mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2025-07-09T08:00:11.964193+00:00
This commit is contained in:
parent
6d5c7b8bdc
commit
800d0510e7
68
CVE-2025/CVE-2025-66xx/CVE-2025-6691.json
Normal file
68
CVE-2025/CVE-2025-66xx/CVE-2025-6691.json
Normal file
@ -0,0 +1,68 @@
|
||||
{
|
||||
"id": "CVE-2025-6691",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-07-09T06:15:23.567",
|
||||
"lastModified": "2025-07-09T06:15:23.567",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
|
||||
"baseScore": 8.1,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.2
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-73"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://wordpress.org/plugins/sureforms/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
64
CVE-2025/CVE-2025-67xx/CVE-2025-6742.json
Normal file
64
CVE-2025/CVE-2025-67xx/CVE-2025-6742.json
Normal file
@ -0,0 +1,64 @@
|
||||
{
|
||||
"id": "CVE-2025-6742",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-07-09T06:15:25.220",
|
||||
"lastModified": "2025-07-09T06:15:25.220",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.6,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://wordpress.org/plugins/sureforms/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
145
CVE-2025/CVE-2025-72xx/CVE-2025-7218.json
Normal file
145
CVE-2025/CVE-2025-72xx/CVE-2025-7218.json
Normal file
@ -0,0 +1,145 @@
|
||||
{
|
||||
"id": "CVE-2025-7218",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2025-07-09T06:15:25.417",
|
||||
"lastModified": "2025-07-09T06:15:25.417",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"vulnConfidentialityImpact": "LOW",
|
||||
"vulnIntegrityImpact": "LOW",
|
||||
"vulnAvailabilityImpact": "LOW",
|
||||
"subConfidentialityImpact": "NONE",
|
||||
"subIntegrityImpact": "NONE",
|
||||
"subAvailabilityImpact": "NONE",
|
||||
"exploitMaturity": "PROOF_OF_CONCEPT",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
||||
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
||||
"Safety": "NOT_DEFINED",
|
||||
"Automatable": "NOT_DEFINED",
|
||||
"Recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseScore": 7.5,
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL"
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-74"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/falling-snow1/vuldb/issues/2",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.315167",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.315167",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.608252",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.campcodes.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
145
CVE-2025/CVE-2025-72xx/CVE-2025-7219.json
Normal file
145
CVE-2025/CVE-2025-72xx/CVE-2025-7219.json
Normal file
@ -0,0 +1,145 @@
|
||||
{
|
||||
"id": "CVE-2025-7219",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2025-07-09T06:15:25.690",
|
||||
"lastModified": "2025-07-09T06:15:25.690",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"vulnConfidentialityImpact": "LOW",
|
||||
"vulnIntegrityImpact": "LOW",
|
||||
"vulnAvailabilityImpact": "LOW",
|
||||
"subConfidentialityImpact": "NONE",
|
||||
"subIntegrityImpact": "NONE",
|
||||
"subAvailabilityImpact": "NONE",
|
||||
"exploitMaturity": "PROOF_OF_CONCEPT",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
||||
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
||||
"Safety": "NOT_DEFINED",
|
||||
"Automatable": "NOT_DEFINED",
|
||||
"Recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseScore": 7.5,
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL"
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-74"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/skyrainoh/CVE/issues/7",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.315168",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.315168",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.608263",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.campcodes.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
145
CVE-2025/CVE-2025-72xx/CVE-2025-7220.json
Normal file
145
CVE-2025/CVE-2025-72xx/CVE-2025-7220.json
Normal file
@ -0,0 +1,145 @@
|
||||
{
|
||||
"id": "CVE-2025-7220",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2025-07-09T07:15:24.263",
|
||||
"lastModified": "2025-07-09T07:15:24.263",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"vulnConfidentialityImpact": "LOW",
|
||||
"vulnIntegrityImpact": "LOW",
|
||||
"vulnAvailabilityImpact": "LOW",
|
||||
"subConfidentialityImpact": "NONE",
|
||||
"subIntegrityImpact": "NONE",
|
||||
"subAvailabilityImpact": "NONE",
|
||||
"exploitMaturity": "PROOF_OF_CONCEPT",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
||||
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
||||
"Safety": "NOT_DEFINED",
|
||||
"Automatable": "NOT_DEFINED",
|
||||
"Recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseScore": 7.5,
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL"
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-74"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/skyrainoh/CVE/issues/8",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.315169",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.315169",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.608264",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.campcodes.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
78
CVE-2025/CVE-2025-73xx/CVE-2025-7378.json
Normal file
78
CVE-2025/CVE-2025-73xx/CVE-2025-7378.json
Normal file
@ -0,0 +1,78 @@
|
||||
{
|
||||
"id": "CVE-2025-7378",
|
||||
"sourceIdentifier": "security@asustor.com",
|
||||
"published": "2025-07-09T07:15:24.667",
|
||||
"lastModified": "2025-07-09T07:15:24.667",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Input Validation vulnerability\n\n allows injecting arbitrary values of the NAS configuration file \n\nin ASUSTOR ADM\n\n. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "security@asustor.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber",
|
||||
"baseScore": 6.0,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "PRESENT",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "PASSIVE",
|
||||
"vulnConfidentialityImpact": "LOW",
|
||||
"vulnIntegrityImpact": "HIGH",
|
||||
"vulnAvailabilityImpact": "HIGH",
|
||||
"subConfidentialityImpact": "LOW",
|
||||
"subIntegrityImpact": "HIGH",
|
||||
"subAvailabilityImpact": "HIGH",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
||||
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
||||
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
||||
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
||||
"Safety": "NOT_DEFINED",
|
||||
"Automatable": "NOT_DEFINED",
|
||||
"Recovery": "USER",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "AMBER"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@asustor.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.asustor.com/security/security_advisory_detail?id=41",
|
||||
"source": "security@asustor.com"
|
||||
}
|
||||
]
|
||||
}
|
18
README.md
18
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2025-07-09T06:00:12.847642+00:00
|
||||
2025-07-09T08:00:11.964193+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2025-07-09T05:15:39.620000+00:00
|
||||
2025-07-09T07:15:24.667000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,19 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
301179
|
||||
301185
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `6`
|
||||
|
||||
- [CVE-2025-4606](CVE-2025/CVE-2025-46xx/CVE-2025-4606.json) (`2025-07-09T04:16:09.823`)
|
||||
- [CVE-2025-7059](CVE-2025/CVE-2025-70xx/CVE-2025-7059.json) (`2025-07-09T04:16:10.170`)
|
||||
- [CVE-2025-7214](CVE-2025/CVE-2025-72xx/CVE-2025-7214.json) (`2025-07-09T04:16:10.370`)
|
||||
- [CVE-2025-7215](CVE-2025/CVE-2025-72xx/CVE-2025-7215.json) (`2025-07-09T05:15:39.123`)
|
||||
- [CVE-2025-7216](CVE-2025/CVE-2025-72xx/CVE-2025-7216.json) (`2025-07-09T05:15:39.380`)
|
||||
- [CVE-2025-7217](CVE-2025/CVE-2025-72xx/CVE-2025-7217.json) (`2025-07-09T05:15:39.620`)
|
||||
- [CVE-2025-6691](CVE-2025/CVE-2025-66xx/CVE-2025-6691.json) (`2025-07-09T06:15:23.567`)
|
||||
- [CVE-2025-6742](CVE-2025/CVE-2025-67xx/CVE-2025-6742.json) (`2025-07-09T06:15:25.220`)
|
||||
- [CVE-2025-7218](CVE-2025/CVE-2025-72xx/CVE-2025-7218.json) (`2025-07-09T06:15:25.417`)
|
||||
- [CVE-2025-7219](CVE-2025/CVE-2025-72xx/CVE-2025-7219.json) (`2025-07-09T06:15:25.690`)
|
||||
- [CVE-2025-7220](CVE-2025/CVE-2025-72xx/CVE-2025-7220.json) (`2025-07-09T07:15:24.263`)
|
||||
- [CVE-2025-7378](CVE-2025/CVE-2025-73xx/CVE-2025-7378.json) (`2025-07-09T07:15:24.667`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
18
_state.csv
18
_state.csv
@ -296667,7 +296667,7 @@ CVE-2025-46041,0,0,0373f841a23f43f142bbd69d93dca44874276cdbf951c757aab265f254484
|
||||
CVE-2025-4605,0,0,dd03f785e2fc8613696d02a4b9a63d6872b22992f27cd122b6503ea0ee189f65,2025-06-12T16:06:20.180000
|
||||
CVE-2025-46052,0,0,3024fe589e39f7170008b5c168c5578a4d86fe26344910133fdba56a4c51eb38,2025-06-12T13:19:06.093000
|
||||
CVE-2025-46053,0,0,cc1dee8d73635536f4f2cef7e3661b210bf2aa73e288776021aac13839576374,2025-06-12T13:12:25.303000
|
||||
CVE-2025-4606,1,1,69a81cfe0d08498099c48194c81a2bc26f8251c2fcbeb5cbdb4ef3bdab78812d,2025-07-09T04:16:09.823000
|
||||
CVE-2025-4606,0,0,69a81cfe0d08498099c48194c81a2bc26f8251c2fcbeb5cbdb4ef3bdab78812d,2025-07-09T04:16:09.823000
|
||||
CVE-2025-46060,0,0,2da92ad7624a864b48c567a8180993e9f22aabb3ca09b58c16a9f521dba58667,2025-06-16T14:58:41.900000
|
||||
CVE-2025-4607,0,0,7929f7497a2f3fdbdefa5c40c24e8dfb722bcbca57929b42733b89c15e0bc1dd,2025-06-02T17:32:17.397000
|
||||
CVE-2025-46078,0,0,2fc8a269b5a28c0015e225ca3c3d8f64c503abc0c5a8ea5ce240137e0c4c6776,2025-06-04T19:59:09.353000
|
||||
@ -300817,6 +300817,7 @@ CVE-2025-6686,0,0,f7f48a047afe7ba6917b5b6f9718bcd1b2ceea4d6b927d051b780677faecb9
|
||||
CVE-2025-6687,0,0,539b6bc666b3d8f7165f76a15394f1f82fca270b81ce85abf8ade35978b3fe59,2025-07-08T13:46:45.833000
|
||||
CVE-2025-6688,0,0,5925361c4f277402b4d05594242f77bf2b7c8299cc751a0e160b50223b3f53a3,2025-07-02T17:49:42.750000
|
||||
CVE-2025-6689,0,0,cca58c0a0c9cc2053b716e4cc05dc6fdfcdb0e147fd73d3131e0c8d7a843a74a,2025-07-08T14:49:57.463000
|
||||
CVE-2025-6691,1,1,5a47eccf12e1194180067689363a30cdb1dc2d6363916d82d61029a2ac702576,2025-07-09T06:15:23.567000
|
||||
CVE-2025-6693,0,0,9be9763bb7fc997d64f91e352fcfdf0f938356018981543692fcb1e55b2868cf,2025-06-26T18:57:43.670000
|
||||
CVE-2025-6694,0,0,2000140ddaf445d1408c35f7669e0d0a9fa86bae15b257b52f10bad5fb18c963,2025-07-01T19:03:59.900000
|
||||
CVE-2025-6695,0,0,5a80e5ed8186c52dc4a6a049e87510cf6c4856278596cca9613176ffd164e49b,2025-07-01T18:18:08.297000
|
||||
@ -300848,6 +300849,7 @@ CVE-2025-6736,0,0,25903f9d1406c60f622962611fc5443a5d32d3cdb912833a9ad0899ef2f7c3
|
||||
CVE-2025-6738,0,0,3259930ec98b59546eeaeace9fb84641bae60a8fe1ea462b5fb5b4147d4fd671,2025-06-30T18:38:48.477000
|
||||
CVE-2025-6739,0,0,296b68698d678885796e02fdcabfa1fd4cd82d98ac6928cc81223bf01ab4af40,2025-07-08T16:18:53.607000
|
||||
CVE-2025-6740,0,0,f2a5c7930b3c8f30608fd6048a089234b7bc7d41c3644daae934f36b331998ef,2025-07-08T16:18:53.607000
|
||||
CVE-2025-6742,1,1,70ebab8f62d28c9bc95f30af06715a9fdc3e5b4d92e32130a6975741ce67833d,2025-07-09T06:15:25.220000
|
||||
CVE-2025-6743,0,0,3f346ed23c27b98a856876208e70020f9d60ac6851a4c052b8dba3971e508e1f,2025-07-08T16:18:14.207000
|
||||
CVE-2025-6744,0,0,663d1d999272cf9db0ee4c4b904e07c7e3ed5bc7e4f0cf81d04cd905bde5b621,2025-07-08T16:18:14.207000
|
||||
CVE-2025-6746,0,0,8dde306b804f2c8eda4cbf0bc2c08f4626710286c005d98fa0a38b9240dedb16,2025-07-08T16:18:14.207000
|
||||
@ -301028,7 +301030,7 @@ CVE-2025-7046,0,0,59780b11937d03ed4ccc5b0e229eb16ce78f2772f010122dcf4771e66748fb
|
||||
CVE-2025-7053,0,0,fd9c537260c66ae5a5eee80d5c89e14a4b3e6e9926df22af4c5ebd179b63f858,2025-07-08T16:18:53.607000
|
||||
CVE-2025-7056,0,0,78da0694704f7da67fe886cba16424f2a5ca5eede4aaa28903295f55d2597545,2025-07-08T16:18:34.923000
|
||||
CVE-2025-7057,0,0,e2f9c19e4661b85c7a5bf55f13c57738f22f2258f6bbfd2a99b1c5738711e689,2025-07-08T16:18:34.923000
|
||||
CVE-2025-7059,1,1,fd8ae26da9a4fe2cdc1744cc10848d703d2f946f0cba9033cfa4b26a9bf96525,2025-07-09T04:16:10.170000
|
||||
CVE-2025-7059,0,0,fd8ae26da9a4fe2cdc1744cc10848d703d2f946f0cba9033cfa4b26a9bf96525,2025-07-09T04:16:10.170000
|
||||
CVE-2025-7060,0,0,eb55f7799cc1661bcbee3ba191bb92d2a24a54d9b2be27633bcedcb834eaad23,2025-07-08T16:18:53.607000
|
||||
CVE-2025-7061,0,0,11041542aa586f2577ba30e0e5a7a28704f0c9fb8cfed4ef507cf205bc6209b8,2025-07-08T16:18:53.607000
|
||||
CVE-2025-7066,0,0,3aa31881446d948e2d4067c3c0225db70f642932e24cdd74e524ebf3761853fe,2025-07-08T16:18:53.607000
|
||||
@ -301167,10 +301169,13 @@ CVE-2025-7210,0,0,aeeac7ae623f4b512d19df80d7f8428998c67d9985df2070621e51847f9a92
|
||||
CVE-2025-7211,0,0,db7086cbb6e58731fa076b6de3a8e7f02e443d0285b54eb13b0d050895fde66b,2025-07-09T03:15:31.197000
|
||||
CVE-2025-7212,0,0,d39780e065e4f17a9183fed373ced04106994c9131ccfff76c7099f10e0fd3c3,2025-07-09T03:15:31.380000
|
||||
CVE-2025-7213,0,0,a07707d84ff2c73d4bb3ac20ab4d3a442a64b6e6fc7f88dd52fd88b1f9be3b78,2025-07-09T03:15:31.567000
|
||||
CVE-2025-7214,1,1,b51838fd4c8ed56d91812bf845de9a7462feddbb3b3ebd9d4c28297eb82638a7,2025-07-09T04:16:10.370000
|
||||
CVE-2025-7215,1,1,2013b4ddafeac8cb6e481add25ba490d1a1ebbcd09bf7b280643aec520b5dd7a,2025-07-09T05:15:39.123000
|
||||
CVE-2025-7216,1,1,34a2f09ca5a68b5fa42a3e73659079a7895c73a58d998ace26bdbdfd7f6f99b9,2025-07-09T05:15:39.380000
|
||||
CVE-2025-7217,1,1,c9a2c199e24119c21be6785c394691f628656db2039fd1250b2ab892a9b75be1,2025-07-09T05:15:39.620000
|
||||
CVE-2025-7214,0,0,b51838fd4c8ed56d91812bf845de9a7462feddbb3b3ebd9d4c28297eb82638a7,2025-07-09T04:16:10.370000
|
||||
CVE-2025-7215,0,0,2013b4ddafeac8cb6e481add25ba490d1a1ebbcd09bf7b280643aec520b5dd7a,2025-07-09T05:15:39.123000
|
||||
CVE-2025-7216,0,0,34a2f09ca5a68b5fa42a3e73659079a7895c73a58d998ace26bdbdfd7f6f99b9,2025-07-09T05:15:39.380000
|
||||
CVE-2025-7217,0,0,c9a2c199e24119c21be6785c394691f628656db2039fd1250b2ab892a9b75be1,2025-07-09T05:15:39.620000
|
||||
CVE-2025-7218,1,1,71e812a92d1256941bb32e1bd393f5788540064f76fba66d3864f2123b1fec2b,2025-07-09T06:15:25.417000
|
||||
CVE-2025-7219,1,1,637f35d33192cb5f26f73a10f6fffa40432d1ad04e43df3a6124235b5321fb4f,2025-07-09T06:15:25.690000
|
||||
CVE-2025-7220,1,1,35112cf9c491a042ef82268423381a63063e765f0718854eb05b924a765fe1e9,2025-07-09T07:15:24.263000
|
||||
CVE-2025-7259,0,0,8fd7864e8f7fb6c249652178c4014f15a5857d3e35a24f0168719b78d426bcb5,2025-07-08T16:18:34.923000
|
||||
CVE-2025-7326,0,0,7483fa577d73a18bc380df3b53d59526c96cf483de8c4617271f38405405a76d,2025-07-08T16:18:14.207000
|
||||
CVE-2025-7327,0,0,a0fb7d73224d0b20e5509ef1c0447ce978b71b86006dd59d1e903714c73ecb3c,2025-07-08T16:18:14.207000
|
||||
@ -301178,3 +301183,4 @@ CVE-2025-7345,0,0,e15e76873bb3b168f71a5d766c4cd2e1bed2b8ba3fb754b723996140dde704
|
||||
CVE-2025-7346,0,0,0fee3d68122e9af468e47512e4d9d848586d1a84e0ff7cd695bcb12ab8e33bea,2025-07-08T16:18:14.207000
|
||||
CVE-2025-7362,0,0,02130a85c1c6d05a11bb14ef506a7d903b4fe58c8e7f8a6897a5073d63357426,2025-07-08T18:15:46.797000
|
||||
CVE-2025-7363,0,0,385fe29622c6056496489adb0027c4ebe22bb337ef24fdf5e5d804e8ad6be343,2025-07-08T18:15:46.913000
|
||||
CVE-2025-7378,1,1,9d7c5450c5bdc32c21375f705c4b3924967721da25a13ac62d4886879805bacc,2025-07-09T07:15:24.667000
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user