From 69a08f9b97586feec103ac93491bcbbe77f0cb5a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 6 May 2025 02:03:54 +0000 Subject: [PATCH] Auto-Update: 2025-05-06T02:00:20.039458+00:00 --- CVE-2025/CVE-2025-11xx/CVE-2025-1121.json | 8 +- CVE-2025/CVE-2025-11xx/CVE-2025-1122.json | 4 +- CVE-2025/CVE-2025-15xx/CVE-2025-1566.json | 4 +- CVE-2025/CVE-2025-15xx/CVE-2025-1568.json | 4 +- CVE-2025/CVE-2025-17xx/CVE-2025-1704.json | 4 +- CVE-2025/CVE-2025-20xx/CVE-2025-2073.json | 4 +- CVE-2025/CVE-2025-25xx/CVE-2025-2509.json | 25 ++++ CVE-2025/CVE-2025-32xx/CVE-2025-3248.json | 6 +- CVE-2025/CVE-2025-330xx/CVE-2025-33028.json | 6 +- CVE-2025/CVE-2025-42xx/CVE-2025-4298.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-42xx/CVE-2025-4299.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-43xx/CVE-2025-4300.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-43xx/CVE-2025-4301.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-43xx/CVE-2025-4303.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-467xx/CVE-2025-46728.json | 60 ++++++++ CVE-2025/CVE-2025-472xx/CVE-2025-47268.json | 10 +- README.md | 36 +++-- _state.csv | 41 +++--- 18 files changed, 891 insertions(+), 46 deletions(-) create mode 100644 CVE-2025/CVE-2025-25xx/CVE-2025-2509.json create mode 100644 CVE-2025/CVE-2025-42xx/CVE-2025-4298.json create mode 100644 CVE-2025/CVE-2025-42xx/CVE-2025-4299.json create mode 100644 CVE-2025/CVE-2025-43xx/CVE-2025-4300.json create mode 100644 CVE-2025/CVE-2025-43xx/CVE-2025-4301.json create mode 100644 CVE-2025/CVE-2025-43xx/CVE-2025-4303.json create mode 100644 CVE-2025/CVE-2025-467xx/CVE-2025-46728.json diff --git a/CVE-2025/CVE-2025-11xx/CVE-2025-1121.json b/CVE-2025/CVE-2025-11xx/CVE-2025-1121.json index a53c5a000f5..48ef967294b 100644 --- a/CVE-2025/CVE-2025-11xx/CVE-2025-1121.json +++ b/CVE-2025/CVE-2025-11xx/CVE-2025-1121.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1121", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-03-07T00:15:34.360", - "lastModified": "2025-03-07T20:15:37.407", + "lastModified": "2025-05-06T01:15:48.787", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image." + "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image." }, { "lang": "es", @@ -52,6 +52,10 @@ } ], "references": [ + { + "url": "https://issues.chromium.org/issues/b/336153054", + "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f" + }, { "url": "https://issuetracker.google.com/issues/336153054", "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f" diff --git a/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json b/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json index 3e79e9dabec..5168804b2d8 100644 --- a/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json +++ b/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1122", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-15T20:15:38.317", - "lastModified": "2025-04-17T20:15:27.003", + "lastModified": "2025-05-06T01:15:49.777", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nBypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." + "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nBypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json index bc7bef53c50..3d6c30fc21c 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1566", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.767", - "lastModified": "2025-04-17T20:21:48.243", + "lastModified": "2025-05-06T01:15:50.030", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions." + "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions." }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json index 6fe864306c9..d132d26e4bd 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1568", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.853", - "lastModified": "2025-04-17T20:21:48.243", + "lastModified": "2025-05-06T01:15:50.163", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config." + "value": "or other security impacts via manipulating IPSET_ATTR_CIDR Netlink attribute without proper bounds checking on the modified IP address in bitmap_ip_uadt" }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json index d5d44916fb0..ec8e0bf1fc7 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1704", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.937", - "lastModified": "2025-04-17T20:21:48.243", + "lastModified": "2025-05-06T01:15:50.293", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 124.0.6367.34 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition." + "value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition." }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json index 4abf942cfd8..eba2fb0ce30 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json @@ -2,13 +2,13 @@ "id": "CVE-2025-2073", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:45.610", - "lastModified": "2025-04-17T20:21:48.243", + "lastModified": "2025-05-06T01:15:50.433", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands." + "value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure" }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2509.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2509.json new file mode 100644 index 00000000000..8c5d320f160 --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2509.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-2509", + "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", + "published": "2025-05-06T01:15:50.563", + "lastModified": "2025-05-06T01:15:50.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://issues.chromium.org/issues/b/385851796", + "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f" + }, + { + "url": "https://issuetracker.google.com/issues/385851796", + "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3248.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3248.json index a56ef2cfa35..697433c3d54 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3248.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3248.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3248", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-04-07T15:15:44.897", - "lastModified": "2025-04-09T19:15:50.270", + "lastModified": "2025-05-06T01:00:02.167", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -39,6 +39,10 @@ } ] }, + "cisaExploitAdd": "2025-05-05", + "cisaActionDue": "2025-05-26", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Langflow Missing Authentication Vulnerability", "weaknesses": [ { "source": "disclosure@vulncheck.com", diff --git a/CVE-2025/CVE-2025-330xx/CVE-2025-33028.json b/CVE-2025/CVE-2025-330xx/CVE-2025-33028.json index dfc1c9d2f60..e81aadb4c61 100644 --- a/CVE-2025/CVE-2025-330xx/CVE-2025-33028.json +++ b/CVE-2025/CVE-2025-330xx/CVE-2025-33028.json @@ -2,7 +2,7 @@ "id": "CVE-2025-33028", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T18:15:53.333", - "lastModified": "2025-04-15T18:39:27.967", + "lastModified": "2025-05-06T01:15:50.660", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -56,6 +56,10 @@ "url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33028%20%28WinZip%29/CVE-2025-33028.md", "source": "cve@mitre.org" }, + { + "url": "https://github.com/EnisAksu/Argonis/commit/5e1ff4e5f4fdb3f32aab465f7b429e0b91299d1d", + "source": "cve@mitre.org" + }, { "url": "https://kb.winzip.com/help/help_whatsnew.htm", "source": "cve@mitre.org" diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4298.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4298.json new file mode 100644 index 00000000000..6f18759c7ea --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4298.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4298", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-06T00:15:15.620", + "lastModified": "2025-05-06T00:15:15.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206formSetCfm/formSetCfm.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307402", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307402", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.563557", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4299.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4299.json new file mode 100644 index 00000000000..edac43177cf --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4299.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4299", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-06T00:15:16.620", + "lastModified": "2025-05-06T00:15:16.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206setSchedWifi/setSchedWifi.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307403", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307403", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.563558", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4300.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4300.json new file mode 100644 index 00000000000..603e1533f71 --- /dev/null +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4300.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4300", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-06T00:15:16.797", + "lastModified": "2025-05-06T00:15:16.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/6BXK6/cve/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://itsourcecode.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307404", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307404", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.563623", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4301.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4301.json new file mode 100644 index 00000000000..9d297a41d0f --- /dev/null +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4301.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4301", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-06T01:15:51.067", + "lastModified": "2025-05-06T01:15:51.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/6BXK6/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://itsourcecode.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307405", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307405", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.563625", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4303.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4303.json new file mode 100644 index 00000000000..9458443db32 --- /dev/null +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4303.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4303", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-06T01:15:51.240", + "lastModified": "2025-05-06T01:15:51.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eneover/myCVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307406", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307406", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.563706", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46728.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46728.json new file mode 100644 index 00000000000..c9c088bdde4 --- /dev/null +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46728.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-46728", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-06T01:15:50.790", + "lastModified": "2025-05-06T01:15:50.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-px83-72rx-v57c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json index 60e6c9a9cba..72c0935a99d 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47268.json @@ -2,7 +2,7 @@ "id": "CVE-2025-47268", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-05T14:15:29.063", - "lastModified": "2025-05-05T20:54:19.760", + "lastModified": "2025-05-06T01:15:50.930", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -48,6 +48,10 @@ } ], "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1242300", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Zephkek/ping-rtt-overflow/", "source": "cve@mitre.org" @@ -56,6 +60,10 @@ "url": "https://github.com/iputils/iputils/issues/584", "source": "cve@mitre.org" }, + { + "url": "https://github.com/iputils/iputils/pull/585", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Zephkek/ping-rtt-overflow/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" diff --git a/README.md b/README.md index b89705cbe70..6bec57a9481 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-05T23:55:19.157983+00:00 +2025-05-06T02:00:20.039458+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-05T23:15:48.130000+00:00 +2025-05-06T01:15:51.240000+00:00 ``` ### Last Data Feed Release @@ -27,33 +27,41 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-05-05T00:00:04.337840+00:00 +2025-05-06T00:00:04.312835+00:00 ``` ### Total Number of included CVEs ```plain -292594 +292601 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `7` -- [CVE-2025-4290](CVE-2025/CVE-2025-42xx/CVE-2025-4290.json) (`2025-05-05T22:15:17.293`) -- [CVE-2025-4291](CVE-2025/CVE-2025-42xx/CVE-2025-4291.json) (`2025-05-05T22:15:17.550`) -- [CVE-2025-4292](CVE-2025/CVE-2025-42xx/CVE-2025-4292.json) (`2025-05-05T23:15:47.437`) -- [CVE-2025-4293](CVE-2025/CVE-2025-42xx/CVE-2025-4293.json) (`2025-05-05T23:15:47.960`) -- [CVE-2025-4297](CVE-2025/CVE-2025-42xx/CVE-2025-4297.json) (`2025-05-05T23:15:48.130`) -- [CVE-2025-44071](CVE-2025/CVE-2025-440xx/CVE-2025-44071.json) (`2025-05-05T22:15:16.210`) -- [CVE-2025-44072](CVE-2025/CVE-2025-440xx/CVE-2025-44072.json) (`2025-05-05T22:15:17.077`) -- [CVE-2025-44074](CVE-2025/CVE-2025-440xx/CVE-2025-44074.json) (`2025-05-05T22:15:17.187`) +- [CVE-2025-2509](CVE-2025/CVE-2025-25xx/CVE-2025-2509.json) (`2025-05-06T01:15:50.563`) +- [CVE-2025-4298](CVE-2025/CVE-2025-42xx/CVE-2025-4298.json) (`2025-05-06T00:15:15.620`) +- [CVE-2025-4299](CVE-2025/CVE-2025-42xx/CVE-2025-4299.json) (`2025-05-06T00:15:16.620`) +- [CVE-2025-4300](CVE-2025/CVE-2025-43xx/CVE-2025-4300.json) (`2025-05-06T00:15:16.797`) +- [CVE-2025-4301](CVE-2025/CVE-2025-43xx/CVE-2025-4301.json) (`2025-05-06T01:15:51.067`) +- [CVE-2025-4303](CVE-2025/CVE-2025-43xx/CVE-2025-4303.json) (`2025-05-06T01:15:51.240`) +- [CVE-2025-46728](CVE-2025/CVE-2025-467xx/CVE-2025-46728.json) (`2025-05-06T01:15:50.790`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `9` +- [CVE-2025-1121](CVE-2025/CVE-2025-11xx/CVE-2025-1121.json) (`2025-05-06T01:15:48.787`) +- [CVE-2025-1122](CVE-2025/CVE-2025-11xx/CVE-2025-1122.json) (`2025-05-06T01:15:49.777`) +- [CVE-2025-1566](CVE-2025/CVE-2025-15xx/CVE-2025-1566.json) (`2025-05-06T01:15:50.030`) +- [CVE-2025-1568](CVE-2025/CVE-2025-15xx/CVE-2025-1568.json) (`2025-05-06T01:15:50.163`) +- [CVE-2025-1704](CVE-2025/CVE-2025-17xx/CVE-2025-1704.json) (`2025-05-06T01:15:50.293`) +- [CVE-2025-2073](CVE-2025/CVE-2025-20xx/CVE-2025-2073.json) (`2025-05-06T01:15:50.433`) +- [CVE-2025-3248](CVE-2025/CVE-2025-32xx/CVE-2025-3248.json) (`2025-05-06T01:00:02.167`) +- [CVE-2025-33028](CVE-2025/CVE-2025-330xx/CVE-2025-33028.json) (`2025-05-06T01:15:50.660`) +- [CVE-2025-47268](CVE-2025/CVE-2025-472xx/CVE-2025-47268.json) (`2025-05-06T01:15:50.930`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b4fb31c980f..cc487093804 100644 --- a/_state.csv +++ b/_state.csv @@ -282525,8 +282525,8 @@ CVE-2025-1116,0,0,00a59e293e16dcad8521027625075db7b6762697e4bdc6e6648fad6aa58723 CVE-2025-1117,0,0,689febb6066d1fec82c60e215bad724ad5df8fa85c4636fc9e776b8da79fe4d3,2025-02-08T13:15:07.843000 CVE-2025-1118,0,0,1d46e95b87fe7edb9839b43fa6447bac85df34e285b438ecef13347991dc098d,2025-02-19T18:15:24.280000 CVE-2025-1119,0,0,ed2f2afd1626a47beb4c308f115314a6b5ebef6317483cf0ebb458fbd885cde2,2025-03-13T07:15:36.517000 -CVE-2025-1121,0,0,36336719a8fc7e490de8e97b74c4019752aded484ea901d0728819ba1b3a99a9,2025-03-07T20:15:37.407000 -CVE-2025-1122,0,0,5163459991bcc2ca4c14970539c6173442043fcb554f52d0dba4aaa354635869,2025-04-17T20:15:27.003000 +CVE-2025-1121,0,1,1d5e082757754b39ee885fcc9c9fedaa0af532ca619f7a902e79437ba54b79fa,2025-05-06T01:15:48.787000 +CVE-2025-1122,0,1,487698333e66815ca37b05ce2334c012549f0fe365be5f3b63ab573f3351b5c0,2025-05-06T01:15:49.777000 CVE-2025-1125,0,0,2f04992a8811506ffd86df04ce8fd4c4eaf818b2350c9b37d99c1e9008bb7d98,2025-03-05T21:15:19.707000 CVE-2025-1126,0,0,75a0af68b2de42873e4ee33ccd68bb162ec9dabf122dea8ebb0bf11a24b953a1,2025-02-11T17:15:23.537000 CVE-2025-1127,0,0,5cab03037829677b3ff4c77d268b6ebc0b526a062cfabc702392a7f88c64ffc1,2025-02-13T19:15:14.153000 @@ -282854,8 +282854,8 @@ CVE-2025-1560,0,0,5806fdd5d9f8e8a09704d33fd8caadc121e4fbb048f372fad8d43065a1e4a1 CVE-2025-1561,0,0,c0dd475a880b302ad58d5da65215c03a4b2329b9f43fd50459164bc801594e00,2025-03-13T05:15:27.890000 CVE-2025-1564,0,0,9d62e5431da133f133499b29bcb96aa13e41c1b673396891299a0b15aab9c828,2025-03-01T08:15:34.007000 CVE-2025-1565,0,0,35456b68df2d2d86ef4d0fb4554495a75d56271b6d28363288295dec6a61577e,2025-04-29T13:52:28.490000 -CVE-2025-1566,0,0,fc56146fb03a3dbcd51d4bbc8b3d5707608ca3de1587e79560c9713cf3561b0b,2025-04-17T20:21:48.243000 -CVE-2025-1568,0,0,49ee6979a05431178acf9060ad06ee685044c8cf4382f79c544553e22332ccf6,2025-04-17T20:21:48.243000 +CVE-2025-1566,0,1,b62614d5a9b64c7c70aa72ecefcdd1eced14936f4f2bd9f2f3dab198c8a80ced,2025-05-06T01:15:50.030000 +CVE-2025-1568,0,1,9940a167bb8d3cf2bb6984853eda4425eba29dda22cacc146a5abf3ead2dba3f,2025-05-06T01:15:50.163000 CVE-2025-1570,0,0,e2c8a697fd328cfac1cb14bcdda0501641702037da6bc6d3e9d43d7d6e474d73,2025-03-06T15:35:59.507000 CVE-2025-1571,0,0,4a5ce435e807c5b239e456baa952536949a7ac8152f73e9932b99f88f9a0505f,2025-03-07T17:29:48.903000 CVE-2025-1572,0,0,d28a5728a56447e48ca8ae17f33703e0f0c8651ed23960a40cc6c85b9a58b7d9,2025-03-06T17:52:25.813000 @@ -282962,7 +282962,7 @@ CVE-2025-1696,0,0,a4ebe2093d6db003a81772653e3b8096038d292b86e17d8021513423bef33f CVE-2025-1697,0,0,419964dd027623ddd628c29949c81bd3d5bf673e4cbac859628f2226ec230f6a,2025-04-21T14:23:45.950000 CVE-2025-1702,0,0,8350c512bb427a18e75fe369e7c514680d305e4b55cc00b262ae74877fe4e9d9,2025-03-05T12:15:35.420000 CVE-2025-1703,0,0,50c927778c00387d209f1db495acb3fcdf772388903cfdf917baab839124a719,2025-03-27T16:45:27.850000 -CVE-2025-1704,0,0,fdfe8f77f05e0dadb609d21e042820f70d61e924848ae558588ad0de6d4a3874,2025-04-17T20:21:48.243000 +CVE-2025-1704,0,1,45ed10bd85c28150ffd6d9e18a4e608ac36e439afa1d7fa6e04c31ca92cc52dc,2025-05-06T01:15:50.293000 CVE-2025-1705,0,0,269e355c7cfca537a526c588669165c0e79ec506469175122c59352a58fa4621,2025-03-28T18:11:40.180000 CVE-2025-1707,0,0,eb806af042366277371dce5ba4e4d20eb3821597874c2eb4040b48171f171ef9,2025-03-11T22:15:12.583000 CVE-2025-1714,0,0,6e67e5fe1ad7d1f8ea60e413f9fa7e7e2f63bd8d4c4369040436660c144fa80c,2025-03-07T05:15:16.233000 @@ -283391,7 +283391,7 @@ CVE-2025-2069,0,0,3be67bf54f8ec61314fa1aeec7cad10107ab60b66fe6d57dfc7b2068092e59 CVE-2025-2070,0,0,aa6c57d00653559715f3617271164e399083db51bc42952895ad83bcf08a7d15,2025-04-29T13:52:28.490000 CVE-2025-2071,0,0,f72741a6a8cd10ef9b626183eff7ab8b6e66837ba6759a6a57e284a984d113e1,2025-04-01T20:26:30.593000 CVE-2025-2072,0,0,8e644488e83c18f58cc5036e9fa9ebc749bbf6017963c3bc2cbe7baae1385ee2,2025-04-01T20:26:30.593000 -CVE-2025-2073,0,0,fc10ababbf8373900b5713f91968840484da4d2770ad8c6061e69236b6547e46,2025-04-17T20:21:48.243000 +CVE-2025-2073,0,1,88075f0ce626adb418a949452d2a02e99f2b986d6eabe1932037ab2f9d005ef5,2025-05-06T01:15:50.433000 CVE-2025-2074,0,0,ca58bf592b5066d06227c815801f5f95341e4e9e4e43bd9476138e9763d951e8,2025-03-28T18:11:40.180000 CVE-2025-2075,0,0,ab55a51247ee2850d4e2152336537ca54db9312a277429beb604e88703e48472,2025-04-07T14:18:15.560000 CVE-2025-2076,0,0,00ee1e966380708f86d1fd0429f03d7c37fefb9ffe52967bfc3be03a24aac01a,2025-04-07T20:51:08.497000 @@ -286886,6 +286886,7 @@ CVE-2025-25086,0,0,7c1ce35e6de2f5baec518af2b81dadd84af2cb6cd833f4e01bd06da4ef664 CVE-2025-25087,0,0,873e858ca23aaa5e1381db85e3add8f072c79d735cf6e2fb2ffe5251d33c8a8a,2025-03-03T14:15:49.920000 CVE-2025-25088,0,0,19b513c75a563bafc3fa8ff6ccee8059f648de42a915840688d58d3b8fa92301,2025-02-07T10:15:14.260000 CVE-2025-25089,0,0,6ea1d167120c5a9c744497a359ef14c47d0c50c9a7012883c33b3c843e89652b,2025-03-03T14:15:50.053000 +CVE-2025-2509,1,1,15622edd8f0f12e747468c75d5c91be240d8633c5b78a60e5adc0f171d369a7d,2025-05-06T01:15:50.563000 CVE-2025-25090,0,0,bfd58132e86787f16200b192f7c0422ef404f744bcf3b7749a749195c6e91fc8,2025-03-03T14:15:50.197000 CVE-2025-25091,0,0,a542fd0c75799894cefcaf1b68ae91e64f2b423e9db55a3bbe6c17b8ea764d64,2025-02-07T10:15:14.440000 CVE-2025-25092,0,0,21818af459297eedfd23a8fa9ad07a7bf61256e46e6c401f3929541ab4ad3e53,2025-03-03T14:15:50.343000 @@ -290837,7 +290838,7 @@ CVE-2025-32476,0,0,9d54d65167184e122be5c3a790d5ad19d5abaa6b052713e592bcb27d26085 CVE-2025-32477,0,0,6aaeb344af7fac729d48ed1cd0817d6c11c34e76428c0bd5b074c3df21934506,2025-04-09T20:02:41.860000 CVE-2025-32478,0,0,dda56302d340936b33be9b172f0f1b3962b76b9c83b1ee4199324d81c031ab47,2025-04-09T20:02:41.860000 CVE-2025-32479,0,0,b7d955b884b51a00603f651098d158492571ad29bb823a91954e608a7b99ddc0,2025-04-09T20:02:41.860000 -CVE-2025-3248,0,0,9c54239426075f54251b799b9a99dbcd0f6c85534f10393ee8caadd1da693a4b,2025-04-09T19:15:50.270000 +CVE-2025-3248,0,1,533b6bb2ceecf4018cd36ec86fe0f15decda0fd01f0730d6b47ca879a8f9555e,2025-05-06T01:00:02.167000 CVE-2025-32480,0,0,711afe2b796a1e44af9b699c2c595c3275aeda4b147d8a6b27d1097823c9bac0,2025-04-09T20:02:41.860000 CVE-2025-32481,0,0,7097fbbfdba3ba35ffac1b5fb186ad1f4f1fd486b4c20c65ebbc9171d9d517f1,2025-04-09T20:02:41.860000 CVE-2025-32482,0,0,96ee5109c29a9fe3d3a067d0337de6dae0242f5696eaf770868728cdae675792,2025-04-09T20:02:41.860000 @@ -291260,7 +291261,7 @@ CVE-2025-3300,0,0,71838a45e38cfd4f9033706465f5d20314584bcf58aabb1bb7ca5cab40d521 CVE-2025-3301,0,0,b2cbbbf942710dc17dd30bf45e19011afe7becbc724cdeebd3bb45dd2691a5aa,2025-05-02T13:53:49.480000 CVE-2025-33026,0,0,16823ea87e15ed5dd06862f606f290dd47fd68e96dd8b001f96144de8d0bef0f,2025-04-22T17:37:37.900000 CVE-2025-33027,0,0,315132d50b588b2e2dcb36832e008e48471336783b88752c2b030500f9b618d4,2025-04-25T16:54:53.077000 -CVE-2025-33028,0,0,abe1ecf54490db7447f2cb4b6858d9b8e9d40393d98c0f7e51b205de8bc1fd46,2025-04-15T18:39:27.967000 +CVE-2025-33028,0,1,d10b7c0dfad3fcdf6e98b228bc3a645088136373e6ebf203ac0322a6c2690e9d,2025-05-06T01:15:50.660000 CVE-2025-3303,0,0,a88559a89b09c7db23c32ee2c85028152291b57ba44bc3a0730626f1d4cddeda,2025-04-08T15:02:36.210000 CVE-2025-3304,0,0,2ec25b3b916c9e696963707dba4544ab011813ba6a5064128b7ade1c94bf65f1,2025-04-07T14:17:50.220000 CVE-2025-3305,0,0,caed50d99616da9f2a70f5ff8ff690cbc48b6002cca415c3290f8e367603d490,2025-04-08T16:46:55.203000 @@ -292177,17 +292178,22 @@ CVE-2025-4286,0,0,bde0cd94b6e692169615ba63f6ec4b5fbdc79e46ca98982fb59b174b2f9768 CVE-2025-4287,0,0,b950397e5897bf93cddc6d2d4944e73e34d552a1c6949b8326d96f45be8e7d8f,2025-05-05T20:54:19.760000 CVE-2025-4288,0,0,910571bc82eb9356f3bc1a6206cc1afbb4734009aa004c2f9a70d5bdcdba7958,2025-05-05T21:15:47.410000 CVE-2025-4289,0,0,5d53cd66651aaa3d64d9697194493509111a3a286cf8841971976a2b1e0d433e,2025-05-05T21:15:47.580000 -CVE-2025-4290,1,1,3af4e95b99d90945fc61785da15daeadc0d39dc31c61865716f93053c1c866fb,2025-05-05T22:15:17.293000 -CVE-2025-4291,1,1,d3001950d00386c7ccde750172d229e53a6ec79c7b6c7fd9a07c529cbc54e70e,2025-05-05T22:15:17.550000 -CVE-2025-4292,1,1,1cee377df641ae79f8f6753b9eefe6ff9f8bf9578611228b4edbe1e1b33e7f65,2025-05-05T23:15:47.437000 +CVE-2025-4290,0,0,3af4e95b99d90945fc61785da15daeadc0d39dc31c61865716f93053c1c866fb,2025-05-05T22:15:17.293000 +CVE-2025-4291,0,0,d3001950d00386c7ccde750172d229e53a6ec79c7b6c7fd9a07c529cbc54e70e,2025-05-05T22:15:17.550000 +CVE-2025-4292,0,0,1cee377df641ae79f8f6753b9eefe6ff9f8bf9578611228b4edbe1e1b33e7f65,2025-05-05T23:15:47.437000 CVE-2025-42921,0,0,fe45c9bf48d8b64b0cac9604dcc1ad3071452dfd7112cafe12dd9c33c82af017,2025-04-23T15:25:30.927000 -CVE-2025-4293,1,1,ba31f10fd245fd08ecbb0a9c33fd7ff1462642f360c03eb44d247795b7996b8a,2025-05-05T23:15:47.960000 -CVE-2025-4297,1,1,f5bb68b526f9515eb5da915c80817b64987d81390353512781db4c2e2b988d56,2025-05-05T23:15:48.130000 +CVE-2025-4293,0,0,ba31f10fd245fd08ecbb0a9c33fd7ff1462642f360c03eb44d247795b7996b8a,2025-05-05T23:15:47.960000 +CVE-2025-4297,0,0,f5bb68b526f9515eb5da915c80817b64987d81390353512781db4c2e2b988d56,2025-05-05T23:15:48.130000 +CVE-2025-4298,1,1,e033ad628da0ab0da5bc78f3863e9b8746c3205107f96708b54b26cfda993ef1,2025-05-06T00:15:15.620000 +CVE-2025-4299,1,1,5558de1f3e847312d875008a3ad5bed46ee16151450255c3245600fd11244788,2025-05-06T00:15:16.620000 +CVE-2025-4300,1,1,084159d129f3e2167d74eb9720df596f6b367add80a85d5d56e411001a02aaca,2025-05-06T00:15:16.797000 +CVE-2025-4301,1,1,ca1bb154b67cc7faa8a157305fee086ba671240aa00c36c27465349b161d58bf,2025-05-06T01:15:51.067000 CVE-2025-43012,0,0,f78eba67b396c6aab09f0e687e4ef58662e96b01c2404836843202e2dfdd4f0d,2025-04-17T20:21:05.203000 CVE-2025-43013,0,0,cea29fefbb7874147d20ca0439a948894c9ed92ca59da3ffe37724562ec07c4b,2025-04-23T15:29:33.910000 CVE-2025-43014,0,0,8c8e187893b05115834c1fe60888f6689d95da1f55e6603f1b98a0a40089dd30,2025-04-23T16:11:35.837000 CVE-2025-43015,0,0,e1099e2d690e6500afcce9f63f8d90a3ffca94e6d4b413f55df99246e9d63336,2025-04-25T16:30:24.887000 CVE-2025-43016,0,0,f2c72cd86df0dc4f466aff47f20427f717da38e7cfd3bc2cf6bf3e8b276a88fe,2025-04-29T13:52:28.490000 +CVE-2025-4303,1,1,e03cd90ddfa41ce42a0320a4483221761bfc6f695a3820e8c1b353574f2d2dd2,2025-05-06T01:15:51.240000 CVE-2025-4316,0,0,24c044bb41b9eae49511d240a09d718a7ae39c21518b82d962f42919e70aed71,2025-05-05T20:54:19.760000 CVE-2025-4318,0,0,07e30dbd13ea98560a7383c89d913662e5e8cc0ebe320bf2f95ada0f060c693d,2025-05-05T20:54:19.760000 CVE-2025-43595,0,0,639a97cf595df7ab33930e9fd17fe542d2f8123e314605b09346a74d940c7c9a,2025-05-02T13:52:51.693000 @@ -292257,9 +292263,9 @@ CVE-2025-43970,0,0,0eee68f03452fd74e03275fa878263098b1a2529d62f28de586df1e6a35bf CVE-2025-43971,0,0,ef6f9af4b679024ce0fc9356068ffe992f2b2adf0b8931f4de5eaba9e8bd1581,2025-04-21T14:23:45.950000 CVE-2025-43972,0,0,6cf5ff80d84e20a9d9ef8fb7311e786d26897e991bd2151d39ead59adce39290,2025-04-21T14:23:45.950000 CVE-2025-43973,0,0,13dab0fb1f701205cfd9cad27015dccaf756a3a9efa54232fb7a7485989ce4fa,2025-04-21T14:23:45.950000 -CVE-2025-44071,1,1,4db4f049d5404fea2e1fd6a7062a70ad512c431103b94bec64a6405ad248e4ed,2025-05-05T22:15:16.210000 -CVE-2025-44072,1,1,2c4772edfcd2d7fef71991692b75638b3c4358a9eaa84e641a7259e60f48dca5,2025-05-05T22:15:17.077000 -CVE-2025-44074,1,1,ea4ffa97fbd1047e8b660ede05137c3e3d624b48ee18138b208ab5a65f6290d1,2025-05-05T22:15:17.187000 +CVE-2025-44071,0,0,4db4f049d5404fea2e1fd6a7062a70ad512c431103b94bec64a6405ad248e4ed,2025-05-05T22:15:16.210000 +CVE-2025-44072,0,0,2c4772edfcd2d7fef71991692b75638b3c4358a9eaa84e641a7259e60f48dca5,2025-05-05T22:15:17.077000 +CVE-2025-44074,0,0,ea4ffa97fbd1047e8b660ede05137c3e3d624b48ee18138b208ab5a65f6290d1,2025-05-05T22:15:17.187000 CVE-2025-44134,0,0,c0decd3d363f604830285cd961562924fffe823a249ba621863dcb721cf11427,2025-04-29T13:52:47.470000 CVE-2025-44135,0,0,2f14d8cd913bdc3dc0575273f090317f2dea5d37f51e4b759398031eab8adf71,2025-04-29T13:52:47.470000 CVE-2025-44192,0,0,ed5b4ee2738ebde9b5e5926e31cf4f80d3be65ade8a2de02de84ac482777d480,2025-05-02T17:15:51.680000 @@ -292565,6 +292571,7 @@ CVE-2025-46719,0,0,eb95ba132fb6e0e0136d846843a0405b1cac89556444e6846ed916d708ddf CVE-2025-46720,0,0,90c649755d227a548dce467b122a4d002a4bc4f186f2e51a13843e808cbee659,2025-05-05T20:54:19.760000 CVE-2025-46723,0,0,23909492a9ee443fd9ae3060d2ebc8db94328dcc9cf17248e4a0a9a7d6a6e953,2025-05-05T20:54:19.760000 CVE-2025-46726,0,0,a5c3457a98b8253fc80b489b12eca0a82eccd6453a36199f0c69a3913e03d1ec,2025-05-05T20:54:19.760000 +CVE-2025-46728,1,1,25056e30223f0579a1ecb6db2faf763c78a99fd0feda24005d537ef2215a5e54,2025-05-06T01:15:50.790000 CVE-2025-46730,0,0,15db10087988a8a4609af678019f74fe3949662d8e4f9647f0842229b29ba86a,2025-05-05T20:54:19.760000 CVE-2025-46731,0,0,d939505e71390728d12449de6291ae6aef05dceb7cdfc98e3c94d607bd56503c,2025-05-05T20:54:19.760000 CVE-2025-46734,0,0,fc314dbe006ed28739fc25674a0f2ba6f4e80880ce69c0f16bfb5aae822a6301,2025-05-05T20:54:19.760000 @@ -292592,4 +292599,4 @@ CVE-2025-47240,0,0,6f2483b413224281be63c9ed06c49c6df7591950e649ffc34f5e0ba5adfd4 CVE-2025-47241,0,0,e6026e6d2c9de181673c4796b4be764460f13f46e5c7740556386399acfbeb9e,2025-05-05T20:54:19.760000 CVE-2025-47244,0,0,ad1e1c4dfd55bab2d736197fba1ed6a6c86b41cee6c4f24c064e7932fb865a5b,2025-05-05T20:54:19.760000 CVE-2025-47245,0,0,7b2364c00905e8788c2fdd2e6bd15f21012a4e700ac145a877fe64795e90a7fb,2025-05-05T20:54:19.760000 -CVE-2025-47268,0,0,6c5628fc141640947abe09b24f32d1e6e07cdf2a0e6e68cca436c364300bba3f,2025-05-05T20:54:19.760000 +CVE-2025-47268,0,1,9164f0f2227c82aa6c81aaf8b4e6a07a0f28beff9c5ae89a92191e6ce4b320f0,2025-05-06T01:15:50.930000