admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-21T09:00:19.381197+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-21 09:03:49 +00:00
parent 821a0ad9a7
commit b4164ca698
10 changed files with 784 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
CVE-2024/CVE-2024-139xx/CVE-2024-13903.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2024-13903",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-21T07:15:34.877",
"lastModified": "2025-03-21T07:15:34.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/quickjs-ng/quickjs/commit/99c02eb45170775a9a679c32b45dd4000ea67aff",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/quickjs-ng/quickjs/issues/775",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/quickjs-ng/quickjs/releases/tag/v0.9.0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.300571",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.300571",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.517394",
"source": "cna@vuldb.com"
}
]
}

10
CVE-2025/CVE-2025-23xx/CVE-2025-2311.json
View File

@ -2,20 +2,20 @@
"id": "CVE-2025-2311",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-03-20T12:15:14.750",
"lastModified": "2025-03-20T12:15:14.750",
"vulnStatus": "Received",
"lastModified": "2025-03-21T07:15:36.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411."
"value": "Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -38,7 +38,7 @@
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

145
CVE-2025/CVE-2025-25xx/CVE-2025-2582.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-2582",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-21T07:15:36.953",
"lastModified": "2025-03-21T07:15:36.953",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc3.md",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc4.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.300542",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.300542",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.511999",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-25xx/CVE-2025-2583.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-2583",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-21T07:15:37.157",
"lastModified": "2025-03-21T07:15:37.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc6.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.300543",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.300543",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.512001",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-25xx/CVE-2025-2584.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-2584",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-21T08:15:11.273",
"lastModified": "2025-03-21T08:15:11.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"baseScore": 5.1,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/WebAssembly/wabt/issues/2557",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.300544",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.300544",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.515406",
"source": "cna@vuldb.com"
}
]
}

56
CVE-2025/CVE-2025-303xx/CVE-2025-30346.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30346",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T07:15:37.350",
"lastModified": "2025-03-21T07:15:37.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://varnish-cache.org/security/VSV00015.html",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-303xx/CVE-2025-30347.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30347",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T07:15:37.527",
"lastModified": "2025-03-21T07:15:37.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://docs.varnish-software.com/security/VEV00001/",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-303xx/CVE-2025-30348.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30348",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T07:15:37.673",
"lastModified": "2025-03-21T07:15:37.673",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-407"
}
]
}
],
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442",
"source": "cve@mitre.org"
}
]
}

24
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-21T07:00:20.472365+00:00
2025-03-21T09:00:19.381197+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-21T06:15:27.090000+00:00
2025-03-21T08:15:11.273000+00:00
```
### Last Data Feed Release
@ -33,25 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
286134
286141
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `7`
- [CVE-2024-50053](CVE-2024/CVE-2024-500xx/CVE-2024-50053.json) (`2025-03-21T06:15:25.003`)
- [CVE-2025-2581](CVE-2025/CVE-2025-25xx/CVE-2025-2581.json) (`2025-03-21T05:15:38.280`)
- [CVE-2025-30342](CVE-2025/CVE-2025-303xx/CVE-2025-30342.json) (`2025-03-21T06:15:26.510`)
- [CVE-2025-30343](CVE-2025/CVE-2025-303xx/CVE-2025-30343.json) (`2025-03-21T06:15:26.700`)
- [CVE-2025-30344](CVE-2025/CVE-2025-303xx/CVE-2025-30344.json) (`2025-03-21T06:15:26.900`)
- [CVE-2025-30345](CVE-2025/CVE-2025-303xx/CVE-2025-30345.json) (`2025-03-21T06:15:27.090`)
- [CVE-2024-13903](CVE-2024/CVE-2024-139xx/CVE-2024-13903.json) (`2025-03-21T07:15:34.877`)
- [CVE-2025-2582](CVE-2025/CVE-2025-25xx/CVE-2025-2582.json) (`2025-03-21T07:15:36.953`)
- [CVE-2025-2583](CVE-2025/CVE-2025-25xx/CVE-2025-2583.json) (`2025-03-21T07:15:37.157`)
- [CVE-2025-2584](CVE-2025/CVE-2025-25xx/CVE-2025-2584.json) (`2025-03-21T08:15:11.273`)
- [CVE-2025-30346](CVE-2025/CVE-2025-303xx/CVE-2025-30346.json) (`2025-03-21T07:15:37.350`)
- [CVE-2025-30347](CVE-2025/CVE-2025-303xx/CVE-2025-30347.json) (`2025-03-21T07:15:37.527`)
- [CVE-2025-30348](CVE-2025/CVE-2025-303xx/CVE-2025-30348.json) (`2025-03-21T07:15:37.673`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-2311](CVE-2025/CVE-2025-23xx/CVE-2025-2311.json) (`2025-03-21T07:15:36.820`)
## Download and Usage

21
_state.csv
View File

@ -248140,6 +248140,7 @@ CVE-2024-1390,0,0,ffdeb8cc4a3b1077717739c1e237f842eedff68b0ec02858887f3acd549f9f
CVE-2024-13900,0,0,a36f38c86f625b2f6c78f95d04b10fcda1c4c7dcd50cfc141d8c356f3933fb59,2025-02-25T04:02:36.137000
CVE-2024-13901,0,0,eae64dcc2a1b4a359bdfacf8ac3e5ceaa3388c11896901d76eda175625edfbfb,2025-03-01T06:15:33.827000
CVE-2024-13902,0,0,b7c5a8d197d4a425ef20716ec672f0302e19616c286ab40947d5091ad0b83b7f,2025-03-06T10:15:09.900000
CVE-2024-13903,1,1,fd4033824abac21bbcb2bfa8e90aa7b63b49d2f71761c27fd5ac7d8b825b53f7,2025-03-21T07:15:34.877000
CVE-2024-13904,0,0,72951d50371ccb3b7b3d0bc50fc43f180c4fdb7fa249b4640e6ea8f80e40a148,2025-03-13T17:43:12.470000
CVE-2024-13905,0,0,05675c0666d2363b548aaebd6380b0cbfa326532e94b2a1cfc61ddabcfbe94a9,2025-03-12T17:47:03.400000
CVE-2024-13906,0,0,c18d3ed61043491f118577c9199dd56f8e4281ffddbc9a5f32cd948a9ff0542a,2025-03-07T08:15:37.467000
@ -271695,7 +271696,7 @@ CVE-2024-5005,0,0,edffdae445ed03271277a1d7da4f3ef9e99a78c0f49c5b3d66f4f5e15bfe56
CVE-2024-50050,0,0,c772e99e0a240315b1aee2595b338c31c22eacc00e5698e6c99fc85138563b84,2024-10-24T19:35:08.107000
CVE-2024-50051,0,0,8192b632b8677c885b202d500a050be15f5802f63d850ce0a1700dc73462614e,2025-02-10T18:15:26.457000
CVE-2024-50052,0,0,8e1166b11b73a0cbc906f464db8f67520364e38f19292f66596c205740cd9ead,2024-10-29T14:34:04.427000
CVE-2024-50053,1,1,9b86c89006389a45fa501a6b489f4dc3c8c7fabadc3e54f251a40629c006a171,2025-03-21T06:15:25.003000
CVE-2024-50053,0,0,9b86c89006389a45fa501a6b489f4dc3c8c7fabadc3e54f251a40629c006a171,2025-03-21T06:15:25.003000
CVE-2024-50054,0,0,08baaf13bb0c7df4a1d400e49a73de2988f5185aee0ae70dc49353985a3374fa,2024-11-22T23:15:05.510000
CVE-2024-50055,0,0,9028163ae3316ad82ac4618afd3be3a51cc82bbdf53d38e6c862b63f5c1d1a6c,2025-03-13T13:15:41.767000
CVE-2024-50056,0,0,6e1878ca857c7740064b6e0cea5e8f40f7e2214667bdf3941548e6206395176a,2024-11-20T20:18:00.460000
@ -283572,7 +283573,7 @@ CVE-2025-23094,0,0,7cea7e6e51afc006925b4e48de2308fe64516f9177080ff30f9a60f654ae9
CVE-2025-2310,0,0,3b3ba3523782ffedb97cb689c8e87d850ff86441e81973841824c42139be3b8c,2025-03-14T21:15:37.443000
CVE-2025-23108,0,0,0867ae52bf9537919e00df206497183b5abf45a3a43e56579f476cc3d26e8d6c,2025-01-13T18:15:22.680000
CVE-2025-23109,0,0,4d519c5c41161d21ebd8f814ea3659acc2224a598528dd7d3e4c7b87a5ad8cc0,2025-01-13T18:15:22.903000
CVE-2025-2311,0,0,26401023a6b7f56743b7b030402e528f5773941bc69fbdc38984cd6ab15e2d6b,2025-03-20T12:15:14.750000
CVE-2025-2311,0,1,3042f1eaedef1ce7c967349981ce59f3a84a2d022886bd54499a23621cf9d2e6,2025-03-21T07:15:36.820000
CVE-2025-23110,0,0,1f29652a619b8421219adac1a2002e9dc55acad71b98814d2bc2dba042d7f047,2025-02-25T16:46:57.373000
CVE-2025-23111,0,0,bee2b37690105f94a2919f948d33470ba27eac7a0501ea5db580d8c336b4a360,2025-02-25T16:16:50.967000
CVE-2025-23112,0,0,5295af5f2d972260409bf6e8ddb1e42cd398e210c99c068cbfdfd18c1a2f69a7,2025-02-25T16:14:20.857000
@ -285206,12 +285207,15 @@ CVE-2025-25797,0,0,f1c9d0289c48d14cd4761a88c42f5574d41d53f72261c5d690874bbdc19cb
CVE-2025-25799,0,0,7e0e2b34e97de373b74e8a2a2d7160b9193cc9608515f6e42c488533a534cf1c,2025-03-06T18:15:42.587000
CVE-2025-25800,0,0,84c0703ad8895be752ba6115cd9ffe473c7260c43dbc52d30ca606520fed7ac5,2025-02-26T16:15:17.053000
CVE-2025-25802,0,0,d97088e007851ab933ca944783447ce692cfbd40d40b16934f0a6aa482cb1db0,2025-03-06T18:15:42.800000
CVE-2025-2581,1,1,c8c04934337a7a4e793b663364dd6e042a3930660f4eba48fbca9bab6cf0a655,2025-03-21T05:15:38.280000
CVE-2025-2581,0,0,c8c04934337a7a4e793b663364dd6e042a3930660f4eba48fbca9bab6cf0a655,2025-03-21T05:15:38.280000
CVE-2025-25813,0,0,29785da07b8f111218d1b9b58c66081665210db526a21defc9e5491fcec4ad0a,2025-03-06T18:15:43.027000
CVE-2025-25818,0,0,40ddbafdf9692bd0bb31a2e859c8e57e42e627fd7e19bb409eb5a4ac63b878d1,2025-03-03T17:15:15.230000
CVE-2025-2582,1,1,4148eb695e18b516f98cfb9b487812f86c07b3642e244da2f2ee4f09bbc09e26,2025-03-21T07:15:36.953000
CVE-2025-25823,0,0,01cc00e46c57e1cd4b84caa1ec0705b698501680e84031ab252f0d5809c36fcf,2025-03-06T21:15:15.130000
CVE-2025-25825,0,0,44662eb5095fccda4e3c5daeb8867cc0b42f8cea49e95654318106019a993ae4,2025-03-06T21:15:15.300000
CVE-2025-25827,0,0,592a10fc3f850156d30f40a9c171cd33687dda2306b5a1e50f6dc9f481441aeb,2025-03-06T21:15:15.460000
CVE-2025-2583,1,1,743c93c8fc09877158f1414ecbd988cca612671fbc77916b7207812bcb226433,2025-03-21T07:15:37.157000
CVE-2025-2584,1,1,cd603c70bbae5343f2baf4373a56591054a8539ac34254da259e01cb4edc9033,2025-03-21T08:15:11.273000
CVE-2025-2585,0,0,0a6f6346c6cc1e08beeec971d102c61260534f2d8e0f7226c733644e7ca71668,2025-03-21T02:15:12.073000
CVE-2025-25871,0,0,0a82550b1d2d046f647e980d017fc2255def0d1bb38591c44cc31261bf72a0fd,2025-03-19T19:15:46.047000
CVE-2025-25872,0,0,94078d2bd826a6811b0bd64297d9316043894a3c21473da0f437fe938c52bee5,2025-03-19T19:15:46.183000
@ -286129,7 +286133,10 @@ CVE-2025-30236,0,0,f7e2d88c169654d0773448256afe181965f2a68264511db7f8bbd914eb958
CVE-2025-30258,0,0,b2050ad0522ca8186c25aaf6c75c9bc41a04ea2774b98c396ece174b26ef1552,2025-03-19T20:15:20.140000
CVE-2025-30259,0,0,d54c9c6314149ff81b40b391c2b1be03a54505a0c2b6ccd0ee4e34b08fc91550,2025-03-20T00:15:13.780000
CVE-2025-30334,0,0,70a58bfa94dee5ac9b80b2a13d93d68ec0fd6d4c2e22670672e09a015fc65a75,2025-03-20T22:15:14.453000
CVE-2025-30342,1,1,0903ff9f2a74017ec55a95a4feb2e3e74a2f51a140835603e88e33ec3a1f3668,2025-03-21T06:15:26.510000
CVE-2025-30343,1,1,c1148f8e147239755027f66b5cd5ff501a637a770e250c623b2bdfb05509a102,2025-03-21T06:15:26.700000
CVE-2025-30344,1,1,907b433de9c3db5d7acdcdfe947d5d9d2fe4303d13f429b509554e436bea2b2e,2025-03-21T06:15:26.900000
CVE-2025-30345,1,1,b3605ab6ece2ad8d642e6b9c4650d652f92a5fa2b4d6511be77929e06675f55b,2025-03-21T06:15:27.090000
CVE-2025-30342,0,0,0903ff9f2a74017ec55a95a4feb2e3e74a2f51a140835603e88e33ec3a1f3668,2025-03-21T06:15:26.510000
CVE-2025-30343,0,0,c1148f8e147239755027f66b5cd5ff501a637a770e250c623b2bdfb05509a102,2025-03-21T06:15:26.700000
CVE-2025-30344,0,0,907b433de9c3db5d7acdcdfe947d5d9d2fe4303d13f429b509554e436bea2b2e,2025-03-21T06:15:26.900000
CVE-2025-30345,0,0,b3605ab6ece2ad8d642e6b9c4650d652f92a5fa2b4d6511be77929e06675f55b,2025-03-21T06:15:27.090000
CVE-2025-30346,1,1,12c54d9ba90206346439520e2259964548ecfd22e603768bd61d4be8b74cdc61,2025-03-21T07:15:37.350000
CVE-2025-30347,1,1,5aaf3cff944de3cec59f823acc1d99e0f1bf167a4d8db3c3c92a29630e74ea6c,2025-03-21T07:15:37.527000
CVE-2025-30348,1,1,63abfffda0f27ea7490322ebb3b845fa2348103ada5e44ecdac15f130d33dfc1,2025-03-21T07:15:37.673000

Can't render this file because it is too large.