diff --git a/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json b/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json new file mode 100644 index 00000000000..90a3946aeaa --- /dev/null +++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2020-36844", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-20T22:15:28.950", + "lastModified": "2025-04-20T22:15:28.950", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "exclusively-hosted-service" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.doyler.net/security-not-included/knowbe4-vulnerabilities", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json b/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json new file mode 100644 index 00000000000..81d5bbcbd6d --- /dev/null +++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2020-36845", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-20T22:15:29.690", + "lastModified": "2025-04-20T22:15:29.690", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "exclusively-hosted-service" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://www.doyler.net/security-not-included/knowbe4-vulnerabilities", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0fad03e455a..211220ef215 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-20T22:00:19.513308+00:00 +2025-04-20T23:55:19.145140+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-20T20:15:13.553000+00:00 +2025-04-20T22:15:29.690000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290943 +290945 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-43955](CVE-2025/CVE-2025-439xx/CVE-2025-43955.json) (`2025-04-20T20:15:13.553`) +- [CVE-2020-36844](CVE-2020/CVE-2020-368xx/CVE-2020-36844.json) (`2025-04-20T22:15:28.950`) +- [CVE-2020-36845](CVE-2020/CVE-2020-368xx/CVE-2020-36845.json) (`2025-04-20T22:15:29.690`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 30b030946de..3a8ea4401b5 100644 --- a/_state.csv +++ b/_state.csv @@ -159611,6 +159611,8 @@ CVE-2020-36840,0,0,2926db043fdb0e8192aea6b1566e98cdedb30bd0d207e0c9b7fd57f0b2c70 CVE-2020-36841,0,0,435f561ac28bd6843959dd71ae0ae92aa0b6edf75e8094045c0b200540a2758d,2024-10-16T16:38:14.557000 CVE-2020-36842,0,0,aa409bdde21a1952d265f5aff9fddfa11fdb1da8db2d6b76fb10ddce24ac91d8,2024-10-30T21:03:53.807000 CVE-2020-36843,0,0,023fb2c50bcc67a3bb33f41e6bdffdf9e9ccdfb393ddc1b6592a73ee3ce02ee8,2025-03-13T06:15:34.043000 +CVE-2020-36844,1,1,8552a356aa32cceb6b28779ed8d3382542c47f0deb4b43f8af0a1e81f0d7ad0d,2025-04-20T22:15:28.950000 +CVE-2020-36845,1,1,33956f42cd1bfa85bb74727f73c5c8712159f623f58ef3489902083eb49b8b4c,2025-04-20T22:15:29.690000 CVE-2020-3685,0,0,ebc768dfe955ad0c52041c7e2608a91c2b5719c6059fc65a66fc055e90d4e6b0,2024-11-21T05:31:34.290000 CVE-2020-3686,0,0,fed42ed77b3514bcd56d213454eba10c6543e81893514c48ebacb4355f05304f,2024-11-21T05:31:34.463000 CVE-2020-3687,0,0,4f5fc687e6ec97625652ba8cc878e5dcedb758a9b86899e8a0bd5d38bccb2613,2024-11-21T05:31:34.637000 @@ -290941,4 +290943,4 @@ CVE-2025-43921,0,0,b59dba0610887a199b0faf2f19a0e03e63d8e4472120cfd2c980e88dc9fae CVE-2025-43928,0,0,7e137dc78a97082b3c993605d044d26a389eebe6d6590183c90296f75caf000e,2025-04-20T03:15:35.003000 CVE-2025-43929,0,0,b7b16912e19748274928ce4ed708cddadca19d9026021836109f3f82db667fc8,2025-04-20T14:15:13.230000 CVE-2025-43954,0,0,f2044552c25b024e3accb93e74b0e1e3ecf9ad47f8e8029720c29485b7686cc3,2025-04-20T19:15:43.137000 -CVE-2025-43955,1,1,0a56ed412a1ea3144b576f60e4e3fb6913c480fcdf88a628feedd34ca43f5fa8,2025-04-20T20:15:13.553000 +CVE-2025-43955,0,0,0a56ed412a1ea3144b576f60e4e3fb6913c480fcdf88a628feedd34ca43f5fa8,2025-04-20T20:15:13.553000