diff --git a/CVE-2025/CVE-2025-534xx/CVE-2025-53483.json b/CVE-2025/CVE-2025-534xx/CVE-2025-53483.json new file mode 100644 index 00000000000..6e6a71c876d --- /dev/null +++ b/CVE-2025/CVE-2025-534xx/CVE-2025-53483.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-53483", + "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "published": "2025-07-04T18:15:22.790", + "lastModified": "2025-07-04T18:15:22.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/1149618", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + }, + { + "url": "https://gerrit.wikimedia.org/r/1149664", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + }, + { + "url": "https://phabricator.wikimedia.org/T392341", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-534xx/CVE-2025-53484.json b/CVE-2025/CVE-2025-534xx/CVE-2025-53484.json new file mode 100644 index 00000000000..b5f7d803b48 --- /dev/null +++ b/CVE-2025/CVE-2025-534xx/CVE-2025-53484.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-53484", + "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "published": "2025-07-04T18:15:23.380", + "lastModified": "2025-07-04T18:15:23.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "User-controlled inputs are improperly escaped in:\n\n\n\n\n * \nVotePage.php (poll option input)\n\n\n\n * \nResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)\n\n\n\n\n\n\n\n\n\n\n\n\nThis allows attackers to inject JavaScript and compromise user sessions under certain conditions.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/1149655", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + }, + { + "url": "https://gerrit.wikimedia.org/r/1149669", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + }, + { + "url": "https://phabricator.wikimedia.org/T392341", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-534xx/CVE-2025-53485.json b/CVE-2025/CVE-2025-534xx/CVE-2025-53485.json new file mode 100644 index 00000000000..f9c5e114cff --- /dev/null +++ b/CVE-2025/CVE-2025-534xx/CVE-2025-53485.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-53485", + "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "published": "2025-07-04T18:15:23.497", + "lastModified": "2025-07-04T18:15:23.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/149668", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + }, + { + "url": "https://phabricator.wikimedia.org/T392341", + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-70xx/CVE-2025-7067.json b/CVE-2025/CVE-2025-70xx/CVE-2025-7067.json new file mode 100644 index 00000000000..e4f75a25516 --- /dev/null +++ b/CVE-2025/CVE-2025-70xx/CVE-2025-7067.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7067", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-04T18:15:23.610", + "lastModified": "2025-07-04T18:15:23.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HDFGroup/hdf5/issues/5577", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/20623499/hdf5_crash_9.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.314902", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.314902", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.602536", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1329be34baa..a920b0c2196 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-04T18:00:11.201669+00:00 +2025-07-04T20:00:11.282271+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-04T16:15:22.320000+00:00 +2025-07-04T18:15:23.610000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300425 +300429 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `4` -- [CVE-2025-53481](CVE-2025/CVE-2025-534xx/CVE-2025-53481.json) (`2025-07-04T16:15:22.167`) -- [CVE-2025-53482](CVE-2025/CVE-2025-534xx/CVE-2025-53482.json) (`2025-07-04T16:15:22.320`) +- [CVE-2025-53483](CVE-2025/CVE-2025-534xx/CVE-2025-53483.json) (`2025-07-04T18:15:22.790`) +- [CVE-2025-53484](CVE-2025/CVE-2025-534xx/CVE-2025-53484.json) (`2025-07-04T18:15:23.380`) +- [CVE-2025-53485](CVE-2025/CVE-2025-534xx/CVE-2025-53485.json) (`2025-07-04T18:15:23.497`) +- [CVE-2025-7067](CVE-2025/CVE-2025-70xx/CVE-2025-7067.json) (`2025-07-04T18:15:23.610`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 63b92006211..cb93f5cd7f2 100644 --- a/_state.csv +++ b/_state.csv @@ -299243,8 +299243,11 @@ CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2c CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000 CVE-2025-53415,0,0,a69e8e91492110c4dbcf675778ea91b79a25d896361aa62120c18b659d9f38c5,2025-07-01T08:15:24.610000 CVE-2025-53416,0,0,5766bb5741c2eb8f5d7acde7664083885dadd438f2f420d57a6193893c29ac92,2025-06-30T10:15:26.127000 -CVE-2025-53481,1,1,1c051551cffe76b0d474f6e015c338541c0bfd354ef6be284333e122485d826c,2025-07-04T16:15:22.167000 -CVE-2025-53482,1,1,5eba40710e02310ba1ecb93085ddc4dc0cc4fa5b62b8ed248a2bb7696c4ab7d3,2025-07-04T16:15:22.320000 +CVE-2025-53481,0,0,1c051551cffe76b0d474f6e015c338541c0bfd354ef6be284333e122485d826c,2025-07-04T16:15:22.167000 +CVE-2025-53482,0,0,5eba40710e02310ba1ecb93085ddc4dc0cc4fa5b62b8ed248a2bb7696c4ab7d3,2025-07-04T16:15:22.320000 +CVE-2025-53483,1,1,b9bb55989c3fd3c1cf55d058e4583af35124f2974234424179c7e6a11dd9be9f,2025-07-04T18:15:22.790000 +CVE-2025-53484,1,1,23699d3877e9948e53fca5253353cc14405051c565fc0e33dec2a42a78d9203f,2025-07-04T18:15:23.380000 +CVE-2025-53485,1,1,759f453eaf0a8d3f91777cb43171b84b861d8c50e5a91c37b68da9a1356b0dc9,2025-07-04T18:15:23.497000 CVE-2025-53489,0,0,6769a7875609bf94b88a0e114ee9f59c80c8131a1c840fb5a9a3308771e635ea,2025-07-03T18:15:21.710000 CVE-2025-5349,0,0,c3dba6df59d2293dc5933fab4b44180a83c69961191d6e1c8668a3b028af5d72,2025-06-17T20:50:23.507000 CVE-2025-53490,0,0,e9251db1fea5e6093c2fe7b28bed6cbf3c105295c53f6dbe7693f6d5d13423ff,2025-07-03T18:15:22 @@ -300424,3 +300427,4 @@ CVE-2025-7053,0,0,7c553631a1754842980c905e7a5036f2578e53e5fdd6a16c5f10c740b90f1d CVE-2025-7060,0,0,91da01898395bdf026b99c0a46900d94a8a4f57665e6550c84b17fbf8659b9cf,2025-07-04T11:15:51.683000 CVE-2025-7061,0,0,15674a6a6cc800d5a0b5940feb3e192f9e740b04c9aff814dfdb24e1d8ce91ae,2025-07-04T13:15:25.987000 CVE-2025-7066,0,0,998f6b55a42342a8b0f4fda5076c6090356f0a52d1edd36c9bb39b315048f315,2025-07-04T12:15:35.740000 +CVE-2025-7067,1,1,ef4baff7115bd21a0a6909e0c3045023f49e50286af658a7d9865083709da10c,2025-07-04T18:15:23.610000