From 8ec9e97a3a271b8aeab8a00f1bd334877de7b51c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 23 Mar 2025 11:03:50 +0000 Subject: [PATCH] Auto-Update: 2025-03-23T11:00:19.177455+00:00 --- CVE-2025/CVE-2025-26xx/CVE-2025-2645.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-26xx/CVE-2025-2646.json | 145 ++++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 301 insertions(+), 10 deletions(-) create mode 100644 CVE-2025/CVE-2025-26xx/CVE-2025-2645.json create mode 100644 CVE-2025/CVE-2025-26xx/CVE-2025-2646.json diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json new file mode 100644 index 00000000000..e5819a74562 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2645.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2645", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T09:15:16.060", + "lastModified": "2025-03-23T09:15:16.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300660", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300660", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519775", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json new file mode 100644 index 00000000000..8243174d6f2 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2646.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2646", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T10:15:12.810", + "lastModified": "2025-03-23T10:15:12.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/9", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300661", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300661", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519776", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 33bfac3aff7..127743785dc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-23T09:00:19.530133+00:00 +2025-03-23T11:00:19.177455+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-23T08:15:12.743000+00:00 +2025-03-23T10:15:12.810000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -286237 +286239 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-2642](CVE-2025/CVE-2025-26xx/CVE-2025-2642.json) (`2025-03-23T07:15:12.103`) -- [CVE-2025-2643](CVE-2025/CVE-2025-26xx/CVE-2025-2643.json) (`2025-03-23T08:15:11.860`) -- [CVE-2025-2644](CVE-2025/CVE-2025-26xx/CVE-2025-2644.json) (`2025-03-23T08:15:12.743`) +- [CVE-2025-2645](CVE-2025/CVE-2025-26xx/CVE-2025-2645.json) (`2025-03-23T09:15:16.060`) +- [CVE-2025-2646](CVE-2025/CVE-2025-26xx/CVE-2025-2646.json) (`2025-03-23T10:15:12.810`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index ec064825451..40458402a2d 100644 --- a/_state.csv +++ b/_state.csv @@ -285436,9 +285436,11 @@ CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048 CVE-2025-2641,0,0,5bff2143551f23ed0380bb2239d799975000e33937d7ded7e915049538056cf4,2025-03-23T05:15:12.020000 CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000 CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000 -CVE-2025-2642,1,1,e1f81c838fa9f0928a247f201d475bd86d7a1f7b0c1164be84c4537af5335a0c,2025-03-23T07:15:12.103000 -CVE-2025-2643,1,1,be83629595a0002533e8fe6f3a5c423b1e82cbe18965e3253b8bd0bb16a44145,2025-03-23T08:15:11.860000 -CVE-2025-2644,1,1,f76973c0303e544b82568f33bac265bf55804389a0131d568d7f1757ed2f91af,2025-03-23T08:15:12.743000 +CVE-2025-2642,0,0,e1f81c838fa9f0928a247f201d475bd86d7a1f7b0c1164be84c4537af5335a0c,2025-03-23T07:15:12.103000 +CVE-2025-2643,0,0,be83629595a0002533e8fe6f3a5c423b1e82cbe18965e3253b8bd0bb16a44145,2025-03-23T08:15:11.860000 +CVE-2025-2644,0,0,f76973c0303e544b82568f33bac265bf55804389a0131d568d7f1757ed2f91af,2025-03-23T08:15:12.743000 +CVE-2025-2645,1,1,8d73de360e25baafe444d070f4d907abbc17e9dd640dd760dce92ff0a1ddbee0,2025-03-23T09:15:16.060000 +CVE-2025-2646,1,1,49e88a4168caa534ea466ca215f11cabee5282d4f780cdcf983eac3333d6df4c,2025-03-23T10:15:12.810000 CVE-2025-26465,0,0,10ca81b0503bc2056f51aff42b836da7e13cef94fb05326f3b97cc95851c9520,2025-03-06T17:20:00.520000 CVE-2025-26466,0,0,7e41d5cb0f04df9b23d47e085939285815b80db61162a3634dbd18c39c71ef9f,2025-03-21T16:15:18.677000 CVE-2025-26473,0,0,41b0bd46f32c6729eefb29a2666cce546dde395dd2362800539aebed7d4bc19a,2025-03-19T10:34:55.550000