diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3323.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3323.json new file mode 100644 index 00000000000..e4811711d40 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3323.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3323", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T22:15:28.400", + "lastModified": "2025-04-06T22:15:28.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is an unknown functionality of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/Nimrod-SQL.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303535", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303535", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551863", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3324.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3324.json new file mode 100644 index 00000000000..538e3f1d5f2 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3324.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3324", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T23:15:39.443", + "lastModified": "2025-04-06T23:15:39.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/Nimrod-fileUpload.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303536", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303536", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551864", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3325.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3325.json new file mode 100644 index 00000000000..98b09646b3a --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3325.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3325", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T23:15:39.640", + "lastModified": "2025-04-06T23:15:39.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303537", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303537", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551869", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2b65761fefb..78c955f9ccc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-06T22:00:45.731836+00:00 +2025-04-06T23:55:19.553136+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-06T20:15:15.217000+00:00 +2025-04-06T23:15:39.640000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288729 +288732 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2025-31488](CVE-2025/CVE-2025-314xx/CVE-2025-31488.json) (`2025-04-06T20:15:14.310`) -- [CVE-2025-31492](CVE-2025/CVE-2025-314xx/CVE-2025-31492.json) (`2025-04-06T20:15:15.063`) -- [CVE-2025-32013](CVE-2025/CVE-2025-320xx/CVE-2025-32013.json) (`2025-04-06T20:15:15.217`) +- [CVE-2025-3323](CVE-2025/CVE-2025-33xx/CVE-2025-3323.json) (`2025-04-06T22:15:28.400`) +- [CVE-2025-3324](CVE-2025/CVE-2025-33xx/CVE-2025-3324.json) (`2025-04-06T23:15:39.443`) +- [CVE-2025-3325](CVE-2025/CVE-2025-33xx/CVE-2025-3325.json) (`2025-04-06T23:15:39.640`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 6e4b45537ca..d6c8b19833c 100644 --- a/_state.csv +++ b/_state.csv @@ -288142,10 +288142,10 @@ CVE-2025-31484,0,0,dcc45bae9152a2eda779f3ce6fd498af89197d18dcaca27bbfad7d5d40b3c CVE-2025-31485,0,0,3ce57b1a6c12ba06f7b3b66de6a64de00dd26fff1bca804bc7432b5387f8923a,2025-04-03T20:15:25.740000 CVE-2025-31486,0,0,d2fbc9bc8815e6c1911b69d3264b835fbbf5113ea68b932a40b7cb7330e74afe,2025-04-03T21:15:40.780000 CVE-2025-31487,0,0,3f4d76b673be9965a55fabed05694ce4639b6fdcf96fe5526adc43780e833374,2025-04-03T19:15:40.047000 -CVE-2025-31488,1,1,9068007bdb4f843f7bbcb41c83538d151466458d3748e0f9261fdc006a5a4aab,2025-04-06T20:15:14.310000 +CVE-2025-31488,0,0,9068007bdb4f843f7bbcb41c83538d151466458d3748e0f9261fdc006a5a4aab,2025-04-06T20:15:14.310000 CVE-2025-31489,0,0,827329a27d4d1d91b2af32fe95d065d67d2d778a8681281e8c2f3c11ae8b2ffd,2025-04-03T20:15:25.897000 CVE-2025-3149,0,0,af49735aae9ca4f8a710a35d5f3768baf512a088c3087e4dad0ba0732b0ea72d,2025-04-03T08:15:16.643000 -CVE-2025-31492,1,1,7075c509ada2edbe615bb8b142f5453cb2a8230bc2bd0bb60e92395e4d94dd31,2025-04-06T20:15:15.063000 +CVE-2025-31492,0,0,7075c509ada2edbe615bb8b142f5453cb2a8230bc2bd0bb60e92395e4d94dd31,2025-04-06T20:15:15.063000 CVE-2025-3150,0,0,2f84b70bd2548c5ef88db20ca82ee0901e096008ccf16e815e848c6d8c838c37,2025-04-03T08:15:16.863000 CVE-2025-3151,0,0,f881852acca4e3affb5dd59eacd825c2eab6abdc9da16667107850eed4aeb5a6,2025-04-03T08:15:17.070000 CVE-2025-31515,0,0,65e0cceff3005eb000d81df9c13b2b61bcc11ce5d49244e52c4f8300da4f784d,2025-04-01T03:15:17.700000 @@ -288522,7 +288522,7 @@ CVE-2025-3196,0,0,26b0db7feaca8ae723927487d6d4a9c9a11dc70ce2c85c499a6715b61b71da CVE-2025-3197,0,0,5a556a9ac012adcd51d84fc77560a4f5657c4092158c86aad255d2be783abbb5,2025-04-04T15:15:49.640000 CVE-2025-3198,0,0,88fc5645e3833e1f30debf14281cb0b943583fde4ba84f2bff1e070ecb732aff,2025-04-04T02:15:18.803000 CVE-2025-3199,0,0,54026901290f1fc3766afed97a730bb577739c4f60fe7ee2d96548cbd413a5ea,2025-04-04T02:15:19.013000 -CVE-2025-32013,1,1,7b41959c3a416dbe772a9b06950084687c942b65a4de28c6053c82078a595789,2025-04-06T20:15:15.217000 +CVE-2025-32013,0,0,7b41959c3a416dbe772a9b06950084687c942b65a4de28c6053c82078a595789,2025-04-06T20:15:15.217000 CVE-2025-3202,0,0,558b8c852358ff11061e77a127be2099982b8ad54bbc39d0fa0787770f4378c8,2025-04-04T16:15:39.600000 CVE-2025-3203,0,0,a5de3d0e4e2c48129754c7a98ad009abad812146aa44cb4bdbd3d73cafc0fc0f,2025-04-04T16:15:39.753000 CVE-2025-3204,0,0,312cc95228fe73003ec3ebf2ef4e97ce4945abbe3fe9ec6145f4ed560d9816a3,2025-04-04T16:15:39.893000 @@ -288728,3 +288728,6 @@ CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000 CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000 CVE-2025-3318,0,0,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000 +CVE-2025-3323,1,1,802cf3cb3885ca6951cb3717d8a51463a7e00dc75772b7b2d12e3c9d10a87155,2025-04-06T22:15:28.400000 +CVE-2025-3324,1,1,68e82b268149132ae3d110962df949f7734da604dfdd9ad36c70780ad76b783f,2025-04-06T23:15:39.443000 +CVE-2025-3325,1,1,1e24dfba53cb4878f37d5455faaa72e1ce05b58f70770481a853c98927430e5d,2025-04-06T23:15:39.640000