diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2519.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2519.json new file mode 100644 index 00000000000..cdb3008038e --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2519.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2519", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-08T02:15:19.283", + "lastModified": "2025-04-08T02:15:19.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "source": "security@wordfence.com" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2525.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2525.json new file mode 100644 index 00000000000..b5a6b6ca6fd --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2525.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2525", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-08T02:15:20.363", + "lastModified": "2025-04-08T02:15:20.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "source": "security@wordfence.com" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83a58119-d0ed-47fe-93d1-1aa1def2cf44?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2526.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2526.json new file mode 100644 index 00000000000..12ebef5b5fd --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2526.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2526", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-08T02:15:20.523", + "lastModified": "2025-04-08T02:15:20.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "source": "security@wordfence.com" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32413.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32413.json new file mode 100644 index 00000000000..8f4530510b2 --- /dev/null +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32413.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-32413", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-08T03:15:14.723", + "lastModified": "2025-04-08T03:15:14.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0a120af1de4a0a13bc2e2000f3c4639291122ba0", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/vulnerability-lookup/vulnerability-lookup/compare/v2.7.0...v2.7.1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32414.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32414.json new file mode 100644 index 00000000000..e69bdf9a306 --- /dev/null +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32414.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32414", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-08T03:15:15.940", + "lastModified": "2025-04-08T03:15:15.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-393" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3361.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3361.json new file mode 100644 index 00000000000..cb1215c5a50 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3361.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3361", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2025-04-08T02:15:20.737", + "lastModified": "2025-04-08T02:15:20.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/lp-139-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-10051-76634-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3362.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3362.json new file mode 100644 index 00000000000..4e082306a1b --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3362.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3362", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2025-04-08T02:15:20.913", + "lastModified": "2025-04-08T02:15:20.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-10055-7dacf-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-10053-890b1-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3363.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3363.json new file mode 100644 index 00000000000..881e4744729 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3363.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3363", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2025-04-08T02:15:21.077", + "lastModified": "2025-04-08T02:15:21.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-10056-c553a-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-10054-84588-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3364.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3364.json new file mode 100644 index 00000000000..40bc4568097 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3364.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3364", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2025-04-08T03:15:16.107", + "lastModified": "2025-04-08T03:15:16.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-10058-fce0b-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-10057-58c05-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3392.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3392.json new file mode 100644 index 00000000000..57befb6d8de --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3392.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-3392", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:21.227", + "lastModified": "2025-04-08T02:15:21.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/hailey888/oa_system/issues/IBRQZ9", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303638", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303638", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3393.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3393.json new file mode 100644 index 00000000000..faa79e27184 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3393.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-3393", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:21.410", + "lastModified": "2025-04-08T02:15:21.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/mrcen/springboot-ucan-admin/issues/IBT2W5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303639", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303639", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3397.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3397.json new file mode 100644 index 00000000000..5e21699618f --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3397.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3397", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:21.597", + "lastModified": "2025-04-08T02:15:21.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.303642", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303642", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.525203", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/sqn7nf0irphq7f1k?singleDoc", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3398.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3398.json new file mode 100644 index 00000000000..e801a645457 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3398.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3398", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:21.780", + "lastModified": "2025-04-08T02:15:21.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303643", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303643", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.525609", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3399.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3399.json new file mode 100644 index 00000000000..735a8a9d1cf --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3399.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3399", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:21.980", + "lastModified": "2025-04-08T02:15:21.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rain1er/report/blob/main/CDG/MTA%3D.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303644", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303644", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.525610", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3400.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3400.json new file mode 100644 index 00000000000..4a7318f4a7e --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3400.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3400", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T02:15:22.167", + "lastModified": "2025-04-08T02:15:22.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rain1er/report/blob/main/CDG/NA%3D%3D.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303645", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303645", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.525611", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3401.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3401.json new file mode 100644 index 00000000000..3efee7bc336 --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3401.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3401", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T03:15:16.280", + "lastModified": "2025-04-08T03:15:16.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rain1er/report/blob/main/CDG/Ng%3D%3D.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303646", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303646", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.525612", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3402.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3402.json new file mode 100644 index 00000000000..74a15d57790 --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3402.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3402", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T03:15:16.463", + "lastModified": "2025-04-08T03:15:16.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Angel12345623/CVE/blob/main/CVE_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303647", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303647", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.542343", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3403.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3403.json new file mode 100644 index 00000000000..b8557c3826d --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3403.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3403", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-08T03:15:16.670", + "lastModified": "2025-04-08T03:15:16.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-540" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303648", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303648", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.543589", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 45feaa46174..3b4ea7a37e4 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-08T02:00:20.426816+00:00 +2025-04-08T04:00:20.782620+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-08T01:15:42.223000+00:00 +2025-04-08T03:15:16.670000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288909 +288927 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `18` -- [CVE-2025-3389](CVE-2025/CVE-2025-33xx/CVE-2025-3389.json) (`2025-04-08T00:15:15.793`) -- [CVE-2025-3390](CVE-2025/CVE-2025-33xx/CVE-2025-3390.json) (`2025-04-08T00:15:15.993`) -- [CVE-2025-3391](CVE-2025/CVE-2025-33xx/CVE-2025-3391.json) (`2025-04-08T01:15:42.223`) +- [CVE-2025-2519](CVE-2025/CVE-2025-25xx/CVE-2025-2519.json) (`2025-04-08T02:15:19.283`) +- [CVE-2025-2525](CVE-2025/CVE-2025-25xx/CVE-2025-2525.json) (`2025-04-08T02:15:20.363`) +- [CVE-2025-2526](CVE-2025/CVE-2025-25xx/CVE-2025-2526.json) (`2025-04-08T02:15:20.523`) +- [CVE-2025-32413](CVE-2025/CVE-2025-324xx/CVE-2025-32413.json) (`2025-04-08T03:15:14.723`) +- [CVE-2025-32414](CVE-2025/CVE-2025-324xx/CVE-2025-32414.json) (`2025-04-08T03:15:15.940`) +- [CVE-2025-3361](CVE-2025/CVE-2025-33xx/CVE-2025-3361.json) (`2025-04-08T02:15:20.737`) +- [CVE-2025-3362](CVE-2025/CVE-2025-33xx/CVE-2025-3362.json) (`2025-04-08T02:15:20.913`) +- [CVE-2025-3363](CVE-2025/CVE-2025-33xx/CVE-2025-3363.json) (`2025-04-08T02:15:21.077`) +- [CVE-2025-3364](CVE-2025/CVE-2025-33xx/CVE-2025-3364.json) (`2025-04-08T03:15:16.107`) +- [CVE-2025-3392](CVE-2025/CVE-2025-33xx/CVE-2025-3392.json) (`2025-04-08T02:15:21.227`) +- [CVE-2025-3393](CVE-2025/CVE-2025-33xx/CVE-2025-3393.json) (`2025-04-08T02:15:21.410`) +- [CVE-2025-3397](CVE-2025/CVE-2025-33xx/CVE-2025-3397.json) (`2025-04-08T02:15:21.597`) +- [CVE-2025-3398](CVE-2025/CVE-2025-33xx/CVE-2025-3398.json) (`2025-04-08T02:15:21.780`) +- [CVE-2025-3399](CVE-2025/CVE-2025-33xx/CVE-2025-3399.json) (`2025-04-08T02:15:21.980`) +- [CVE-2025-3400](CVE-2025/CVE-2025-34xx/CVE-2025-3400.json) (`2025-04-08T02:15:22.167`) +- [CVE-2025-3401](CVE-2025/CVE-2025-34xx/CVE-2025-3401.json) (`2025-04-08T03:15:16.280`) +- [CVE-2025-3402](CVE-2025/CVE-2025-34xx/CVE-2025-3402.json) (`2025-04-08T03:15:16.463`) +- [CVE-2025-3403](CVE-2025/CVE-2025-34xx/CVE-2025-3403.json) (`2025-04-08T03:15:16.670`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -- [CVE-2025-22457](CVE-2025/CVE-2025-224xx/CVE-2025-22457.json) (`2025-04-08T01:00:02.673`) -- [CVE-2025-2487](CVE-2025/CVE-2025-24xx/CVE-2025-2487.json) (`2025-04-08T01:15:41.953`) -- [CVE-2025-31161](CVE-2025/CVE-2025-311xx/CVE-2025-31161.json) (`2025-04-08T01:00:02.673`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c76d30ead3d..e5f495874b2 100644 --- a/_state.csv +++ b/_state.csv @@ -283827,7 +283827,7 @@ CVE-2025-2245,0,0,47aa418e84b3637e8df058444cbc8a6e983fd5867c6c8fc35a1ae9e7ece391 CVE-2025-22450,0,0,08efaa8a0b7289f6e07d2143106d9ab0ee4947a312acaf42c999e908a6f4e398,2025-01-22T06:15:14.327000 CVE-2025-22452,0,0,ff338c2acc92abbef6e1d867487b0bd2693a0084a4ebaee6adef7d21d7f92aea,2025-04-07T14:17:50.220000 CVE-2025-22454,0,0,04f15e88e5a975efe8c2b32608cedcfad6c31392d1260fbd49043c6c8c78ea98,2025-03-11T15:15:44.737000 -CVE-2025-22457,0,1,a8c6ac00f7a19b689fb44e74a369d2d9a441ce2727c1482a225f467e61dae066,2025-04-08T01:00:02.673000 +CVE-2025-22457,0,0,a8c6ac00f7a19b689fb44e74a369d2d9a441ce2727c1482a225f467e61dae066,2025-04-08T01:00:02.673000 CVE-2025-22467,0,0,8bd8bd517db848742ab03a7d28d508822057ab7be14ae3f2dcda13c476e2f133,2025-02-20T15:53:06.133000 CVE-2025-22472,0,0,da7c2c2731a1940c60b4ae6c1edcbbf175ca5a2d3964a03701282be7a86cbe41,2025-03-17T18:15:20.930000 CVE-2025-22473,0,0,24aeaee52dbfb2b3f71ea7cd4512b20455b60139bbfda5acf051e65598986ddc,2025-03-17T18:15:21.077000 @@ -285660,7 +285660,7 @@ CVE-2025-24865,0,0,a84aad4d5bdb225f0618ad62f2ff1ffe2c161de1be6dfd9acc81d2401125c CVE-2025-24867,0,0,32b5b4cae9faa98375e2ec8191ee6bbac47790e6975c81218e81b4b72829e2de,2025-02-11T01:15:10.847000 CVE-2025-24868,0,0,3126f003c867405c437c9a5d233b2132fdf5dda635736a251e9443dc3f9770bc,2025-02-11T01:15:10.990000 CVE-2025-24869,0,0,7487e9b2ea994aa31a7eba56e36180a5b91aaa886297577734820094a1ac00ef,2025-02-18T18:15:33.810000 -CVE-2025-2487,0,1,86902c85e63750ee264d5d6dcf1ba1e14c45e861967944c1d9f8b9455d74789e,2025-04-08T01:15:41.953000 +CVE-2025-2487,0,0,86902c85e63750ee264d5d6dcf1ba1e14c45e861967944c1d9f8b9455d74789e,2025-04-08T01:15:41.953000 CVE-2025-24870,0,0,8a1955614ad6170098b2431ea0a7eb0095b1f9fad9151a39a2352145e24bee31,2025-02-18T18:15:33.987000 CVE-2025-24872,0,0,460fb0f0e5e82a28a5d26e696199083f7e4334d8b35fd8d559f4afda8c5269be,2025-02-18T18:15:34.153000 CVE-2025-24874,0,0,0fa59b45ae17306f198268603c8d0746966ec16b04ff40aaadafe786062552a3,2025-02-18T18:15:34.330000 @@ -285883,6 +285883,7 @@ CVE-2025-25186,0,0,c422218bc2b3a51bb7e35622bef2d3f79367445faa61fc891c243b951694b CVE-2025-25187,0,0,2ca61614d958811964bebe01178416385840d15966b28619da4a847cdf1ef2a2,2025-02-10T18:15:35.703000 CVE-2025-25188,0,0,2461474c8c359fbc15a8610b387ef0ac657a3108436b2e05cbe126ccfb2936c2,2025-02-10T18:15:35.827000 CVE-2025-25189,0,0,f68ee5c586d07dec9a336fb2dbbfd3c5bd132d29662e9c4bc9ff1969295aaac8,2025-02-11T16:15:52.313000 +CVE-2025-2519,1,1,4109bd9eb179daaebd0fff7bc62f74481c8cd020bb6405ae6c9556569d01c9a9,2025-04-08T02:15:19.283000 CVE-2025-25190,0,0,96316be3801ea8e34db1f71f151e934e00015e5d1a34196dfd79e3e824fb1a50,2025-02-11T16:15:52.420000 CVE-2025-25191,0,0,ebaa2bdb1f2b2bf394317ef2b89f43fe1aabf1dfa6c9b80b2c9248cedeac6aa0,2025-03-06T19:15:27.113000 CVE-2025-25192,0,0,5783eb8b8890bb3417a87f4556b52876901aba8094dc7d2d3a854512fed49412,2025-03-18T17:15:45.720000 @@ -285913,6 +285914,8 @@ CVE-2025-25244,0,0,7197d60ca1e3285870200625d0a8d8cd04d80b30334d6012efc30f6a7dae4 CVE-2025-25245,0,0,9553bdb2bbba17800d10d6fb307dc38303cc249115fd509a4ca397b2ef8f36c5,2025-03-11T01:15:35.080000 CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000 CVE-2025-25247,0,0,45a7686ea5976edcbc598e01fb577ca50507f74bc11b7b7bfc3045e83b294c70,2025-02-10T15:15:13.333000 +CVE-2025-2525,1,1,0994e3c2e24585cd5008c660b4b50b3cf67b8598aa0c7ecb45d831be89499ca6,2025-04-08T02:15:20.363000 +CVE-2025-2526,1,1,247948e96f9305547baa31ada19db6ed824206eca005b3144d83206016536644,2025-04-08T02:15:20.523000 CVE-2025-25266,0,0,14fc4214833d5ffeb8f363743939de320f9169af46798b63b6da510cc3dfff47,2025-03-11T10:15:17.850000 CVE-2025-25267,0,0,327b2100edff4cbf9fdcfe1321dc00713a82279b4ead6a7ccdc62b6f97970ac6,2025-03-11T10:15:18.030000 CVE-2025-25274,0,0,90de1f80f28c13ac592acae9058f17aeba0fd544a5c1ea5aa19b39d1d3157bb2,2025-03-27T15:01:59.897000 @@ -288113,7 +288116,7 @@ CVE-2025-31139,0,0,f77a452b5e1edddf158af71a264cde2428ac6b657f8dcbc921a40f17dadbb CVE-2025-31140,0,0,b5354da0d0be6641b36fd62d7ae5da72fa26945541a5950d6dcb5ec04d83adab,2025-03-27T16:45:12.210000 CVE-2025-31141,0,0,406867c864568f6048dee1b7cffcd596f08f273e12b98bc9b9a899fec211a190,2025-03-27T16:45:12.210000 CVE-2025-31160,0,0,c6ed6d0cefcf860ce239e0955556eee41726f134fd4b83b02d780bf30460df3c,2025-03-31T13:15:46.050000 -CVE-2025-31161,0,1,1674d22e1f10fa9e4f638f84c97a2b9edc236eeaf233dcbe7ddd8fa4539e7e7f,2025-04-08T01:00:02.673000 +CVE-2025-31161,0,0,1674d22e1f10fa9e4f638f84c97a2b9edc236eeaf233dcbe7ddd8fa4539e7e7f,2025-04-08T01:00:02.673000 CVE-2025-31162,0,0,cfeafc9944d79e10529164231b0943be3a87194c4053baabeebe9b961989cbf3,2025-04-01T20:26:39.627000 CVE-2025-31163,0,0,0d23fc46a79319324af9251b76f99e828668eada4156c0f4488a35318beebb85,2025-04-01T20:26:39.627000 CVE-2025-31164,0,0,4b001c140896288467c92c772e2ebf8f58e53bdc0e31f0e36dc064cef4c67cc1,2025-04-01T20:26:39.627000 @@ -288809,6 +288812,8 @@ CVE-2025-3239,0,0,d82817b34dd7b66d6aa65a93073be6dc4033b0ef23e651c8d1c7428dd5441e CVE-2025-3240,0,0,fd4ee2fdb38ac17ffaee2ac6e70f3a2f5dcccf28e2968d4be2b86fe7dc62212e,2025-04-07T14:18:15.560000 CVE-2025-32409,0,0,b457b3fe21d35f954a6de6c9d6656ac2ce35689db19ead2a2e2d7ab9a25f1d6f,2025-04-07T22:15:16.963000 CVE-2025-3241,0,0,594a540ab13070f27db4ae33cd1a92be4d81e360e241a5ce3cde519f3dcc5218,2025-04-07T14:18:15.560000 +CVE-2025-32413,1,1,50323dfb94f5bab4f3253d470ec9373ba17768fd308ebea99d55c9be35d361db,2025-04-08T03:15:14.723000 +CVE-2025-32414,1,1,14613c1caf18ed5eca317541a9e6ae92a32268c1ad3bfcecfd2776c1861d8ecb,2025-04-08T03:15:15.940000 CVE-2025-3242,0,0,7a3796558c3172b29f1754f0aa43f7d570abcefa6f88716250c661d5fd24e293,2025-04-07T14:18:15.560000 CVE-2025-3243,0,0,b05341f12b748941f8ca2dc4c2b8a53c07658570f17c96676f3c5904a6066c66,2025-04-07T14:18:15.560000 CVE-2025-3244,0,0,a20bb1d848a28a44d0b8d510e43cbe068220041e655dcf96cf8633b9bc977caf,2025-04-07T14:18:15.560000 @@ -288882,6 +288887,10 @@ CVE-2025-3352,0,0,a9e364b417d4c1b9bcf70be1114bee2321f25df05acf5e2e7d6d36702a9946 CVE-2025-3353,0,0,b6f7ae489f578301c1233579d115f4b527cac9e74290596bbf18a401d93bc562,2025-04-07T14:17:50.220000 CVE-2025-3359,0,0,310397201643add7035d3dfe451e133ed75bc9a9599c95f2a8d2e8611e141127,2025-04-07T14:17:50.220000 CVE-2025-3360,0,0,00a8b0fe3c658775c0c228780a1e555aca09d51a98f5810881cf1b98d72242b6,2025-04-07T14:17:50.220000 +CVE-2025-3361,1,1,0ea20e277f4a9d2735063cc0cb60a65a3bfa98052232e5b3d9f7eb7b4e884e11,2025-04-08T02:15:20.737000 +CVE-2025-3362,1,1,dcadcf32942d6e019b98861990714d0be8e18d6cb35cbe37b8fc22491f746927,2025-04-08T02:15:20.913000 +CVE-2025-3363,1,1,6cdd1886233f0221600f5c66e457e17c70ee647df54bd43e495876954e18637e,2025-04-08T02:15:21.077000 +CVE-2025-3364,1,1,b63cb088878fb52d353d90f7906d6665ee6d4f012f919d53e71984393079ec93,2025-04-08T03:15:16.107000 CVE-2025-3369,0,0,9bfab61711c9bf7f6a8c870d9df6b844b16be953ff70535930a493b686277665,2025-04-07T14:17:50.220000 CVE-2025-3370,0,0,3ca9a9bd8cfc457fadd94e88b3803dfeedb7934bde407602fa694d4cec7fa434,2025-04-07T14:17:50.220000 CVE-2025-3371,0,0,cf35734a694c96fa758a3813317d567d31fb084974287b75958b2467d9b5778e,2025-04-07T15:15:46.097000 @@ -288902,9 +288911,18 @@ CVE-2025-3385,0,0,1910af3da9bbe755ce53979f74cfaaab2a0b24f146fc08b49f9399a3e06f22 CVE-2025-3386,0,0,bcb9affa469bc5aa0e4f5c7db9a92e48523c41e46f9d7ff29ee13940c32f8a63,2025-04-07T22:15:17.337000 CVE-2025-3387,0,0,109216d2024cbc549c478141af7f937c3a5ffb542c64b6d4d9e3338cc30248cb,2025-04-07T23:15:43.530000 CVE-2025-3388,0,0,e08032fbdd0416394687f327741f2f97a9e40f4e29c06995464229eade0e0728,2025-04-07T23:15:44.033000 -CVE-2025-3389,1,1,93f3db4d16adc7186c92ae6d0057a3a9a8d6ca481fde76d105db0fa5d733284f,2025-04-08T00:15:15.793000 -CVE-2025-3390,1,1,c49814586e1715401372936cb1130e7c0adf642883e29ddfce3f02390cb0c907,2025-04-08T00:15:15.993000 -CVE-2025-3391,1,1,3e9f4d99d1aa03d6e97eb92f46e61136f841804ef4dc471cb46a75dff677313f,2025-04-08T01:15:42.223000 +CVE-2025-3389,0,0,93f3db4d16adc7186c92ae6d0057a3a9a8d6ca481fde76d105db0fa5d733284f,2025-04-08T00:15:15.793000 +CVE-2025-3390,0,0,c49814586e1715401372936cb1130e7c0adf642883e29ddfce3f02390cb0c907,2025-04-08T00:15:15.993000 +CVE-2025-3391,0,0,3e9f4d99d1aa03d6e97eb92f46e61136f841804ef4dc471cb46a75dff677313f,2025-04-08T01:15:42.223000 +CVE-2025-3392,1,1,edcaacdffbec01236d323b1096e190539be2ec91ec579a2b79adcb8117aa9cee,2025-04-08T02:15:21.227000 +CVE-2025-3393,1,1,19ce06bd78056b4c8af2e5b183ca40a440bfc5ac3f4263eef1edb8959e824b86,2025-04-08T02:15:21.410000 +CVE-2025-3397,1,1,0a58d4d95d56d1f4d7d3d668ffdc6a334cc9e24e868e408e4b800d903974bb26,2025-04-08T02:15:21.597000 +CVE-2025-3398,1,1,d9f95e6a3cebbc2ea9f9db8d2c8320ee269b787d01cb618537b11ac183e78ad5,2025-04-08T02:15:21.780000 +CVE-2025-3399,1,1,07f54e53610e822593270d9c6e4542feefbe086bf7b9f064db012e3e8c08cc29,2025-04-08T02:15:21.980000 +CVE-2025-3400,1,1,40d24bbc3563c47e16472c01e286bef51fce1a1c0af397d279cf8afb801bb526,2025-04-08T02:15:22.167000 +CVE-2025-3401,1,1,2b15ac3c662b266760e5553be769173a7c878125eb66e3511117f9511aacc73f,2025-04-08T03:15:16.280000 +CVE-2025-3402,1,1,fbd2b094c2b24668b3f40172e9b003f65a18c6bcc92a94147f3742946f540634,2025-04-08T03:15:16.463000 +CVE-2025-3403,1,1,b46f602816252c11b21a610177f8f77740ecaa643652158318cc5847c4ab6a4c,2025-04-08T03:15:16.670000 CVE-2025-3424,0,0,be0fe6f8406eda3536331ded14e2f6be10ec512141cedd16fb1a1f0fe02bf768,2025-04-07T16:15:27.703000 CVE-2025-3425,0,0,9396f0e72f97b1c5b17d6a193f82e00c0d3f258bd16686092e11de9ff192286c,2025-04-07T16:15:27.963000 CVE-2025-3426,0,0,bc136ddbc855578300039b703456513a80b7a9e221e0139f4084d1b3f0db77d4,2025-04-07T17:15:40.073000