admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-07-04T23:55:11.060635+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-07-04 23:58:46 +00:00
parent 83fef18805
commit b4bd497eac
6 changed files with 384 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2025/CVE-2025-489xx/CVE-2025-48952.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-48952",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-07-04T23:15:21.760",
"lastModified": "2025-07-04T23:15:21.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted \"magic hash\" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain \"weird\" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"references": [
{
"url": "https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2025/CVE-2025-533xx/CVE-2025-53365.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-53365",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-07-04T22:15:22.117",
"lastModified": "2025-07-04T22:15:22.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/modelcontextprotocol/python-sdk/commit/7b420656de48cfdb90b39eb582e60b6d55c2f891",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/modelcontextprotocol/python-sdk/pull/967",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-j975-95f5-7wqh",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2025/CVE-2025-533xx/CVE-2025-53366.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-53366",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-07-04T22:15:22.300",
"lastModified": "2025-07-04T22:15:22.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/modelcontextprotocol/python-sdk/commit/29c69e6a47d0104d0afcea6ac35e7ab02fde809a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/modelcontextprotocol/python-sdk/pull/822",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-3qhf-m339-9g5v",
"source": "security-advisories@github.com"
}
]
}

141
CVE-2025/CVE-2025-70xx/CVE-2025-7070.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-7070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-07-04T22:15:22.450",
"lastModified": "2025-07-04T22:15:22.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"baseScore": 3.3,
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/geo-chen/IROAD-V?tab=readme-ov-file#finding-8---mfa-spam-to-induce-device-pairing-fatigue",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.314905",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.314905",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.603298",
"source": "cna@vuldb.com"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-07-04T22:00:13.379952+00:00
2025-07-04T23:55:11.060635+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-07-04T21:15:23.967000+00:00
2025-07-04T23:15:21.760000+00:00
```
### Last Data Feed Release
@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
300432
300436
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
- [CVE-2025-53602](CVE-2025/CVE-2025-536xx/CVE-2025-53602.json) (`2025-07-04T21:15:23.560`)
- [CVE-2025-7068](CVE-2025/CVE-2025-70xx/CVE-2025-7068.json) (`2025-07-04T21:15:23.770`)
- [CVE-2025-7069](CVE-2025/CVE-2025-70xx/CVE-2025-7069.json) (`2025-07-04T21:15:23.967`)
- [CVE-2025-48952](CVE-2025/CVE-2025-489xx/CVE-2025-48952.json) (`2025-07-04T23:15:21.760`)
- [CVE-2025-53365](CVE-2025/CVE-2025-533xx/CVE-2025-53365.json) (`2025-07-04T22:15:22.117`)
- [CVE-2025-53366](CVE-2025/CVE-2025-533xx/CVE-2025-53366.json) (`2025-07-04T22:15:22.300`)
- [CVE-2025-7070](CVE-2025/CVE-2025-70xx/CVE-2025-7070.json) (`2025-07-04T22:15:22.450`)
### CVEs modified in the last Commit

10
_state.csv
View File

@ -298068,6 +298068,7 @@ CVE-2025-48949,0,0,fc8b75cb76f12da9c381ba1cbe524a49076c2a7b248109a10affb97261136
CVE-2025-4895,0,0,451159abdd179506166eda92c0cc3ecdcfca15d4a903bf6a2c0ccf029c166653,2025-05-21T19:37:48.777000
CVE-2025-48950,0,0,cc973f7c5355f4974e0729310c9855d4650934cbce88e929f2539748e53aae88,2025-06-04T14:54:33.783000
CVE-2025-48951,0,0,ede6a9271ef2c495a550496dbd581ce6ffb53f4b9f98c935ca8083cc1b4fd602,2025-06-04T21:15:40.580000
CVE-2025-48952,1,1,d6937bc4609a057824c1dde97cf5f87bb50a777073b76c9325e7e0feb04b027a,2025-07-04T23:15:21.760000
CVE-2025-48953,0,0,70684a4684db41347c8126e913d4ccc37a9d8250a7889d7b10445edb04853791,2025-06-04T14:54:33.783000
CVE-2025-48954,0,0,9a5d9fdbff1bbd7ba308d1268f50bac1e3ed28dbf527070a93b616756ee29907,2025-06-26T18:57:43.670000
CVE-2025-48955,0,0,560b04619e43ec6eda07e48b947f9bc229ed274e024fa427eb478249da962f8f,2025-06-02T17:32:17.397000
@ -299220,6 +299221,8 @@ CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad959346
CVE-2025-53358,0,0,3d97a4954e653a509d4005c71cf64fbb269b7293bb5ffaddd5ae485b7c74944b,2025-07-03T15:13:53.147000
CVE-2025-53359,0,0,45ed40db77640f47ba583ca32d5c60d80ffbacd98c4463b392cad98fdcfa3117,2025-07-03T15:13:53.147000
CVE-2025-5336,0,0,51ebbfc8a6c001d043ad92fbb70974a3ccedacbc8290bd5643cc8faeb9732c02,2025-06-16T12:32:18.840000
CVE-2025-53365,1,1,a04aa20f634d5cc2c76b3a5c2c874b1fc6afa8cec04d4c06c28eedb595b84aa8,2025-07-04T22:15:22.117000
CVE-2025-53366,1,1,278f06f71382e3197b901b5af1601584aeb379b793bf57697bcc9c6384d7f89c,2025-07-04T22:15:22.300000
CVE-2025-53367,0,0,53fcb440f7d5bc00881a51ca9bbc481ac0441fcc6f11b71200db91212c4ee6c6,2025-07-03T22:15:21.140000
CVE-2025-53368,0,0,be3c0a7f58e2bbd4e68679c536da2e841620327ebe3522ae8a918c23f429e2ff,2025-07-03T20:15:23.577000
CVE-2025-53369,0,0,935c1344485ff5b914be62cc3781976d8c660c47c3bc47debabf78b9f979ea5a,2025-07-03T20:15:23.737000
@ -299269,7 +299272,7 @@ CVE-2025-5359,0,0,fbaee83932976cabc2c375b7182ecd49a378426f554e3965400f3dd72ff93c
CVE-2025-53599,0,0,111b60ab172be48052b423c979314dcd8f917153e5cc0bf41e87ee1416b2bca6,2025-07-04T08:15:25.687000
CVE-2025-5360,0,0,f6f6f0a68bcc88f729faa5e7b6e62c265dbe0f87de895580450e0ebfdb395bd6,2025-06-03T15:35:19.237000
CVE-2025-53600,0,0,45e4b949bc6405088d1f4c8d66b4b394a5ccae231bce59e0ab096930b3dbdb3b,2025-07-04T08:15:25.823000
CVE-2025-53602,1,1,4fbb0da67d943a966608913bc985271718ea508f9069cf69ef43d7e44a315671,2025-07-04T21:15:23.560000
CVE-2025-53602,0,0,4fbb0da67d943a966608913bc985271718ea508f9069cf69ef43d7e44a315671,2025-07-04T21:15:23.560000
CVE-2025-5361,0,0,63ed55da0a8819c3072e9ae5cbf20f6ad96bd8fa3415071144a15d946aef0cb0,2025-06-03T15:35:09.950000
CVE-2025-5362,0,0,33b74730f9e7ac14985e93de797c2da60e582983293fbae692e330f50a44162c,2025-06-03T15:34:57.473000
CVE-2025-5363,0,0,d48d3a878cc2187658148b214cb6829e36972108c01dfa0cb86b9cac54da6616,2025-06-03T15:34:39.567000
@ -300429,5 +300432,6 @@ CVE-2025-7060,0,0,91da01898395bdf026b99c0a46900d94a8a4f57665e6550c84b17fbf8659b9
CVE-2025-7061,0,0,15674a6a6cc800d5a0b5940feb3e192f9e740b04c9aff814dfdb24e1d8ce91ae,2025-07-04T13:15:25.987000
CVE-2025-7066,0,0,998f6b55a42342a8b0f4fda5076c6090356f0a52d1edd36c9bb39b315048f315,2025-07-04T12:15:35.740000
CVE-2025-7067,0,0,ef4baff7115bd21a0a6909e0c3045023f49e50286af658a7d9865083709da10c,2025-07-04T18:15:23.610000
CVE-2025-7068,1,1,39683738c2c7b611d3d7f7a9ea910628930e44658205b4c41e69f865d1b9010b,2025-07-04T21:15:23.770000
CVE-2025-7069,1,1,a8925f52082dbe5c58f7eabd312512eb1093b5a4e00cdea22b79df2980ac7481,2025-07-04T21:15:23.967000
CVE-2025-7068,0,0,39683738c2c7b611d3d7f7a9ea910628930e44658205b4c41e69f865d1b9010b,2025-07-04T21:15:23.770000
CVE-2025-7069,0,0,a8925f52082dbe5c58f7eabd312512eb1093b5a4e00cdea22b79df2980ac7481,2025-07-04T21:15:23.967000
CVE-2025-7070,1,1,5f1d750a5e8c3a8f6a22a3c4ba050db3b74a14614263bd616051bd77ed245d73,2025-07-04T22:15:22.450000

Can't render this file because it is too large.