-06-16T09:15:19.733000 +CVE-2025-40729,1,1,528214f9324db9bf5c792911946cf1201b36e8ae55ed53e8fe291198902d9f87,2025-06-16T09:15:19.873000 CVE-2025-4073,0,0,5b07f84aef869ff97a5846e761decacb25d1866933f52ae6973131cfce282ea0,2025-05-09T13:51:33.337000 CVE-2025-4074,0,0,67c949a36ba05d695588494a1af59c90dcd6f218e799b578e62cc10508e92154,2025-05-09T13:49:25.337000 CVE-2025-4075,0,0,980439803ac2a564a1211ca7907d1f8cd24fb9992986c85d77b9d15e9738b3a9,2025-05-02T13:53:40.163000 @@ -297224,6 +297230,7 @@ CVE-2025-4983,0,0,8b53f9fcac717498609c6596ba194e3872474340efe5891a55ff7cfbe70e31 CVE-2025-4984,0,0,8011ca13e469a81f6afb4511e42cccafc7f5c3edf7ae8617debc1cb5fd406589,2025-05-30T16:31:03.107000 CVE-2025-4985,0,0,88151f8f37213547b95261cc34f75717fde2a8ef982c36b2d93a8904176e3178,2025-05-30T16:31:03.107000 CVE-2025-4986,0,0,0d635bfcd5ea7157ed48c7c5f6511d7b519fc07571e2245e906f4237ec28c07f,2025-05-30T16:31:03.107000 +CVE-2025-4987,1,1,5b8d996ac86b68ca9a947df5c0b2ea6fdecb4a2fdee697d3645bfd8856c947f8,2025-06-16T08:15:18.787000 CVE-2025-4988,0,0,a7c799add205e04161903a2f90e2fafc16c75a5a4daac88e051c1af2ef20204f,2025-05-30T16:31:03.107000 CVE-2025-4989,0,0,74686f3d4372e905fa27c624734660eade1cfc1a7c1d6b7d7fe07ac62f07c46a,2025-05-30T16:31:03.107000 CVE-2025-4990,0,0,11128ad236ff0bbb6407ba12ca704aae39e79d15ca91d8e93c05e36bda39beb6,2025-05-30T16:31:03.107000 @@ -297979,8 +297986,13 @@ CVE-2025-6104,0,0,0cb7244bf5516eff0aeb918019c1c01c252e2c8f9668748e11e4f5949a28ce CVE-2025-6105,0,0,95455d7ad96d623493f9a04af561f7163ab23de7bcc3da8e2d0c194f7ccdffe7,2025-06-16T05:15:26.567000 CVE-2025-6106,0,0,f589e4d7b42d39ac74b1bc16b1d178d36ca8a28013e2d2cd9d2d4c7dbe82b409,2025-06-16T05:15:26.920000 CVE-2025-6107,0,0,8b1b32c2f9a6580d0fc229f7e78ec0090e13aa7e7b3db84c16c06e8dd928ca71,2025-06-16T05:15:27.160000 -CVE-2025-6108,1,1,052486f7c1a2ef350fec9a9a6b4942ddfdbdfaeab96c5024acc201259a6d80d7,2025-06-16T06:15:18.307000 -CVE-2025-6109,1,1,456d88ea582e7752c5f08127d0fea44abd14ec99dc45815323479e72f75d3e52,2025-06-16T06:15:20.213000 -CVE-2025-6110,1,1,2868c073105f9241d86db7e941b5f58d3804a06756b846893d91e77093b6acde,2025-06-16T07:15:18.373000 -CVE-2025-6111,1,1,828492d35f46af5f4bd617fbf9695a7354eeabafa01bcbe1aecb08dbc8200b6d,2025-06-16T07:15:19.870000 -CVE-2025-6169,1,1,ac06daff660839c238a07ac6aebf260af42d84f3956ac01d7a286965b2162754,2025-06-16T07:15:20.077000 +CVE-2025-6108,0,0,052486f7c1a2ef350fec9a9a6b4942ddfdbdfaeab96c5024acc201259a6d80d7,2025-06-16T06:15:18.307000 +CVE-2025-6109,0,0,456d88ea582e7752c5f08127d0fea44abd14ec99dc45815323479e72f75d3e52,2025-06-16T06:15:20.213000 +CVE-2025-6110,0,0,2868c073105f9241d86db7e941b5f58d3804a06756b846893d91e77093b6acde,2025-06-16T07:15:18.373000 +CVE-2025-6111,0,0,828492d35f46af5f4bd617fbf9695a7354eeabafa01bcbe1aecb08dbc8200b6d,2025-06-16T07:15:19.870000 +CVE-2025-6112,1,1,03192921fcb3ce4b573c976cde60b3298c837468da8da701519d4ad029a6e0e6,2025-06-16T08:15:20.010000 +CVE-2025-6113,1,1,c228ada00f832720a15995e7d0fadbc924d7d4afc603f57e382f08aa1623a1a9,2025-06-16T08:15:20.227000 +CVE-2025-6114,1,1,227f4fe7537286c6d9a129b77082eb62e5e9bd47bc0aabd1a43e8f1f3aaa38da,2025-06-16T09:15:20.013000 +CVE-2025-6115,1,1,32bbc5cdf3c9f9122ab43d4c3b5bb801120d95e215918d847e6d845ba16a808c,2025-06-16T09:15:20.300000 +CVE-2025-6169,0,0,ac06daff660839c238a07ac6aebf260af42d84f3956ac01d7a286965b2162754,2025-06-16T07:15:20.077000 +CVE-2025-6172,1,1,342c6cc2700d8cffe114ebae7fb0f638875c5b55bb4327392295802843114037,2025-06-16T09:15:20.493000