admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-27T22:00:19.686475+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-27 22:03:55 +00:00
parent 3cf5f0ba06
commit 896d9adf2c
9 changed files with 744 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2025/CVE-2025-32xx/CVE-2025-3235.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-3235",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-04T10:15:16.900",
"lastModified": "2025-04-07T14:18:15.560",
"lastModified": "2025-04-27T20:15:15.203",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -111,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

141
CVE-2025/CVE-2025-39xx/CVE-2025-3983.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3983",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-27T20:15:15.350",
"lastModified": "2025-04-27T20:15:15.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseScore": 5.8,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/MichaelZhuang521/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306319",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306319",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.556223",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-39xx/CVE-2025-3984.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3984",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-27T20:15:15.537",
"lastModified": "2025-04-27T20:15:15.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseScore": 4.6,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.306320",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306320",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557100",
"source": "cna@vuldb.com"
},
{
"url": "https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-39xx/CVE-2025-3985.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3985",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-27T21:15:16.300",
"lastModified": "2025-04-27T21:15:16.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"baseScore": 3.3,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.306321",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306321",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557110",
"source": "cna@vuldb.com"
},
{
"url": "https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-39xx/CVE-2025-3986.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-3986",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-27T21:15:16.943",
"lastModified": "2025-04-27T21:15:16.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\\core\\cas-server-core-configuration-metadata-repository\\src\\main\\java\\org\\apereo\\cas\\metadata\\rest\\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.306322",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306322",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557473",
"source": "cna@vuldb.com"
},
{
"url": "https://wx.mail.qq.com/s?k=rk-m8GwRMVMcOjBY1a",
"source": "cna@vuldb.com"
}
]
}

76
CVE-2025/CVE-2025-466xx/CVE-2025-46687.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2025-46687",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-27T20:15:15.720",
"lastModified": "2025-04-27T20:15:15.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://bellard.org/quickjs/Changelog",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bellard/quickjs/issues/399",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/issues/1018",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/pull/1020",
"source": "cve@mitre.org"
}
]
}

76
CVE-2025/CVE-2025-466xx/CVE-2025-46688.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2025-46688",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-27T20:15:15.877",
"lastModified": "2025-04-27T20:15:15.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-131"
}
]
}
],
"references": [
{
"url": "https://bellard.org/quickjs/Changelog",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bellard/quickjs/issues/399",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/issues/1018",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/quickjs-ng/quickjs/pull/1020",
"source": "cve@mitre.org"
}
]
}

22
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-27T20:00:20.590710+00:00
2025-04-27T22:00:19.686475+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-27T19:15:15.923000+00:00
2025-04-27T21:15:16.943000+00:00
```
### Last Data Feed Release
@ -33,24 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
291532
291538
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `6`
- [CVE-2025-2866](CVE-2025/CVE-2025-28xx/CVE-2025-2866.json) (`2025-04-27T19:15:15.137`)
- [CVE-2025-3979](CVE-2025/CVE-2025-39xx/CVE-2025-3979.json) (`2025-04-27T18:15:16.020`)
- [CVE-2025-3980](CVE-2025/CVE-2025-39xx/CVE-2025-3980.json) (`2025-04-27T18:15:16.237`)
- [CVE-2025-3981](CVE-2025/CVE-2025-39xx/CVE-2025-3981.json) (`2025-04-27T19:15:15.750`)
- [CVE-2025-3982](CVE-2025/CVE-2025-39xx/CVE-2025-3982.json) (`2025-04-27T19:15:15.923`)
- [CVE-2025-3983](CVE-2025/CVE-2025-39xx/CVE-2025-3983.json) (`2025-04-27T20:15:15.350`)
- [CVE-2025-3984](CVE-2025/CVE-2025-39xx/CVE-2025-3984.json) (`2025-04-27T20:15:15.537`)
- [CVE-2025-3985](CVE-2025/CVE-2025-39xx/CVE-2025-3985.json) (`2025-04-27T21:15:16.300`)
- [CVE-2025-3986](CVE-2025/CVE-2025-39xx/CVE-2025-3986.json) (`2025-04-27T21:15:16.943`)
- [CVE-2025-46687](CVE-2025/CVE-2025-466xx/CVE-2025-46687.json) (`2025-04-27T20:15:15.720`)
- [CVE-2025-46688](CVE-2025/CVE-2025-466xx/CVE-2025-46688.json) (`2025-04-27T20:15:15.877`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-3235](CVE-2025/CVE-2025-32xx/CVE-2025-3235.json) (`2025-04-27T20:15:15.203`)
## Download and Usage

18
_state.csv
View File

@ -288215,7 +288215,7 @@ CVE-2025-2862,0,0,d42da37ae120383972bca9b3c34491a1998bf94496751edff9d3b8653ccd4e
CVE-2025-2863,0,0,89f439925468e699ad113743583fdeda2696a66656c397c031b5ea7d3d0ecb34,2025-03-28T18:11:40.180000
CVE-2025-2864,0,0,1f66654aa924832c01c946b8c047f8723266750dca2c13c7a67536d81d107cad,2025-03-28T18:11:40.180000
CVE-2025-2865,0,0,ec0c359364e90a26d27d62ffa0653d855c3daf1b4b8f1b737e51327fd1068f74,2025-03-28T18:11:40.180000
CVE-2025-2866,1,1,a0631665854b2b3f2e4f1a55f988ff5c6e9e21c9cfe567f91b12861ab98a9126,2025-04-27T19:15:15.137000
CVE-2025-2866,0,0,a0631665854b2b3f2e4f1a55f988ff5c6e9e21c9cfe567f91b12861ab98a9126,2025-04-27T19:15:15.137000
CVE-2025-2867,0,0,64215baabccd6fdf04d8b048452d95e3b2ff4d5237bc2e15b566982b293865f3,2025-03-27T16:45:12.210000
CVE-2025-2868,0,0,8956298391ba0923e590541b3fae1d38dc061830ea826ef81d09ab51842ff44b,2025-03-28T18:11:40.180000
CVE-2025-2869,0,0,c096e0a3f8c1567897f984075f9b7eae7e0b2ff1c1febfd4a8d8f0861bac0208,2025-03-28T18:11:40.180000
@ -290241,7 +290241,7 @@ CVE-2025-32280,0,0,51a846a5a42c043aab0e6fac915214336a31c77ee73a0ba45d8879819031b
CVE-2025-32282,0,0,4c53220555eedeae13ce6f318e3c3f0db70bd45e8d4e3f3e7970ecccd4879e13,2025-04-11T15:39:52.920000
CVE-2025-3229,0,0,601e3d3bbee98b6c8d411bef361231118b9ba6394db4f244736698e0ae8f6293,2025-04-07T14:18:15.560000
CVE-2025-3231,0,0,e195c9aab4993647d4ae533ad8c6eda5a754cea40d4facd1ebd44795fa6d7640,2025-04-07T14:18:15.560000
CVE-2025-3235,0,0,0c23e772168fbf1646dcd9576ceddd5ba406eb140f773e19cb72e0b2021c0a6f,2025-04-07T14:18:15.560000
CVE-2025-3235,0,1,a65b9c3e5afd8791f2a69a839ed6cf33ae5de1739a6ab17cee2bee89a757709a,2025-04-27T20:15:15.203000
CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000
CVE-2025-32357,0,0,40a7f1d5c6b84f284e89452f93123e33fcf709d542192697901a2fb84d3fea3e,2025-04-15T16:37:00.857000
CVE-2025-32358,0,0,35ddf5d60f01f12924c71130d21e356ed29ef81b38985bea1a5740abef3cce29,2025-04-15T16:36:06.817000
@ -291273,10 +291273,14 @@ CVE-2025-3976,0,0,13905d0f00709e6872151e7ad1b1a6c91b55e9419f2a701304870aa7e8e601
CVE-2025-3977,0,0,5e645294bea4f955dbd0c8bfe2e4d659f8a6cbaeaef4d07a6abec039717e4035,2025-04-27T17:15:15.853000
CVE-2025-39778,0,0,fe7c9bb969991c6f8bd7e817623bae52cecda002e042590bfe971c7c81dc9221,2025-04-21T14:23:45.950000
CVE-2025-3978,0,0,2ae726000475a1877b6d2b2bc2bce0aefd6ddc7a5b797a2eec055d71b6e4c1a9,2025-04-27T17:15:16.030000
CVE-2025-3979,1,1,f4d2791ebc027f4f4851dce9ea15411bb525aa09eceed7cb069e5ffd2cf0f1ab,2025-04-27T18:15:16.020000
CVE-2025-3980,1,1,c60e8fd71f58158175a8f0778b502b82e82edff0ca359aaa3a416b667c30a069,2025-04-27T18:15:16.237000
CVE-2025-3981,1,1,e00538d9c56dd754fe25e8b3e5c7f162e04e282f768ed8abdbece459893339eb,2025-04-27T19:15:15.750000
CVE-2025-3982,1,1,4f8f549d1d80deb736d2fa8a9bf8c95ff99706664721ec9ea5e797ffff0b5328,2025-04-27T19:15:15.923000
CVE-2025-3979,0,0,f4d2791ebc027f4f4851dce9ea15411bb525aa09eceed7cb069e5ffd2cf0f1ab,2025-04-27T18:15:16.020000
CVE-2025-3980,0,0,c60e8fd71f58158175a8f0778b502b82e82edff0ca359aaa3a416b667c30a069,2025-04-27T18:15:16.237000
CVE-2025-3981,0,0,e00538d9c56dd754fe25e8b3e5c7f162e04e282f768ed8abdbece459893339eb,2025-04-27T19:15:15.750000
CVE-2025-3982,0,0,4f8f549d1d80deb736d2fa8a9bf8c95ff99706664721ec9ea5e797ffff0b5328,2025-04-27T19:15:15.923000
CVE-2025-3983,1,1,25cef30fdb4fe10ba7219695edb63044f6f8ab36f7472ef6a7410a1f5e2146f4,2025-04-27T20:15:15.350000
CVE-2025-3984,1,1,c91dac686fb472be23da0ee0c6a53588be8c31d73e3e88b2f873b4f69af09b70,2025-04-27T20:15:15.537000
CVE-2025-3985,1,1,17f794bf5ed2864c7b41fb94d7cdbc7e385cb1e5fc41f72398abf9c113f7d61c,2025-04-27T21:15:16.300000
CVE-2025-3986,1,1,a0e1201b88b75d6c55b2ee17152f7769e22b6a804358c0ed782ae172b0f049f0,2025-04-27T21:15:16.943000
CVE-2025-39930,0,0,42a6955cb0fac1dbd2e5441fb532d9f28b1aaca2d877ee160dbbe720b8efb409,2025-04-21T14:23:45.950000
CVE-2025-39989,0,0,0cc48b7ef86c29cf020b5aeed708c2666289505a450cbef1f0919638b4d7450b,2025-04-21T14:23:45.950000
CVE-2025-40014,0,0,cd080bf4e4d482813f829913b5bcdc82f102b28a1076dcf4e2daf085d68110b7,2025-04-21T14:23:45.950000
@ -291531,3 +291535,5 @@ CVE-2025-46672,0,0,a515f04f2684525b908fbd5bf52c62317ae3f104cec7ce6d3fbe0f544f2f5
CVE-2025-46673,0,0,b4b185c7af04fb38cea193788026d34ee5cbd860f38177d871857854e4306632,2025-04-27T01:15:44.477000
CVE-2025-46674,0,0,46444152edd713c1307e6ccc5d1033b322cbe1d07cb6f10dea38fc2301d3d28e,2025-04-27T01:15:44.623000
CVE-2025-46675,0,0,b3c69f529ef42425a6977cddb596299cf9685586acba195a28c535b569b687f2,2025-04-27T01:15:44.773000
CVE-2025-46687,1,1,789cec1c054b7dade348dec5c2f11d4567b685dabe9a5263743b00e5f6421591,2025-04-27T20:15:15.720000
CVE-2025-46688,1,1,f3d2ea119df6e35adcd93220be80edb4d0564ed70f8b95b8ee493efc04bb42de,2025-04-27T20:15:15.877000

Can't render this file because it is too large.