diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3661.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3661.json new file mode 100644 index 00000000000..9566a7c259b --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3661.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-3661", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-19T10:15:14.200", + "lastModified": "2025-04-19T10:15:14.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/sb-chart-block/trunk/sb-chart-block.php#L104", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3276462/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/sb-chart-block/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6afe4b6-c38c-46fa-82d5-95cb35c2c30f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3798.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3798.json new file mode 100644 index 00000000000..42a23e61c72 --- /dev/null +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3798.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3798", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-19T10:15:15.470", + "lastModified": "2025-04-19T10:15:15.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/IceFoxH/VULN/issues/16", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.305651", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.305651", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.554696", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3799.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3799.json new file mode 100644 index 00000000000..34b0fb4fd79 --- /dev/null +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3799.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3799", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-19T11:15:48.967", + "lastModified": "2025-04-19T11:15:48.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/IceFoxH/VULN/issues/15", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.305652", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.305652", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.554697", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f4d1b39d2b8..89ae53e25c4 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-19T10:00:19.885624+00:00 +2025-04-19T12:00:22.886766+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-19T08:15:13.780000+00:00 +2025-04-19T11:15:48.967000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290902 +290905 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2021-4455](CVE-2021/CVE-2021-44xx/CVE-2021-4455.json) (`2025-04-19T08:15:13.220`) -- [CVE-2025-3404](CVE-2025/CVE-2025-34xx/CVE-2025-3404.json) (`2025-04-19T08:15:13.780`) +- [CVE-2025-3661](CVE-2025/CVE-2025-36xx/CVE-2025-3661.json) (`2025-04-19T10:15:14.200`) +- [CVE-2025-3798](CVE-2025/CVE-2025-37xx/CVE-2025-3798.json) (`2025-04-19T10:15:15.470`) +- [CVE-2025-3799](CVE-2025/CVE-2025-37xx/CVE-2025-3799.json) (`2025-04-19T11:15:48.967`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index db088b44374..7d8da488847 100644 --- a/_state.csv +++ b/_state.csv @@ -185737,7 +185737,7 @@ CVE-2021-44545,0,0,7028fb142f00073c7946b672f2300046564e5efec3c7e574f45814b31d120 CVE-2021-44547,0,0,e1b35c68e3f8401880b07e59afed19077e4b56bdf48baaf8c949e189dc39ea7d,2024-11-21T06:31:12.333000 CVE-2021-44548,0,0,2d48fe28684af15895e9773f250bbc741ea4fa16501618e309cd4c435b91ba16,2024-11-21T06:31:12.457000 CVE-2021-44549,0,0,6831fced5594a6b4a5cbff2541e9ce1a0eee5f7b4b4f48df146da51cfd776065,2024-11-21T06:31:12.580000 -CVE-2021-4455,1,1,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000 +CVE-2021-4455,0,0,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000 CVE-2021-44550,0,0,5af7bba0e92faa96a09f9ee5deb8cb2046d16ed1b302b816e3cf61ed174716e4,2024-11-21T06:31:12.700000 CVE-2021-44554,0,0,7b13dd9b102d97854d9adf8fa6293bdf2ea7c2db3b1b708995b7e3f84448bbc1,2024-11-21T06:31:12.863000 CVE-2021-44556,0,0,454fb7c4653e03c3f25c76ed117d4fae318942e2f143daa705119ac6b412f0d0,2024-11-21T06:31:13.033000 @@ -290557,7 +290557,7 @@ CVE-2025-3400,0,0,cf8d2677c113eaba5cb7e83bc217fa3a16d8d96bb1f2d78546954dbd49132a CVE-2025-3401,0,0,631e8a4259cdba906c225d1eb0133c66fa3c13f4e78b0d1bc5178acd11ac745f,2025-04-09T14:11:52.510000 CVE-2025-3402,0,0,fb2eb5b194518a576d30d497d3c07d8afb7daa9ab5c7a3db51d822547dfc3965,2025-04-08T19:15:53.267000 CVE-2025-3403,0,0,5499ba1d1841e737df5ef1f2a2d32505df727eeda279da8a9f0ff20d660ca6b7,2025-04-08T19:15:53.387000 -CVE-2025-3404,1,1,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000 +CVE-2025-3404,0,0,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000 CVE-2025-3405,0,0,a31287bf487edd9888ccf3a2cc660111ad412bcd7d306362616791fdc35de9e0,2025-04-08T18:13:53.347000 CVE-2025-3406,0,0,7ba1ebe9a4174ed6e20c2f4fe1e75a4864d330055141a3dcb596eb92ec7fbc3a,2025-04-08T18:13:53.347000 CVE-2025-3407,0,0,e5cceac7b7d945db6bab90635fdc2ec04fc23eea7f5eaa5ff6a3dce8910502a2,2025-04-08T18:13:53.347000 @@ -290670,6 +290670,7 @@ CVE-2025-3619,0,0,293c2369eeb799ada0ad11425c8ed32f87c6c646f1c3261326f845aaabedee CVE-2025-3620,0,0,d8aa01c605b07a603d6961b3879b3ecdfe6e401672f5e6bb60b8a094d603532e,2025-04-17T20:21:48.243000 CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000 CVE-2025-3651,0,0,0d88deff7ea7df5b2f76479933db1e164c52ae4da2ee01153c4c1f7101550c92,2025-04-17T20:21:48.243000 +CVE-2025-3661,1,1,15727507d1a37434425fd2712c82b40186b882129509bef509b9af8fb04a397f,2025-04-19T10:15:14.200000 CVE-2025-36625,0,0,c1db7c1a963afe52868bb904c563f127fd3394c5cd64dc18e741c4bc19d0e0af,2025-04-18T20:15:16.807000 CVE-2025-3663,0,0,1ce80bfc94e480b50f27d0432deca8fffb2ad8de6b84f90469934d90488bc703,2025-04-16T13:25:37.340000 CVE-2025-3664,0,0,1768dbec432a631292ab0792b91b23e446ed218ac7ee245b57fd6eb101bb8145,2025-04-16T14:15:27.827000 @@ -290735,6 +290736,8 @@ CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd5655 CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000 CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000 CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000 +CVE-2025-3798,1,1,49bede486667491bd386d9371a86ace9dd4957610b395db7d0b1355696e9b2e5,2025-04-19T10:15:15.470000 +CVE-2025-3799,1,1,a7ff078c0a124529743a62bee727512421125a7cf086d3f94578c1d7ab6fdb6a,2025-04-19T11:15:48.967000 CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000 CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000 CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000