Auto-Update: 2025-05-31T08:00:20.012041+00:00

2025-06-21 17:41:05 +00:00 · 2025-05-31 08:03:55 +00:00 · 2025-05-31 08:03:55 +00:00 · b777399ab5
commit b777399ab5
parent 433aaf638a
11 changed files with 694 additions and 10 deletions
--- a/CVE-2025/CVE-2025-41xx/CVE-2025-4103.json
+++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4103.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-4103",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:20.103",
+  "lastModified": "2025-05-31T07:15:20.103",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-geometa/tags/0.3.4/lib/wp-geometa-dash.php#L896",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/wp-geometa/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43039f2a-b3f9-4836-8b55-e8a091b1a102?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-45xx/CVE-2025-4590.json
+++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4590.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4590",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:20.643",
+  "lastModified": "2025-05-31T07:15:20.643",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/daisycon/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74551e01-063c-4493-8472-9c0903ac17c5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-45xx/CVE-2025-4595.json
+++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4595.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4595",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:20.840",
+  "lastModified": "2025-05-31T07:15:20.840",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/fastspring/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-46xx/CVE-2025-4607.json
+++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4607.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2025-4607",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:21.070",
+  "lastModified": "2025-05-31T07:15:21.070",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-330"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L323",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L493",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/psw-login-and-registration/trunk/public/class-prositegeneralfeatures-public.php#L731",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/psw-login-and-registration/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-46xx/CVE-2025-4631.json
+++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4631.json
@ -0,0 +1,76 @@
+{
+  "id": "CVE-2025-4631",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:21.263",
+  "lastModified": "2025-05-31T07:15:21.263",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set to 'users',. This allows unauthenticated attackers to write arbitrary strings straight into the user\u2019s wp_capabilities meta field, potentially elevating the privileges of an existing user account or a newly created one to that of an administrator."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profitori/tags/2.1.1.3/profitori.php#L2675",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profitori/tags/2.1.1.3/profitori.php#L2679",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profitori/tags/2.1.1.3/profitori.php#L2698",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profitori/tags/2.1.1.3/profitori.php#L3673",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/profitori/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c764811f-e9dc-4c3d-b696-5792e70ff0b6?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-46xx/CVE-2025-4672.json
+++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4672.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-4672",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:21.450",
+  "lastModified": "2025-05-31T07:15:21.450",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create, update or delete any user meta, including flipping their own wp_capabilities to administrator and fully escalate their privileges."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/offsprout-page-builder/tags/2.15.2/api/class-offsprout-api-extensions.php#L5",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/offsprout-page-builder/tags/2.15.2/api/class-offsprout-api-extensions.php#L514",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/offsprout-page-builder/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9269d18d-8d83-43ff-b777-ba8f58321e9e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-52xx/CVE-2025-5285.json
+++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5285.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-5285",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:21.643",
+  "lastModified": "2025-05-31T07:15:21.643",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018htmlTag\u2019 parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/product-subtitle-for-woocommerce/tags/1.3.9/includes/plugins/class-pswc-guternburg-block.php#L82",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/product-subtitle-for-woocommerce/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b276b1f7-e618-491f-beb4-675228632fa0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-52xx/CVE-2025-5292.json
+++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5292.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-5292",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-05-31T07:15:21.827",
+  "lastModified": "2025-05-31T07:15:21.827",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Element Pack Addons for Elementor \u2013 Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content\u2019 parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3302152/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8dfdd8-820c-4066-8014-2cb5b9f935a4?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-53xx/CVE-2025-5370.json
+++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5370.json
@ -0,0 +1,145 @@
+{
+  "id": "CVE-2025-5370",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-05-31T06:15:19.887",
+  "lastModified": "2025-05-31T06:15:19.887",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 6.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "baseScore": 7.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/GarminYoung/myCVE/issues/5",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://phpgurukul.com/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.310663",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.310663",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.587365",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-05-31T06:00:20.194111+00:00
+2025-05-31T08:00:20.012041+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-05-31T05:15:19.087000+00:00
+2025-05-31T07:15:21.827000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-296092
+296101
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `9`

- [CVE-2025-5016](CVE-2025/CVE-2025-50xx/CVE-2025-5016.json) (`2025-05-31T04:15:25.893`)
- [CVE-2025-5368](CVE-2025/CVE-2025-53xx/CVE-2025-5368.json) (`2025-05-31T04:15:28.847`)
- [CVE-2025-5369](CVE-2025/CVE-2025-53xx/CVE-2025-5369.json) (`2025-05-31T05:15:19.087`)
+- [CVE-2025-4103](CVE-2025/CVE-2025-41xx/CVE-2025-4103.json) (`2025-05-31T07:15:20.103`)
+- [CVE-2025-4590](CVE-2025/CVE-2025-45xx/CVE-2025-4590.json) (`2025-05-31T07:15:20.643`)
+- [CVE-2025-4595](CVE-2025/CVE-2025-45xx/CVE-2025-4595.json) (`2025-05-31T07:15:20.840`)
+- [CVE-2025-4607](CVE-2025/CVE-2025-46xx/CVE-2025-4607.json) (`2025-05-31T07:15:21.070`)
+- [CVE-2025-4631](CVE-2025/CVE-2025-46xx/CVE-2025-4631.json) (`2025-05-31T07:15:21.263`)
+- [CVE-2025-4672](CVE-2025/CVE-2025-46xx/CVE-2025-4672.json) (`2025-05-31T07:15:21.450`)
+- [CVE-2025-5285](CVE-2025/CVE-2025-52xx/CVE-2025-5285.json) (`2025-05-31T07:15:21.643`)
+- [CVE-2025-5292](CVE-2025/CVE-2025-52xx/CVE-2025-5292.json) (`2025-05-31T07:15:21.827`)
+- [CVE-2025-5370](CVE-2025/CVE-2025-53xx/CVE-2025-5370.json) (`2025-05-31T06:15:19.887`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -293869,6 +293869,7 @@ CVE-2025-4098,0,0,c3d876ba0075045c7b4d4f0cde2463861d6f50b3f862fa37275045a58fd42c
 CVE-2025-4099,0,0,c24d719d1b6efaf6dca2a20eacc9c261b731d2019f4de35e18539c4a75aa9e38,2025-05-19T11:49:08.097000
 CVE-2025-4100,0,0,f77bad4e79dd995e69fb9df2c2feed5b3f15d25f3ec0714aaa9ab5523a58223e,2025-05-02T13:53:40.163000
 CVE-2025-4101,0,0,481e3ee81d9ced511d86706ddbf21e16ba7244b1e206df435d80c8013121d01e,2025-05-28T13:28:20.060000
+CVE-2025-4103,1,1,95278c92be20e8a40f159505f03b4196faf53917b4eb0c7fa8611b56af534437,2025-05-31T07:15:20.103000
 CVE-2025-4104,0,0,9db1e5ec3f96560cc3897212bafef6028f8660c26f74adb7629202cb67ed1418,2025-05-07T14:13:20.483000
 CVE-2025-4105,0,0,d83c883af821015dcb99b208032280c6927f7d2df054e268c6ed4d5c2ae83140,2025-05-21T20:24:58.133000
 CVE-2025-4107,0,0,80bb7abdec5d37800b07ca68e7dfa10215abe5d87f8e994a47512d482e70dee5,2025-05-08T23:15:53.240000
@ -294579,10 +294580,12 @@ CVE-2025-45867,0,0,d8bbcd355b169e35d17636246ef9f1637f574a9a708b290a10b8a9fd3f79f
 CVE-2025-45885,0,0,79234899966b4c8a321aa6153cf77a765f29e557be9d26ad86dc78b3a7557cf5,2025-05-28T13:40:22.817000
 CVE-2025-45887,0,0,f2287740c795312103be3d275e66c0387a51f112072d92f244b8924b02ff24fa,2025-05-12T23:15:25.043000
 CVE-2025-4589,0,0,bb26d22fcf596d77e370296c8ae93489013c99f636d3a8cff9546409ae0197a5,2025-05-16T14:43:26.160000
+CVE-2025-4590,1,1,3c149a4063871ad5aa969357c798fc566a242300028720127da91981ed910799,2025-05-31T07:15:20.643000
 CVE-2025-4591,0,0,09b633064167908f2267d3dc13a3052b782cbd19249bba4734b3313b4950008b,2025-05-16T14:43:26.160000
 CVE-2025-4594,0,0,c0d148a004f59cf53abe31af001741cb43bc8a881d1fbd6674a881b7467848f2,2025-05-23T15:54:42.643000
 CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000
 CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000
+CVE-2025-4595,1,1,bf06a76d7310cab2fbf43f0d14811eb6c3a5b9f83f49cd46853c0054b345a602,2025-05-31T07:15:20.840000
 CVE-2025-45953,0,0,4ae22ace1fa79622bebb714ee3a1b2bc44139600b15fc188f0269a639daf29ec,2025-04-30T18:03:25.497000
 CVE-2025-45956,0,0,5c4c4370cebea5362e52ff80785ad75271a9ace1cfcc698a1fc7b6e2a3193f1f,2025-05-14T21:01:22.690000
 CVE-2025-4597,0,0,187dad561f92b725f4e94f11621cd8f7fb4eea5ade3c9c9e2bde9c8ced3f4e7e,2025-05-30T16:31:03.107000
@ -294593,6 +294596,7 @@ CVE-2025-4602,0,0,409776dd4d3f5aa956641458acdab541ced8aee4cc4b0cac3a447338c59994
 CVE-2025-4603,0,0,353abd9188b7471dff5b9b62f88597abbd29f78728037be18e8dafefcd5f4d4e,2025-05-28T14:58:52.920000
 CVE-2025-46052,0,0,ab7d3250787ede688cd6b355d8aec0cc3dda171eb18d9b03fdd032c02ce8c40d,2025-05-16T14:43:26.160000
 CVE-2025-46053,0,0,a812a9fd2122f294cfbb7de5fd43b870987b1f7127ab686b037255809ebad4e4,2025-05-19T19:15:51.580000
+CVE-2025-4607,1,1,4f7b8bb436106ebf10b72bd54124a780374652014dd562a4b8363dff56af7408,2025-05-31T07:15:21.070000
 CVE-2025-46078,0,0,9405b978006369eecd7c026e0103aeac27732c7b7a8d674a14f97501096e0a7a,2025-05-29T14:29:50.247000
 CVE-2025-46080,0,0,351874d7f076eaacf726ab0cba6ba555d3b4f19bcbd01a8c530b4db62197e85c,2025-05-29T15:15:33.980000
 CVE-2025-4610,0,0,d61d953fe0fd6f0d2b21233839836df5133468380db75b47c2a05d78020b6b82,2025-05-19T13:35:20.460000
@ -294655,6 +294659,7 @@ CVE-2025-46272,0,0,c6ffe9644ec4eb0be70d82c185542d0db0bfea8ac65dd16a9cc6ae5530156
 CVE-2025-46273,0,0,7a6c7a289211f4e1320ac7e06ac0b475968c95518e5f597fa802fe471db8a1b1,2025-04-29T13:52:28.490000
 CVE-2025-46274,0,0,fc02771cda5a704b40d30849404b9e53cf758ecdd7a78de0da7004a0854086f9,2025-04-29T13:52:28.490000
 CVE-2025-46275,0,0,e9c97b8dd27b620035f55476701f545428879d0dfbf3f0a6d8a46fd87fe049ea,2025-04-29T13:52:28.490000
+CVE-2025-4631,1,1,6192c0c8ea62bc6a1d588fbbff1e70c45723124146c7aec594c16971974f47e2,2025-05-31T07:15:21.263000
 CVE-2025-4632,0,0,d50832a7cf0b6c01fdcfe2e001cea8f5ff0774954824971b15716f5a8a9e67f1,2025-05-27T21:23:11.107000
 CVE-2025-46326,0,0,2a53a999a336cacd0c0bc6321b3560335cc38643dddfb7113811864c643b59cc,2025-05-10T01:03:57.010000
 CVE-2025-46327,0,0,afe09dee92283a2d379e1e7051eabe585acdf9c49e7e8b6e0789f6724f91cc84,2025-05-09T19:38:11.410000
@ -294915,6 +294920,7 @@ CVE-2025-46716,0,0,fe0b7300ab0eee9b5c30a2bdc4d0a682596d3fe1d9fc6f3679e986edaddf4
 CVE-2025-46717,0,0,ddfe80bec4f5063d8e4c0f121e84f8065768a8a31aad0eafc5cecc4516eff821,2025-05-12T22:15:26.957000
 CVE-2025-46718,0,0,885c34e4ac34f705a4ef1825ec33431373f2ba5032bb9657c9e7312381094a9b,2025-05-12T22:15:27.057000
 CVE-2025-46719,0,0,002188c02f6d49da0f27519f6b93c5cdd8e21a4c28ce5e0a20fa03a0d0ce8b05,2025-05-05T20:54:19.760000
+CVE-2025-4672,1,1,f9199363a04c8ca4017667ba009aa8f913a00099a2d78367f8845c4df32fd906,2025-05-31T07:15:21.450000
 CVE-2025-46720,0,0,4c7236595d2f87b0b5d063c4e69a2cbdebfbdb7c2550f3a068081936f8a24e34,2025-05-05T20:54:19.760000
 CVE-2025-46721,0,0,5e50b3dbcf6470803d075fa512b6ebc1828bcf6f2f10959b66c310bc472274ee,2025-05-13T20:15:30.217000
 CVE-2025-46722,0,0,cf46ef2e6249b8935c48334672e28d50cf3343c6c1aff5e7300e5238080dc235,2025-05-30T16:31:03.107000
@ -295881,7 +295887,7 @@ CVE-2025-5008,0,0,a44de43d4fdee78a58fb0f23f855e641b712c558235d8e8c4b331b29571b8d
 CVE-2025-5010,0,0,93497e2b48b334d59fac1bb8ca9073e5f336f986ef89ce0b89f9db876e65e870,2025-05-21T23:15:55.330000
 CVE-2025-5011,0,0,d1caeeaa784d143902e41e16fc8809733bc411c4665df188f33764965bcab2ec,2025-05-21T23:15:55.447000
 CVE-2025-5013,0,0,9e2206cee3d9a4da13b7d790d61a24286d0c704fc74b7b095d3cf27be2eea613,2025-05-21T23:15:55.563000
-CVE-2025-5016,1,1,4b738fd07ceaa78c532f4d933228bca3711d498f766b367ea485527b64ca44fc,2025-05-31T04:15:25.893000
+CVE-2025-5016,0,0,4b738fd07ceaa78c532f4d933228bca3711d498f766b367ea485527b64ca44fc,2025-05-31T04:15:25.893000
 CVE-2025-5020,0,0,8e92e81268cb02470f5321fbe111bd1217491079f6b87fc538686f0917f7768a,2025-05-21T20:24:58.133000
 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000
 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000
@ -296059,8 +296065,10 @@ CVE-2025-5279,0,0,81720af3c8cc837e31e88e83d11ebb304616a1e1b5e7e1af8c0ac6f8280ff2
 CVE-2025-5280,0,0,3c6af0d30a51ecb706066ad212af1114fdaaf7f2415af1fe946985167145905d,2025-05-29T15:50:31.610000
 CVE-2025-5281,0,0,4065baa6ec2536bda486e7298d71ac521380ba5a3be043da1b14156c61e3ebd6,2025-05-29T15:50:25.993000
 CVE-2025-5283,0,0,d634bbb3428be40e71e623ccd23f7aa05a34c1b64ae9e99e72528eda1bbe7f3f,2025-05-29T15:50:14.503000
+CVE-2025-5285,1,1,b6ecddd1f63e8f41a32ef5e7d7482750a0dc689eb28fe6487460ba9d0cc9ac14,2025-05-31T07:15:21.643000
 CVE-2025-5286,0,0,276da94bc97bc1280556fd30d44aab9586f5bf4adbe155ab9a7b1c359a02c8df,2025-05-29T14:29:50.247000
 CVE-2025-5287,0,0,b8300f230839e0ad3335fdc92731d9b07abc7f3405256834dd55febc4f9b0133,2025-05-28T15:01:30.720000
+CVE-2025-5292,1,1,a056978540c42615d397989e6119396bd7ee240062d1410dddf450e5d57f81b8,2025-05-31T07:15:21.827000
 CVE-2025-5295,0,0,fa9a5670b3c573b1d649121f91fea9d5e1a6db1271692650785a46a0f5487fe4,2025-05-28T15:01:30.720000
 CVE-2025-5297,0,0,1904e932c0220e129d3d6e273dfa8ff6706543681d2ef7758dd9429e0a1c2a90,2025-05-28T15:01:30.720000
 CVE-2025-5298,0,0,45ff1beadacec96b0b72b9acfad30f60f42f289478c18289d03a11e46cdec43d,2025-05-28T20:37:48.440000
@ -296089,5 +296097,6 @@ CVE-2025-5363,0,0,f4ab9e51ea923ee5f68276dc2bb6e2c66199ce0bf765a5f6db2d84f03caadd
 CVE-2025-5364,0,0,8512fc7e318a4f9a02f790667cf7190b54f5e349e12cf13599f99f2abd16e086,2025-05-30T22:15:24.777000
 CVE-2025-5365,0,0,9c3add4ccbce326277aadd94e875c7c908d8965a66ee0aafcf70fd798992c1f2,2025-05-31T01:15:20.507000
 CVE-2025-5367,0,0,dead5a494104ea03e39b4b151a76de3fa5c02b84a712451f4c5b5c4043cf095f,2025-05-31T02:15:19.383000
-CVE-2025-5368,1,1,ffd803745e16e5a3c1fde75a28fe08237c41ddd2913d2567680367be994ecf0b,2025-05-31T04:15:28.847000
-CVE-2025-5369,1,1,f5c072330dd21448e6ad92e4bb28f937c893d0b75edd36eb6438b52259f477ee,2025-05-31T05:15:19.087000
+CVE-2025-5368,0,0,ffd803745e16e5a3c1fde75a28fe08237c41ddd2913d2567680367be994ecf0b,2025-05-31T04:15:28.847000
+CVE-2025-5369,0,0,f5c072330dd21448e6ad92e4bb28f937c893d0b75edd36eb6438b52259f477ee,2025-05-31T05:15:19.087000
+CVE-2025-5370,1,1,f5fd2580244593208c06665f6d26fa1e5bce5a80c481e0120971cd9a6b05e3dc,2025-05-31T06:15:19.887000