admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-07-08T02:00:11.860634+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-07-08 02:03:48 +00:00
parent 6589c462d0
commit 91d994126e
37 changed files with 2298 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2014/CVE-2014-39xx/CVE-2014-3931.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-3931",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-03-31T16:59:00.237",
"lastModified": "2025-07-07T18:15:22.823",
"lastModified": "2025-07-08T01:00:02.203",
"vulnStatus": "Deferred",
"cveTags": [],
"descriptions": [
@ -86,6 +86,10 @@
}
]
},
"cisaExploitAdd": "2025-07-07",
"cisaActionDue": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",

6
CVE-2016/CVE-2016-100xx/CVE-2016-10033.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10033",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-12-30T19:59:00.137",
"lastModified": "2025-07-07T19:15:22.037",
"lastModified": "2025-07-08T01:00:02.203",
"vulnStatus": "Deferred",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
}
]
},
"cisaExploitAdd": "2025-07-07",
"cisaActionDue": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "PHPMailer Command Injection Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",

6
CVE-2019/CVE-2019-54xx/CVE-2019-5418.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-5418",
"sourceIdentifier": "support@hackerone.com",
"published": "2019-03-27T14:29:01.533",
"lastModified": "2025-07-07T18:15:24.157",
"lastModified": "2025-07-08T01:00:02.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
}
]
},
"cisaExploitAdd": "2025-07-07",
"cisaActionDue": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Rails Ruby on Rails Path Traversal Vulnerability",
"weaknesses": [
{
"source": "support@hackerone.com",

6
CVE-2019/CVE-2019-96xx/CVE-2019-9621.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9621",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-04-30T18:29:08.633",
"lastModified": "2025-07-07T18:15:24.450",
"lastModified": "2025-07-08T01:00:02.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -86,6 +86,10 @@
}
]
},
"cisaExploitAdd": "2025-07-07",
"cisaActionDue": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",

60
CVE-2025/CVE-2025-313xx/CVE-2025-31326.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-31326",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:21.810",
"lastModified": "2025-07-08T01:15:21.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP\ufffdBusinessObjects Business\ufffdIntelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3573199",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42952.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42952",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.000",
"lastModified": "2025-07-08T01:15:22.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3623255",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42953.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42953",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.163",
"lastModified": "2025-07-08T01:15:22.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3623440",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42954.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42954",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.317",
"lastModified": "2025-07-08T01:15:22.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3608156",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42959.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42959",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.477",
"lastModified": "2025-07-08T01:15:22.477",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-308"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3600846",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42960.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42960",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.633",
"lastModified": "2025-07-08T01:15:22.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.\ufffdIt has no impact on the confidentiality and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3608991",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42961.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42961",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.783",
"lastModified": "2025-07-08T01:15:22.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3610322",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42962.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42962",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:22.937",
"lastModified": "2025-07-08T01:15:22.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3604212",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42963.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42963",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.093",
"lastModified": "2025-07-08T01:15:23.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3621771",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42964.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42964",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.240",
"lastModified": "2025-07-08T01:15:23.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3621236",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42965.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42965",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.440",
"lastModified": "2025-07-08T01:15:23.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3598118",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42966.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42966",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.630",
"lastModified": "2025-07-08T01:15:23.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3610892",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42967.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42967",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.787",
"lastModified": "2025-07-08T01:15:23.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3618955",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42968.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42968",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:23.950",
"lastModified": "2025-07-08T01:15:23.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3621037",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42969.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42969",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.120",
"lastModified": "2025-07-08T01:15:24.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation, the attacker can access or modify sensitive information within the scope of victim's web browser, with no impact on availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3596987",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42970.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42970",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.290",
"lastModified": "2025-07-08T01:15:24.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3595156",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42971.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42971",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.463",
"lastModified": "2025-07-08T01:15:24.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3595141",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42973.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42973",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.623",
"lastModified": "2025-07-08T01:15:24.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3606103",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42974.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42974",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.773",
"lastModified": "2025-07-08T01:15:24.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3610056",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42978.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42978",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:24.930",
"lastModified": "2025-07-08T01:15:24.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-940"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557179",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42979.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42979",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.107",
"lastModified": "2025-07-08T01:15:25.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user\ufffds windows registry could recreate the original password. There is no impact on integrity or availability of the application"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3607513",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42980.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42980",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.270",
"lastModified": "2025-07-08T01:15:25.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3620498",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42981.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42981",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.427",
"lastModified": "2025-07-08T01:15:25.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3617131",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42985.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42985",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.577",
"lastModified": "2025-07-08T01:15:25.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3617380",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42986.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42986",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.730",
"lastModified": "2025-07-08T01:15:25.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3626440",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-429xx/CVE-2025-42992.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-42992",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:25.887",
"lastModified": "2025-07-08T01:15:25.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3595143",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-430xx/CVE-2025-43001.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-43001",
"sourceIdentifier": "cna@sap.com",
"published": "2025-07-08T01:15:26.047",
"lastModified": "2025-07-08T01:15:26.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3595143",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

145
CVE-2025/CVE-2025-71xx/CVE-2025-7152.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-7152",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-08T00:15:22.443",
"lastModified": "2025-07-08T00:15:22.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/y2xsec324/cve/issues/8",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.315090",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.315090",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.606226",
"source": "cna@vuldb.com"
},
{
"url": "https://www.campcodes.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-71xx/CVE-2025-7153.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-7153",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-08T00:15:23.237",
"lastModified": "2025-07-08T00:15:23.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://codeastro.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Vanshdhawan188/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS-Doctors-Page/blob/main/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS-Doctors%20Page.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.315091",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.315091",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.606216",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-71xx/CVE-2025-7154.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-7154",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-08T01:15:26.200",
"lastModified": "2025-07-08T01:15:26.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/FLY200503/IoT-vul/blob/master/Totolink/N200RE/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.315092",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.315092",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.606230",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

149
CVE-2025/CVE-2025-71xx/CVE-2025-7155.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-7155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-08T01:15:26.400",
"lastModified": "2025-07-08T01:15:26.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md#-step-by-step-exploitation-poc",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.315093",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.315093",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.606281",
"source": "cna@vuldb.com"
}
]
}

45
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-07-07T23:55:10.855052+00:00
2025-07-08T02:00:11.860634+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-07-07T23:15:23.813000+00:00
2025-07-08T01:15:26.400000+00:00
```
### Last Data Feed Release
@ -27,29 +27,54 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-07-07T00:00:02.113885+00:00
2025-07-08T00:00:02.131304+00:00
```
### Total Number of included CVEs
```plain
300707
300738
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `31`
- [CVE-2025-7148](CVE-2025/CVE-2025-71xx/CVE-2025-7148.json) (`2025-07-07T22:15:27.227`)
- [CVE-2025-7149](CVE-2025/CVE-2025-71xx/CVE-2025-7149.json) (`2025-07-07T22:15:27.460`)
- [CVE-2025-7150](CVE-2025/CVE-2025-71xx/CVE-2025-7150.json) (`2025-07-07T23:15:23.207`)
- [CVE-2025-7151](CVE-2025/CVE-2025-71xx/CVE-2025-7151.json) (`2025-07-07T23:15:23.813`)
- [CVE-2025-42961](CVE-2025/CVE-2025-429xx/CVE-2025-42961.json) (`2025-07-08T01:15:22.783`)
- [CVE-2025-42962](CVE-2025/CVE-2025-429xx/CVE-2025-42962.json) (`2025-07-08T01:15:22.937`)
- [CVE-2025-42963](CVE-2025/CVE-2025-429xx/CVE-2025-42963.json) (`2025-07-08T01:15:23.093`)
- [CVE-2025-42964](CVE-2025/CVE-2025-429xx/CVE-2025-42964.json) (`2025-07-08T01:15:23.240`)
- [CVE-2025-42965](CVE-2025/CVE-2025-429xx/CVE-2025-42965.json) (`2025-07-08T01:15:23.440`)
- [CVE-2025-42966](CVE-2025/CVE-2025-429xx/CVE-2025-42966.json) (`2025-07-08T01:15:23.630`)
- [CVE-2025-42967](CVE-2025/CVE-2025-429xx/CVE-2025-42967.json) (`2025-07-08T01:15:23.787`)
- [CVE-2025-42968](CVE-2025/CVE-2025-429xx/CVE-2025-42968.json) (`2025-07-08T01:15:23.950`)
- [CVE-2025-42969](CVE-2025/CVE-2025-429xx/CVE-2025-42969.json) (`2025-07-08T01:15:24.120`)
- [CVE-2025-42970](CVE-2025/CVE-2025-429xx/CVE-2025-42970.json) (`2025-07-08T01:15:24.290`)
- [CVE-2025-42971](CVE-2025/CVE-2025-429xx/CVE-2025-42971.json) (`2025-07-08T01:15:24.463`)
- [CVE-2025-42973](CVE-2025/CVE-2025-429xx/CVE-2025-42973.json) (`2025-07-08T01:15:24.623`)
- [CVE-2025-42974](CVE-2025/CVE-2025-429xx/CVE-2025-42974.json) (`2025-07-08T01:15:24.773`)
- [CVE-2025-42978](CVE-2025/CVE-2025-429xx/CVE-2025-42978.json) (`2025-07-08T01:15:24.930`)
- [CVE-2025-42979](CVE-2025/CVE-2025-429xx/CVE-2025-42979.json) (`2025-07-08T01:15:25.107`)
- [CVE-2025-42980](CVE-2025/CVE-2025-429xx/CVE-2025-42980.json) (`2025-07-08T01:15:25.270`)
- [CVE-2025-42981](CVE-2025/CVE-2025-429xx/CVE-2025-42981.json) (`2025-07-08T01:15:25.427`)
- [CVE-2025-42985](CVE-2025/CVE-2025-429xx/CVE-2025-42985.json) (`2025-07-08T01:15:25.577`)
- [CVE-2025-42986](CVE-2025/CVE-2025-429xx/CVE-2025-42986.json) (`2025-07-08T01:15:25.730`)
- [CVE-2025-42992](CVE-2025/CVE-2025-429xx/CVE-2025-42992.json) (`2025-07-08T01:15:25.887`)
- [CVE-2025-43001](CVE-2025/CVE-2025-430xx/CVE-2025-43001.json) (`2025-07-08T01:15:26.047`)
- [CVE-2025-7152](CVE-2025/CVE-2025-71xx/CVE-2025-7152.json) (`2025-07-08T00:15:22.443`)
- [CVE-2025-7153](CVE-2025/CVE-2025-71xx/CVE-2025-7153.json) (`2025-07-08T00:15:23.237`)
- [CVE-2025-7154](CVE-2025/CVE-2025-71xx/CVE-2025-7154.json) (`2025-07-08T01:15:26.200`)
- [CVE-2025-7155](CVE-2025/CVE-2025-71xx/CVE-2025-7155.json) (`2025-07-08T01:15:26.400`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `4`
- [CVE-2014-3931](CVE-2014/CVE-2014-39xx/CVE-2014-3931.json) (`2025-07-08T01:00:02.203`)
- [CVE-2016-10033](CVE-2016/CVE-2016-100xx/CVE-2016-10033.json) (`2025-07-08T01:00:02.203`)
- [CVE-2019-5418](CVE-2019/CVE-2019-54xx/CVE-2019-5418.json) (`2025-07-08T01:00:02.203`)
- [CVE-2019-9621](CVE-2019/CVE-2019-96xx/CVE-2019-9621.json) (`2025-07-08T01:00:02.203`)
## Download and Usage

47
_state.csv
View File

@ -68077,7 +68077,7 @@ CVE-2014-3927,0,0,86f636600b41c5e01ae9967b39f677a51a2614708364a31a10d26e1eca205a
CVE-2014-3928,0,0,903fe252a26598e26721b5e748691d6e637f528bf5e422b456648cde071378fc,2025-04-20T01:37:25.860000
CVE-2014-3929,0,0,a04e609ecad2281abeae888f29ace5eb02089955860b530f0f5076208b03f57c,2025-04-20T01:37:25.860000
CVE-2014-3930,0,0,a98d9d9f1bbc1b58fcae623f751d2a962630568247ddb3bca8772d4427b3bca7,2025-04-20T01:37:25.860000
CVE-2014-3931,0,0,8bf485a3924bd989d2df6998ad0d5f72da529553507d2287638ad64932a53bfa,2025-07-07T18:15:22.823000
CVE-2014-3931,0,1,628d07f0c1c56b2cc5a6ff2040e4011b02801df70e31b448ea860c0f2309565f,2025-07-08T01:00:02.203000
CVE-2014-3932,0,0,ec39df121430fdf6f013310dfb615cec4434a46af1eee3651caae1ec3608387f,2025-04-12T10:46:40.837000
CVE-2014-3933,0,0,7629fc2ce8142d295259c168213a9f8a3f509951c17abd0ff5932ddf5a1bdab8,2025-04-12T10:46:40.837000
CVE-2014-3934,0,0,def88b2e92d8f646c21582f774bcc5bc7fd2f8fe2ce4066cdc5029d389b5b5be,2025-04-12T10:46:40.837000
@ -83370,7 +83370,7 @@ CVE-2016-10029,0,0,982b531edcf8cdd93554ea1fb21fb6f57d44ee3b5c10cc1164cc6767eac73
CVE-2016-1003,0,0,46f4e8b9f3f1587cc78f0e4731fc46641c247866f4b72789f875d8e0fe9630d3,2023-11-07T02:29:50.493000
CVE-2016-10030,0,0,48644b453420d45898b778f35cf7709150aa36ac2e0fc075871d929b762614ba,2025-04-12T10:46:40.837000
CVE-2016-10031,0,0,499234c3922a7ad8a4fa0e055a5f42b6648f3167133f5b84c539fdb775e59d66,2025-04-12T10:46:40.837000
CVE-2016-10033,0,0,4e38df6094d0f5f061dfdb71fe2d8a21f07826d48deda8a0fa4cac79cb8add98,2025-07-07T19:15:22.037000
CVE-2016-10033,0,1,7b3a3e63d01eee64e8977e4bfcd78a186b1a3712c95acfaf66e32aa1e3c6a0bc,2025-07-08T01:00:02.203000
CVE-2016-10034,0,0,4b4e8dfb9cf57831c04fd52dbf89ae45182ae1bd15cfad3c3cfeba8de274476e,2025-04-12T10:46:40.837000
CVE-2016-10036,0,0,ff09b000fa6dd15cb7c2846e0b66629a237528e8defb152934ba992b988032f2,2024-11-21T02:43:07.953000
CVE-2016-10037,0,0,adcdda088e2432a6585e17a419dd984b0727cab2390a62345c5125065180e123,2025-04-12T10:46:40.837000
@ -140663,7 +140663,7 @@ CVE-2019-5414,0,0,0b6e623da7fa05cc02c9d4ae273975a56909dde7118ce987ea3ad6d32acc92
CVE-2019-5415,0,0,1e91a7c37cbce12d8b7111c2c34f6147cf14cd1ced6bddf7c149d21750872544,2024-11-21T04:44:53.557000
CVE-2019-5416,0,0,b100879971280c379ffe8a500bc78a0ea0baf7b8f5be094c6a408a9a239580ef,2024-11-21T04:44:53.667000
CVE-2019-5417,0,0,d98c5f7add52766fc7c3e142426b4ba800ad9d35719d2543c1e890dd9b2efb27,2024-11-21T04:44:53.777000
CVE-2019-5418,0,0,f3ad5d89b2bbd1eea78ff6fab276ca50b0228482e5be4357bba355584dc2d5e3,2025-07-07T18:15:24.157000
CVE-2019-5418,0,1,0ca62e2a1a1492d82f32aebdb56b377303eb90309149976f1dcdcac5aea3164a,2025-07-08T01:00:02.203000
CVE-2019-5419,0,0,2ac65527707212d60b559b1ed0c37c5ef3373d700a556d668634c4b4b1fe2523,2024-11-21T04:44:54.017000
CVE-2019-5420,0,0,f19b3724aa167883e4e4e56b2c5c938fcb345d2d81dc9479f43ac2289ffe0ce0,2024-11-21T04:44:54.150000
CVE-2019-5421,0,0,a858970ade7d911d7af83b8bcbd0976bda524681608de710f41e0feb41cc2376,2024-11-21T04:44:54.277000
@ -144022,7 +144022,7 @@ CVE-2019-9616,0,0,a66344f9c3f4cda343b0f89c1932c7c323618ca0c5677bd95ae90978bdd96c
CVE-2019-9617,0,0,b95d192402e6296f016c4d751164ca3cf0686290005bd89d09ee11437643981c,2024-11-21T04:51:58.763000
CVE-2019-9618,0,0,dfc826e406483085c59aa198a8cd6c3ac0f507e9de2603141a59077d821c0bc0,2024-11-21T04:51:58.900000
CVE-2019-9619,0,0,529d01e46fda23f944ae56887b327d92043af68907cc5438f833b6270706b398,2023-11-07T03:13:44.243000
CVE-2019-9621,0,0,b7031fa0434bf19284b5e58e1382ec28b73ad6abd55ff5897ab6e4320b47e9e6,2025-07-07T18:15:24.450000
CVE-2019-9621,0,1,621e1d19c00a9e4cebb683612101386bde7ef8775dd41e0b53b56795c1ba5f31,2025-07-08T01:00:02.203000
CVE-2019-9622,0,0,a5313a359c697e81fe3f797489d45a2f1b7097f6e6cea15017862e84fe5fee4d,2024-11-21T04:51:59.223000
CVE-2019-9623,0,0,3c5698b655752a654204af8c8ad0713732eb40f37e01a957d6775d041ae21380,2024-11-21T04:51:59.367000
CVE-2019-9624,0,0,cea2615715668acccc818448dcb48e3ad579d43c3e890307bbe45eb64b410d05,2024-11-21T04:51:59.507000
@ -292332,6 +292332,7 @@ CVE-2025-3130,0,0,3331839c90977481f0952c53c01c561e7ce3f9a4b6241dc2a679ea92329653
CVE-2025-3131,0,0,22058460edb80eeb28e47627ce19a90708c04371cfdf5beafe6e1efa2f6db14c,2025-04-22T16:16:30.543000
CVE-2025-31324,0,0,f022551eb03f972b51d5adf3fa8b8bd88e48c383f69788d6260b2cb6e8237e8d,2025-05-06T20:59:33.773000
CVE-2025-31325,0,0,550c7b1d47a5a5766f5606913daeeb0e6f07a070553574431b9e6eac29d0e505,2025-06-12T16:06:39.330000
CVE-2025-31326,1,1,97747191f9d7ecb4e551a0c0d26b8a5797d5787be7e35a1195ff20aa4c1d858d,2025-07-08T01:15:21.810000
CVE-2025-31327,0,0,32f90adc396c5de5b649e8fa5cbb5b70c97a786ce6ce173df87cdac30806552e,2025-04-23T14:08:13.383000
CVE-2025-31328,0,0,7562727b37bc696206e3437191848ea7fd9fb71483caff96e2687c6513ba8732,2025-04-23T14:08:13.383000
CVE-2025-31329,0,0,1fc101be6dd06c49bba529860427b1b9723c1206bb0b29e1d558e09c6f01e194,2025-05-13T19:35:25.503000
@ -295809,18 +295810,43 @@ CVE-2025-4291,0,0,3c966d095e0027ee25fc69633f95e30252d911138428dd59f98b42d5972922
CVE-2025-4292,0,0,3b0e06bfdd97a17ba7f68946a85abe7ce662b331b5db371d423d8c2c22e38a38,2025-06-17T20:17:44
CVE-2025-42921,0,0,fe45c9bf48d8b64b0cac9604dcc1ad3071452dfd7112cafe12dd9c33c82af017,2025-04-23T15:25:30.927000
CVE-2025-4293,0,0,3e0fba3b11651bbd0f80afc0b87a24c09c8226e80f3350735e023f15e0a509b4,2025-06-17T20:17:29.200000
CVE-2025-42952,1,1,768bcb21d776f11485a2152ac2dc0bc7598a8ee5e50ee1082d5b052c728d9328,2025-07-08T01:15:22
CVE-2025-42953,1,1,1741d0db8362bf68b72a94a7bc94759493f1591ad7cdcbfb856df8c762f30086,2025-07-08T01:15:22.163000
CVE-2025-42954,1,1,3d6fa81167173620b022305ba34ea04bc5b97373e3681aaccd6730092982902a,2025-07-08T01:15:22.317000
CVE-2025-42959,1,1,d5b01cf70a8a433d4660d71c79e0cd35066490817f078e01438734aadc02e44f,2025-07-08T01:15:22.477000
CVE-2025-42960,1,1,a89186331f55bed8cbab7ef13d784bde9dc4953755cfe296098974f13d09bafe,2025-07-08T01:15:22.633000
CVE-2025-42961,1,1,2a9cd005f1d38d17bbbd4cdadb65a99fa4810911bd990533ae7e0c7f7028d38f,2025-07-08T01:15:22.783000
CVE-2025-42962,1,1,10a76ecedc82f8c73f4165b127729cde329e2a1b8397decd07283e995d13713f,2025-07-08T01:15:22.937000
CVE-2025-42963,1,1,3eceb758431bd7a9b776e6e359f16ac8c0bd21ef6b4f957b0e4b861a43f9a6ad,2025-07-08T01:15:23.093000
CVE-2025-42964,1,1,35eca8fe2e5b0b8592914d5f9aceac811262537d112dd16fac42dd7a2874f291,2025-07-08T01:15:23.240000
CVE-2025-42965,1,1,5468ec2b856abda7976d3a7237854316e3a567ad8f1e21914fd754cca072a790,2025-07-08T01:15:23.440000
CVE-2025-42966,1,1,f5060d8be8c97a112f6bc890e97f1361483623af18e26949db8b983231720bd9,2025-07-08T01:15:23.630000
CVE-2025-42967,1,1,a6e510917a634ebb18bbae9d20133392f6b21c2e7e0c465ace2491b306170cbb,2025-07-08T01:15:23.787000
CVE-2025-42968,1,1,8d0a352810ded26f1ea99be4361c89b7f442d5266f1052174dabce56e8dd9e2f,2025-07-08T01:15:23.950000
CVE-2025-42969,1,1,9338f259fb3824acc0cf0f061beeaca8fff6d92da434d45e0c6b7290c985ddcf,2025-07-08T01:15:24.120000
CVE-2025-4297,0,0,2125bd423cd8ee8185dc917035443ae13b98a933b8dab9e4e9a974e1b93ea733,2025-05-16T17:44:43.850000
CVE-2025-42970,1,1,297fc1e2ba1c14dbe5bd505fa3c89552007ea34556578cbbf833ac087705be7b,2025-07-08T01:15:24.290000
CVE-2025-42971,1,1,4cad154b4ee90a857234e7063e5c465f9082e3eb4d5b97a829dcca0253a74c9d,2025-07-08T01:15:24.463000
CVE-2025-42973,1,1,49b8336a92be1c55e6b9eb63e4c5855a9103ff4ee08c29904e5bb21666614cfc,2025-07-08T01:15:24.623000
CVE-2025-42974,1,1,2110eefab2c0feb97089f6b4f42310beea47c1c0fe5b1d7e1f69b412e743935a,2025-07-08T01:15:24.773000
CVE-2025-42977,0,0,cc9ae0e46200dea4243b9844a4fe105554475587976aa2e885549e66131394da,2025-06-12T16:06:39.330000
CVE-2025-42978,1,1,2523b44e162b8bd1d841960211fe9d53134ee2f7a88691f864fd3ddeb7e14606,2025-07-08T01:15:24.930000
CVE-2025-42979,1,1,05a43941f2db0c355cef3d700bc8e776e51a17162eeda5028cce22375c0f9b15,2025-07-08T01:15:25.107000
CVE-2025-4298,0,0,e54afc5cb294aa37ab5ddf7cb60307aaa6afeb78004ee588006228c0c5b744b4,2025-05-13T20:06:19.080000
CVE-2025-42980,1,1,025244ac3cd19547b69de612ccd1f7e177717aacc7ebab940de3d9eb2517fa1d,2025-07-08T01:15:25.270000
CVE-2025-42981,1,1,c03cbc3aec3769340850877e016e67298a888abdd40e3cc82b8b3705d8fe406a,2025-07-08T01:15:25.427000
CVE-2025-42982,0,0,e6968c3fd7871556e1e29606a4f8dbcd4707b8846dc0d2a09bc157db8b57cc24,2025-06-12T16:06:39.330000
CVE-2025-42983,0,0,1b0371afa97d4d0347bddcd8ab1cfda4660ea8f2c5878217b37c9e5cdc2ac967,2025-06-12T16:06:39.330000
CVE-2025-42984,0,0,7e6a153ab4f0a760b3d0e2df015134c0a7cce8a9e0c5a0424eb4c14f09f58894,2025-06-12T16:06:39.330000
CVE-2025-42985,1,1,23bfa90335b4026cee62c8268f435b9b1edd6f9821da86eb80e036ca956ae9e3,2025-07-08T01:15:25.577000
CVE-2025-42986,1,1,eb2ac8fff323b248a9469f1f0699df7f57c8a401b7d13bc375054f7b2bdb9f8b,2025-07-08T01:15:25.730000
CVE-2025-42987,0,0,57e561deb69074295408ad93b87915b59df3e27da58e7c9dc77ffc675fb4f969,2025-06-12T16:06:39.330000
CVE-2025-42988,0,0,802715f7a93ebc8f9f5311d82d3ea45d70eb23bce1f100c736f7d19e12e423ab,2025-06-12T16:06:39.330000
CVE-2025-42989,0,0,f7c874047faa5bbde13807979293b3a3f749e5612e701215df5efa9c37a39e0c,2025-06-12T16:06:39.330000
CVE-2025-4299,0,0,cc4a3e24204515aaf4850521a61cefe5731008dd8b97ebba472ff5c5a801f5ca,2025-05-13T20:06:00.377000
CVE-2025-42990,0,0,3a9e5f7c57455afc01a40c0ea2245139d37a87774fde193be7c4255a63f51cb4,2025-06-12T16:06:39.330000
CVE-2025-42991,0,0,483fe762357a709c84ee8b01c25339045c78ff0318a3cc007a6356796e166421,2025-06-12T16:06:39.330000
CVE-2025-42992,1,1,96ce2567afed88e5f49a397de2e5cd2b29cc5415d8f6a30174112626eb1ac1e0,2025-07-08T01:15:25.887000
CVE-2025-42993,0,0,770b23d31b6a3733e5f2e2910516b7bc5d5f11275ee3a601562cde06caf0884c,2025-06-12T16:06:39.330000
CVE-2025-42994,0,0,145ac3aa415b4167c9777bfe2d4a55a89181bcc2e386f22a825736b3071eaabb,2025-06-12T16:06:39.330000
CVE-2025-42995,0,0,3ec9ec8f855874770ecce1d03a99a91e674f14d0bfac33ac9017da879811ca6f,2025-06-12T16:06:39.330000
@ -295830,6 +295856,7 @@ CVE-2025-42998,0,0,2bfe656344a0b85a5f4fff2abcf4a6577e799789f89dc0ea98745669a30ec
CVE-2025-42999,0,0,a0a9942912bd021b739fb32ce123af4bb7497f07493d1c056f2a75451f04f20d,2025-05-16T19:44:49.400000
CVE-2025-4300,0,0,f7c03ed92744380706d903a9f694588f32e405152084eae0fc0569337f5db7ce,2025-05-13T20:22:08.717000
CVE-2025-43000,0,0,e31fc74811b3e3770c864cd0f324b9ae9ae79a3c82cdc5b33a35261048a81925,2025-05-13T19:35:25.503000
CVE-2025-43001,1,1,b0c7292d301e8ed28cbd3ff11650a2455582cf81da9979e867729586e9206a22,2025-07-08T01:15:26.047000
CVE-2025-43002,0,0,434480ab85f45382cf8911be3496b00027aeca710a87c1831baed9aeffb6a42f,2025-05-13T19:35:18.080000
CVE-2025-43003,0,0,c5a14dcddb63dd3a6317cb81df2b91482d1e16b9c687c3fd2da6622f294a0a59,2025-05-13T19:35:18.080000
CVE-2025-43004,0,0,c44496c430b2ebc5fb5dac27e9ac73a29a0d9eebcd7c1bf6e68e10748aefecc2,2025-05-13T19:35:18.080000
@ -300701,8 +300728,12 @@ CVE-2025-7143,0,0,441a473db5cda09d82dbc5979193f84fa710d47454b8ae4677353bd10912f3
CVE-2025-7144,0,0,3a3f7e613c6b4721f9d407a0cae7ad541c6187fe8ca540eb529ba3f7de3b744e,2025-07-07T21:15:25.987000
CVE-2025-7145,0,0,0431922fce794ebe2fb76c85f6a92686a8078a8927733582f3cad39cb892c9b6,2025-07-07T03:15:30.917000
CVE-2025-7147,0,0,36fb7d2d81135c9ac916fbf4d35323ae340d8c03e69ce3da100c81c97b562e84,2025-07-07T21:15:26.187000
CVE-2025-7148,1,1,fdd19e0d59a74004f00a2708d969a7d930d66906c39a8978c5f58893af295960,2025-07-07T22:15:27.227000
CVE-2025-7149,1,1,ad9d73cf832c7ebd837d39ea1fe909f87836f7cdc3f8f0ff995d4a33ff766e76,2025-07-07T22:15:27.460000
CVE-2025-7150,1,1,b77fe5f832cdc2282a603bb6e72f3afbcd6c075b6d2bbdb84173fce9a56d61d3,2025-07-07T23:15:23.207000
CVE-2025-7151,1,1,e82251d7fe83a1332b07026c390af5ec1aa1c1e0d2d58d9e016eca5cf7deba86,2025-07-07T23:15:23.813000
CVE-2025-7148,0,0,fdd19e0d59a74004f00a2708d969a7d930d66906c39a8978c5f58893af295960,2025-07-07T22:15:27.227000
CVE-2025-7149,0,0,ad9d73cf832c7ebd837d39ea1fe909f87836f7cdc3f8f0ff995d4a33ff766e76,2025-07-07T22:15:27.460000
CVE-2025-7150,0,0,b77fe5f832cdc2282a603bb6e72f3afbcd6c075b6d2bbdb84173fce9a56d61d3,2025-07-07T23:15:23.207000
CVE-2025-7151,0,0,e82251d7fe83a1332b07026c390af5ec1aa1c1e0d2d58d9e016eca5cf7deba86,2025-07-07T23:15:23.813000
CVE-2025-7152,1,1,b0ead946247ac6343a0ade2c5e0f7cbb077e4de4f4c5032b861f243aebf010bd,2025-07-08T00:15:22.443000
CVE-2025-7153,1,1,da301161fc245318be20b04dc3fd4bdfe29fcc0f9c8a67e241a00dbb990ab636,2025-07-08T00:15:23.237000
CVE-2025-7154,1,1,1a8533e879ab30d649d5fc250b936c00821e4e6c5eb1a6831ec7843a20c7863b,2025-07-08T01:15:26.200000
CVE-2025-7155,1,1,18f65f6bc617669b8e2e10d2a7c547bbba3f724f23c4fc3a98eafbf5453296a3,2025-07-08T01:15:26.400000
CVE-2025-7259,0,0,92aedb6a5e38fb030175a289364c754cf67f487a6a25e9d17c23717610f38507,2025-07-07T16:15:30.440000

Can't render this file because it is too large.