admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-02T20:00:20.785301+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-02 20:03:58 +00:00
parent 0165621bcc
commit 89470211cf
30 changed files with 1064 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2021/CVE-2021-320xx/CVE-2021-32030.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-32030",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-06T15:15:07.973",
"lastModified": "2025-02-06T14:15:29.230",
"lastModified": "2025-06-02T18:15:21.287",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-287"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-397xx/CVE-2023-39780.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39780",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.190",
"lastModified": "2025-05-16T16:15:26.487",
"lastModified": "2025-06-02T18:15:22.743",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -206,6 +206,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

32
CVE-2023/CVE-2023-468xx/CVE-2023-46838.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46838",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-29T11:15:07.933",
"lastModified": "2025-02-13T18:15:37.433",
"lastModified": "2025-06-02T19:15:21.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-508xx/CVE-2023-50854.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-50854",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T12:15:43.767",
"lastModified": "2024-11-21T08:37:24.920",
"lastModified": "2025-06-02T19:15:22.453",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8.\n\n"
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02."
},
{
"lang": "es",
@ -62,7 +62,7 @@
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

22
CVE-2023/CVE-2023-62xx/CVE-2023-6279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6279",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.343",
"lastModified": "2024-11-21T08:43:31.597",
"lastModified": "2025-06-02T19:15:24.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},

22
CVE-2023/CVE-2023-72xx/CVE-2023-7200.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7200",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.943",
"lastModified": "2024-11-21T08:45:29.587",
"lastModified": "2025-06-02T19:15:24.393",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

39
CVE-2024/CVE-2024-401xx/CVE-2024-40112.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40112",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T16:15:26.880",
"lastModified": "2025-06-02T17:32:17.397",
"lastModified": "2025-06-02T19:15:25.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the \"language\" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads",

43
CVE-2024/CVE-2024-487xx/CVE-2024-48704.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48704",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-05-23T16:15:24.403",
"lastModified": "2025-05-28T14:58:52.920",
"lastModified": "2025-06-02T18:15:23.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": "Phpgurukul Medical Card Generation System v1.0 es vulnerable a la inyecci\u00f3n de HTML en admin/contactus.php a trav\u00e9s del par\u00e1metro pagedes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

56
CVE-2025/CVE-2025-10xx/CVE-2025-1051.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1051",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-02T19:15:25.740",
"lastModified": "2025-06-02T19:15:25.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-311/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

56
CVE-2025/CVE-2025-202xx/CVE-2025-20297.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-20297",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-02T18:15:23.360",
"lastModified": "2025-06-02T18:15:23.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0601",
"source": "psirt@cisco.com"
}
]
}

56
CVE-2025/CVE-2025-202xx/CVE-2025-20298.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-20298",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-02T18:15:23.560",
"lastModified": "2025-06-02T18:15:23.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\\Program Files\\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0602",
"source": "psirt@cisco.com"
}
]
}

25
CVE-2025/CVE-2025-230xx/CVE-2025-23099.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-23099",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T19:15:26.213",
"lastModified": "2025-06-02T19:15:26.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes."
}
],
"metrics": {},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23099/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-231xx/CVE-2025-23104.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-23104",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:23.770",
"lastModified": "2025-06-02T18:15:23.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23104/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-231xx/CVE-2025-23105.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-23105",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T19:15:26.913",
"lastModified": "2025-06-02T19:15:26.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23105/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2025/CVE-2025-250xx/CVE-2025-25090.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-25090",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-03T14:15:50.197",
"lastModified": "2025-03-03T14:15:50.197",
"lastModified": "2025-06-02T19:15:27.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Dreamstime Stock Photos allows Reflected XSS. This issue affects Dreamstime Stock Photos: from n/a through 4.0."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through 4.1."
},
{
"lang": "es",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

21
CVE-2025/CVE-2025-279xx/CVE-2025-27953.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-27953",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:23.903",
"lastModified": "2025-06-02T18:15:23.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-279xx/CVE-2025-27954.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-27954",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:24.030",
"lastModified": "2025-06-02T18:15:24.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url",
"source": "cve@mitre.org"
},
{
"url": "https://portswigger.net/kb/issues/00500700_session-token-in-url",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-279xx/CVE-2025-27955.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-27955",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:24.143",
"lastModified": "2025-06-02T18:15:24.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-279xx/CVE-2025-27956.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-27956",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:24.257",
"lastModified": "2025-06-02T18:15:24.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/intruderlabs/cvex/blob/main/Pixeon/WebLaudos/Directory-Traversal/README.md",
"source": "cve@mitre.org"
}
]
}

35
CVE-2025/CVE-2025-316xx/CVE-2025-31680.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-31680",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-03-31T22:15:20.550",
"lastModified": "2025-04-29T16:15:32.230",
"lastModified": "2025-06-02T18:15:06.993",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -49,12 +49,43 @@
"value": "CWE-352"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matomo_analytics_project:matomo_analytics:*:*:*:*:*:drupal:*:*",
"versionEndExcluding": "8.x-1.24",
"matchCriteriaId": "00EE45D0-C6F8-461B-AB24-29004F6C3212"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-008",
"source": "mlhess@drupal.org"
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

37
CVE-2025/CVE-2025-316xx/CVE-2025-31681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-31681",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-03-31T22:15:20.663",
"lastModified": "2025-04-29T16:15:32.373",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-02T18:12:28.140",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,43 @@
"value": "CWE-862"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:authenticator_login_project:authenticator_login:*:*:*:*:*:drupal:*:*",
"versionEndExcluding": "2.0.6",
"matchCriteriaId": "FC7AED14-6BDF-4F5C-B388-34E693647FAF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-009",
"source": "mlhess@drupal.org"
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2025/CVE-2025-316xx/CVE-2025-31682.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-03-31T22:15:20.767",
"lastModified": "2025-06-02T17:52:42.520",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2025/CVE-2025-441xx/CVE-2025-44172.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-44172",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T15:15:34.317",
"lastModified": "2025-06-02T17:32:17.397",
"lastModified": "2025-06-02T19:15:27.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/hcxj/Tenda-Vul/blob/main/setSmartPowerManagement.md",

29
CVE-2025/CVE-2025-453xx/CVE-2025-45387.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-45387",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T18:15:24.517",
"lastModified": "2025-06-02T18:15:24.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/UmerAdeemCheema/CVE-Security-Research/blob/main/OSTicket/Unauthorized%20Access%20to%20Ajax%20Functions.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/osTicket/osTicket",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/osTicket/osTicket/pull/6802/commits/ab6672faa0991de305d4b90a3faa2e3cebdd23c8",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-490xx/CVE-2025-49069.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-49069",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-02T19:15:28.680",
"lastModified": "2025-06-02T19:15:28.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/contact-forms/vulnerability/wordpress-contact-forms-by-cimatti-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2025/CVE-2025-491xx/CVE-2025-49113.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-49113",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-02T05:15:53.420",
"lastModified": "2025-06-02T17:32:17.397",
"lastModified": "2025-06-02T18:15:24.640",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -79,6 +79,10 @@
{
"url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2025/CVE-2025-50xx/CVE-2025-5036.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-5036",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-06-02T17:15:43.930",
"lastModified": "2025-06-02T17:32:17.397",
"lastModified": "2025-06-02T18:15:24.783",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,7 @@
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -49,7 +49,7 @@
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009",
"source": "psirt@autodesk.com"
}
]

56
CVE-2025/CVE-2025-50xx/CVE-2025-5086.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5086",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2025-06-02T18:15:25.010",
"lastModified": "2025-06-02T18:15:25.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025\u00c2\u00a0could lead to a remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
}
]
}

80
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-02T18:00:19.528740+00:00
2025-06-02T20:00:20.785301+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-02T17:52:42.520000+00:00
2025-06-02T19:15:28.680000+00:00
```
### Last Data Feed Release
@ -33,61 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
296241
296254
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `13`
- [CVE-2024-1440](CVE-2024/CVE-2024-14xx/CVE-2024-1440.json) (`2025-06-02T17:15:21.153`)
- [CVE-2024-3509](CVE-2024/CVE-2024-35xx/CVE-2024-3509.json) (`2025-06-02T17:15:22.090`)
- [CVE-2024-40112](CVE-2024/CVE-2024-401xx/CVE-2024-40112.json) (`2025-06-02T16:15:26.880`)
- [CVE-2024-40113](CVE-2024/CVE-2024-401xx/CVE-2024-40113.json) (`2025-06-02T16:15:27.010`)
- [CVE-2024-40114](CVE-2024/CVE-2024-401xx/CVE-2024-40114.json) (`2025-06-02T16:15:27.127`)
- [CVE-2024-57459](CVE-2024/CVE-2024-574xx/CVE-2024-57459.json) (`2025-06-02T16:15:27.390`)
- [CVE-2024-7073](CVE-2024/CVE-2024-70xx/CVE-2024-7073.json) (`2025-06-02T17:15:36.083`)
- [CVE-2024-7074](CVE-2024/CVE-2024-70xx/CVE-2024-7074.json) (`2025-06-02T17:15:36.250`)
- [CVE-2024-8008](CVE-2024/CVE-2024-80xx/CVE-2024-8008.json) (`2025-06-02T17:15:36.407`)
- [CVE-2025-44115](CVE-2025/CVE-2025-441xx/CVE-2025-44115.json) (`2025-06-02T16:15:29.593`)
- [CVE-2025-45542](CVE-2025/CVE-2025-455xx/CVE-2025-45542.json) (`2025-06-02T16:15:29.707`)
- [CVE-2025-48866](CVE-2025/CVE-2025-488xx/CVE-2025-48866.json) (`2025-06-02T16:15:29.900`)
- [CVE-2025-48940](CVE-2025/CVE-2025-489xx/CVE-2025-48940.json) (`2025-06-02T16:15:30.063`)
- [CVE-2025-48941](CVE-2025/CVE-2025-489xx/CVE-2025-48941.json) (`2025-06-02T16:15:30.223`)
- [CVE-2025-48994](CVE-2025/CVE-2025-489xx/CVE-2025-48994.json) (`2025-06-02T17:15:40.853`)
- [CVE-2025-48995](CVE-2025/CVE-2025-489xx/CVE-2025-48995.json) (`2025-06-02T17:15:41.063`)
- [CVE-2025-5036](CVE-2025/CVE-2025-50xx/CVE-2025-5036.json) (`2025-06-02T17:15:43.930`)
- [CVE-2025-1051](CVE-2025/CVE-2025-10xx/CVE-2025-1051.json) (`2025-06-02T19:15:25.740`)
- [CVE-2025-20297](CVE-2025/CVE-2025-202xx/CVE-2025-20297.json) (`2025-06-02T18:15:23.360`)
- [CVE-2025-20298](CVE-2025/CVE-2025-202xx/CVE-2025-20298.json) (`2025-06-02T18:15:23.560`)
- [CVE-2025-23099](CVE-2025/CVE-2025-230xx/CVE-2025-23099.json) (`2025-06-02T19:15:26.213`)
- [CVE-2025-23104](CVE-2025/CVE-2025-231xx/CVE-2025-23104.json) (`2025-06-02T18:15:23.770`)
- [CVE-2025-23105](CVE-2025/CVE-2025-231xx/CVE-2025-23105.json) (`2025-06-02T19:15:26.913`)
- [CVE-2025-27953](CVE-2025/CVE-2025-279xx/CVE-2025-27953.json) (`2025-06-02T18:15:23.903`)
- [CVE-2025-27954](CVE-2025/CVE-2025-279xx/CVE-2025-27954.json) (`2025-06-02T18:15:24.030`)
- [CVE-2025-27955](CVE-2025/CVE-2025-279xx/CVE-2025-27955.json) (`2025-06-02T18:15:24.143`)
- [CVE-2025-27956](CVE-2025/CVE-2025-279xx/CVE-2025-27956.json) (`2025-06-02T18:15:24.257`)
- [CVE-2025-45387](CVE-2025/CVE-2025-453xx/CVE-2025-45387.json) (`2025-06-02T18:15:24.517`)
- [CVE-2025-49069](CVE-2025/CVE-2025-490xx/CVE-2025-49069.json) (`2025-06-02T19:15:28.680`)
- [CVE-2025-5086](CVE-2025/CVE-2025-50xx/CVE-2025-5086.json) (`2025-06-02T18:15:25.010`)
### CVEs modified in the last Commit
Recently modified CVEs: `213`
Recently modified CVEs: `15`
- [CVE-2025-5424](CVE-2025/CVE-2025-54xx/CVE-2025-5424.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5425](CVE-2025/CVE-2025-54xx/CVE-2025-5425.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5426](CVE-2025/CVE-2025-54xx/CVE-2025-5426.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5427](CVE-2025/CVE-2025-54xx/CVE-2025-5427.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5428](CVE-2025/CVE-2025-54xx/CVE-2025-5428.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5429](CVE-2025/CVE-2025-54xx/CVE-2025-5429.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5430](CVE-2025/CVE-2025-54xx/CVE-2025-5430.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5431](CVE-2025/CVE-2025-54xx/CVE-2025-5431.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5432](CVE-2025/CVE-2025-54xx/CVE-2025-5432.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5433](CVE-2025/CVE-2025-54xx/CVE-2025-5433.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5434](CVE-2025/CVE-2025-54xx/CVE-2025-5434.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5435](CVE-2025/CVE-2025-54xx/CVE-2025-5435.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5436](CVE-2025/CVE-2025-54xx/CVE-2025-5436.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5437](CVE-2025/CVE-2025-54xx/CVE-2025-5437.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5438](CVE-2025/CVE-2025-54xx/CVE-2025-5438.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5439](CVE-2025/CVE-2025-54xx/CVE-2025-5439.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5440](CVE-2025/CVE-2025-54xx/CVE-2025-5440.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5441](CVE-2025/CVE-2025-54xx/CVE-2025-5441.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5442](CVE-2025/CVE-2025-54xx/CVE-2025-5442.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5443](CVE-2025/CVE-2025-54xx/CVE-2025-5443.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5444](CVE-2025/CVE-2025-54xx/CVE-2025-5444.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5445](CVE-2025/CVE-2025-54xx/CVE-2025-5445.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5446](CVE-2025/CVE-2025-54xx/CVE-2025-5446.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5447](CVE-2025/CVE-2025-54xx/CVE-2025-5447.json) (`2025-06-02T17:32:17.397`)
- [CVE-2025-5455](CVE-2025/CVE-2025-54xx/CVE-2025-5455.json) (`2025-06-02T17:32:17.397`)
- [CVE-2021-32030](CVE-2021/CVE-2021-320xx/CVE-2021-32030.json) (`2025-06-02T18:15:21.287`)
- [CVE-2023-39780](CVE-2023/CVE-2023-397xx/CVE-2023-39780.json) (`2025-06-02T18:15:22.743`)
- [CVE-2023-46838](CVE-2023/CVE-2023-468xx/CVE-2023-46838.json) (`2025-06-02T19:15:21.687`)
- [CVE-2023-50854](CVE-2023/CVE-2023-508xx/CVE-2023-50854.json) (`2025-06-02T19:15:22.453`)
- [CVE-2023-6279](CVE-2023/CVE-2023-62xx/CVE-2023-6279.json) (`2025-06-02T19:15:24.153`)
- [CVE-2023-7200](CVE-2023/CVE-2023-72xx/CVE-2023-7200.json) (`2025-06-02T19:15:24.393`)
- [CVE-2024-40112](CVE-2024/CVE-2024-401xx/CVE-2024-40112.json) (`2025-06-02T19:15:25.003`)
- [CVE-2024-48704](CVE-2024/CVE-2024-487xx/CVE-2024-48704.json) (`2025-06-02T18:15:23.020`)
- [CVE-2025-25090](CVE-2025/CVE-2025-250xx/CVE-2025-25090.json) (`2025-06-02T19:15:27.613`)
- [CVE-2025-31680](CVE-2025/CVE-2025-316xx/CVE-2025-31680.json) (`2025-06-02T18:15:06.993`)
- [CVE-2025-31681](CVE-2025/CVE-2025-316xx/CVE-2025-31681.json) (`2025-06-02T18:12:28.140`)
- [CVE-2025-31682](CVE-2025/CVE-2025-316xx/CVE-2025-31682.json) (`2025-06-02T17:52:42.520`)
- [CVE-2025-44172](CVE-2025/CVE-2025-441xx/CVE-2025-44172.json) (`2025-06-02T19:15:27.917`)
- [CVE-2025-49113](CVE-2025/CVE-2025-491xx/CVE-2025-49113.json) (`2025-06-02T18:15:24.640`)
- [CVE-2025-5036](CVE-2025/CVE-2025-50xx/CVE-2025-5036.json) (`2025-06-02T18:15:24.783`)
## Download and Usage

493
_state.csv
View File

File diff suppressed because it is too large Load Diff