From 7f33d23501792e74e14aa9c3b929f1daea8b83b2 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 3 May 2025 12:03:59 +0000 Subject: [PATCH] Auto-Update: 2025-05-03T12:00:23.835271+00:00 --- CVE-2024/CVE-2024-581xx/CVE-2024-58135.json | 57 ++++++++ CVE-2025/CVE-2025-42xx/CVE-2025-4226.json | 145 ++++++++++++++++++++ README.md | 11 +- _state.csv | 4 +- 4 files changed, 211 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-581xx/CVE-2024-58135.json create mode 100644 CVE-2025/CVE-2025-42xx/CVE-2025-4226.json diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json new file mode 100644 index 00000000000..138c1242956 --- /dev/null +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58135.json @@ -0,0 +1,57 @@ +{ + "id": "CVE-2024-58135", + "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "published": "2025-05-03T11:15:48.037", + "lastModified": "2025-05-03T11:15:48.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.\n\nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hashcat/hashcat/pull/4090", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://github.com/mojolicious/mojo/pull/2200", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://perldoc.perl.org/functions/rand", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json new file mode 100644 index 00000000000..042478a7b02 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4226.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4226", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-03T11:15:49.283", + "lastModified": "2025-05-03T11:15:49.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/diyuzhishen/mycve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307323", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307323", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.562409", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 57bc03d5cb0..d59c19c2811 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-03T10:00:19.651807+00:00 +2025-05-03T12:00:23.835271+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-03T08:15:31.040000+00:00 +2025-05-03T11:15:49.283000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -292439 +292441 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-3815](CVE-2025/CVE-2025-38xx/CVE-2025-3815.json) (`2025-05-03T08:15:31.040`) +- [CVE-2024-58135](CVE-2024/CVE-2024-581xx/CVE-2024-58135.json) (`2025-05-03T11:15:48.037`) +- [CVE-2025-4226](CVE-2025/CVE-2025-42xx/CVE-2025-4226.json) (`2025-05-03T11:15:49.283`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 3c22e5c21ed..b7273e085fc 100644 --- a/_state.csv +++ b/_state.csv @@ -277851,6 +277851,7 @@ CVE-2024-58130,0,0,b1da61426890522f6374bed5d854c2d8adfdac7556fa6282fde3bf2122dc7 CVE-2024-58131,0,0,bc4908e979254be0dc1e1176cc36e7e2691904c3630b2abae16ce8f2a4516d81,2025-04-08T16:45:17.107000 CVE-2024-58132,0,0,87fc99e96492ae47f7ae88aebc39cca10a37119d96d5c66e6cef7cf588ab7762,2025-04-07T14:17:50.220000 CVE-2024-58133,0,0,4511afb6f4930bee53375abc516811f9928c158d8decf5ac029097e07f67929b,2025-04-07T14:17:50.220000 +CVE-2024-58135,1,1,8af43e07194e980e3ea0f7075113ea9e4ee30e7cada80bfaad49d2081f4bd709,2025-05-03T11:15:48.037000 CVE-2024-58136,0,0,7d42d622ee4e18724ac12c03124fafd081de4815b0d827e3b883d9598d043c28,2025-05-03T01:00:02.097000 CVE-2024-5814,0,0,409f119643711fe465e9fd028af3caf838fd31e85495ee2ac73938edab3d7b3e,2024-08-28T12:57:39.090000 CVE-2024-5815,0,0,aa6c60bd870ff05880c843bf9053a612a42ac0af7385b9bf8cbbf1b2da2f2182,2024-11-21T09:48:23.203000 @@ -291640,7 +291641,7 @@ CVE-2025-3808,0,0,c9d9b38c3b98d0e004f3d362b1c7affeec1437a2f1dff864304e4ff67e8ee1 CVE-2025-3809,0,0,b0f7ce143ffe6fc36f9bbc17873d1316b0e5d9337b65e2cd57e88fbec5f74a76,2025-04-21T14:23:45.950000 CVE-2025-38104,0,0,95fa066b9b297f0f71658bda9667ee4683e7719a8295e0ac6102597f6b2d67e5,2025-04-21T14:23:45.950000 CVE-2025-3814,0,0,11c279efbeec4fa23a54b22cf013841136b5f0f0ea6d94e898bb584de2240f97,2025-04-23T14:08:13.383000 -CVE-2025-3815,1,1,9adf16c4646ef2bf71ebf5665df071b14aed69121d3df64d5e1c011d1dac400f,2025-05-03T08:15:31.040000 +CVE-2025-3815,0,0,9adf16c4646ef2bf71ebf5665df071b14aed69121d3df64d5e1c011d1dac400f,2025-05-03T08:15:31.040000 CVE-2025-38152,0,0,6554c7473f6b6179493ded078859c0bfbf9661e041b4dcbfff31e86520619528,2025-04-29T14:39:46.800000 CVE-2025-3816,0,0,0d7063f065ed7a583101904f11408aabc0c0a375b6165150fa6a6202e87955da,2025-04-21T14:23:45.950000 CVE-2025-3817,0,0,d1d339a8b4a2a60b670dda015ec9ad8a209b25a85de9a75f6a155ea200a65ca1,2025-04-21T14:23:45.950000 @@ -292076,6 +292077,7 @@ CVE-2025-4214,0,0,8cee5e2c191dc5f7c39625764e80f36dacfe3615ac2ff5e798d6d9dcab815a CVE-2025-4215,0,0,5fd7a49b2f2c9f1e10a1eaa6aaf7951ee590f9e0aaf9c857c08ce31bb1852fbe,2025-05-02T21:15:23.893000 CVE-2025-4218,0,0,a58de78c748f0c970b32963cfb0c0c4b002aa8f4aa47c3e31af6ad119f6d5528,2025-05-02T21:15:24.057000 CVE-2025-4222,0,0,d7e55c8bdf6a556e71c00ab53da641e383f5a7392abda11a90f9dd5f2800bf1c,2025-05-03T03:15:29.217000 +CVE-2025-4226,1,1,256c886690389ae0541e1d1ea7f71899d0ed236ec6dc6f7c15cfa0dac8da60a3,2025-05-03T11:15:49.283000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000