admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-19T12:00:22.886766+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-19 12:03:56 +00:00
parent 76f2d640b2
commit 7def98118f
5 changed files with 362 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CVE-2025/CVE-2025-36xx/CVE-2025-3661.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-3661",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T10:15:14.200",
"lastModified": "2025-04-19T10:15:14.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sb-chart-block/trunk/sb-chart-block.php#L104",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3276462/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/sb-chart-block/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6afe4b6-c38c-46fa-82d5-95cb35c2c30f?source=cve",
"source": "security@wordfence.com"
}
]
}

141
CVE-2025/CVE-2025-37xx/CVE-2025-3798.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3798",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-19T10:15:15.470",
"lastModified": "2025-04-19T10:15:15.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseScore": 5.8,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/16",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.305651",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.305651",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.554696",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-37xx/CVE-2025-3799.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3799",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-19T11:15:48.967",
"lastModified": "2025-04-19T11:15:48.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/IceFoxH/VULN/issues/15",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.305652",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.305652",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.554697",
"source": "cna@vuldb.com"
}
]
}

13
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-19T10:00:19.885624+00:00
2025-04-19T12:00:22.886766+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-19T08:15:13.780000+00:00
2025-04-19T11:15:48.967000+00:00
```
### Last Data Feed Release
@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
290902
290905
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `3`
- [CVE-2021-4455](CVE-2021/CVE-2021-44xx/CVE-2021-4455.json) (`2025-04-19T08:15:13.220`)
- [CVE-2025-3404](CVE-2025/CVE-2025-34xx/CVE-2025-3404.json) (`2025-04-19T08:15:13.780`)
- [CVE-2025-3661](CVE-2025/CVE-2025-36xx/CVE-2025-3661.json) (`2025-04-19T10:15:14.200`)
- [CVE-2025-3798](CVE-2025/CVE-2025-37xx/CVE-2025-3798.json) (`2025-04-19T10:15:15.470`)
- [CVE-2025-3799](CVE-2025/CVE-2025-37xx/CVE-2025-3799.json) (`2025-04-19T11:15:48.967`)
### CVEs modified in the last Commit

7
_state.csv
View File

@ -185737,7 +185737,7 @@ CVE-2021-44545,0,0,7028fb142f00073c7946b672f2300046564e5efec3c7e574f45814b31d120
CVE-2021-44547,0,0,e1b35c68e3f8401880b07e59afed19077e4b56bdf48baaf8c949e189dc39ea7d,2024-11-21T06:31:12.333000
CVE-2021-44548,0,0,2d48fe28684af15895e9773f250bbc741ea4fa16501618e309cd4c435b91ba16,2024-11-21T06:31:12.457000
CVE-2021-44549,0,0,6831fced5594a6b4a5cbff2541e9ce1a0eee5f7b4b4f48df146da51cfd776065,2024-11-21T06:31:12.580000
CVE-2021-4455,1,1,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000
CVE-2021-4455,0,0,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000
CVE-2021-44550,0,0,5af7bba0e92faa96a09f9ee5deb8cb2046d16ed1b302b816e3cf61ed174716e4,2024-11-21T06:31:12.700000
CVE-2021-44554,0,0,7b13dd9b102d97854d9adf8fa6293bdf2ea7c2db3b1b708995b7e3f84448bbc1,2024-11-21T06:31:12.863000
CVE-2021-44556,0,0,454fb7c4653e03c3f25c76ed117d4fae318942e2f143daa705119ac6b412f0d0,2024-11-21T06:31:13.033000
@ -290557,7 +290557,7 @@ CVE-2025-3400,0,0,cf8d2677c113eaba5cb7e83bc217fa3a16d8d96bb1f2d78546954dbd49132a
CVE-2025-3401,0,0,631e8a4259cdba906c225d1eb0133c66fa3c13f4e78b0d1bc5178acd11ac745f,2025-04-09T14:11:52.510000
CVE-2025-3402,0,0,fb2eb5b194518a576d30d497d3c07d8afb7daa9ab5c7a3db51d822547dfc3965,2025-04-08T19:15:53.267000
CVE-2025-3403,0,0,5499ba1d1841e737df5ef1f2a2d32505df727eeda279da8a9f0ff20d660ca6b7,2025-04-08T19:15:53.387000
CVE-2025-3404,1,1,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000
CVE-2025-3404,0,0,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000
CVE-2025-3405,0,0,a31287bf487edd9888ccf3a2cc660111ad412bcd7d306362616791fdc35de9e0,2025-04-08T18:13:53.347000
CVE-2025-3406,0,0,7ba1ebe9a4174ed6e20c2f4fe1e75a4864d330055141a3dcb596eb92ec7fbc3a,2025-04-08T18:13:53.347000
CVE-2025-3407,0,0,e5cceac7b7d945db6bab90635fdc2ec04fc23eea7f5eaa5ff6a3dce8910502a2,2025-04-08T18:13:53.347000
@ -290670,6 +290670,7 @@ CVE-2025-3619,0,0,293c2369eeb799ada0ad11425c8ed32f87c6c646f1c3261326f845aaabedee
CVE-2025-3620,0,0,d8aa01c605b07a603d6961b3879b3ecdfe6e401672f5e6bb60b8a094d603532e,2025-04-17T20:21:48.243000
CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000
CVE-2025-3651,0,0,0d88deff7ea7df5b2f76479933db1e164c52ae4da2ee01153c4c1f7101550c92,2025-04-17T20:21:48.243000
CVE-2025-3661,1,1,15727507d1a37434425fd2712c82b40186b882129509bef509b9af8fb04a397f,2025-04-19T10:15:14.200000
CVE-2025-36625,0,0,c1db7c1a963afe52868bb904c563f127fd3394c5cd64dc18e741c4bc19d0e0af,2025-04-18T20:15:16.807000
CVE-2025-3663,0,0,1ce80bfc94e480b50f27d0432deca8fffb2ad8de6b84f90469934d90488bc703,2025-04-16T13:25:37.340000
CVE-2025-3664,0,0,1768dbec432a631292ab0792b91b23e446ed218ac7ee245b57fd6eb101bb8145,2025-04-16T14:15:27.827000
@ -290735,6 +290736,8 @@ CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd5655
CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000
CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000
CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000
CVE-2025-3798,1,1,49bede486667491bd386d9371a86ace9dd4957610b395db7d0b1355696e9b2e5,2025-04-19T10:15:15.470000
CVE-2025-3799,1,1,a7ff078c0a124529743a62bee727512421125a7cf086d3f94578c1d7ab6fdb6a,2025-04-19T11:15:48.967000
CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000
CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000
CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000

Can't render this file because it is too large.