diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24002.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24002.json new file mode 100644 index 00000000000..b0604240332 --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24002.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24002", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:23.473", + "lastModified": "2025-07-08T07:15:23.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-014", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24003.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24003.json new file mode 100644 index 00000000000..1e8fd173788 --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24003.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24003", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:23.943", + "lastModified": "2025-07-08T07:15:23.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-014", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24004.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24004.json new file mode 100644 index 00000000000..890b64c26bd --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24004.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24004", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:24.127", + "lastModified": "2025-07-08T07:15:24.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-014", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24005.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24005.json new file mode 100644 index 00000000000..f0fa6592353 --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24005.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24005", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:24.303", + "lastModified": "2025-07-08T07:15:24.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-014", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24006.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24006.json new file mode 100644 index 00000000000..e59e8500a3b --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24006.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24006", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:24.493", + "lastModified": "2025-07-08T07:15:24.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-014", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25268.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25268.json new file mode 100644 index 00000000000..66b2553598d --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25268.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25268", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:24.693", + "lastModified": "2025-07-08T07:15:24.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-019", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25269.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25269.json new file mode 100644 index 00000000000..f4638e93775 --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25269.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25269", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:24.890", + "lastModified": "2025-07-08T07:15:24.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-019", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25270.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25270.json new file mode 100644 index 00000000000..c1d46d4b96f --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25270.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25270", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.080", + "lastModified": "2025-07-08T07:15:25.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-913" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-019", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25271.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25271.json new file mode 100644 index 00000000000..fc39a17e930 --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25271.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25271", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.270", + "lastModified": "2025-07-08T07:15:25.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1188" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/de/advisories/VDE-2025-019", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-416xx/CVE-2025-41665.json b/CVE-2025/CVE-2025-416xx/CVE-2025-41665.json new file mode 100644 index 00000000000..eca9b773334 --- /dev/null +++ b/CVE-2025/CVE-2025-416xx/CVE-2025-41665.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-41665", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.457", + "lastModified": "2025-07-08T07:15:25.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-054", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-416xx/CVE-2025-41666.json b/CVE-2025/CVE-2025-416xx/CVE-2025-41666.json new file mode 100644 index 00000000000..7c7195f28e7 --- /dev/null +++ b/CVE-2025/CVE-2025-416xx/CVE-2025-41666.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-41666", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.630", + "lastModified": "2025-07-08T07:15:25.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-054", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-416xx/CVE-2025-41667.json b/CVE-2025/CVE-2025-416xx/CVE-2025-41667.json new file mode 100644 index 00000000000..e2c89ec5e11 --- /dev/null +++ b/CVE-2025/CVE-2025-416xx/CVE-2025-41667.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-41667", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.813", + "lastModified": "2025-07-08T07:15:25.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-054", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-416xx/CVE-2025-41668.json b/CVE-2025/CVE-2025-416xx/CVE-2025-41668.json new file mode 100644 index 00000000000..c779564bb43 --- /dev/null +++ b/CVE-2025/CVE-2025-416xx/CVE-2025-41668.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-41668", + "sourceIdentifier": "info@cert.vde.com", + "published": "2025-07-08T07:15:25.987", + "lastModified": "2025-07-08T07:15:25.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://certvde.com/en/advisories/VDE-2025-054", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42956.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42956.json new file mode 100644 index 00000000000..853134a36d5 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42956.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42956", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T07:15:26.167", + "lastModified": "2025-07-08T07:15:26.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3617131", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6743.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6743.json new file mode 100644 index 00000000000..ef499e1988a --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6743.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6743", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-08T07:15:26.410", + "lastModified": "2025-07-08T07:15:26.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6746.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6746.json new file mode 100644 index 00000000000..24f4d9304e0 --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6746.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6746", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-08T07:15:26.587", + "lastModified": "2025-07-08T07:15:26.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7164.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7164.json new file mode 100644 index 00000000000..b0f4edb3e13 --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7164.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-7164", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T06:15:23.040", + "lastModified": "2025-07-08T06:15:23.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/107", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315103", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315103", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606371", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7165.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7165.json new file mode 100644 index 00000000000..ade1f341791 --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7165.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-7165", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T06:15:24.513", + "lastModified": "2025-07-08T06:15:24.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/108", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315104", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315104", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606372", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7166.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7166.json new file mode 100644 index 00000000000..3af34af0b83 --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7166.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7166", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T07:15:26.770", + "lastModified": "2025-07-08T07:15:26.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/yihaofuweng/cve/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315105", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315105", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606484", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7167.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7167.json new file mode 100644 index 00000000000..8f6d1322fe1 --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7167.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7167", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T07:15:27.007", + "lastModified": "2025-07-08T07:15:27.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/yihaofuweng/cve/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315106", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315106", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606487", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-73xx/CVE-2025-7327.json b/CVE-2025/CVE-2025-73xx/CVE-2025-7327.json new file mode 100644 index 00000000000..fb27b19c836 --- /dev/null +++ b/CVE-2025/CVE-2025-73xx/CVE-2025-7327.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-7327", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-08T06:15:24.730", + "lastModified": "2025-07-08T06:15:24.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This is limited to just PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3316262%40business-reviews-wp%2Ftrunk&old=3201057%40business-reviews-wp%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4681e56f-1dad-46a7-8ac7-1f543a383433?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-73xx/CVE-2025-7346.json b/CVE-2025/CVE-2025-73xx/CVE-2025-7346.json new file mode 100644 index 00000000000..933c3a0e875 --- /dev/null +++ b/CVE-2025/CVE-2025-73xx/CVE-2025-7346.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-7346", + "sourceIdentifier": "1c6b5737-9389-4011-8117-89fa251edfb2", + "published": "2025-07-08T07:15:27.220", + "lastModified": "2025-07-08T07:15:27.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Any unauthenticated attacker can bypass the localhost \nrestrictions posed by the application and utilize this to create \narbitrary packages" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "1c6b5737-9389-4011-8117-89fa251edfb2", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "1c6b5737-9389-4011-8117-89fa251edfb2", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pyload/pyload/security/advisories/GHSA-x698-5hjm-w2m5", + "source": "1c6b5737-9389-4011-8117-89fa251edfb2" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cfd25b68a80..71f9fd7f228 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-08T06:00:11.758766+00:00 +2025-07-08T08:00:16.038029+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-08T05:15:31.040000+00:00 +2025-07-08T07:15:27.220000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300775 +300797 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `22` -- [CVE-2025-5537](CVE-2025/CVE-2025-55xx/CVE-2025-5537.json) (`2025-07-08T05:15:30.420`) -- [CVE-2025-5957](CVE-2025/CVE-2025-59xx/CVE-2025-5957.json) (`2025-07-08T05:15:30.660`) -- [CVE-2025-7160](CVE-2025/CVE-2025-71xx/CVE-2025-7160.json) (`2025-07-08T04:15:49.817`) -- [CVE-2025-7161](CVE-2025/CVE-2025-71xx/CVE-2025-7161.json) (`2025-07-08T04:15:55.210`) -- [CVE-2025-7162](CVE-2025/CVE-2025-71xx/CVE-2025-7162.json) (`2025-07-08T05:15:30.837`) -- [CVE-2025-7163](CVE-2025/CVE-2025-71xx/CVE-2025-7163.json) (`2025-07-08T05:15:31.040`) +- [CVE-2025-24002](CVE-2025/CVE-2025-240xx/CVE-2025-24002.json) (`2025-07-08T07:15:23.473`) +- [CVE-2025-24003](CVE-2025/CVE-2025-240xx/CVE-2025-24003.json) (`2025-07-08T07:15:23.943`) +- [CVE-2025-24004](CVE-2025/CVE-2025-240xx/CVE-2025-24004.json) (`2025-07-08T07:15:24.127`) +- [CVE-2025-24005](CVE-2025/CVE-2025-240xx/CVE-2025-24005.json) (`2025-07-08T07:15:24.303`) +- [CVE-2025-24006](CVE-2025/CVE-2025-240xx/CVE-2025-24006.json) (`2025-07-08T07:15:24.493`) +- [CVE-2025-25268](CVE-2025/CVE-2025-252xx/CVE-2025-25268.json) (`2025-07-08T07:15:24.693`) +- [CVE-2025-25269](CVE-2025/CVE-2025-252xx/CVE-2025-25269.json) (`2025-07-08T07:15:24.890`) +- [CVE-2025-25270](CVE-2025/CVE-2025-252xx/CVE-2025-25270.json) (`2025-07-08T07:15:25.080`) +- [CVE-2025-25271](CVE-2025/CVE-2025-252xx/CVE-2025-25271.json) (`2025-07-08T07:15:25.270`) +- [CVE-2025-41665](CVE-2025/CVE-2025-416xx/CVE-2025-41665.json) (`2025-07-08T07:15:25.457`) +- [CVE-2025-41666](CVE-2025/CVE-2025-416xx/CVE-2025-41666.json) (`2025-07-08T07:15:25.630`) +- [CVE-2025-41667](CVE-2025/CVE-2025-416xx/CVE-2025-41667.json) (`2025-07-08T07:15:25.813`) +- [CVE-2025-41668](CVE-2025/CVE-2025-416xx/CVE-2025-41668.json) (`2025-07-08T07:15:25.987`) +- [CVE-2025-42956](CVE-2025/CVE-2025-429xx/CVE-2025-42956.json) (`2025-07-08T07:15:26.167`) +- [CVE-2025-6743](CVE-2025/CVE-2025-67xx/CVE-2025-6743.json) (`2025-07-08T07:15:26.410`) +- [CVE-2025-6746](CVE-2025/CVE-2025-67xx/CVE-2025-6746.json) (`2025-07-08T07:15:26.587`) +- [CVE-2025-7164](CVE-2025/CVE-2025-71xx/CVE-2025-7164.json) (`2025-07-08T06:15:23.040`) +- [CVE-2025-7165](CVE-2025/CVE-2025-71xx/CVE-2025-7165.json) (`2025-07-08T06:15:24.513`) +- [CVE-2025-7166](CVE-2025/CVE-2025-71xx/CVE-2025-7166.json) (`2025-07-08T07:15:26.770`) +- [CVE-2025-7167](CVE-2025/CVE-2025-71xx/CVE-2025-7167.json) (`2025-07-08T07:15:27.007`) +- [CVE-2025-7327](CVE-2025/CVE-2025-73xx/CVE-2025-7327.json) (`2025-07-08T06:15:24.730`) +- [CVE-2025-7346](CVE-2025/CVE-2025-73xx/CVE-2025-7346.json) (`2025-07-08T07:15:27.220`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-12084](CVE-2024/CVE-2024-120xx/CVE-2024-12084.json) (`2025-07-08T04:15:35.820`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1c05570e1c1..598e719257c 100644 --- a/_state.csv +++ b/_state.csv @@ -247573,7 +247573,7 @@ CVE-2024-12079,0,0,f0a4e85da927a5340284c6487051e280cf71d52e130f510f5f06aeb1589a1 CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669a9,2024-11-21T08:50:02.590000 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000 CVE-2024-12083,0,0,d43543ed1a2c4c8cfbaff70b85f71ffc7dc15514475ec8e8bc46a80ffd753fb3,2025-01-14T01:15:09.267000 -CVE-2024-12084,0,1,6c045b6082a57b610530f8b767e2eb45b0515ccd4f9f829ec14a33b10c042f76,2025-07-08T04:15:35.820000 +CVE-2024-12084,0,0,6c045b6082a57b610530f8b767e2eb45b0515ccd4f9f829ec14a33b10c042f76,2025-07-08T04:15:35.820000 CVE-2024-12085,0,0,3632690d6e0b561b9938cd8829659826f1fb89699418843b35c0b53500cbe243,2025-03-20T07:15:37.273000 CVE-2024-12086,0,0,5ee74c273cbac964f9b2730efc5a7d5ea17c21ed7362a4d7e40db788548e2151,2025-06-20T18:40:03.263000 CVE-2024-12087,0,0,76142f1ba93d7b05f4ef8d446c2bf1da6f3c587ec583076ef56f74ae882965d6,2025-06-20T18:28:57.620000 @@ -287700,6 +287700,11 @@ CVE-2025-23998,0,0,4ced4b8f68a6d09d5a1c825ec6107a84dbbb418c96e80844463996fce823e CVE-2025-23999,0,0,6773c8075c9b8de00cd5861aa000dd53f139f15abccc02c1eda29f01b0f6520d,2025-06-18T13:46:52.973000 CVE-2025-2400,0,0,cb277ee1e8117318fb6e147a1b2b1e1371201876775172b424ebe4df769d43b5,2025-04-16T23:15:45.697000 CVE-2025-24001,0,0,2c753840ec158b2e8c5040a7ed2631e45b8667250a806707291f782ebc7cf4aa,2025-01-21T14:15:13.600000 +CVE-2025-24002,1,1,15aac000b0d428b75ebb582d6006f7687fe513fe0516bb4d44fd269134cb74c6,2025-07-08T07:15:23.473000 +CVE-2025-24003,1,1,d1361e05810740e53f399053f5de75f59c9f114085a954c18f785468ea275610,2025-07-08T07:15:23.943000 +CVE-2025-24004,1,1,8d39856b18b85f09953db2880f38f84666c06fa5a6403cc97ad51f8df13b2819,2025-07-08T07:15:24.127000 +CVE-2025-24005,1,1,e1e41317ec2a0fe348149afe13e283248dfdec7551dfb0ad136eeb114ce550f2,2025-07-08T07:15:24.303000 +CVE-2025-24006,1,1,6366573bf2c6b95aae82dd74beaa4f7a51fade3baf09538d19a428cb2818dd7d,2025-07-08T07:15:24.493000 CVE-2025-24007,0,0,d5a322aca38d9b339464f589901eb52f11882e233cfd426d01e2c3406881418b,2025-05-13T19:35:18.080000 CVE-2025-24008,0,0,423d669a6e34997d57f8b36c43ed7c867ae9c55ff7a78d413bfcbfe389a548e8,2025-05-13T19:35:18.080000 CVE-2025-24009,0,0,5a2d9976bbebbb07139b8168b51112b7611feaf8b8f7fa0e7e6d15e54ec901e7,2025-05-13T19:35:18.080000 @@ -288798,7 +288803,11 @@ CVE-2025-25264,0,0,43b7a7b4f74d7bd8e5beb6dff5447491dc0a5b518feb8ee2b544a985ed5dd CVE-2025-25265,0,0,66d572d3448f0be5065a29097f1c5cd567b87dd64e2b2d83a72ad748c925a812,2025-06-16T12:32:18.840000 CVE-2025-25266,0,0,14fc4214833d5ffeb8f363743939de320f9169af46798b63b6da510cc3dfff47,2025-03-11T10:15:17.850000 CVE-2025-25267,0,0,327b2100edff4cbf9fdcfe1321dc00713a82279b4ead6a7ccdc62b6f97970ac6,2025-03-11T10:15:18.030000 +CVE-2025-25268,1,1,d8cd8cb1ff13667f1839ed0d77baab19964acf2c7c3498fc623dffcbd54118b5,2025-07-08T07:15:24.693000 +CVE-2025-25269,1,1,1a61666a3de5652a8a57d8aa918c2e37894655c4d6e7d07620abe651eb427e9e,2025-07-08T07:15:24.890000 CVE-2025-2527,0,0,7eee1c306ec3796fb3e2b284b23cda1a7bd91e67491cf652c8d7df0439106c96,2025-05-16T14:43:26.160000 +CVE-2025-25270,1,1,ba5d45858c7fc1c2d456eba350a104138f3920078104475f3ffac32854469b3e,2025-07-08T07:15:25.080000 +CVE-2025-25271,1,1,1f41fa06863111a47c79cad08152f2ba1356f230f1a15de432df9756ecf5d91a,2025-07-08T07:15:25.270000 CVE-2025-25274,0,0,90de1f80f28c13ac592acae9058f17aeba0fd544a5c1ea5aa19b39d1d3157bb2,2025-03-27T15:01:59.897000 CVE-2025-25276,0,0,bf4dced8fe6ecf840461d20f447f79fe43fd41e2cf95e1d16b25b820c49b6b08,2025-04-16T13:25:37.340000 CVE-2025-25279,0,0,042549a55fc10922a139cd28848b848f448630efd12168ac54dc544f129afb38,2025-02-24T08:15:10.607000 @@ -295704,6 +295713,10 @@ CVE-2025-4166,0,0,5bfebbee34c2356ee039434bb4ac7a8705ff7fab6fe8d313f7df39c4661cee CVE-2025-41661,0,0,79dfa817986795435d6c654e1eede377100321eba8444aaa94e2f98111523cbf,2025-06-12T16:06:20.180000 CVE-2025-41662,0,0,f4c7f5b91e9dbf0a17c75acfb892489a5744961254c1900bddb432592357c27b,2025-06-12T16:06:20.180000 CVE-2025-41663,0,0,9201f2a5707580a5af3fb5646429d71fd7d870cffc0d7f43eb8e8ea7a31aab43,2025-06-12T16:06:20.180000 +CVE-2025-41665,1,1,4df39b26fcc56baa7e30a7850c0654c17e2d83369f1663df0db8aaaf7bf529e5,2025-07-08T07:15:25.457000 +CVE-2025-41666,1,1,f13a9f864611be028e19f412e7f56703e2176d6752901ab9554ecd66ecde9499,2025-07-08T07:15:25.630000 +CVE-2025-41667,1,1,a6706829f2c4b177a473cc9ab245cc7dd87d7629b2bdfb166fddf06aa60b4844,2025-07-08T07:15:25.813000 +CVE-2025-41668,1,1,77700a0fad9716c8a0afb622759a2ec7b5629dea90ebc05ca2c9dd1a821ddc47,2025-07-08T07:15:25.987000 CVE-2025-41672,0,0,30725c52618b9700331494b75aaf80f5c0cb0ccd0c82c7ee8cd1799c9d74c993,2025-07-07T07:15:23.973000 CVE-2025-4168,0,0,a6468df4f7a2597ad76d3cb7aeb08566a4877cfddb2b3e40039e98441ddbce5f,2025-05-05T20:54:19.760000 CVE-2025-4169,0,0,bfc728158ddf7f1a565291bbe3bc05c4816fdb9cc64adedded01a1b86d632adf,2025-05-16T14:42:18.700000 @@ -295829,6 +295842,7 @@ CVE-2025-4293,0,0,3e0fba3b11651bbd0f80afc0b87a24c09c8226e80f3350735e023f15e0a509 CVE-2025-42952,0,0,768bcb21d776f11485a2152ac2dc0bc7598a8ee5e50ee1082d5b052c728d9328,2025-07-08T01:15:22 CVE-2025-42953,0,0,1741d0db8362bf68b72a94a7bc94759493f1591ad7cdcbfb856df8c762f30086,2025-07-08T01:15:22.163000 CVE-2025-42954,0,0,3d6fa81167173620b022305ba34ea04bc5b97373e3681aaccd6730092982902a,2025-07-08T01:15:22.317000 +CVE-2025-42956,1,1,e254045e3bf0e68c041d419f86048c8dad7d921fec68cbb1e6e1dab1f4ea9d51,2025-07-08T07:15:26.167000 CVE-2025-42959,0,0,d5b01cf70a8a433d4660d71c79e0cd35066490817f078e01438734aadc02e44f,2025-07-08T01:15:22.477000 CVE-2025-42960,0,0,a89186331f55bed8cbab7ef13d784bde9dc4953755cfe296098974f13d09bafe,2025-07-08T01:15:22.633000 CVE-2025-42961,0,0,2a9cd005f1d38d17bbbd4cdadb65a99fa4810911bd990533ae7e0c7f7028d38f,2025-07-08T01:15:22.783000 @@ -299621,7 +299635,7 @@ CVE-2025-5533,0,0,2dfcccaae175c59c944126a99e8f6d8f65e21d5c385b8c2ddbbe92c2ba47ee CVE-2025-5534,0,0,d8177fc111cd48f21043a561bc59a4a7b9cde04803cd4201428282cfb06e0a32,2025-06-06T14:07:28.330000 CVE-2025-5535,0,0,a7818bef1709aa482ae74724baff1a67c45fa2916d5a65f27323a13d0490ed33,2025-06-26T18:57:43.670000 CVE-2025-5536,0,0,7df71d1dab0ddadc1cf40e48870e67453a2cbb15d8332fa14fab505e504c5a57,2025-06-06T14:07:28.330000 -CVE-2025-5537,1,1,c58d66f67b7e6b22f6a3101a91f886d14db2b9fc6ecec5c418587840cb1d2562,2025-07-08T05:15:30.420000 +CVE-2025-5537,0,0,c58d66f67b7e6b22f6a3101a91f886d14db2b9fc6ecec5c418587840cb1d2562,2025-07-08T05:15:30.420000 CVE-2025-5538,0,0,762f67a9ba2152c03c8ac60e588d19c417662c15009fd5c6802487e853ce4da9,2025-06-06T14:07:28.330000 CVE-2025-5539,0,0,5f3c15177d18ed772de6d63d48eacb9684fe228baa189f897784f5e945ccc17b,2025-06-04T14:54:33.783000 CVE-2025-5540,0,0,e49bd4a72fa7910724ed7b963345a8ee9fe8cb1a4e3ad1e04c066cb4335f7fd4,2025-06-26T18:57:43.670000 @@ -299980,7 +299994,7 @@ CVE-2025-5951,0,0,8284d36183b5c5a20ce1ccc5cb7415a68b49193aca2a0e8df993129c1d1d98 CVE-2025-5952,0,0,80f5810e94a735443b1add4b87f50d30096f6ed0c46ddf37bebc56b27e945b75,2025-06-12T16:06:39.330000 CVE-2025-5953,0,0,0a65ba7dad80d78c00297bacfefe05191d971aa2d5c6a2f1f6cb79a4378a67e4,2025-07-04T03:15:21.583000 CVE-2025-5956,0,0,20b46444f81cce9e023e10b8442889f698b8542b93f82d33b929ea695203acdd,2025-07-04T03:15:21.747000 -CVE-2025-5957,1,1,014a3217902beff8d9659ceab173a87dce13308a02a1b50f04ebce831e0bcf37,2025-07-08T05:15:30.660000 +CVE-2025-5957,0,0,014a3217902beff8d9659ceab173a87dce13308a02a1b50f04ebce831e0bcf37,2025-07-08T05:15:30.660000 CVE-2025-5958,0,0,a36b78799dbbd1551f96c1bff1614591c13905c454c0b07d9b02e19316c76c99,2025-06-16T14:50:15.493000 CVE-2025-5959,0,0,a39e129e58512bcee45e4710589bda0209f85db251e85a57b71fd6de1e661083,2025-06-16T14:49:13.623000 CVE-2025-5961,0,0,eaa27bb56089b7fa09f99a32ff7b37f6b2fc66a8070612fab137e64cf5236dfe,2025-07-03T15:13:53.147000 @@ -300510,6 +300524,8 @@ CVE-2025-6736,0,0,25903f9d1406c60f622962611fc5443a5d32d3cdb912833a9ad0899ef2f7c3 CVE-2025-6738,0,0,3259930ec98b59546eeaeace9fb84641bae60a8fe1ea462b5fb5b4147d4fd671,2025-06-30T18:38:48.477000 CVE-2025-6739,0,0,bd154751d866345fec59da65321a383a12e1d3bc94957e355ab825597d37c48a,2025-07-04T03:15:22.740000 CVE-2025-6740,0,0,4df025ce77d1adfe2573d12dc431280049a6a66b06d7c4a694ba8dc72df73175,2025-07-04T12:15:35.570000 +CVE-2025-6743,1,1,1a2f8644f53e75d6c8b80fff15734043e2ec6a57d7ca239c2f4e32f989444480,2025-07-08T07:15:26.410000 +CVE-2025-6746,1,1,2cee8b5f62f2740e58418e06d7d18549cb6c59f308feeb8d07ef0e27b444984f,2025-07-08T07:15:26.587000 CVE-2025-6748,0,0,7f8f18ce472108822cda61d00f4ec9b1169d30c9d958ea970ce7bf174900b6ff,2025-06-30T18:38:48.477000 CVE-2025-6749,0,0,d1c491f56475f9982f91a0af7dbfe7ca7d1db32da1110cdac506d65ba7fc1676,2025-06-30T18:38:48.477000 CVE-2025-6750,0,0,f1b454f50a80614e8eea516f2449d507837abfd24769c351c9d643bb9f9983b5,2025-07-01T17:44:05.567000 @@ -300769,8 +300785,14 @@ CVE-2025-7156,0,0,69691b32841b06123b32c66248b7e50cfd2b28e05c59a46703f6823598b1a3 CVE-2025-7157,0,0,fb0ab6cdcd483ee5ab2507f21ed657ed272b448e55adaa21678064387511c835,2025-07-08T03:15:31.123000 CVE-2025-7158,0,0,d801401be7bfca9ce7b35bab72bb2a194c85030fa8a4a8a6df2185522ff79cd7,2025-07-08T03:15:31.373000 CVE-2025-7159,0,0,e94c92ddd35c79d1bb4bca41d4c7fa36ba523f9dbab019a68a36db8f883b8350,2025-07-08T03:15:31.590000 -CVE-2025-7160,1,1,811243df4eb29c9cf9908e03481e5417b2075050ec94b2673ed1cc734c331569,2025-07-08T04:15:49.817000 -CVE-2025-7161,1,1,467d3c8c759f8b848912be396a9ff12fd2c66364968e7eb0c84516c9ec188e91,2025-07-08T04:15:55.210000 -CVE-2025-7162,1,1,ca7f7267d6abd001dea308b614ab744e993f80cc6ca7454325881ee182c6b2af,2025-07-08T05:15:30.837000 -CVE-2025-7163,1,1,6c57a17cb92e35a024bf2e98d222b66576c61218c39440535ef7ce892fd102df,2025-07-08T05:15:31.040000 +CVE-2025-7160,0,0,811243df4eb29c9cf9908e03481e5417b2075050ec94b2673ed1cc734c331569,2025-07-08T04:15:49.817000 +CVE-2025-7161,0,0,467d3c8c759f8b848912be396a9ff12fd2c66364968e7eb0c84516c9ec188e91,2025-07-08T04:15:55.210000 +CVE-2025-7162,0,0,ca7f7267d6abd001dea308b614ab744e993f80cc6ca7454325881ee182c6b2af,2025-07-08T05:15:30.837000 +CVE-2025-7163,0,0,6c57a17cb92e35a024bf2e98d222b66576c61218c39440535ef7ce892fd102df,2025-07-08T05:15:31.040000 +CVE-2025-7164,1,1,8d98866f9ff941dcf1d5368040d34d26da7d068cb61dbec8e36d2c25d7a47d22,2025-07-08T06:15:23.040000 +CVE-2025-7165,1,1,81e0312c17d7e6aa177ff46a5153ebba82f6184909c7b5c996a38f7990401222,2025-07-08T06:15:24.513000 +CVE-2025-7166,1,1,aace25dc354d2484e73e9aecc6dec28a284773282ee58ca2bfecef576bf55ae7,2025-07-08T07:15:26.770000 +CVE-2025-7167,1,1,c3279b90c72edddbb3f2437b841bbecf3ec7435b7e931acecf262d7a408a3e53,2025-07-08T07:15:27.007000 CVE-2025-7259,0,0,92aedb6a5e38fb030175a289364c754cf67f487a6a25e9d17c23717610f38507,2025-07-07T16:15:30.440000 +CVE-2025-7327,1,1,f8b1188e4f7cc5573c9ecf71a12200117edf4fd74dc9f9fae96673aaeccbf801,2025-07-08T06:15:24.730000 +CVE-2025-7346,1,1,4d9e53b0866f05dbc76d9f308b20b3471e0e3bc9d3b80a3521c3e4fde078e409,2025-07-08T07:15:27.220000