From 91d994126e83c5d05ce8a108a82efaefd0618daf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 8 Jul 2025 02:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-07-08T02:00:11.860634+00:00 --- CVE-2014/CVE-2014-39xx/CVE-2014-3931.json | 6 +- CVE-2016/CVE-2016-100xx/CVE-2016-10033.json | 6 +- CVE-2019/CVE-2019-54xx/CVE-2019-5418.json | 6 +- CVE-2019/CVE-2019-96xx/CVE-2019-9621.json | 6 +- CVE-2025/CVE-2025-313xx/CVE-2025-31326.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42952.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42953.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42954.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42959.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42960.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42961.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42962.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42963.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42964.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42965.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42966.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42967.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42968.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42969.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42970.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42971.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42973.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42974.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42978.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42979.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42980.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42981.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42985.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42986.json | 60 ++++++++ CVE-2025/CVE-2025-429xx/CVE-2025-42992.json | 60 ++++++++ CVE-2025/CVE-2025-430xx/CVE-2025-43001.json | 60 ++++++++ CVE-2025/CVE-2025-71xx/CVE-2025-7152.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-71xx/CVE-2025-7153.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-71xx/CVE-2025-7154.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-71xx/CVE-2025-7155.json | 149 ++++++++++++++++++++ README.md | 45 ++++-- _state.csv | 47 ++++-- 37 files changed, 2298 insertions(+), 22 deletions(-) create mode 100644 CVE-2025/CVE-2025-313xx/CVE-2025-31326.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42952.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42953.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42954.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42959.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42960.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42961.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42962.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42963.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42964.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42965.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42966.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42967.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42968.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42969.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42970.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42971.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42973.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42974.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42978.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42979.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42980.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42981.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42985.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42986.json create mode 100644 CVE-2025/CVE-2025-429xx/CVE-2025-42992.json create mode 100644 CVE-2025/CVE-2025-430xx/CVE-2025-43001.json create mode 100644 CVE-2025/CVE-2025-71xx/CVE-2025-7152.json create mode 100644 CVE-2025/CVE-2025-71xx/CVE-2025-7153.json create mode 100644 CVE-2025/CVE-2025-71xx/CVE-2025-7154.json create mode 100644 CVE-2025/CVE-2025-71xx/CVE-2025-7155.json diff --git a/CVE-2014/CVE-2014-39xx/CVE-2014-3931.json b/CVE-2014/CVE-2014-39xx/CVE-2014-3931.json index 15ca5ae3b2b..41330c7297c 100644 --- a/CVE-2014/CVE-2014-39xx/CVE-2014-3931.json +++ b/CVE-2014/CVE-2014-39xx/CVE-2014-3931.json @@ -2,7 +2,7 @@ "id": "CVE-2014-3931", "sourceIdentifier": "cve@mitre.org", "published": "2017-03-31T16:59:00.237", - "lastModified": "2025-07-07T18:15:22.823", + "lastModified": "2025-07-08T01:00:02.203", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ @@ -86,6 +86,10 @@ } ] }, + "cisaExploitAdd": "2025-07-07", + "cisaActionDue": "2025-07-28", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability", "weaknesses": [ { "source": "nvd@nist.gov", diff --git a/CVE-2016/CVE-2016-100xx/CVE-2016-10033.json b/CVE-2016/CVE-2016-100xx/CVE-2016-10033.json index 2185d25e5af..6a06af15f5c 100644 --- a/CVE-2016/CVE-2016-100xx/CVE-2016-10033.json +++ b/CVE-2016/CVE-2016-100xx/CVE-2016-10033.json @@ -2,7 +2,7 @@ "id": "CVE-2016-10033", "sourceIdentifier": "cve@mitre.org", "published": "2016-12-30T19:59:00.137", - "lastModified": "2025-07-07T19:15:22.037", + "lastModified": "2025-07-08T01:00:02.203", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ @@ -84,6 +84,10 @@ } ] }, + "cisaExploitAdd": "2025-07-07", + "cisaActionDue": "2025-07-28", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "PHPMailer Command Injection Vulnerability", "weaknesses": [ { "source": "nvd@nist.gov", diff --git a/CVE-2019/CVE-2019-54xx/CVE-2019-5418.json b/CVE-2019/CVE-2019-54xx/CVE-2019-5418.json index 416ef905b5f..8a21bf9278c 100644 --- a/CVE-2019/CVE-2019-54xx/CVE-2019-5418.json +++ b/CVE-2019/CVE-2019-54xx/CVE-2019-5418.json @@ -2,7 +2,7 @@ "id": "CVE-2019-5418", "sourceIdentifier": "support@hackerone.com", "published": "2019-03-27T14:29:01.533", - "lastModified": "2025-07-07T18:15:24.157", + "lastModified": "2025-07-08T01:00:02.203", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -84,6 +84,10 @@ } ] }, + "cisaExploitAdd": "2025-07-07", + "cisaActionDue": "2025-07-28", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Rails Ruby on Rails Path Traversal Vulnerability", "weaknesses": [ { "source": "support@hackerone.com", diff --git a/CVE-2019/CVE-2019-96xx/CVE-2019-9621.json b/CVE-2019/CVE-2019-96xx/CVE-2019-9621.json index 7f0e9fc17da..e38626c53fd 100644 --- a/CVE-2019/CVE-2019-96xx/CVE-2019-9621.json +++ b/CVE-2019/CVE-2019-96xx/CVE-2019-9621.json @@ -2,7 +2,7 @@ "id": "CVE-2019-9621", "sourceIdentifier": "cve@mitre.org", "published": "2019-04-30T18:29:08.633", - "lastModified": "2025-07-07T18:15:24.450", + "lastModified": "2025-07-08T01:00:02.203", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -86,6 +86,10 @@ } ] }, + "cisaExploitAdd": "2025-07-07", + "cisaActionDue": "2025-07-28", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability", "weaknesses": [ { "source": "nvd@nist.gov", diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31326.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31326.json new file mode 100644 index 00000000000..226b9d9cc55 --- /dev/null +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31326.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-31326", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:21.810", + "lastModified": "2025-07-08T01:15:21.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP\ufffdBusinessObjects Business\ufffdIntelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3573199", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42952.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42952.json new file mode 100644 index 00000000000..986ff950621 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42952.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42952", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.000", + "lastModified": "2025-07-08T01:15:22.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3623255", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42953.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42953.json new file mode 100644 index 00000000000..cb988187da3 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42953.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42953", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.163", + "lastModified": "2025-07-08T01:15:22.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3623440", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42954.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42954.json new file mode 100644 index 00000000000..1915c37f65c --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42954.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42954", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.317", + "lastModified": "2025-07-08T01:15:22.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3608156", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42959.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42959.json new file mode 100644 index 00000000000..201bbd29013 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42959.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42959", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.477", + "lastModified": "2025-07-08T01:15:22.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-308" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3600846", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42960.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42960.json new file mode 100644 index 00000000000..e056a2b77b7 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42960.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42960", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.633", + "lastModified": "2025-07-08T01:15:22.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.\ufffdIt has no impact on the confidentiality and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3608991", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42961.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42961.json new file mode 100644 index 00000000000..d26e251671f --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42961.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42961", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.783", + "lastModified": "2025-07-08T01:15:22.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3610322", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42962.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42962.json new file mode 100644 index 00000000000..605c27ceec8 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42962.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42962", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:22.937", + "lastModified": "2025-07-08T01:15:22.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3604212", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42963.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42963.json new file mode 100644 index 00000000000..8f9d8f12436 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42963.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42963", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.093", + "lastModified": "2025-07-08T01:15:23.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3621771", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42964.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42964.json new file mode 100644 index 00000000000..9541ed88990 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42964.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42964", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.240", + "lastModified": "2025-07-08T01:15:23.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3621236", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42965.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42965.json new file mode 100644 index 00000000000..902bffb3e86 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42965.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42965", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.440", + "lastModified": "2025-07-08T01:15:23.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3598118", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42966.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42966.json new file mode 100644 index 00000000000..e5690bf5623 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42966.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42966", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.630", + "lastModified": "2025-07-08T01:15:23.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3610892", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42967.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42967.json new file mode 100644 index 00000000000..b774dab325c --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42967.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42967", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.787", + "lastModified": "2025-07-08T01:15:23.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3618955", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42968.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42968.json new file mode 100644 index 00000000000..4922f026046 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42968.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42968", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:23.950", + "lastModified": "2025-07-08T01:15:23.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3621037", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42969.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42969.json new file mode 100644 index 00000000000..8622a8d81a9 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42969.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42969", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.120", + "lastModified": "2025-07-08T01:15:24.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation, the attacker can access or modify sensitive information within the scope of victim's web browser, with no impact on availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3596987", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42970.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42970.json new file mode 100644 index 00000000000..dfbeb52a517 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42970.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42970", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.290", + "lastModified": "2025-07-08T01:15:24.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3595156", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42971.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42971.json new file mode 100644 index 00000000000..222c37187e6 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42971.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42971", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.463", + "lastModified": "2025-07-08T01:15:24.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3595141", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42973.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42973.json new file mode 100644 index 00000000000..07780f28b4f --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42973.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42973", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.623", + "lastModified": "2025-07-08T01:15:24.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3606103", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42974.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42974.json new file mode 100644 index 00000000000..45fbec38ba3 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42974.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42974", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.773", + "lastModified": "2025-07-08T01:15:24.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3610056", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42978.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42978.json new file mode 100644 index 00000000000..c75a2363737 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42978.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42978", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:24.930", + "lastModified": "2025-07-08T01:15:24.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-940" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3557179", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42979.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42979.json new file mode 100644 index 00000000000..26d95c4c3ba --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42979.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42979", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.107", + "lastModified": "2025-07-08T01:15:25.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user\ufffds windows registry could recreate the original password. There is no impact on integrity or availability of the application" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3607513", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42980.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42980.json new file mode 100644 index 00000000000..37319d526e7 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42980.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42980", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.270", + "lastModified": "2025-07-08T01:15:25.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3620498", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42981.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42981.json new file mode 100644 index 00000000000..49e850a0ca8 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42981.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42981", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.427", + "lastModified": "2025-07-08T01:15:25.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3617131", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42985.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42985.json new file mode 100644 index 00000000000..23073028b11 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42985.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42985", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.577", + "lastModified": "2025-07-08T01:15:25.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3617380", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42986.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42986.json new file mode 100644 index 00000000000..31fa582e53a --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42986.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42986", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.730", + "lastModified": "2025-07-08T01:15:25.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3626440", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-429xx/CVE-2025-42992.json b/CVE-2025/CVE-2025-429xx/CVE-2025-42992.json new file mode 100644 index 00000000000..cd58b3dc3e1 --- /dev/null +++ b/CVE-2025/CVE-2025-429xx/CVE-2025-42992.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-42992", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:25.887", + "lastModified": "2025-07-08T01:15:25.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.1, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3595143", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-430xx/CVE-2025-43001.json b/CVE-2025/CVE-2025-430xx/CVE-2025-43001.json new file mode 100644 index 00000000000..e1253e81540 --- /dev/null +++ b/CVE-2025/CVE-2025-430xx/CVE-2025-43001.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-43001", + "sourceIdentifier": "cna@sap.com", + "published": "2025-07-08T01:15:26.047", + "lastModified": "2025-07-08T01:15:26.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.1, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3595143", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7152.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7152.json new file mode 100644 index 00000000000..50567af547b --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7152.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7152", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T00:15:22.443", + "lastModified": "2025-07-08T00:15:22.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/y2xsec324/cve/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315090", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315090", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606226", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.campcodes.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7153.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7153.json new file mode 100644 index 00000000000..a84e8f6f5dc --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7153.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7153", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T00:15:23.237", + "lastModified": "2025-07-08T00:15:23.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://codeastro.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Vanshdhawan188/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS-Doctors-Page/blob/main/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS-Doctors%20Page.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315091", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315091", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606216", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7154.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7154.json new file mode 100644 index 00000000000..2fa8c584265 --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7154.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-7154", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T01:15:26.200", + "lastModified": "2025-07-08T01:15:26.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + }, + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FLY200503/IoT-vul/blob/master/Totolink/N200RE/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315092", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315092", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606230", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-71xx/CVE-2025-7155.json b/CVE-2025/CVE-2025-71xx/CVE-2025-7155.json new file mode 100644 index 00000000000..a6154f16aed --- /dev/null +++ b/CVE-2025/CVE-2025-71xx/CVE-2025-7155.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-7155", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-07-08T01:15:26.400", + "lastModified": "2025-07-08T01:15:26.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md#-step-by-step-exploitation-poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.315093", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.315093", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.606281", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 36d36ee16bf..ed637b596d3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-07T23:55:10.855052+00:00 +2025-07-08T02:00:11.860634+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-07T23:15:23.813000+00:00 +2025-07-08T01:15:26.400000+00:00 ``` ### Last Data Feed Release @@ -27,29 +27,54 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-07-07T00:00:02.113885+00:00 +2025-07-08T00:00:02.131304+00:00 ``` ### Total Number of included CVEs ```plain -300707 +300738 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `31` -- [CVE-2025-7148](CVE-2025/CVE-2025-71xx/CVE-2025-7148.json) (`2025-07-07T22:15:27.227`) -- [CVE-2025-7149](CVE-2025/CVE-2025-71xx/CVE-2025-7149.json) (`2025-07-07T22:15:27.460`) -- [CVE-2025-7150](CVE-2025/CVE-2025-71xx/CVE-2025-7150.json) (`2025-07-07T23:15:23.207`) -- [CVE-2025-7151](CVE-2025/CVE-2025-71xx/CVE-2025-7151.json) (`2025-07-07T23:15:23.813`) +- [CVE-2025-42961](CVE-2025/CVE-2025-429xx/CVE-2025-42961.json) (`2025-07-08T01:15:22.783`) +- [CVE-2025-42962](CVE-2025/CVE-2025-429xx/CVE-2025-42962.json) (`2025-07-08T01:15:22.937`) +- [CVE-2025-42963](CVE-2025/CVE-2025-429xx/CVE-2025-42963.json) (`2025-07-08T01:15:23.093`) +- [CVE-2025-42964](CVE-2025/CVE-2025-429xx/CVE-2025-42964.json) (`2025-07-08T01:15:23.240`) +- [CVE-2025-42965](CVE-2025/CVE-2025-429xx/CVE-2025-42965.json) (`2025-07-08T01:15:23.440`) +- [CVE-2025-42966](CVE-2025/CVE-2025-429xx/CVE-2025-42966.json) (`2025-07-08T01:15:23.630`) +- [CVE-2025-42967](CVE-2025/CVE-2025-429xx/CVE-2025-42967.json) (`2025-07-08T01:15:23.787`) +- [CVE-2025-42968](CVE-2025/CVE-2025-429xx/CVE-2025-42968.json) (`2025-07-08T01:15:23.950`) +- [CVE-2025-42969](CVE-2025/CVE-2025-429xx/CVE-2025-42969.json) (`2025-07-08T01:15:24.120`) +- [CVE-2025-42970](CVE-2025/CVE-2025-429xx/CVE-2025-42970.json) (`2025-07-08T01:15:24.290`) +- [CVE-2025-42971](CVE-2025/CVE-2025-429xx/CVE-2025-42971.json) (`2025-07-08T01:15:24.463`) +- [CVE-2025-42973](CVE-2025/CVE-2025-429xx/CVE-2025-42973.json) (`2025-07-08T01:15:24.623`) +- [CVE-2025-42974](CVE-2025/CVE-2025-429xx/CVE-2025-42974.json) (`2025-07-08T01:15:24.773`) +- [CVE-2025-42978](CVE-2025/CVE-2025-429xx/CVE-2025-42978.json) (`2025-07-08T01:15:24.930`) +- [CVE-2025-42979](CVE-2025/CVE-2025-429xx/CVE-2025-42979.json) (`2025-07-08T01:15:25.107`) +- [CVE-2025-42980](CVE-2025/CVE-2025-429xx/CVE-2025-42980.json) (`2025-07-08T01:15:25.270`) +- [CVE-2025-42981](CVE-2025/CVE-2025-429xx/CVE-2025-42981.json) (`2025-07-08T01:15:25.427`) +- [CVE-2025-42985](CVE-2025/CVE-2025-429xx/CVE-2025-42985.json) (`2025-07-08T01:15:25.577`) +- [CVE-2025-42986](CVE-2025/CVE-2025-429xx/CVE-2025-42986.json) (`2025-07-08T01:15:25.730`) +- [CVE-2025-42992](CVE-2025/CVE-2025-429xx/CVE-2025-42992.json) (`2025-07-08T01:15:25.887`) +- [CVE-2025-43001](CVE-2025/CVE-2025-430xx/CVE-2025-43001.json) (`2025-07-08T01:15:26.047`) +- [CVE-2025-7152](CVE-2025/CVE-2025-71xx/CVE-2025-7152.json) (`2025-07-08T00:15:22.443`) +- [CVE-2025-7153](CVE-2025/CVE-2025-71xx/CVE-2025-7153.json) (`2025-07-08T00:15:23.237`) +- [CVE-2025-7154](CVE-2025/CVE-2025-71xx/CVE-2025-7154.json) (`2025-07-08T01:15:26.200`) +- [CVE-2025-7155](CVE-2025/CVE-2025-71xx/CVE-2025-7155.json) (`2025-07-08T01:15:26.400`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `4` +- [CVE-2014-3931](CVE-2014/CVE-2014-39xx/CVE-2014-3931.json) (`2025-07-08T01:00:02.203`) +- [CVE-2016-10033](CVE-2016/CVE-2016-100xx/CVE-2016-10033.json) (`2025-07-08T01:00:02.203`) +- [CVE-2019-5418](CVE-2019/CVE-2019-54xx/CVE-2019-5418.json) (`2025-07-08T01:00:02.203`) +- [CVE-2019-9621](CVE-2019/CVE-2019-96xx/CVE-2019-9621.json) (`2025-07-08T01:00:02.203`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 831b73b7ca2..ff5fe784d4b 100644 --- a/_state.csv +++ b/_state.csv @@ -68077,7 +68077,7 @@ CVE-2014-3927,0,0,86f636600b41c5e01ae9967b39f677a51a2614708364a31a10d26e1eca205a CVE-2014-3928,0,0,903fe252a26598e26721b5e748691d6e637f528bf5e422b456648cde071378fc,2025-04-20T01:37:25.860000 CVE-2014-3929,0,0,a04e609ecad2281abeae888f29ace5eb02089955860b530f0f5076208b03f57c,2025-04-20T01:37:25.860000 CVE-2014-3930,0,0,a98d9d9f1bbc1b58fcae623f751d2a962630568247ddb3bca8772d4427b3bca7,2025-04-20T01:37:25.860000 -CVE-2014-3931,0,0,8bf485a3924bd989d2df6998ad0d5f72da529553507d2287638ad64932a53bfa,2025-07-07T18:15:22.823000 +CVE-2014-3931,0,1,628d07f0c1c56b2cc5a6ff2040e4011b02801df70e31b448ea860c0f2309565f,2025-07-08T01:00:02.203000 CVE-2014-3932,0,0,ec39df121430fdf6f013310dfb615cec4434a46af1eee3651caae1ec3608387f,2025-04-12T10:46:40.837000 CVE-2014-3933,0,0,7629fc2ce8142d295259c168213a9f8a3f509951c17abd0ff5932ddf5a1bdab8,2025-04-12T10:46:40.837000 CVE-2014-3934,0,0,def88b2e92d8f646c21582f774bcc5bc7fd2f8fe2ce4066cdc5029d389b5b5be,2025-04-12T10:46:40.837000 @@ -83370,7 +83370,7 @@ CVE-2016-10029,0,0,982b531edcf8cdd93554ea1fb21fb6f57d44ee3b5c10cc1164cc6767eac73 CVE-2016-1003,0,0,46f4e8b9f3f1587cc78f0e4731fc46641c247866f4b72789f875d8e0fe9630d3,2023-11-07T02:29:50.493000 CVE-2016-10030,0,0,48644b453420d45898b778f35cf7709150aa36ac2e0fc075871d929b762614ba,2025-04-12T10:46:40.837000 CVE-2016-10031,0,0,499234c3922a7ad8a4fa0e055a5f42b6648f3167133f5b84c539fdb775e59d66,2025-04-12T10:46:40.837000 -CVE-2016-10033,0,0,4e38df6094d0f5f061dfdb71fe2d8a21f07826d48deda8a0fa4cac79cb8add98,2025-07-07T19:15:22.037000 +CVE-2016-10033,0,1,7b3a3e63d01eee64e8977e4bfcd78a186b1a3712c95acfaf66e32aa1e3c6a0bc,2025-07-08T01:00:02.203000 CVE-2016-10034,0,0,4b4e8dfb9cf57831c04fd52dbf89ae45182ae1bd15cfad3c3cfeba8de274476e,2025-04-12T10:46:40.837000 CVE-2016-10036,0,0,ff09b000fa6dd15cb7c2846e0b66629a237528e8defb152934ba992b988032f2,2024-11-21T02:43:07.953000 CVE-2016-10037,0,0,adcdda088e2432a6585e17a419dd984b0727cab2390a62345c5125065180e123,2025-04-12T10:46:40.837000 @@ -140663,7 +140663,7 @@ CVE-2019-5414,0,0,0b6e623da7fa05cc02c9d4ae273975a56909dde7118ce987ea3ad6d32acc92 CVE-2019-5415,0,0,1e91a7c37cbce12d8b7111c2c34f6147cf14cd1ced6bddf7c149d21750872544,2024-11-21T04:44:53.557000 CVE-2019-5416,0,0,b100879971280c379ffe8a500bc78a0ea0baf7b8f5be094c6a408a9a239580ef,2024-11-21T04:44:53.667000 CVE-2019-5417,0,0,d98c5f7add52766fc7c3e142426b4ba800ad9d35719d2543c1e890dd9b2efb27,2024-11-21T04:44:53.777000 -CVE-2019-5418,0,0,f3ad5d89b2bbd1eea78ff6fab276ca50b0228482e5be4357bba355584dc2d5e3,2025-07-07T18:15:24.157000 +CVE-2019-5418,0,1,0ca62e2a1a1492d82f32aebdb56b377303eb90309149976f1dcdcac5aea3164a,2025-07-08T01:00:02.203000 CVE-2019-5419,0,0,2ac65527707212d60b559b1ed0c37c5ef3373d700a556d668634c4b4b1fe2523,2024-11-21T04:44:54.017000 CVE-2019-5420,0,0,f19b3724aa167883e4e4e56b2c5c938fcb345d2d81dc9479f43ac2289ffe0ce0,2024-11-21T04:44:54.150000 CVE-2019-5421,0,0,a858970ade7d911d7af83b8bcbd0976bda524681608de710f41e0feb41cc2376,2024-11-21T04:44:54.277000 @@ -144022,7 +144022,7 @@ CVE-2019-9616,0,0,a66344f9c3f4cda343b0f89c1932c7c323618ca0c5677bd95ae90978bdd96c CVE-2019-9617,0,0,b95d192402e6296f016c4d751164ca3cf0686290005bd89d09ee11437643981c,2024-11-21T04:51:58.763000 CVE-2019-9618,0,0,dfc826e406483085c59aa198a8cd6c3ac0f507e9de2603141a59077d821c0bc0,2024-11-21T04:51:58.900000 CVE-2019-9619,0,0,529d01e46fda23f944ae56887b327d92043af68907cc5438f833b6270706b398,2023-11-07T03:13:44.243000 -CVE-2019-9621,0,0,b7031fa0434bf19284b5e58e1382ec28b73ad6abd55ff5897ab6e4320b47e9e6,2025-07-07T18:15:24.450000 +CVE-2019-9621,0,1,621e1d19c00a9e4cebb683612101386bde7ef8775dd41e0b53b56795c1ba5f31,2025-07-08T01:00:02.203000 CVE-2019-9622,0,0,a5313a359c697e81fe3f797489d45a2f1b7097f6e6cea15017862e84fe5fee4d,2024-11-21T04:51:59.223000 CVE-2019-9623,0,0,3c5698b655752a654204af8c8ad0713732eb40f37e01a957d6775d041ae21380,2024-11-21T04:51:59.367000 CVE-2019-9624,0,0,cea2615715668acccc818448dcb48e3ad579d43c3e890307bbe45eb64b410d05,2024-11-21T04:51:59.507000 @@ -292332,6 +292332,7 @@ CVE-2025-3130,0,0,3331839c90977481f0952c53c01c561e7ce3f9a4b6241dc2a679ea92329653 CVE-2025-3131,0,0,22058460edb80eeb28e47627ce19a90708c04371cfdf5beafe6e1efa2f6db14c,2025-04-22T16:16:30.543000 CVE-2025-31324,0,0,f022551eb03f972b51d5adf3fa8b8bd88e48c383f69788d6260b2cb6e8237e8d,2025-05-06T20:59:33.773000 CVE-2025-31325,0,0,550c7b1d47a5a5766f5606913daeeb0e6f07a070553574431b9e6eac29d0e505,2025-06-12T16:06:39.330000 +CVE-2025-31326,1,1,97747191f9d7ecb4e551a0c0d26b8a5797d5787be7e35a1195ff20aa4c1d858d,2025-07-08T01:15:21.810000 CVE-2025-31327,0,0,32f90adc396c5de5b649e8fa5cbb5b70c97a786ce6ce173df87cdac30806552e,2025-04-23T14:08:13.383000 CVE-2025-31328,0,0,7562727b37bc696206e3437191848ea7fd9fb71483caff96e2687c6513ba8732,2025-04-23T14:08:13.383000 CVE-2025-31329,0,0,1fc101be6dd06c49bba529860427b1b9723c1206bb0b29e1d558e09c6f01e194,2025-05-13T19:35:25.503000 @@ -295809,18 +295810,43 @@ CVE-2025-4291,0,0,3c966d095e0027ee25fc69633f95e30252d911138428dd59f98b42d5972922 CVE-2025-4292,0,0,3b0e06bfdd97a17ba7f68946a85abe7ce662b331b5db371d423d8c2c22e38a38,2025-06-17T20:17:44 CVE-2025-42921,0,0,fe45c9bf48d8b64b0cac9604dcc1ad3071452dfd7112cafe12dd9c33c82af017,2025-04-23T15:25:30.927000 CVE-2025-4293,0,0,3e0fba3b11651bbd0f80afc0b87a24c09c8226e80f3350735e023f15e0a509b4,2025-06-17T20:17:29.200000 +CVE-2025-42952,1,1,768bcb21d776f11485a2152ac2dc0bc7598a8ee5e50ee1082d5b052c728d9328,2025-07-08T01:15:22 +CVE-2025-42953,1,1,1741d0db8362bf68b72a94a7bc94759493f1591ad7cdcbfb856df8c762f30086,2025-07-08T01:15:22.163000 +CVE-2025-42954,1,1,3d6fa81167173620b022305ba34ea04bc5b97373e3681aaccd6730092982902a,2025-07-08T01:15:22.317000 +CVE-2025-42959,1,1,d5b01cf70a8a433d4660d71c79e0cd35066490817f078e01438734aadc02e44f,2025-07-08T01:15:22.477000 +CVE-2025-42960,1,1,a89186331f55bed8cbab7ef13d784bde9dc4953755cfe296098974f13d09bafe,2025-07-08T01:15:22.633000 +CVE-2025-42961,1,1,2a9cd005f1d38d17bbbd4cdadb65a99fa4810911bd990533ae7e0c7f7028d38f,2025-07-08T01:15:22.783000 +CVE-2025-42962,1,1,10a76ecedc82f8c73f4165b127729cde329e2a1b8397decd07283e995d13713f,2025-07-08T01:15:22.937000 +CVE-2025-42963,1,1,3eceb758431bd7a9b776e6e359f16ac8c0bd21ef6b4f957b0e4b861a43f9a6ad,2025-07-08T01:15:23.093000 +CVE-2025-42964,1,1,35eca8fe2e5b0b8592914d5f9aceac811262537d112dd16fac42dd7a2874f291,2025-07-08T01:15:23.240000 +CVE-2025-42965,1,1,5468ec2b856abda7976d3a7237854316e3a567ad8f1e21914fd754cca072a790,2025-07-08T01:15:23.440000 +CVE-2025-42966,1,1,f5060d8be8c97a112f6bc890e97f1361483623af18e26949db8b983231720bd9,2025-07-08T01:15:23.630000 +CVE-2025-42967,1,1,a6e510917a634ebb18bbae9d20133392f6b21c2e7e0c465ace2491b306170cbb,2025-07-08T01:15:23.787000 +CVE-2025-42968,1,1,8d0a352810ded26f1ea99be4361c89b7f442d5266f1052174dabce56e8dd9e2f,2025-07-08T01:15:23.950000 +CVE-2025-42969,1,1,9338f259fb3824acc0cf0f061beeaca8fff6d92da434d45e0c6b7290c985ddcf,2025-07-08T01:15:24.120000 CVE-2025-4297,0,0,2125bd423cd8ee8185dc917035443ae13b98a933b8dab9e4e9a974e1b93ea733,2025-05-16T17:44:43.850000 +CVE-2025-42970,1,1,297fc1e2ba1c14dbe5bd505fa3c89552007ea34556578cbbf833ac087705be7b,2025-07-08T01:15:24.290000 +CVE-2025-42971,1,1,4cad154b4ee90a857234e7063e5c465f9082e3eb4d5b97a829dcca0253a74c9d,2025-07-08T01:15:24.463000 +CVE-2025-42973,1,1,49b8336a92be1c55e6b9eb63e4c5855a9103ff4ee08c29904e5bb21666614cfc,2025-07-08T01:15:24.623000 +CVE-2025-42974,1,1,2110eefab2c0feb97089f6b4f42310beea47c1c0fe5b1d7e1f69b412e743935a,2025-07-08T01:15:24.773000 CVE-2025-42977,0,0,cc9ae0e46200dea4243b9844a4fe105554475587976aa2e885549e66131394da,2025-06-12T16:06:39.330000 +CVE-2025-42978,1,1,2523b44e162b8bd1d841960211fe9d53134ee2f7a88691f864fd3ddeb7e14606,2025-07-08T01:15:24.930000 +CVE-2025-42979,1,1,05a43941f2db0c355cef3d700bc8e776e51a17162eeda5028cce22375c0f9b15,2025-07-08T01:15:25.107000 CVE-2025-4298,0,0,e54afc5cb294aa37ab5ddf7cb60307aaa6afeb78004ee588006228c0c5b744b4,2025-05-13T20:06:19.080000 +CVE-2025-42980,1,1,025244ac3cd19547b69de612ccd1f7e177717aacc7ebab940de3d9eb2517fa1d,2025-07-08T01:15:25.270000 +CVE-2025-42981,1,1,c03cbc3aec3769340850877e016e67298a888abdd40e3cc82b8b3705d8fe406a,2025-07-08T01:15:25.427000 CVE-2025-42982,0,0,e6968c3fd7871556e1e29606a4f8dbcd4707b8846dc0d2a09bc157db8b57cc24,2025-06-12T16:06:39.330000 CVE-2025-42983,0,0,1b0371afa97d4d0347bddcd8ab1cfda4660ea8f2c5878217b37c9e5cdc2ac967,2025-06-12T16:06:39.330000 CVE-2025-42984,0,0,7e6a153ab4f0a760b3d0e2df015134c0a7cce8a9e0c5a0424eb4c14f09f58894,2025-06-12T16:06:39.330000 +CVE-2025-42985,1,1,23bfa90335b4026cee62c8268f435b9b1edd6f9821da86eb80e036ca956ae9e3,2025-07-08T01:15:25.577000 +CVE-2025-42986,1,1,eb2ac8fff323b248a9469f1f0699df7f57c8a401b7d13bc375054f7b2bdb9f8b,2025-07-08T01:15:25.730000 CVE-2025-42987,0,0,57e561deb69074295408ad93b87915b59df3e27da58e7c9dc77ffc675fb4f969,2025-06-12T16:06:39.330000 CVE-2025-42988,0,0,802715f7a93ebc8f9f5311d82d3ea45d70eb23bce1f100c736f7d19e12e423ab,2025-06-12T16:06:39.330000 CVE-2025-42989,0,0,f7c874047faa5bbde13807979293b3a3f749e5612e701215df5efa9c37a39e0c,2025-06-12T16:06:39.330000 CVE-2025-4299,0,0,cc4a3e24204515aaf4850521a61cefe5731008dd8b97ebba472ff5c5a801f5ca,2025-05-13T20:06:00.377000 CVE-2025-42990,0,0,3a9e5f7c57455afc01a40c0ea2245139d37a87774fde193be7c4255a63f51cb4,2025-06-12T16:06:39.330000 CVE-2025-42991,0,0,483fe762357a709c84ee8b01c25339045c78ff0318a3cc007a6356796e166421,2025-06-12T16:06:39.330000 +CVE-2025-42992,1,1,96ce2567afed88e5f49a397de2e5cd2b29cc5415d8f6a30174112626eb1ac1e0,2025-07-08T01:15:25.887000 CVE-2025-42993,0,0,770b23d31b6a3733e5f2e2910516b7bc5d5f11275ee3a601562cde06caf0884c,2025-06-12T16:06:39.330000 CVE-2025-42994,0,0,145ac3aa415b4167c9777bfe2d4a55a89181bcc2e386f22a825736b3071eaabb,2025-06-12T16:06:39.330000 CVE-2025-42995,0,0,3ec9ec8f855874770ecce1d03a99a91e674f14d0bfac33ac9017da879811ca6f,2025-06-12T16:06:39.330000 @@ -295830,6 +295856,7 @@ CVE-2025-42998,0,0,2bfe656344a0b85a5f4fff2abcf4a6577e799789f89dc0ea98745669a30ec CVE-2025-42999,0,0,a0a9942912bd021b739fb32ce123af4bb7497f07493d1c056f2a75451f04f20d,2025-05-16T19:44:49.400000 CVE-2025-4300,0,0,f7c03ed92744380706d903a9f694588f32e405152084eae0fc0569337f5db7ce,2025-05-13T20:22:08.717000 CVE-2025-43000,0,0,e31fc74811b3e3770c864cd0f324b9ae9ae79a3c82cdc5b33a35261048a81925,2025-05-13T19:35:25.503000 +CVE-2025-43001,1,1,b0c7292d301e8ed28cbd3ff11650a2455582cf81da9979e867729586e9206a22,2025-07-08T01:15:26.047000 CVE-2025-43002,0,0,434480ab85f45382cf8911be3496b00027aeca710a87c1831baed9aeffb6a42f,2025-05-13T19:35:18.080000 CVE-2025-43003,0,0,c5a14dcddb63dd3a6317cb81df2b91482d1e16b9c687c3fd2da6622f294a0a59,2025-05-13T19:35:18.080000 CVE-2025-43004,0,0,c44496c430b2ebc5fb5dac27e9ac73a29a0d9eebcd7c1bf6e68e10748aefecc2,2025-05-13T19:35:18.080000 @@ -300701,8 +300728,12 @@ CVE-2025-7143,0,0,441a473db5cda09d82dbc5979193f84fa710d47454b8ae4677353bd10912f3 CVE-2025-7144,0,0,3a3f7e613c6b4721f9d407a0cae7ad541c6187fe8ca540eb529ba3f7de3b744e,2025-07-07T21:15:25.987000 CVE-2025-7145,0,0,0431922fce794ebe2fb76c85f6a92686a8078a8927733582f3cad39cb892c9b6,2025-07-07T03:15:30.917000 CVE-2025-7147,0,0,36fb7d2d81135c9ac916fbf4d35323ae340d8c03e69ce3da100c81c97b562e84,2025-07-07T21:15:26.187000 -CVE-2025-7148,1,1,fdd19e0d59a74004f00a2708d969a7d930d66906c39a8978c5f58893af295960,2025-07-07T22:15:27.227000 -CVE-2025-7149,1,1,ad9d73cf832c7ebd837d39ea1fe909f87836f7cdc3f8f0ff995d4a33ff766e76,2025-07-07T22:15:27.460000 -CVE-2025-7150,1,1,b77fe5f832cdc2282a603bb6e72f3afbcd6c075b6d2bbdb84173fce9a56d61d3,2025-07-07T23:15:23.207000 -CVE-2025-7151,1,1,e82251d7fe83a1332b07026c390af5ec1aa1c1e0d2d58d9e016eca5cf7deba86,2025-07-07T23:15:23.813000 +CVE-2025-7148,0,0,fdd19e0d59a74004f00a2708d969a7d930d66906c39a8978c5f58893af295960,2025-07-07T22:15:27.227000 +CVE-2025-7149,0,0,ad9d73cf832c7ebd837d39ea1fe909f87836f7cdc3f8f0ff995d4a33ff766e76,2025-07-07T22:15:27.460000 +CVE-2025-7150,0,0,b77fe5f832cdc2282a603bb6e72f3afbcd6c075b6d2bbdb84173fce9a56d61d3,2025-07-07T23:15:23.207000 +CVE-2025-7151,0,0,e82251d7fe83a1332b07026c390af5ec1aa1c1e0d2d58d9e016eca5cf7deba86,2025-07-07T23:15:23.813000 +CVE-2025-7152,1,1,b0ead946247ac6343a0ade2c5e0f7cbb077e4de4f4c5032b861f243aebf010bd,2025-07-08T00:15:22.443000 +CVE-2025-7153,1,1,da301161fc245318be20b04dc3fd4bdfe29fcc0f9c8a67e241a00dbb990ab636,2025-07-08T00:15:23.237000 +CVE-2025-7154,1,1,1a8533e879ab30d649d5fc250b936c00821e4e6c5eb1a6831ec7843a20c7863b,2025-07-08T01:15:26.200000 +CVE-2025-7155,1,1,18f65f6bc617669b8e2e10d2a7c547bbba3f724f23c4fc3a98eafbf5453296a3,2025-07-08T01:15:26.400000 CVE-2025-7259,0,0,92aedb6a5e38fb030175a289364c754cf67f487a6a25e9d17c23717610f38507,2025-07-07T16:15:30.440000