admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-07-04T20:00:11.282271+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-07-04 20:03:48 +00:00
parent 9f24c69fd2
commit 73e63f885a
6 changed files with 278 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2025/CVE-2025-534xx/CVE-2025-53483.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-53483",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-07-04T18:15:22.790",
"lastModified": "2025-07-04T18:15:22.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/1149618",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://gerrit.wikimedia.org/r/1149664",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T392341",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

41
CVE-2025/CVE-2025-534xx/CVE-2025-53484.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2025-53484",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-07-04T18:15:23.380",
"lastModified": "2025-07-04T18:15:23.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User-controlled inputs are improperly escaped in:\n\n\n\n\n * \nVotePage.php (poll option input)\n\n\n\n * \nResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)\n\n\n\n\n\n\n\n\n\n\n\n\nThis allows attackers to inject JavaScript and compromise user sessions under certain conditions.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/1149655",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://gerrit.wikimedia.org/r/1149669",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T392341",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

37
CVE-2025/CVE-2025-534xx/CVE-2025-53485.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-53485",
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"published": "2025-07-04T18:15:23.497",
"lastModified": "2025-07-04T18:15:23.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/149668",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
},
{
"url": "https://phabricator.wikimedia.org/T392341",
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
]
}

145
CVE-2025/CVE-2025-70xx/CVE-2025-7067.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-7067",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-04T18:15:23.610",
"lastModified": "2025-07-04T18:15:23.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/HDFGroup/hdf5/issues/5577",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/20623499/hdf5_crash_9.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.314902",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.314902",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.602536",
"source": "cna@vuldb.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-07-04T18:00:11.201669+00:00
2025-07-04T20:00:11.282271+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-07-04T16:15:22.320000+00:00
2025-07-04T18:15:23.610000+00:00
```
### Last Data Feed Release
@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
300425
300429
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `4`
- [CVE-2025-53481](CVE-2025/CVE-2025-534xx/CVE-2025-53481.json) (`2025-07-04T16:15:22.167`)
- [CVE-2025-53482](CVE-2025/CVE-2025-534xx/CVE-2025-53482.json) (`2025-07-04T16:15:22.320`)
- [CVE-2025-53483](CVE-2025/CVE-2025-534xx/CVE-2025-53483.json) (`2025-07-04T18:15:22.790`)
- [CVE-2025-53484](CVE-2025/CVE-2025-534xx/CVE-2025-53484.json) (`2025-07-04T18:15:23.380`)
- [CVE-2025-53485](CVE-2025/CVE-2025-534xx/CVE-2025-53485.json) (`2025-07-04T18:15:23.497`)
- [CVE-2025-7067](CVE-2025/CVE-2025-70xx/CVE-2025-7067.json) (`2025-07-04T18:15:23.610`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -299243,8 +299243,11 @@ CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2c
CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000
CVE-2025-53415,0,0,a69e8e91492110c4dbcf675778ea91b79a25d896361aa62120c18b659d9f38c5,2025-07-01T08:15:24.610000
CVE-2025-53416,0,0,5766bb5741c2eb8f5d7acde7664083885dadd438f2f420d57a6193893c29ac92,2025-06-30T10:15:26.127000
CVE-2025-53481,1,1,1c051551cffe76b0d474f6e015c338541c0bfd354ef6be284333e122485d826c,2025-07-04T16:15:22.167000
CVE-2025-53482,1,1,5eba40710e02310ba1ecb93085ddc4dc0cc4fa5b62b8ed248a2bb7696c4ab7d3,2025-07-04T16:15:22.320000
CVE-2025-53481,0,0,1c051551cffe76b0d474f6e015c338541c0bfd354ef6be284333e122485d826c,2025-07-04T16:15:22.167000
CVE-2025-53482,0,0,5eba40710e02310ba1ecb93085ddc4dc0cc4fa5b62b8ed248a2bb7696c4ab7d3,2025-07-04T16:15:22.320000
CVE-2025-53483,1,1,b9bb55989c3fd3c1cf55d058e4583af35124f2974234424179c7e6a11dd9be9f,2025-07-04T18:15:22.790000
CVE-2025-53484,1,1,23699d3877e9948e53fca5253353cc14405051c565fc0e33dec2a42a78d9203f,2025-07-04T18:15:23.380000
CVE-2025-53485,1,1,759f453eaf0a8d3f91777cb43171b84b861d8c50e5a91c37b68da9a1356b0dc9,2025-07-04T18:15:23.497000
CVE-2025-53489,0,0,6769a7875609bf94b88a0e114ee9f59c80c8131a1c840fb5a9a3308771e635ea,2025-07-03T18:15:21.710000
CVE-2025-5349,0,0,c3dba6df59d2293dc5933fab4b44180a83c69961191d6e1c8668a3b028af5d72,2025-06-17T20:50:23.507000
CVE-2025-53490,0,0,e9251db1fea5e6093c2fe7b28bed6cbf3c105295c53f6dbe7693f6d5d13423ff,2025-07-03T18:15:22
@ -300424,3 +300427,4 @@ CVE-2025-7053,0,0,7c553631a1754842980c905e7a5036f2578e53e5fdd6a16c5f10c740b90f1d
CVE-2025-7060,0,0,91da01898395bdf026b99c0a46900d94a8a4f57665e6550c84b17fbf8659b9cf,2025-07-04T11:15:51.683000
CVE-2025-7061,0,0,15674a6a6cc800d5a0b5940feb3e192f9e740b04c9aff814dfdb24e1d8ce91ae,2025-07-04T13:15:25.987000
CVE-2025-7066,0,0,998f6b55a42342a8b0f4fda5076c6090356f0a52d1edd36c9bb39b315048f315,2025-07-04T12:15:35.740000
CVE-2025-7067,1,1,ef4baff7115bd21a0a6909e0c3045023f49e50286af658a7d9865083709da10c,2025-07-04T18:15:23.610000

Can't render this file because it is too large.