diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2126.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2126.json new file mode 100644 index 00000000000..74571cc3737 --- /dev/null +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2126.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-2126", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-09T17:15:37.453", + "lastModified": "2025-03-09T17:15:37.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Parameter Handler. The manipulation of the argument title leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.299039", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.299039", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.509884", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2127.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2127.json new file mode 100644 index 00000000000..fd9dd046bb0 --- /dev/null +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2127.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-2127", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-09T18:15:12.807", + "lastModified": "2025-03-09T18:15:12.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.299040", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.299040", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.509891", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json index f3416b5a46c..51195b6ed19 100644 --- a/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json @@ -2,7 +2,7 @@ "id": "CVE-2025-27636", "sourceIdentifier": "security@apache.org", "published": "2025-03-09T13:15:34.403", - "lastModified": "2025-03-09T15:15:35.430", + "lastModified": "2025-03-09T17:15:36.580", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -16,6 +16,10 @@ { "url": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z", "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/03/09/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 12a43125e03..67d44935f14 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-09T17:00:19.999695+00:00 +2025-03-09T19:00:19.539719+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-09T16:15:12.550000+00:00 +2025-03-09T18:15:12.807000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284575 +284577 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-2123](CVE-2025/CVE-2025-21xx/CVE-2025-2123.json) (`2025-03-09T15:15:36.413`) -- [CVE-2025-2124](CVE-2025/CVE-2025-21xx/CVE-2025-2124.json) (`2025-03-09T16:15:11.533`) -- [CVE-2025-2125](CVE-2025/CVE-2025-21xx/CVE-2025-2125.json) (`2025-03-09T16:15:12.550`) +- [CVE-2025-2126](CVE-2025/CVE-2025-21xx/CVE-2025-2126.json) (`2025-03-09T17:15:37.453`) +- [CVE-2025-2127](CVE-2025/CVE-2025-21xx/CVE-2025-2127.json) (`2025-03-09T18:15:12.807`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2025-27636](CVE-2025/CVE-2025-276xx/CVE-2025-27636.json) (`2025-03-09T15:15:35.430`) +- [CVE-2025-27636](CVE-2025/CVE-2025-276xx/CVE-2025-27636.json) (`2025-03-09T17:15:36.580`) ## Download and Usage diff --git a/_state.csv b/_state.csv index aab40999aed..c79fd42c920 100644 --- a/_state.csv +++ b/_state.csv @@ -281581,7 +281581,7 @@ CVE-2025-21226,0,0,2f5f6ccc39acdfb2b7cec30e176e0e2f1dc141d4d0fd55d9540bbaff25e2e CVE-2025-21227,0,0,e74cc881cc3f14638775245e0247523b50d3fe8f76ca0a79bf3911d59cf7d8a7,2025-01-27T18:47:16.717000 CVE-2025-21228,0,0,e66ffb1cd2f0c8e69939717342c89b3e470530ed77fe35b7d613be20fb5699e7,2025-01-27T18:47:27.603000 CVE-2025-21229,0,0,5b9d343c3675c785c1883befc5d74a71c8b6d41d9e72125678b91a16a5f7065e,2025-01-27T18:47:37.697000 -CVE-2025-2123,1,1,4acb0fd53b16a2ca153ab60669e2444368e4297661d2e9c1e10749c06973c268,2025-03-09T15:15:36.413000 +CVE-2025-2123,0,0,4acb0fd53b16a2ca153ab60669e2444368e4297661d2e9c1e10749c06973c268,2025-03-09T15:15:36.413000 CVE-2025-21230,0,0,bf3028f0f96a246b5ecbe951552b973bc02e0b51e420392170a1dd03d48b14e3,2025-01-27T18:47:46.557000 CVE-2025-21231,0,0,d044bbfe2f119bd723d5344cae8147732c3ad7961b5471c3a188b0d47573734f,2025-01-27T18:47:57.930000 CVE-2025-21232,0,0,23d68831fa0a23eddcf0b6ecfa974d8fa3f8ae535f8e37868367b2a8f7dabf73,2025-01-24T21:51:59.700000 @@ -281592,7 +281592,7 @@ CVE-2025-21236,0,0,dca2e8b53c129d574dbac8ccc02a830290e2d01e064a4d0709e813650ad78 CVE-2025-21237,0,0,b506da9329a9d4995f8f36c74496bc979a022c50f2ee3daece85fce4c81aff91,2025-01-29T23:15:25.410000 CVE-2025-21238,0,0,ed164642995b0290a2351fc6a7d58207d08112ad22db84484bb6e767035836a9,2025-01-24T21:53:02.610000 CVE-2025-21239,0,0,9c433f5e11131caf059a0860ba4c7d770134beadb640baa1fee0187df1c3cca9,2025-01-24T21:53:18.177000 -CVE-2025-2124,1,1,d3d7cac978b1665e17d79fc4c035e308357d73d717ef3597a82d08df52ab375a,2025-03-09T16:15:11.533000 +CVE-2025-2124,0,0,d3d7cac978b1665e17d79fc4c035e308357d73d717ef3597a82d08df52ab375a,2025-03-09T16:15:11.533000 CVE-2025-21240,0,0,4e590d3a8323baf8300345fb6a8ba38cde55c5c539dc581c1cd14a5acd47a173,2025-01-24T21:53:10.267000 CVE-2025-21241,0,0,ba5630f727baaa7b0cfb87aabbaa39f667322b2e958c54247ee336f6ea577069,2025-01-24T21:53:32.040000 CVE-2025-21242,0,0,c6ad86d582b94ed7a50bfc44a12a331f9937482569fe42f361fa93258452bd30,2025-01-24T21:53:39.887000 @@ -281602,7 +281602,7 @@ CVE-2025-21245,0,0,f8977154881a23caac2cbfb367fae61be05ee6a5797e98c1fce578f1bb50e CVE-2025-21246,0,0,2355d5f1e5f99349a2c983a1867ed42b3be58a725316ed8d7e78af1b25b93990,2025-01-24T21:54:27.603000 CVE-2025-21248,0,0,5fec9176d3491513238c849ca9f8b98246abbf6bcab1978fcfceaa9a87899f2d,2025-01-24T21:54:19.163000 CVE-2025-21249,0,0,cc0cd96bf402d287899c115acc983f6d8b986d6d0cc004dd6bff6ad28b81b32e,2025-01-24T21:54:39.180000 -CVE-2025-2125,1,1,0bb426b75b2dbff3e29d363e4cca36b4e2e1281937adf61b4bb676fb3fe4258b,2025-03-09T16:15:12.550000 +CVE-2025-2125,0,0,0bb426b75b2dbff3e29d363e4cca36b4e2e1281937adf61b4bb676fb3fe4258b,2025-03-09T16:15:12.550000 CVE-2025-21250,0,0,4e89a566438f1e28e8838350c59192f7c8bae0fa09d47d1f5f0f32355a4e81f7,2025-01-24T21:54:48.480000 CVE-2025-21251,0,0,5440266405ae4f5a1eea13ba92fdc75258561cea9d4f2a0de5b103c45023d533,2025-01-24T21:54:57.333000 CVE-2025-21252,0,0,6055e1c3e54e765508a0901e6591be173ca3b23ac49a425f1555d0244d559b99,2025-01-24T21:55:05.360000 @@ -281613,6 +281613,7 @@ CVE-2025-21256,0,0,046fe33676648d49ab958cea06795409b133ff67b2e397e47021fff2b0522 CVE-2025-21257,0,0,a4aa8eb764428591988a4a9138451d22d056f236bcba642d77cd9ec1175f53f8,2025-01-27T18:48:34.057000 CVE-2025-21258,0,0,1f595e4730f0a0101ec7c6ff9cdba409af8fa944714e620a4a15245fbce00d59,2025-01-27T18:48:41.780000 CVE-2025-21259,0,0,8612071202f3d3592dfe29f2bd8e2314128424dcfd6444cf3765d46d69eb3ffb,2025-02-28T16:02:50.353000 +CVE-2025-2126,1,1,aa7468b0e3a8806805757005f42d52f4646e392fd8f7d52d04f7a5c1e448926b,2025-03-09T17:15:37.453000 CVE-2025-21260,0,0,0a7c1f91b0bf465a1abd98448dde131c6cb51ed7e169790e660636d55e49b3fd,2025-01-27T18:48:49.733000 CVE-2025-21261,0,0,4959e566283cea5c3896dc096def632c73bb2ea004186a297dc44c88399b27c3,2025-01-27T18:49:17.243000 CVE-2025-21262,0,0,53158e77111cde0b4bd12b84c347b79f0eb1bff1360ae5aad148e2597a850e89,2025-02-07T15:18:05.707000 @@ -281622,6 +281623,7 @@ CVE-2025-21266,0,0,8abedea79e8511d7cc9ff7357e5ea6cdb9a2f5b9b226509251d920fc3d818 CVE-2025-21267,0,0,3a891da8fda86c30d805053c71e6dd16d7ce53ed47c2014adf2682e9c1aa9108,2025-02-11T22:16:55.863000 CVE-2025-21268,0,0,4355dd42a101fb9f129ac11118f3256c96ab67a419ccdd9dbd668d0ac27fec35,2025-01-27T18:49:59.800000 CVE-2025-21269,0,0,65d7ef207dcfb292db82e49469b33d6fba54787be18065168c6f9ec6800b825c,2025-01-27T18:50:21.237000 +CVE-2025-2127,1,1,9bd07b409ba602e1c1b63ded85f49c2048c107f0a244f7917dec42bd0c488b97,2025-03-09T18:15:12.807000 CVE-2025-21270,0,0,2d46973a30b722f08c103801bc79939c8fec9b43c85bfe5e28d9ef7adacb72a0,2025-01-27T18:50:32.540000 CVE-2025-21271,0,0,4274828aba1e10041b203e489347317201805b7afde940eb3f935826dc13b54f,2025-01-27T18:38:24.280000 CVE-2025-21272,0,0,9666530ffb6a8bce08f2ce0b86a8e62feebbce948e4c49cfa04a42d76596221d,2025-01-27T18:38:15.907000 @@ -284514,7 +284516,7 @@ CVE-2025-27622,0,0,aab424c81f70efb6c2294313600d100f64e720f683885d3b6918b7e0d0c95 CVE-2025-27623,0,0,a7729605ea601dac947d3c9e9dda3f4cf0fc759f67e3d847999a08d4d426400f,2025-03-06T17:15:23.647000 CVE-2025-27624,0,0,386e769fd54c9c9e387001be90fa20a8140740d08fb61eb8c2dc8cbb750364f8,2025-03-06T17:15:23.797000 CVE-2025-27625,0,0,85889be78be476b146c5fda687cdd2b7a01a613eea674a60ada7a9651223e2d5,2025-03-06T17:15:23.960000 -CVE-2025-27636,0,1,aaa21b87ef3ccd4318706c44b3410750c79ebb076ae4c3e55e483302e235723a,2025-03-09T15:15:35.430000 +CVE-2025-27636,0,1,ab2059c2e72432341cf829888597fff4374d703fafd84b2dd034a070a4071acf,2025-03-09T17:15:36.580000 CVE-2025-27637,0,0,9c062615c8ec6a3ced4ee678ddb923b6d263f273f4e63f5f7bf9a46985accf21,2025-03-05T16:15:40.713000 CVE-2025-27638,0,0,799c839b25e9819e4ec80c30ab7682e659f557f1c902bc7211099cb508098b42,2025-03-05T17:15:16.853000 CVE-2025-27639,0,0,a0477d98f560583497b6432bc3e9038f2aa7b8df2110514ba2e616c075cb3f66,2025-03-05T17:15:17.027000