From 800d0510e7c5ebdc4d9ec4ec8c00ef2fd34f395a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 9 Jul 2025 08:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-07-09T08:00:11.964193+00:00 --- CVE-2025/CVE-2025-66xx/CVE-2025-6691.json | 68 ++++++++++ CVE-2025/CVE-2025-67xx/CVE-2025-6742.json | 64 ++++++++++ CVE-2025/CVE-2025-72xx/CVE-2025-7218.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-72xx/CVE-2025-7219.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-72xx/CVE-2025-7220.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-73xx/CVE-2025-7378.json | 78 ++++++++++++ README.md | 18 +-- _state.csv | 18 ++- 8 files changed, 666 insertions(+), 15 deletions(-) create mode 100644 CVE-2025/CVE-2025-66xx/CVE-2025-6691.json create mode 100644 CVE-2025/CVE-2025-67xx/CVE-2025-6742.json create mode 100644 CVE-2025/CVE-2025-72xx/CVE-2025-7218.json create mode 100644 CVE-2025/CVE-2025-72xx/CVE-2025-7219.json create mode 100644 CVE-2025/CVE-2025-72xx/CVE-2025-7220.json create mode 100644 CVE-2025/CVE-2025-73xx/CVE-2025-7378.json diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6691.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6691.json new file mode 100644 index 00000000000..cf4165cf899 --- /dev/null +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6691.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-6691", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-09T06:15:23.567", + "lastModified": "2025-07-09T06:15:23.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/sureforms/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-67xx/CVE-2025-6742.json b/CVE-2025/CVE-2025-67xx/CVE-2025-6742.json new file mode 100644 index 00000000000..02ac54cb07c --- /dev/null +++ b/CVE-2025/CVE-2025-67xx/CVE-2025-6742.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6742", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-09T06:15:25.220", + "lastModified": "2025-07-09T06:15:25.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/sureforms/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-72xx/CVE-2025-7218.json b/CVE-2025/CVE-2025-72xx/CVE-2025-7218.json new file mode 100644 index 00000000000..996e06568e0 --- /dev/null +++ b/CVE-2025/CVE-2025-72xx/CVE-2025-7218.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7218", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-09T06:15:25.417", + "lastModified": "2025-07-09T06:15:25.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/falling-snow1/vuldb/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315167", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315167", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.608252", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.campcodes.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-72xx/CVE-2025-7219.json b/CVE-2025/CVE-2025-72xx/CVE-2025-7219.json new file mode 100644 index 00000000000..c4bd7b9e3df --- /dev/null +++ b/CVE-2025/CVE-2025-72xx/CVE-2025-7219.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7219", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-09T06:15:25.690", + "lastModified": "2025-07-09T06:15:25.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/skyrainoh/CVE/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315168", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315168", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.608263", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.campcodes.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-72xx/CVE-2025-7220.json b/CVE-2025/CVE-2025-72xx/CVE-2025-7220.json new file mode 100644 index 00000000000..39ff46514ba --- /dev/null +++ b/CVE-2025/CVE-2025-72xx/CVE-2025-7220.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7220", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-09T07:15:24.263", + "lastModified": "2025-07-09T07:15:24.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/skyrainoh/CVE/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315169", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315169", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.608264", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.campcodes.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-73xx/CVE-2025-7378.json b/CVE-2025/CVE-2025-73xx/CVE-2025-7378.json new file mode 100644 index 00000000000..5baac863667 --- /dev/null +++ b/CVE-2025/CVE-2025-73xx/CVE-2025-7378.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-7378", + "sourceIdentifier": "security@asustor.com", + "published": "2025-07-09T07:15:24.667", + "lastModified": "2025-07-09T07:15:24.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability\n\n allows injecting arbitrary values of the NAS configuration file \n\nin ASUSTOR ADM\n\n. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@asustor.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "USER", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "AMBER" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@asustor.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.asustor.com/security/security_advisory_detail?id=41", + "source": "security@asustor.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 419a9b10d63..ef273ab100a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-09T06:00:12.847642+00:00 +2025-07-09T08:00:11.964193+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-09T05:15:39.620000+00:00 +2025-07-09T07:15:24.667000+00:00 ``` ### Last Data Feed Release @@ -33,19 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -301179 +301185 ``` ### CVEs added in the last Commit Recently added CVEs: `6` -- [CVE-2025-4606](CVE-2025/CVE-2025-46xx/CVE-2025-4606.json) (`2025-07-09T04:16:09.823`) -- [CVE-2025-7059](CVE-2025/CVE-2025-70xx/CVE-2025-7059.json) (`2025-07-09T04:16:10.170`) -- [CVE-2025-7214](CVE-2025/CVE-2025-72xx/CVE-2025-7214.json) (`2025-07-09T04:16:10.370`) -- [CVE-2025-7215](CVE-2025/CVE-2025-72xx/CVE-2025-7215.json) (`2025-07-09T05:15:39.123`) -- [CVE-2025-7216](CVE-2025/CVE-2025-72xx/CVE-2025-7216.json) (`2025-07-09T05:15:39.380`) -- [CVE-2025-7217](CVE-2025/CVE-2025-72xx/CVE-2025-7217.json) (`2025-07-09T05:15:39.620`) +- [CVE-2025-6691](CVE-2025/CVE-2025-66xx/CVE-2025-6691.json) (`2025-07-09T06:15:23.567`) +- [CVE-2025-6742](CVE-2025/CVE-2025-67xx/CVE-2025-6742.json) (`2025-07-09T06:15:25.220`) +- [CVE-2025-7218](CVE-2025/CVE-2025-72xx/CVE-2025-7218.json) (`2025-07-09T06:15:25.417`) +- [CVE-2025-7219](CVE-2025/CVE-2025-72xx/CVE-2025-7219.json) (`2025-07-09T06:15:25.690`) +- [CVE-2025-7220](CVE-2025/CVE-2025-72xx/CVE-2025-7220.json) (`2025-07-09T07:15:24.263`) +- [CVE-2025-7378](CVE-2025/CVE-2025-73xx/CVE-2025-7378.json) (`2025-07-09T07:15:24.667`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f4e18ff2f78..a4b1f14aae7 100644 --- a/_state.csv +++ b/_state.csv @@ -296667,7 +296667,7 @@ CVE-2025-46041,0,0,0373f841a23f43f142bbd69d93dca44874276cdbf951c757aab265f254484 CVE-2025-4605,0,0,dd03f785e2fc8613696d02a4b9a63d6872b22992f27cd122b6503ea0ee189f65,2025-06-12T16:06:20.180000 CVE-2025-46052,0,0,3024fe589e39f7170008b5c168c5578a4d86fe26344910133fdba56a4c51eb38,2025-06-12T13:19:06.093000 CVE-2025-46053,0,0,cc1dee8d73635536f4f2cef7e3661b210bf2aa73e288776021aac13839576374,2025-06-12T13:12:25.303000 -CVE-2025-4606,1,1,69a81cfe0d08498099c48194c81a2bc26f8251c2fcbeb5cbdb4ef3bdab78812d,2025-07-09T04:16:09.823000 +CVE-2025-4606,0,0,69a81cfe0d08498099c48194c81a2bc26f8251c2fcbeb5cbdb4ef3bdab78812d,2025-07-09T04:16:09.823000 CVE-2025-46060,0,0,2da92ad7624a864b48c567a8180993e9f22aabb3ca09b58c16a9f521dba58667,2025-06-16T14:58:41.900000 CVE-2025-4607,0,0,7929f7497a2f3fdbdefa5c40c24e8dfb722bcbca57929b42733b89c15e0bc1dd,2025-06-02T17:32:17.397000 CVE-2025-46078,0,0,2fc8a269b5a28c0015e225ca3c3d8f64c503abc0c5a8ea5ce240137e0c4c6776,2025-06-04T19:59:09.353000 @@ -300817,6 +300817,7 @@ CVE-2025-6686,0,0,f7f48a047afe7ba6917b5b6f9718bcd1b2ceea4d6b927d051b780677faecb9 CVE-2025-6687,0,0,539b6bc666b3d8f7165f76a15394f1f82fca270b81ce85abf8ade35978b3fe59,2025-07-08T13:46:45.833000 CVE-2025-6688,0,0,5925361c4f277402b4d05594242f77bf2b7c8299cc751a0e160b50223b3f53a3,2025-07-02T17:49:42.750000 CVE-2025-6689,0,0,cca58c0a0c9cc2053b716e4cc05dc6fdfcdb0e147fd73d3131e0c8d7a843a74a,2025-07-08T14:49:57.463000 +CVE-2025-6691,1,1,5a47eccf12e1194180067689363a30cdb1dc2d6363916d82d61029a2ac702576,2025-07-09T06:15:23.567000 CVE-2025-6693,0,0,9be9763bb7fc997d64f91e352fcfdf0f938356018981543692fcb1e55b2868cf,2025-06-26T18:57:43.670000 CVE-2025-6694,0,0,2000140ddaf445d1408c35f7669e0d0a9fa86bae15b257b52f10bad5fb18c963,2025-07-01T19:03:59.900000 CVE-2025-6695,0,0,5a80e5ed8186c52dc4a6a049e87510cf6c4856278596cca9613176ffd164e49b,2025-07-01T18:18:08.297000 @@ -300848,6 +300849,7 @@ CVE-2025-6736,0,0,25903f9d1406c60f622962611fc5443a5d32d3cdb912833a9ad0899ef2f7c3 CVE-2025-6738,0,0,3259930ec98b59546eeaeace9fb84641bae60a8fe1ea462b5fb5b4147d4fd671,2025-06-30T18:38:48.477000 CVE-2025-6739,0,0,296b68698d678885796e02fdcabfa1fd4cd82d98ac6928cc81223bf01ab4af40,2025-07-08T16:18:53.607000 CVE-2025-6740,0,0,f2a5c7930b3c8f30608fd6048a089234b7bc7d41c3644daae934f36b331998ef,2025-07-08T16:18:53.607000 +CVE-2025-6742,1,1,70ebab8f62d28c9bc95f30af06715a9fdc3e5b4d92e32130a6975741ce67833d,2025-07-09T06:15:25.220000 CVE-2025-6743,0,0,3f346ed23c27b98a856876208e70020f9d60ac6851a4c052b8dba3971e508e1f,2025-07-08T16:18:14.207000 CVE-2025-6744,0,0,663d1d999272cf9db0ee4c4b904e07c7e3ed5bc7e4f0cf81d04cd905bde5b621,2025-07-08T16:18:14.207000 CVE-2025-6746,0,0,8dde306b804f2c8eda4cbf0bc2c08f4626710286c005d98fa0a38b9240dedb16,2025-07-08T16:18:14.207000 @@ -301028,7 +301030,7 @@ CVE-2025-7046,0,0,59780b11937d03ed4ccc5b0e229eb16ce78f2772f010122dcf4771e66748fb CVE-2025-7053,0,0,fd9c537260c66ae5a5eee80d5c89e14a4b3e6e9926df22af4c5ebd179b63f858,2025-07-08T16:18:53.607000 CVE-2025-7056,0,0,78da0694704f7da67fe886cba16424f2a5ca5eede4aaa28903295f55d2597545,2025-07-08T16:18:34.923000 CVE-2025-7057,0,0,e2f9c19e4661b85c7a5bf55f13c57738f22f2258f6bbfd2a99b1c5738711e689,2025-07-08T16:18:34.923000 -CVE-2025-7059,1,1,fd8ae26da9a4fe2cdc1744cc10848d703d2f946f0cba9033cfa4b26a9bf96525,2025-07-09T04:16:10.170000 +CVE-2025-7059,0,0,fd8ae26da9a4fe2cdc1744cc10848d703d2f946f0cba9033cfa4b26a9bf96525,2025-07-09T04:16:10.170000 CVE-2025-7060,0,0,eb55f7799cc1661bcbee3ba191bb92d2a24a54d9b2be27633bcedcb834eaad23,2025-07-08T16:18:53.607000 CVE-2025-7061,0,0,11041542aa586f2577ba30e0e5a7a28704f0c9fb8cfed4ef507cf205bc6209b8,2025-07-08T16:18:53.607000 CVE-2025-7066,0,0,3aa31881446d948e2d4067c3c0225db70f642932e24cdd74e524ebf3761853fe,2025-07-08T16:18:53.607000 @@ -301167,10 +301169,13 @@ CVE-2025-7210,0,0,aeeac7ae623f4b512d19df80d7f8428998c67d9985df2070621e51847f9a92 CVE-2025-7211,0,0,db7086cbb6e58731fa076b6de3a8e7f02e443d0285b54eb13b0d050895fde66b,2025-07-09T03:15:31.197000 CVE-2025-7212,0,0,d39780e065e4f17a9183fed373ced04106994c9131ccfff76c7099f10e0fd3c3,2025-07-09T03:15:31.380000 CVE-2025-7213,0,0,a07707d84ff2c73d4bb3ac20ab4d3a442a64b6e6fc7f88dd52fd88b1f9be3b78,2025-07-09T03:15:31.567000 -CVE-2025-7214,1,1,b51838fd4c8ed56d91812bf845de9a7462feddbb3b3ebd9d4c28297eb82638a7,2025-07-09T04:16:10.370000 -CVE-2025-7215,1,1,2013b4ddafeac8cb6e481add25ba490d1a1ebbcd09bf7b280643aec520b5dd7a,2025-07-09T05:15:39.123000 -CVE-2025-7216,1,1,34a2f09ca5a68b5fa42a3e73659079a7895c73a58d998ace26bdbdfd7f6f99b9,2025-07-09T05:15:39.380000 -CVE-2025-7217,1,1,c9a2c199e24119c21be6785c394691f628656db2039fd1250b2ab892a9b75be1,2025-07-09T05:15:39.620000 +CVE-2025-7214,0,0,b51838fd4c8ed56d91812bf845de9a7462feddbb3b3ebd9d4c28297eb82638a7,2025-07-09T04:16:10.370000 +CVE-2025-7215,0,0,2013b4ddafeac8cb6e481add25ba490d1a1ebbcd09bf7b280643aec520b5dd7a,2025-07-09T05:15:39.123000 +CVE-2025-7216,0,0,34a2f09ca5a68b5fa42a3e73659079a7895c73a58d998ace26bdbdfd7f6f99b9,2025-07-09T05:15:39.380000 +CVE-2025-7217,0,0,c9a2c199e24119c21be6785c394691f628656db2039fd1250b2ab892a9b75be1,2025-07-09T05:15:39.620000 +CVE-2025-7218,1,1,71e812a92d1256941bb32e1bd393f5788540064f76fba66d3864f2123b1fec2b,2025-07-09T06:15:25.417000 +CVE-2025-7219,1,1,637f35d33192cb5f26f73a10f6fffa40432d1ad04e43df3a6124235b5321fb4f,2025-07-09T06:15:25.690000 +CVE-2025-7220,1,1,35112cf9c491a042ef82268423381a63063e765f0718854eb05b924a765fe1e9,2025-07-09T07:15:24.263000 CVE-2025-7259,0,0,8fd7864e8f7fb6c249652178c4014f15a5857d3e35a24f0168719b78d426bcb5,2025-07-08T16:18:34.923000 CVE-2025-7326,0,0,7483fa577d73a18bc380df3b53d59526c96cf483de8c4617271f38405405a76d,2025-07-08T16:18:14.207000 CVE-2025-7327,0,0,a0fb7d73224d0b20e5509ef1c0447ce978b71b86006dd59d1e903714c73ecb3c,2025-07-08T16:18:14.207000 @@ -301178,3 +301183,4 @@ CVE-2025-7345,0,0,e15e76873bb3b168f71a5d766c4cd2e1bed2b8ba3fb754b723996140dde704 CVE-2025-7346,0,0,0fee3d68122e9af468e47512e4d9d848586d1a84e0ff7cd695bcb12ab8e33bea,2025-07-08T16:18:14.207000 CVE-2025-7362,0,0,02130a85c1c6d05a11bb14ef506a7d903b4fe58c8e7f8a6897a5073d63357426,2025-07-08T18:15:46.797000 CVE-2025-7363,0,0,385fe29622c6056496489adb0027c4ebe22bb337ef24fdf5e5d804e8ad6be343,2025-07-08T18:15:46.913000 +CVE-2025-7378,1,1,9d7c5450c5bdc32c21375f705c4b3924967721da25a13ac62d4886879805bacc,2025-07-09T07:15:24.667000