admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-11T03:00:19.293505+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-11 03:03:47 +00:00
parent 1048841833
commit bc1d5260b7
34 changed files with 1641 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2024/CVE-2024-112xx/CVE-2024-11253.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-11253",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2025-03-11T02:15:10.043",
"lastModified": "2025-03-11T02:15:10.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \"DNSServer\u201d parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025",
"source": "security@zyxel.com.tw"
}
]
}

56
CVE-2024/CVE-2024-120xx/CVE-2024-12009.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-12009",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2025-03-11T02:15:10.590",
"lastModified": "2025-03-11T02:15:10.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \"ZyEE\" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025",
"source": "security@zyxel.com.tw"
}
]
}

56
CVE-2024/CVE-2024-120xx/CVE-2024-12010.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-12010",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2025-03-11T02:15:10.773",
"lastModified": "2025-03-11T02:15:10.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \u201dzyUtilMailSend\u201d function of the Zyxel\u00a0AX7501-B1 firmware version\u00a0V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025",
"source": "security@zyxel.com.tw"
}
]
}

6
CVE-2024/CVE-2024-131xx/CVE-2024-13159.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13159",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-01-14T18:15:26.243",
"lastModified": "2025-02-21T15:15:11.380",
"lastModified": "2025-03-11T01:00:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-03-10",
"cisaActionDue": "2025-03-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability",
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",

6
CVE-2024/CVE-2024-131xx/CVE-2024-13160.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13160",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-01-14T18:15:26.447",
"lastModified": "2025-02-21T15:15:11.477",
"lastModified": "2025-03-11T01:00:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-03-10",
"cisaActionDue": "2025-03-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability",
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",

6
CVE-2024/CVE-2024-131xx/CVE-2024-13161.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13161",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-01-14T18:15:26.640",
"lastModified": "2025-02-21T15:15:11.577",
"lastModified": "2025-03-11T01:00:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-03-10",
"cisaActionDue": "2025-03-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability",
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",

56
CVE-2024/CVE-2024-223xx/CVE-2024-22340.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-22340",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-03-11T01:15:33.257",
"lastModified": "2025-03-11T01:15:33.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\n\ncould allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-208"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7185282",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-417xx/CVE-2024-41760.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41760",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-03-11T01:15:33.427",
"lastModified": "2025-03-11T01:15:33.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\ncould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7185282",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-498xx/CVE-2024-49823.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49823",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-03-11T01:15:33.583",
"lastModified": "2025-03-11T01:15:33.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7185282",
"source": "psirt@us.ibm.com"
}
]
}

6
CVE-2024/CVE-2024-579xx/CVE-2024-57968.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-57968",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-03T20:15:36.550",
"lastModified": "2025-02-06T18:15:32.287",
"lastModified": "2025-03-11T01:00:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-03-10",
"cisaActionDue": "2025-03-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Advantive VeraCore Unrestricted File Upload Vulnerability",
"weaknesses": [
{
"source": "cve@mitre.org",

60
CVE-2025/CVE-2025-00xx/CVE-2025-0062.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0062",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:33.740",
"lastModified": "2025-03-11T01:15:33.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim\ufffds browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557459",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-00xx/CVE-2025-0071.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0071",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:33.917",
"lastModified": "2025-03-11T01:15:33.917",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3558132",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

8
CVE-2025/CVE-2025-19xx/CVE-2025-1937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1937",
"sourceIdentifier": "security@mozilla.org",
"published": "2025-03-04T14:15:38.610",
"lastModified": "2025-03-05T00:15:37.010",
"vulnStatus": "Received",
"lastModified": "2025-03-11T02:15:11.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,10 @@
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/",
"source": "security@mozilla.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

60
CVE-2025/CVE-2025-231xx/CVE-2025-23185.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-23185",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:34.330",
"lastModified": "2025-03-11T01:15:34.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3549494",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-231xx/CVE-2025-23188.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-23188",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:34.480",
"lastModified": "2025-03-11T01:15:34.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557131",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-231xx/CVE-2025-23194.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-23194",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:34.630",
"lastModified": "2025-03-11T01:15:34.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3561792",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

6
CVE-2025/CVE-2025-251xx/CVE-2025-25181.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25181",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-03T20:15:37.477",
"lastModified": "2025-02-18T19:15:28.613",
"lastModified": "2025-03-11T01:00:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-03-10",
"cisaActionDue": "2025-03-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": " Advantive VeraCore SQL Injection Vulnerability",
"weaknesses": [
{
"source": "cve@mitre.org",

60
CVE-2025/CVE-2025-252xx/CVE-2025-25242.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-25242",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:34.777",
"lastModified": "2025-03-11T01:15:34.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3562390",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-252xx/CVE-2025-25244.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-25244",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:34.927",
"lastModified": "2025-03-11T01:15:34.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3552144",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-252xx/CVE-2025-25245.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-25245",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.080",
"lastModified": "2025-03-11T01:15:35.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim\ufffds browser. There is no impact on availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557469",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26655.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26655",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.230",
"lastModified": "2025-03-11T01:15:35.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3347991",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26656.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26656",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.383",
"lastModified": "2025-03-11T01:15:35.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3474392",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26658.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26658",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.533",
"lastModified": "2025-03-11T01:15:35.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3561045",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26659.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26659",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.683",
"lastModified": "2025-03-11T01:15:35.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim\ufffds browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3552824",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26660.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26660",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.837",
"lastModified": "2025-03-11T01:15:35.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557655",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-266xx/CVE-2025-26661.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26661",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.993",
"lastModified": "2025-03-11T01:15:35.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3563927",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27430.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27430",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.157",
"lastModified": "2025-03-11T01:15:36.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3561861",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27431.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27431",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.310",
"lastModified": "2025-03-11T01:15:36.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim\ufffds browser. There is no impact on availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3567246",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27432.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27432",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.467",
"lastModified": "2025-03-11T01:15:36.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3568865",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27433.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27433",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.607",
"lastModified": "2025-03-11T01:15:36.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3565835",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27434.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27434",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.760",
"lastModified": "2025-03-11T01:15:36.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3569602",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

60
CVE-2025/CVE-2025-274xx/CVE-2025-27436.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-27436",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:36.920",
"lastModified": "2025-03-11T01:15:36.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3565835",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}

48
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-11T00:55:19.400010+00:00
2025-03-11T03:00:19.293505+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-11T00:15:11.060000+00:00
2025-03-11T02:15:11.120000+00:00
```
### Last Data Feed Release
@ -27,30 +27,56 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-03-10T01:00:10.093749+00:00
2025-03-11T01:00:04.365474+00:00
```
### Total Number of included CVEs
```plain
284667
284693
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `26`
- [CVE-2025-1828](CVE-2025/CVE-2025-18xx/CVE-2025-1828.json) (`2025-03-11T00:15:11.060`)
- [CVE-2025-27610](CVE-2025/CVE-2025-276xx/CVE-2025-27610.json) (`2025-03-10T23:15:35.073`)
- [CVE-2025-27924](CVE-2025/CVE-2025-279xx/CVE-2025-27924.json) (`2025-03-10T23:15:35.280`)
- [CVE-2025-27925](CVE-2025/CVE-2025-279xx/CVE-2025-27925.json) (`2025-03-10T23:15:35.473`)
- [CVE-2025-27926](CVE-2025/CVE-2025-279xx/CVE-2025-27926.json) (`2025-03-10T23:15:35.670`)
- [CVE-2024-12009](CVE-2024/CVE-2024-120xx/CVE-2024-12009.json) (`2025-03-11T02:15:10.590`)
- [CVE-2024-12010](CVE-2024/CVE-2024-120xx/CVE-2024-12010.json) (`2025-03-11T02:15:10.773`)
- [CVE-2024-22340](CVE-2024/CVE-2024-223xx/CVE-2024-22340.json) (`2025-03-11T01:15:33.257`)
- [CVE-2024-41760](CVE-2024/CVE-2024-417xx/CVE-2024-41760.json) (`2025-03-11T01:15:33.427`)
- [CVE-2024-49823](CVE-2024/CVE-2024-498xx/CVE-2024-49823.json) (`2025-03-11T01:15:33.583`)
- [CVE-2025-0062](CVE-2025/CVE-2025-00xx/CVE-2025-0062.json) (`2025-03-11T01:15:33.740`)
- [CVE-2025-0071](CVE-2025/CVE-2025-00xx/CVE-2025-0071.json) (`2025-03-11T01:15:33.917`)
- [CVE-2025-23185](CVE-2025/CVE-2025-231xx/CVE-2025-23185.json) (`2025-03-11T01:15:34.330`)
- [CVE-2025-23188](CVE-2025/CVE-2025-231xx/CVE-2025-23188.json) (`2025-03-11T01:15:34.480`)
- [CVE-2025-23194](CVE-2025/CVE-2025-231xx/CVE-2025-23194.json) (`2025-03-11T01:15:34.630`)
- [CVE-2025-25242](CVE-2025/CVE-2025-252xx/CVE-2025-25242.json) (`2025-03-11T01:15:34.777`)
- [CVE-2025-25244](CVE-2025/CVE-2025-252xx/CVE-2025-25244.json) (`2025-03-11T01:15:34.927`)
- [CVE-2025-25245](CVE-2025/CVE-2025-252xx/CVE-2025-25245.json) (`2025-03-11T01:15:35.080`)
- [CVE-2025-26655](CVE-2025/CVE-2025-266xx/CVE-2025-26655.json) (`2025-03-11T01:15:35.230`)
- [CVE-2025-26656](CVE-2025/CVE-2025-266xx/CVE-2025-26656.json) (`2025-03-11T01:15:35.383`)
- [CVE-2025-26658](CVE-2025/CVE-2025-266xx/CVE-2025-26658.json) (`2025-03-11T01:15:35.533`)
- [CVE-2025-26659](CVE-2025/CVE-2025-266xx/CVE-2025-26659.json) (`2025-03-11T01:15:35.683`)
- [CVE-2025-26660](CVE-2025/CVE-2025-266xx/CVE-2025-26660.json) (`2025-03-11T01:15:35.837`)
- [CVE-2025-26661](CVE-2025/CVE-2025-266xx/CVE-2025-26661.json) (`2025-03-11T01:15:35.993`)
- [CVE-2025-27430](CVE-2025/CVE-2025-274xx/CVE-2025-27430.json) (`2025-03-11T01:15:36.157`)
- [CVE-2025-27431](CVE-2025/CVE-2025-274xx/CVE-2025-27431.json) (`2025-03-11T01:15:36.310`)
- [CVE-2025-27432](CVE-2025/CVE-2025-274xx/CVE-2025-27432.json) (`2025-03-11T01:15:36.467`)
- [CVE-2025-27433](CVE-2025/CVE-2025-274xx/CVE-2025-27433.json) (`2025-03-11T01:15:36.607`)
- [CVE-2025-27434](CVE-2025/CVE-2025-274xx/CVE-2025-27434.json) (`2025-03-11T01:15:36.760`)
- [CVE-2025-27436](CVE-2025/CVE-2025-274xx/CVE-2025-27436.json) (`2025-03-11T01:15:36.920`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `6`
- [CVE-2024-13159](CVE-2024/CVE-2024-131xx/CVE-2024-13159.json) (`2025-03-11T01:00:03.127`)
- [CVE-2024-13160](CVE-2024/CVE-2024-131xx/CVE-2024-13160.json) (`2025-03-11T01:00:03.127`)
- [CVE-2024-13161](CVE-2024/CVE-2024-131xx/CVE-2024-13161.json) (`2025-03-11T01:00:03.127`)
- [CVE-2024-57968](CVE-2024/CVE-2024-579xx/CVE-2024-57968.json) (`2025-03-11T01:00:03.127`)
- [CVE-2025-1937](CVE-2025/CVE-2025-19xx/CVE-2025-1937.json) (`2025-03-11T02:15:11.120`)
- [CVE-2025-25181](CVE-2025/CVE-2025-251xx/CVE-2025-25181.json) (`2025-03-11T01:00:03.127`)
## Download and Usage

48
_state.csv
View File

@ -245390,6 +245390,7 @@ CVE-2024-1125,0,0,4d0b5fc967895869908236f67000c1641c8e7f2139240de53289a37094eb17
CVE-2024-11250,0,0,1d911eaa132e9450b36dc6c8a663ef95ec738de06fd7b57aac724c63248cb110,2024-12-10T17:22:10.547000
CVE-2024-11251,0,0,305bbf1592d4eaa4534e1c7e8c0a204d7446c058354be3d67d2a086abef32e2f,2024-11-18T17:11:56.587000
CVE-2024-11252,0,0,e3a49be80375d7d6eb07a5b8ea5fe1ead6b27bf2476ff0719e421b392fb0b61d,2024-11-30T06:15:17.580000
CVE-2024-11253,1,1,3858460f9fe4ac1e49b297c8c2e71363b10100444463672160b196b2fbb17ec2,2025-03-11T02:15:10.043000
CVE-2024-11254,0,0,12fbeae61db8ca9bcd036368ccbe2be9dd932023914350fb32d0ee40fe1214be,2025-02-21T20:44:25.797000
CVE-2024-11256,0,0,1a837548036f49b724cb7ad582e9538d46d656e447bd851b0561c9868934299e,2024-11-19T21:49:04.790000
CVE-2024-11257,0,0,02e2cb90c3265c0c393e258ef6e28870b3aa9ad15c8da8d1d0ca2d0bcba03821,2024-11-19T21:24:40.443000
@ -246134,7 +246135,9 @@ CVE-2024-12005,0,0,324bcdf3eef33c86a215a7fc4463dbf5b3c99ef12c1bafdfd55a84f361ad3
CVE-2024-12006,0,0,36f18b21148a0ee67abb3880ad49f0f8c4ad811090df2db1dbbfc11fa749b0af,2025-01-16T21:30:14.640000
CVE-2024-12007,0,0,627d69eb6e5a241a3ef4f6b964cb6e445ca6bf5f36dffa4224a97a10758c5340,2024-12-11T03:16:24.473000
CVE-2024-12008,0,0,c6233d44f9ccc9833da766f9738aceabd906dd7310efd71abd35e6e9b4e35a50,2025-01-16T21:30:41.017000
CVE-2024-12009,1,1,d56a357e5c10017983a8cb5e95d52c49178cbf14087498c585e299048e9426fc,2025-03-11T02:15:10.590000
CVE-2024-1201,0,0,98150b7d086d80b767e6802e39750bc86f0479b7a9cd93495263225678c4d4a5,2024-11-21T08:50:01.647000
CVE-2024-12010,1,1,0f6927bc518388d5560c28856b0afbe9de95ec1ae877f94dbe9aa1b4addeab60,2025-03-11T02:15:10.773000
CVE-2024-12011,0,0,0f6f68e8d37d4c19c05769b393e533228632d01f9d5845f4745581d3d1c7e951,2025-02-13T16:15:43.750000
CVE-2024-12012,0,0,14e98b5ac64b0045db87c72ad7846ff409f949761b743388daf77e1918c1b3cf,2025-02-13T16:15:43.913000
CVE-2024-12013,0,0,0cd473350b3884feea6dfce21eb5c412ab8c70283b9ee64d68edf79d425156af,2025-02-13T16:15:44.050000
@ -247161,10 +247164,10 @@ CVE-2024-13155,0,0,6682537fa9f5844e5906fbe79fbac9ddfaae9e2af1434030859c114baf0c7
CVE-2024-13156,0,0,30f08a5146793529d2149bd8fe28d1d230f7d62ef9b057e2393b31a9d88e81a0,2025-01-14T09:15:20.910000
CVE-2024-13157,0,0,80e03db47d7aeaaff8ebfe5d3bb0d4e0a672091f1b6d6e0617afb0f75c61e9a3,2025-01-31T09:15:06.617000
CVE-2024-13158,0,0,d921bcc53f0c4810cb7f77f962be3471977624bd876c8c3eed3db3c6a249539e,2025-01-14T18:15:26.020000
CVE-2024-13159,0,0,c8687413c2f815733b269b2640c1d1df0915a002cd43906bf55f0ecfb8f2c282,2025-02-21T15:15:11.380000
CVE-2024-13159,0,1,1b0544d647dd2528d8ae3f2ee13f7372d59bd46267b4cbd9536792835f820301,2025-03-11T01:00:03.127000
CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000
CVE-2024-13160,0,0,b18c67a0d503ccfafb935af1ae68681b5f4ae341cd2a4d932b7425bece3a76f2,2025-02-21T15:15:11.477000
CVE-2024-13161,0,0,699da4a1911d96fd029491b629fabe0bcf17006a5766de4aa8d9fddc609c7cdb,2025-02-21T15:15:11.577000
CVE-2024-13160,0,1,308834317ed661e80a60b310d3aff3e4287b3e85ca7c5932af9c4c419816b460,2025-03-11T01:00:03.127000
CVE-2024-13161,0,1,2f940d0c2471f99f0a6167e8617f46db1e105823fb948909d142ca5e370a1f58,2025-03-11T01:00:03.127000
CVE-2024-13162,0,0,da666b41a7d98c9e3b9af1e27b198252acb00cdb0ecec4980b750fd64eed2fe4,2025-01-14T18:15:26.840000
CVE-2024-13163,0,0,bfd7b222341b4eeb132c53cc185879949445b8743e8f9a1b980d00c942a7fc15,2025-01-14T18:15:27.033000
CVE-2024-13164,0,0,5e00467d585bd74d24cb5c4fbdec02b53f0efb7f0a08f8e18116c4133fca3a2a,2025-01-14T18:15:27.257000
@ -250528,6 +250531,7 @@ CVE-2024-22337,0,0,176b2bb99f38a37cc5c4bceef64e53e66f0257dfccc9a4bf213596d99f663
CVE-2024-22338,0,0,2f5d103b20e176fcbbf750834003442156af5ed8589bffd33826dcce94cd2d4d,2024-11-21T08:56:05.150000
CVE-2024-22339,0,0,f84cb1f36ac458831eefd9cd784c894dbf751b04ff3bdf01cd3577255e1fd032,2025-01-29T21:27:46.043000
CVE-2024-2234,0,0,2580af67855545545b0dbe2146fd22b02b33bca58d42a33b34f8d1d966926c31,2024-11-21T09:09:18.983000
CVE-2024-22340,1,1,951527e0ac666fcb519e977a9eafb3a71bcc714b4ee291c7be180a2af14480f1,2025-03-11T01:15:33.257000
CVE-2024-22341,0,0,3cfdfded8ccd1f5ef6f6a7285669b2b2725fa7742cae96369e40764326933e55,2025-02-22T01:15:10.507000
CVE-2024-22343,0,0,a3ffc2e94274da5793eb1457be21bec9aa8bc9334ca3ffb82f0713c176cb924d,2025-01-14T21:09:37.513000
CVE-2024-22344,0,0,175ecdaf0188d9abe716b262cfd96bf9fb3ed5588248fdac15f91aea57c0f76b,2025-01-14T21:11:47.730000
@ -265186,6 +265190,7 @@ CVE-2024-4175,0,0,5386392290fa38470dd8910cd3753515f25308d1edd31217aca2a63897449a
CVE-2024-41752,0,0,04e93d2aa0d5f5c09f5bd50535183c7216d854c9071e1cb65e129028f085fb9a,2025-01-10T19:33:46.213000
CVE-2024-41757,0,0,adb5f4b542a7b16af6b71d1e87a048661b9da0542f10941d3eef8a15957fc294,2025-03-04T16:58:06.783000
CVE-2024-4176,0,0,bbebb00d63b41a3619ef35d6461fab3b8fd8271367eb9c2415dbdbc268e57b15,2024-11-21T09:42:20.253000
CVE-2024-41760,1,1,86224cacb935567f918b11a5b43afd8ca20b995e8b28b4d1f5f292e535b9c69e,2025-03-11T01:15:33.427000
CVE-2024-41761,0,0,48d0303faeacb5aea64f43156f94a0affd943a18971bba4b04fb6042b87c2c03,2025-01-31T15:26:34.900000
CVE-2024-41762,0,0,c1974aea0e06b2927c18784e57637a55268819be3644cbae33cf4f7fc7ed3224,2025-01-31T15:27:03.190000
CVE-2024-41763,0,0,94c378f8474aa53dee22239e59e2b4c07cea8d922818f488d7813a8a5b926f47,2025-01-04T15:15:06.017000
@ -271095,6 +271100,7 @@ CVE-2024-49817,0,0,faf269773338cb40692b44da53cb55c3f9c6f56cc98bbe6ac46416bd80e96
CVE-2024-49818,0,0,148b4e77a026b651bd8bac5c6677434a12ec93c5c55e11ec99c033a2167f5317,2025-01-07T17:20:08.497000
CVE-2024-49819,0,0,18989ee02215782dbaa36dd11585d529ff7cb27112e595064942a9ff9397ee70,2025-01-10T17:52:26.793000
CVE-2024-49820,0,0,fe904aab3b1423196226c288487d3e9f35952361c8f61f2d528fcf7833452731,2025-01-10T17:42:53.707000
CVE-2024-49823,1,1,e225e98bc3abe406bdaebed8b0b3c4551bcb6ecc828b83e5ab3aa8d6d3a1f49e,2025-03-11T01:15:33.583000
CVE-2024-49824,0,0,4072c1a943cc33d63481a74407022b24878ec14cb5f9e9fc6f5cb6ba7f3e8966,2025-01-18T16:15:39.183000
CVE-2024-4983,0,0,b82ab4bc704d323c7d9f24e0a3641c93b0503dba6a5392acd5923000e9eef05a,2025-01-29T18:07:43.813000
CVE-2024-49832,0,0,391e39e7c5b3e995146e5c9a1ef83712ccc04ea31043b019d156c859ce3b56e4,2025-02-05T16:01:09.627000
@ -276404,7 +276410,7 @@ CVE-2024-57964,0,0,60e211b17010106ead87fc4560e1e4ffe78e9e25a18b2e6877df7f7f9b319
CVE-2024-57965,0,0,1ec783f88325ed02c1810413dbff411d8a59c49db780f7d0fa48c580055559d5,2025-01-29T10:15:08.113000
CVE-2024-57966,0,0,61d2b5fd5d958d136f7dd40b4676334560812ee79ee948ded13f78b89db9e1c9,2025-02-09T05:15:32.883000
CVE-2024-57967,0,0,8fee44e6eb84e9ffdf47037f396d369451745de427e458c886fbbf4f38d70d65,2025-02-03T18:15:37.853000
CVE-2024-57968,0,0,df2d26687f6eb03cc4ebdae430a2d63e09872c2f76ae608d0c55e2648f4f6e40,2025-02-06T18:15:32.287000
CVE-2024-57968,0,1,748bdc71aa3e23e83c5127d55ec69a4684fe8d0eefc6772c43b09e95ac08b237,2025-03-11T01:00:03.127000
CVE-2024-57969,0,0,8a2052e46457143381617c41d784a01bcfd413646c5ba70b070b95c9aa759ff0,2025-02-14T07:15:32.340000
CVE-2024-57970,0,0,4db4cc3cdc42f255941d980da801a4e2e9f8b4ba6d1c25a10de778120606a2ba,2025-02-18T17:15:19.130000
CVE-2024-57971,0,0,19f9693c2a947ecc81adc9515f9451f49c9c0497b8a17c88b011da939c705fcc,2025-02-16T04:15:23.077000
@ -280208,6 +280214,7 @@ CVE-2025-0058,0,0,8c854cc3b9cd8d37f23bdcb243a1d6a5a5ec966a10c671e68823b0f04149de
CVE-2025-0059,0,0,6416879787f54d6a44b6599a708532154a0b00797493957584bb4d5ef539168b,2025-01-14T01:15:16.190000
CVE-2025-0060,0,0,1cd7402c377fe0eb71c687af689b0d9a4160c668897128edffbfc7ea6f4b4145,2025-01-14T01:15:16.350000
CVE-2025-0061,0,0,1b8599d27b3c8b95785284a43802c929098c42ac59855f759f4dd597f002bfd5,2025-01-14T01:15:16.500000
CVE-2025-0062,1,1,1402743f49bb8649f04181d086cf138421faa52e408a12d4c4c721c080184e72,2025-03-11T01:15:33.740000
CVE-2025-0063,0,0,e52e2556ff38cc25592bde9486fa1da35995f2773770ff25a347e7df36a48b0b,2025-01-14T01:15:16.633000
CVE-2025-0064,0,0,e7f5bd1ecd70eeee1a65854e054746f34eb8dfec8e0a20e48bb6b270dfafe980,2025-02-18T18:15:28.470000
CVE-2025-0065,0,0,70f469a84981289145ddab7e496e3ce6a2882a8618ec61a008685ed9d3ced71c,2025-01-28T11:15:07.413000
@ -280216,6 +280223,7 @@ CVE-2025-0067,0,0,595fadc08a33537ee967fb524f132a140bd7562627c52fe87a8f7e09b94969
CVE-2025-0068,0,0,335ecdc06a29db245188288060d2d78b12fd2ca685b50ec8e17c976ac125be2f,2025-01-14T01:15:17.107000
CVE-2025-0069,0,0,d7ac8ba36cfcab8a8836c1588e52e8bbaed2d415e393c11bf82b7bb82617b09a,2025-01-14T01:15:17.257000
CVE-2025-0070,0,0,dbf9edc467887c587ee503735d983d3eb618b4cd55fb133fb8e2178f124d6f6b,2025-01-14T01:15:17.427000
CVE-2025-0071,1,1,8c0c274e177519e669209b0690536ee8179845692353b7b61dc9bb1c73544a1f,2025-03-11T01:15:33.917000
CVE-2025-0103,0,0,06fd8d922bac50d8ab7e8102b5457a5978f502265c9b1059554ccaf6e0c9679c,2025-01-11T03:15:22.020000
CVE-2025-0104,0,0,dc4c81878786bc602ee20c50b1dae485c1da904352cbab72ccb96b2a9dcd9e75,2025-01-11T03:15:22.183000
CVE-2025-0105,0,0,06eb71f16599e7ae8629718f901478ad68364254538fe5e092751226e1b94cb6,2025-01-11T03:15:22.317000
@ -281209,7 +281217,7 @@ CVE-2025-1818,0,0,37447926f9841734f2812c1740f60067b78922f1e49cdd900fb1888b830ace
CVE-2025-1819,0,0,30aaf321bf598a632d335efe867dfbf1c954d81c19dbf59077d00052427f6e82,2025-03-02T17:15:11.483000
CVE-2025-1820,0,0,de7c6baac78093b7f0e7c2343af2d32bf8e1894ea47cf7930dd387f103a53ed8,2025-03-03T19:15:33.900000
CVE-2025-1821,0,0,b3349008b31943d36983f65c5b6d573a651ca8d675ec056cb33951299f02ed59,2025-03-03T19:15:34.030000
CVE-2025-1828,1,1,4da459dee35684f24ea6486e71fd88fa2ca41ea8103d63977d81f2f72d7e7ad2,2025-03-11T00:15:11.060000
CVE-2025-1828,0,0,4da459dee35684f24ea6486e71fd88fa2ca41ea8103d63977d81f2f72d7e7ad2,2025-03-11T00:15:11.060000
CVE-2025-1829,0,0,cdfa3e67c0c277a6177da9bd34f08d7ed678dd9267ec9b77fb630e0d887cc4f0,2025-03-03T18:15:31.937000
CVE-2025-1830,0,0,b7d520c7dab1ad06ab8077ecd612df524f731c0cd8662ed0f43d61b14b168f12,2025-03-03T22:15:37.637000
CVE-2025-1831,0,0,df633658ed50bfe4aae872b54c5326e5accc4a7746409c9cf665f4b4ab647254,2025-03-03T18:15:32.520000
@ -281295,7 +281303,7 @@ CVE-2025-1933,0,0,3e5005e8a9c650ec4f2f811a22521c8ad0490eb69bc64f511f300de34c9c44
CVE-2025-1934,0,0,62d5877cb0a6bc1c29a9ae6dc05c446ff5aa98cc30731b480267f540b52e058d,2025-03-05T00:15:36.617000
CVE-2025-1935,0,0,f5c41a093a13f86f7817460f81aad5f90e557b8b8cedf9cda6848a41a28cc99c,2025-03-05T00:15:36.770000
CVE-2025-1936,0,0,5aeb3954667ffde00751af15da91ac949e3b09e154211a4ee43408b06f4ab0ea,2025-03-05T00:15:36.913000
CVE-2025-1937,0,0,a6b3c24a6de45af4378bf960f2cc01b66f16d07b2cb1aecb2232b9413c558b72,2025-03-05T00:15:37.010000
CVE-2025-1937,0,1,bd4726a157f7605f9c828200122b7531d04cc50473063878b94d53c6d49d9479,2025-03-11T02:15:11.120000
CVE-2025-1938,0,0,a3d2c5e41b6927e626441d453303cede8a435a27378e2cbc19add8fd6b6df97b,2025-03-05T00:15:37.097000
CVE-2025-1939,0,0,c0c3d1c5456d9ff1ed9873f9baef0daaa42a015c687bcb9aef1c88b468ec4239,2025-03-05T19:15:37.870000
CVE-2025-1940,0,0,3afeb38944a20fc07b896bfe1f1ad2c69e4bbbb599fa0f218233eafca8c83765,2025-03-04T16:15:38.310000
@ -282712,11 +282720,14 @@ CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4
CVE-2025-23127,0,0,ef1aeaee3e917139d62386eaa309c28fa46e54be8ed45ecdaab4f9d4f96931db,2025-01-11T15:15:09.173000
CVE-2025-23128,0,0,856260a69fb4f1bb5d13296c47ffc7dac686c7ca9a44fff8151b1b7f11a740a9,2025-01-11T15:15:09.250000
CVE-2025-23184,0,0,d117de9ebd2827a8b285a215a95edfb5f2bc8c36d298a840f4f419212fe8e651,2025-02-15T01:15:11.010000
CVE-2025-23185,1,1,bd0d98997b3e82d4720306a4c68c120c414e2cdd61c888c56c3e80f74dc62e6b,2025-03-11T01:15:34.330000
CVE-2025-23187,0,0,c290fe7dd4f9aea98485c447bf9862acb0a55538c675ba503d3516720f3efd65,2025-02-18T18:15:33.497000
CVE-2025-23188,1,1,908df07101b52db1268519960315a08741374d3517f3ae897d73ef055616551e,2025-03-11T01:15:34.480000
CVE-2025-23189,0,0,b372693675c5d6d50e215d8acb54007642608e3ca2a789b9ea116e268e1e263e,2025-02-11T01:15:10.263000
CVE-2025-23190,0,0,87842373d301ca780cfdfed4b8137d271e812becd8d75ff110dd7b27091c3193,2025-02-11T01:15:10.413000
CVE-2025-23191,0,0,93bf39b052d32c7fd79bf315d4657bdb3b25800f484d8ee22918be2670f1ecea,2025-02-11T01:15:10.557000
CVE-2025-23193,0,0,dd2b7306807ec40f9912fb49ee68934fd2efddf05fc31efb201a5ebd32befe04,2025-02-11T01:15:10.700000
CVE-2025-23194,1,1,a0d81e5dc1f32b2b3dd38ab495b441441f6406dbd08da7c13c98cb115151c2ac,2025-03-11T01:15:34.630000
CVE-2025-23195,0,0,330ec078db97e6dc3fdb7cdbe57f6450c92255b88a9b52bc02ab0cb6754204fa,2025-01-22T15:15:15.237000
CVE-2025-23196,0,0,c86901772359f4512fdd147449b9ed6294fa0f580a5b9af77dfe2551cf2e530c,2025-01-22T15:15:15.390000
CVE-2025-23197,0,0,099217d7c50fa4e567446b5ed24de5a49493412d57096b7a33e5ff39354836a3,2025-01-27T18:15:41.037000
@ -283904,7 +283915,7 @@ CVE-2025-25167,0,0,e14b9eb6e466e19d148bb81d5cb2df8f805c1241e9a9e8cd6260db11c719e
CVE-2025-25168,0,0,93fb1477ac0fd147322a0beee26e3b74949bd1187f727ff11033ff5c839391ea,2025-02-11T18:21:01.407000
CVE-2025-25169,0,0,b2c2eae9e9728260a10cbcd3cd6ed185b5ee51c8c2c4bd8b669b60e645fe9781,2025-03-03T14:15:54.477000
CVE-2025-25170,0,0,10b2b5d5b1d8e09a883b23033bc8ac75abe37fde2151575888a21edb35483c78,2025-03-03T14:15:54.613000
CVE-2025-25181,0,0,d93e6c4eee13ffa168372e2c7e46bbc0128edff1659cd70737de5b3c44664eea,2025-02-18T19:15:28.613000
CVE-2025-25181,0,1,54bb22ae37fb0440fda0b5dd67cbfbac1a1597f5e597c7d05ce884fb001eab92,2025-03-11T01:00:03.127000
CVE-2025-25182,0,0,6fd347398e5cc83c7bcf9c93dfa3366f2e8e0aced29c81495217dd5d01f504cd,2025-02-12T17:15:23.857000
CVE-2025-25183,0,0,9f610c42840d8f1123d400fa738e85280ed4290b29d92e2aa642daf493197632,2025-02-07T20:15:34.083000
CVE-2025-25184,0,0,2da8803a7b31a0463a88b6351bc585e918c07913590e0cf3e756bba1e93f2c10,2025-02-14T20:15:34.350000
@ -283934,7 +283945,10 @@ CVE-2025-25222,0,0,c2ca7e3dc29f3574e03139c7399b4994d988797dae7ad6db23b85350baa3d
CVE-2025-25223,0,0,a49bb693ef5024209af2cdf099d01934d199df8e6379e744ca5e733fcd788f54,2025-02-18T01:15:09.347000
CVE-2025-25224,0,0,a4f44e8389415111624e6d3b431cded203f069a8e58de6c5b5f4eb5c08d09e30,2025-02-18T01:15:09.473000
CVE-2025-25241,0,0,f70d628c4466ad6abe844cd65a2579f5c9e5af240d0c56eadc1f05ff31a52618,2025-02-18T18:15:34.967000
CVE-2025-25242,1,1,8b5706ef301e771bf1021edd4fedd9bd7c7759a34b0806dbecfa87f66ad8d61c,2025-03-11T01:15:34.777000
CVE-2025-25243,0,0,906f44310c3cdd164cd7aafcd2415e522d55d23269db0ed5b7f0708c0da72aa0,2025-02-18T18:15:35.160000
CVE-2025-25244,1,1,b836bfdf91c6dd5b656c585c65289127b775f6eb8d385fbc95c5600b8c7153e2,2025-03-11T01:15:34.927000
CVE-2025-25245,1,1,f15727cdd2fded14c9775d24595293dcd4ea43628f991058c4ad9a8dd2760009,2025-03-11T01:15:35.080000
CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000
CVE-2025-25247,0,0,45a7686ea5976edcbc598e01fb577ca50507f74bc11b7b7bfc3045e83b294c70,2025-02-10T15:15:13.333000
CVE-2025-25279,0,0,042549a55fc10922a139cd28848b848f448630efd12168ac54dc544f129afb38,2025-02-24T08:15:10.607000
@ -284309,6 +284323,12 @@ CVE-2025-26622,0,0,c1b7d21410dfbb6fcbf2a06b2b329547947b3063e917e17430eb0992177b0
CVE-2025-26623,0,0,d192a090780b2dcdc669e9e692f962aa45c7b001bdc2d92981daf17d836bb16f,2025-02-18T20:15:33.153000
CVE-2025-26624,0,0,933774cf8883da910c74db2937793adaa8c4da49496d875f26d7c862a7576875,2025-02-18T23:15:10.810000
CVE-2025-26643,0,0,2fdd3ead42b670e7e33c7c2f3b0e92746e3358911492be2252e618821cbc493a,2025-03-07T19:15:37.180000
CVE-2025-26655,1,1,0f3a08ccef3d70b6b204225ccf1d375dcff58cae567d22996a8c9a79c45ba0ba,2025-03-11T01:15:35.230000
CVE-2025-26656,1,1,1a812f43138149f2d7d6651efca463558863ccdacf3acc529b62dbfb2f3c3007,2025-03-11T01:15:35.383000
CVE-2025-26658,1,1,d118441d3436a47c606b50b102cf03d9c402c14a6366b95d69e29a7d79e0e3de,2025-03-11T01:15:35.533000
CVE-2025-26659,1,1,68eba87b24200d0516b6e9b6214ef6466194fdc5a18d27ddac9737f1786b152f,2025-03-11T01:15:35.683000
CVE-2025-26660,1,1,529f2a8a9a489ca0a28a5fca6db2be343390ec2b45b92ee6c3ed517d3a52980b,2025-03-11T01:15:35.837000
CVE-2025-26661,1,1,ca779d9ce9e34774aa5a0f969b9709373e8d76f9ab3b576068ec16d5fa48ab4c,2025-03-11T01:15:35.993000
CVE-2025-26695,0,0,c6eed7f6dcf8d74bcbdaf5148c2f95c49bfc0eb871e72168d5fa03bd63ce6032,2025-03-10T19:15:40.567000
CVE-2025-26696,0,0,ed34c27a9a2c2a385def969c8e6d8d8bba973273db11fc413b8c9eeee171cc25,2025-03-10T19:15:40.670000
CVE-2025-26698,0,0,02e1c85350f9590f950db8be3fe5f72c9485333903c0f224a4be86e1fd66bec5,2025-02-26T13:15:41.983000
@ -284565,6 +284585,12 @@ CVE-2025-27423,0,0,76136ac7a97f6b3b77c306faa15fa09b7bae261cd8dfd81b49033906f60d3
CVE-2025-27424,0,0,ae381ad83c7e807194f65eb0dd3ebd33b86a96ab3f79d590c8b606ddf3148b97,2025-03-04T16:15:40.647000
CVE-2025-27425,0,0,0c979c07a2366d7040a7201e00a999f4f859e07054a931c54247ba3eb41c463b,2025-03-04T16:15:40.797000
CVE-2025-27426,0,0,3424a995371007e75834114eff317845d6ca8dec201ea4e5a46602f3aae7a610,2025-03-04T16:15:40.933000
CVE-2025-27430,1,1,a06ec715a7ce108e60a696528ba671c55bcf8dc2ec481d5e12a7170f1c65937d,2025-03-11T01:15:36.157000
CVE-2025-27431,1,1,d3a9675081d2e37b13dc9dd22035ed3c565fd85bed5f8ac188e29d92fec6432b,2025-03-11T01:15:36.310000
CVE-2025-27432,1,1,007a3faf5a4b3dd72c503190961a97a9f124ce550e1b2c3e3c068c571ef636b2,2025-03-11T01:15:36.467000
CVE-2025-27433,1,1,802ef576da4ee45fc183584d31950306c1fc4ab770cdfb1d54c7001bee2b2bee,2025-03-11T01:15:36.607000
CVE-2025-27434,1,1,3af8a235aaed03ea586bcafb82e3517b0d2a276ddea4b00764a6bc5e730dd53f,2025-03-11T01:15:36.760000
CVE-2025-27436,1,1,04f316589a1bbdce7cd6902d63c8b5944fa23ffbd5c8a89b29a1531f5831ed0c,2025-03-11T01:15:36.920000
CVE-2025-27497,0,0,04993fdb1d20329c81d2ff19baac9002b619ad4067b2189fb1ebe9ca1d230777,2025-03-05T16:15:40.587000
CVE-2025-27498,0,0,7cb66b0e34a52fccf99fcea1075b68d5f7e08d30f7f5bc4fcc53c0689130dbca,2025-03-03T17:15:16.443000
CVE-2025-27499,0,0,2a0981b70298c8422dcc388fd2e38e8ce3aebafeb3f8ba21e6fc5b4555397cd3,2025-03-06T12:21:35.360000
@ -284594,7 +284620,7 @@ CVE-2025-27600,0,0,8b710cbe29c4262a75baeb6eae5e68d150a67d7271571cd258a60494511c3
CVE-2025-27603,0,0,f9c7ddeb8ce74cd54f0397839af1f26d47d617c308be8dcd0c12cfaac63eb48c,2025-03-07T18:15:48.293000
CVE-2025-27604,0,0,52aff360271261f8fa4246ad7435647d74e939ffea0a51055b3b8569444bea06,2025-03-07T17:15:22.290000
CVE-2025-27607,0,0,2a3ab37b8dc052c83770a9345ff1d91d3383eb713728d7b951bbcbdb63a1534a,2025-03-07T18:15:48.483000
CVE-2025-27610,1,1,c33d0784ac28efda70daeefbc9e57202288568b88569c58831907a224f199e9e,2025-03-10T23:15:35.073000
CVE-2025-27610,0,0,c33d0784ac28efda70daeefbc9e57202288568b88569c58831907a224f199e9e,2025-03-10T23:15:35.073000
CVE-2025-27615,0,0,1d9b17fd6d1efa58df936827bdc2b29656e574c998ae5df70178cd728c98c177,2025-03-10T19:15:40.917000
CVE-2025-27616,0,0,124b4c8a641b46285e5ff925029836649f77d1ae4fc7a43a77192949c8ad959b,2025-03-10T19:15:41.080000
CVE-2025-27622,0,0,aab424c81f70efb6c2294313600d100f64e720f683885d3b6918b7e0d0c95ce5,2025-03-06T17:15:23.497000
@ -284663,6 +284689,6 @@ CVE-2025-27839,0,0,212b3d30d2c1f53f372c7e143c6e03922deeb9da14f018db14d5749815db8
CVE-2025-27840,0,0,31b43659fdf50a1c837def79b3ff8549c2485895c251972e0cf021cb5a031b4d,2025-03-10T14:15:25.943000
CVE-2025-27910,0,0,563dfaf4a98237987ed986f935d53295ee6e1d7704cf33b760a3d1b009fcbb36,2025-03-10T22:15:27.287000
CVE-2025-27913,0,0,e681422c2870f7557e227a904142f507f947df7c17e14a658700958ba9e15e29,2025-03-10T21:15:40.430000
CVE-2025-27924,1,1,d40dddf9c788a92a564c369dc07fb0c4ee52a536da4d5b62375b8a5c15743685,2025-03-10T23:15:35.280000
CVE-2025-27925,1,1,485e150b88bb2f812318e08feb0a9c6b157058d6411460ec078db5dd1eea4d8e,2025-03-10T23:15:35.473000
CVE-2025-27926,1,1,7edaac2d1c025dda0053fdf2758b6d17f504c63d4dde96cbe3b933499321fab6,2025-03-10T23:15:35.670000
CVE-2025-27924,0,0,d40dddf9c788a92a564c369dc07fb0c4ee52a536da4d5b62375b8a5c15743685,2025-03-10T23:15:35.280000
CVE-2025-27925,0,0,485e150b88bb2f812318e08feb0a9c6b157058d6411460ec078db5dd1eea4d8e,2025-03-10T23:15:35.473000
CVE-2025-27926,0,0,7edaac2d1c025dda0053fdf2758b6d17f504c63d4dde96cbe3b933499321fab6,2025-03-10T23:15:35.670000

Can't render this file because it is too large.