diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json new file mode 100644 index 00000000000..e5819a74562 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2645", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T09:15:16.060", + "lastModified": "2025-03-23T09:15:16.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300660", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300660", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519775", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json new file mode 100644 index 00000000000..8243174d6f2 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2646", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T10:15:12.810", + "lastModified": "2025-03-23T10:15:12.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/9", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300661", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300661", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519776", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 33bfac3aff7..127743785dc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-23T09:00:19.530133+00:00 +2025-03-23T11:00:19.177455+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-23T08:15:12.743000+00:00 +2025-03-23T10:15:12.810000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -286237 +286239 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-2642](CVE-2025/CVE-2025-26xx/CVE-2025-2642.json) (`2025-03-23T07:15:12.103`) -- [CVE-2025-2643](CVE-2025/CVE-2025-26xx/CVE-2025-2643.json) (`2025-03-23T08:15:11.860`) -- [CVE-2025-2644](CVE-2025/CVE-2025-26xx/CVE-2025-2644.json) (`2025-03-23T08:15:12.743`) +- [CVE-2025-2645](CVE-2025/CVE-2025-26xx/CVE-2025-2645.json) (`2025-03-23T09:15:16.060`) +- [CVE-2025-2646](CVE-2025/CVE-2025-26xx/CVE-2025-2646.json) (`2025-03-23T10:15:12.810`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index ec064825451..40458402a2d 100644 --- a/_state.csv +++ b/_state.csv @@ -285436,9 +285436,11 @@ CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048 CVE-2025-2641,0,0,5bff2143551f23ed0380bb2239d799975000e33937d7ded7e915049538056cf4,2025-03-23T05:15:12.020000 CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000 CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000 -CVE-2025-2642,1,1,e1f81c838fa9f0928a247f201d475bd86d7a1f7b0c1164be84c4537af5335a0c,2025-03-23T07:15:12.103000 -CVE-2025-2643,1,1,be83629595a0002533e8fe6f3a5c423b1e82cbe18965e3253b8bd0bb16a44145,2025-03-23T08:15:11.860000 -CVE-2025-2644,1,1,f76973c0303e544b82568f33bac265bf55804389a0131d568d7f1757ed2f91af,2025-03-23T08:15:12.743000 +CVE-2025-2642,0,0,e1f81c838fa9f0928a247f201d475bd86d7a1f7b0c1164be84c4537af5335a0c,2025-03-23T07:15:12.103000 +CVE-2025-2643,0,0,be83629595a0002533e8fe6f3a5c423b1e82cbe18965e3253b8bd0bb16a44145,2025-03-23T08:15:11.860000 +CVE-2025-2644,0,0,f76973c0303e544b82568f33bac265bf55804389a0131d568d7f1757ed2f91af,2025-03-23T08:15:12.743000 +CVE-2025-2645,1,1,8d73de360e25baafe444d070f4d907abbc17e9dd640dd760dce92ff0a1ddbee0,2025-03-23T09:15:16.060000 +CVE-2025-2646,1,1,49e88a4168caa534ea466ca215f11cabee5282d4f780cdcf983eac3333d6df4c,2025-03-23T10:15:12.810000 CVE-2025-26465,0,0,10ca81b0503bc2056f51aff42b836da7e13cef94fb05326f3b97cc95851c9520,2025-03-06T17:20:00.520000 CVE-2025-26466,0,0,7e41d5cb0f04df9b23d47e085939285815b80db61162a3634dbd18c39c71ef9f,2025-03-21T16:15:18.677000 CVE-2025-26473,0,0,41b0bd46f32c6729eefb29a2666cce546dde395dd2362800539aebed7d4bc19a,2025-03-19T10:34:55.550000