diff --git a/CVE-2024/CVE-2024-255xx/CVE-2024-25573.json b/CVE-2024/CVE-2024-255xx/CVE-2024-25573.json new file mode 100644 index 00000000000..da75534acb9 --- /dev/null +++ b/CVE-2024/CVE-2024-255xx/CVE-2024-25573.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-25573", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2025-06-15T16:15:18.683", + "lastModified": "2025-06-15T16:15:18.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "PRESENT", + "Automatable": "NO", + "Recovery": "USER", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/pingfederate/12.1/release_notes/pf_release_notes.html", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", + "source": "responsible-disclosure@pingidentity.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-283xx/CVE-2025-28380.json b/CVE-2025/CVE-2025-283xx/CVE-2025-28380.json index f646b3b85de..75abe7c60fc 100644 --- a/CVE-2025/CVE-2025-283xx/CVE-2025-28380.json +++ b/CVE-2025/CVE-2025-283xx/CVE-2025-28380.json @@ -2,7 +2,7 @@ "id": "CVE-2025-28380", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T14:15:20.030", - "lastModified": "2025-06-13T14:15:20.030", + "lastModified": "2025-06-15T17:15:18.007", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://openc3.com/", @@ -20,6 +55,10 @@ { "url": "https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "source": "cve@mitre.org" + }, + { + "url": "https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6091.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6091.json new file mode 100644 index 00000000000..491517460d7 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6091.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6091", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-15T17:15:18.360", + "lastModified": "2025-06-15T17:15:18.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CH13hh/cve/blob/main/new/6.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312558", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312558", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.588000", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a1d6e6e196e..207128d5b56 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-15T16:00:19.386594+00:00 +2025-06-15T18:00:13.656856+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-15T15:15:19.303000+00:00 +2025-06-15T17:15:18.360000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297960 +297962 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-21085](CVE-2025/CVE-2025-210xx/CVE-2025-21085.json) (`2025-06-15T15:15:18.330`) -- [CVE-2025-22854](CVE-2025/CVE-2025-228xx/CVE-2025-22854.json) (`2025-06-15T15:15:19.150`) -- [CVE-2025-6090](CVE-2025/CVE-2025-60xx/CVE-2025-6090.json) (`2025-06-15T15:15:19.303`) +- [CVE-2024-25573](CVE-2024/CVE-2024-255xx/CVE-2024-25573.json) (`2025-06-15T16:15:18.683`) +- [CVE-2025-6091](CVE-2025/CVE-2025-60xx/CVE-2025-6091.json) (`2025-06-15T17:15:18.360`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-28380](CVE-2025/CVE-2025-283xx/CVE-2025-28380.json) (`2025-06-15T17:15:18.007`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 30265c7746d..e664e1d583c 100644 --- a/_state.csv +++ b/_state.csv @@ -254080,6 +254080,7 @@ CVE-2024-25569,0,0,b037d1dac321d0fad4f682820302460ba3789c0955cd0c11614e35160f41f CVE-2024-2557,0,0,1401ca997ffd5c020e7fbea47e5541f7ac467d517340858576f69f2e489eab1e,2025-05-07T16:30:33.517000 CVE-2024-25571,0,0,8a68e54b2e23ebcb2672041b2be0c0d79b94a807b69a2bcde573f17191362239,2025-02-12T22:15:31.667000 CVE-2024-25572,0,0,cbed3561a996d8fc0913552e9f85910773571a0e0f73b275ef35dc4399b8665b,2025-04-08T15:17:15.773000 +CVE-2024-25573,1,1,da0a97ca9953301e68007eb7f7395e51118eb44ee18edcd5036ff6bbb141ed0f,2025-06-15T16:15:18.683000 CVE-2024-25574,0,0,3a6d003e6549d6e7e9bf748f59f234891c4a95854309550ae4079efeefd3444d,2025-02-27T15:03:31.583000 CVE-2024-25575,0,0,1018bd05e409a13236c5dcb2237c77906e7f23238c36cbe4ff25ea1f8323e117,2024-11-21T09:01:00.773000 CVE-2024-25576,0,0,8c96953d02c3ecec70b0880ceff32ab69ff1846b5ba0dbd1e89bf62fd8ac88d6,2024-09-06T20:17:14.003000 @@ -284490,7 +284491,7 @@ CVE-2025-21081,0,0,2001a89bc61e9590c36304579e4e9d48d5980697f9b552f01b260ec73e2e5 CVE-2025-21082,0,0,46ac35d658d44baf54d1ac8a8f790de5d79d2ee8dc02f7947502a40cb1fc420e,2025-06-09T19:07:20.283000 CVE-2025-21083,0,0,b1f881e778d473a44d11cfcbd38b4988ccf3c0bae1e47d54950fb32a165015e0,2025-01-15T17:15:19.393000 CVE-2025-21084,0,0,af34ba3562290d89d6e1fadbcb1efbf04888823c3570480deec642a909378dd0,2025-03-04T17:42:20.943000 -CVE-2025-21085,1,1,772ebdef43100f9d01acb11126f9ce7aa2f47608a00a014fc26a64b09e90154e,2025-06-15T15:15:18.330000 +CVE-2025-21085,0,0,772ebdef43100f9d01acb11126f9ce7aa2f47608a00a014fc26a64b09e90154e,2025-06-15T15:15:18.330000 CVE-2025-21087,0,0,28561df062c57bddb73cb1503a50933afccce81ed6c2872e01fa7d13e8dbf5f5,2025-02-05T18:15:30.430000 CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93ca54,2025-01-15T16:15:32.413000 CVE-2025-21089,0,0,376a98b84b381726ba88c6087957cb55f869f110cd69de435e1dd837da0605d8,2025-03-06T18:07:19.917000 @@ -286165,7 +286166,7 @@ CVE-2025-22847,0,0,0de483179c1066e1dcd28554acee3e5fb1b273a7c68d4f167ad861a991a59 CVE-2025-22848,0,0,9b515c9e26461ad766d4f4acf9e3a2e59ff846ba8d2c4573dfec0aff13837cad,2025-05-16T14:43:56.797000 CVE-2025-2285,0,0,98fc658609c4f69aaee78398e9e81043e36556f176ddcb77fdb67c9af81d073b,2025-04-08T18:13:53.347000 CVE-2025-22851,0,0,f2a6332c8e5e9b9a1e6161891c357461c7bb64ff86725b50b37556c69f8a4a26,2025-04-07T14:17:50.220000 -CVE-2025-22854,1,1,913ca7fc59825bdbeb39e9e2c64564488322a796af22fabc508312a2cffa260b,2025-06-15T15:15:19.150000 +CVE-2025-22854,0,0,913ca7fc59825bdbeb39e9e2c64564488322a796af22fabc508312a2cffa260b,2025-06-15T15:15:19.150000 CVE-2025-22855,0,0,0ea644d507eefb1364e7f8ce7a6f7b59da91a785412c2309fc15d80da09b4a79,2025-04-08T18:13:53.347000 CVE-2025-22859,0,0,650d68c9ac8ef101db4b23d698782c4b6cdbb3a3c81745480f8df2db23b95791,2025-05-13T19:35:18.080000 CVE-2025-2286,0,0,a29011b43d479279660c1eaaab71fd21b21b30735d3755825b9279066e08e188,2025-04-08T18:13:53.347000 @@ -290003,7 +290004,7 @@ CVE-2025-28367,0,0,4a07d437818fe7720795b8f309552d71415612c2033b36795a35ab5455779 CVE-2025-2837,0,0,b89aeb2a53f8a50fdc7d1cb971618f78d6548d3dfb914df0b41cb0d9a2a5f82a,2025-03-27T16:45:27.850000 CVE-2025-28371,0,0,9134c0b29ad829ee44935d8e974e7c73f0d8c01267cd2682d218b45eeaf0a178,2025-06-12T16:26:26.253000 CVE-2025-2838,0,0,ad5519332c14610c417f2ebe0957fac238c08deca06808872c71584919e4dfa3,2025-03-27T16:45:27.850000 -CVE-2025-28380,0,0,23247cc5b8b71eb021f52bc527b84c9e76321cc685b352c6b9a5086bc52cb2c8,2025-06-13T14:15:20.030000 +CVE-2025-28380,0,1,36bedb167d7833934d7536384701227f764cb62b7a0dbd404b1ba222663bec45,2025-06-15T17:15:18.007000 CVE-2025-28381,0,0,39b7cc899f9c111fc1c462db749276045ab89748c7ae3428b15001fa97ee1759,2025-06-13T16:15:25.227000 CVE-2025-28382,0,0,4472d28087ea6d98e4980583cd33e37dfe9c5525edfbc1010418c6c4049e8a0f,2025-06-13T18:15:20.677000 CVE-2025-28384,0,0,ba795bd2e5eabc22fedd790aa0a529c7ee0985ace1561a3ab6045d696221e28a,2025-06-13T18:15:21.510000 @@ -297958,4 +297959,5 @@ CVE-2025-6065,0,0,5e976b8fac171cc7b59ad041eb4f60fb6d8881197db355ec035f6d3d2b6561 CVE-2025-6070,0,0,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad612,2025-06-14T09:15:25.180000 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000 CVE-2025-6089,0,0,1082dde39a9a857add821028ed23d128072d550fdb8ad36ad1f948e836ba053f,2025-06-15T13:15:33.353000 -CVE-2025-6090,1,1,e27818139ece2411b32b2e625852fcc342cc8f5d5f99f49ddd3d8c5d380302a8,2025-06-15T15:15:19.303000 +CVE-2025-6090,0,0,e27818139ece2411b32b2e625852fcc342cc8f5d5f99f49ddd3d8c5d380302a8,2025-06-15T15:15:19.303000 +CVE-2025-6091,1,1,581c1cfa5c591595b15c75e858563a24f75318a6fba57a73b264350d4caca8d2,2025-06-15T17:15:18.360000