diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28746.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28746.json index eb3215fc36d..a79dba56298 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28746.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28746.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28746", "sourceIdentifier": "secure@intel.com", "published": "2024-03-14T17:15:50.533", - "lastModified": "2024-11-21T07:55:55.327", + "lastModified": "2025-04-26T20:15:30.640", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -84,6 +84,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "http://xenbits.xen.org/xsa/advisory-452.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46841.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46841.json index 395a655bfc4..b5c57ec4b5f 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46841.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46841.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46841", "sourceIdentifier": "security@xen.org", "published": "2024-03-20T11:15:08.220", - "lastModified": "2025-02-13T18:15:37.603", + "lastModified": "2025-04-26T20:15:31.460", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -48,6 +48,10 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-451.html", "source": "security@xen.org" }, + { + "url": "http://xenbits.xen.org/xsa/advisory-451.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31143.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31143.json index 6ec94f09c10..a3aa5e53116 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31143.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31143.json @@ -2,7 +2,7 @@ "id": "CVE-2024-31143", "sourceIdentifier": "security@xen.org", "published": "2024-07-18T14:15:04.673", - "lastModified": "2024-11-21T09:12:55.220", + "lastModified": "2025-04-26T20:15:31.653", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -60,6 +60,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/07/16/3", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "http://xenbits.xen.org/xsa/advisory-458.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://xenbits.xenproject.org/xsa/advisory-458.html", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31144.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31144.json index 7ae4d8b8482..1a9e6f2a0cd 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31144.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31144.json @@ -2,7 +2,7 @@ "id": "CVE-2024-31144", "sourceIdentifier": "security@xen.org", "published": "2025-02-14T21:15:15.107", - "lastModified": "2025-02-18T15:15:16.050", + "lastModified": "2025-04-26T20:15:31.833", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -47,6 +47,10 @@ { "url": "http://www.openwall.com/lists/oss-security/2024/07/16/4", "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://xenbits.xen.org/xsa/advisory-459.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46653.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46653.json new file mode 100644 index 00000000000..fa9d0ade0db --- /dev/null +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46653.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-46653", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-26T21:15:14.403", + "lastModified": "2025-04-26T21:15:14.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not \"cryptographically secure.\" (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/node-formidable/formidable/blob/d0fbec13edc8add54a1afb9ce1a8d3db803f8d47/CHANGELOG.md?plain=1#L10", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46654.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46654.json new file mode 100644 index 00000000000..73df18cd5e8 --- /dev/null +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46654.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-46654", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-26T21:15:15.100", + "lastModified": "2025-04-26T21:15:15.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-424" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hackmdio/codimd/issues/1910", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46655.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46655.json new file mode 100644 index 00000000000..c8102cb900c --- /dev/null +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46655.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2025-46655", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-26T21:15:15.260", + "lastModified": "2025-04-26T21:15:15.260", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "disputed" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-424" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hackmdio/codimd/issues/1910", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3a6536ee13a..7e3250ceb82 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-26T20:00:19.585151+00:00 +2025-04-26T22:00:19.448748+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-26T18:15:31.297000+00:00 +2025-04-26T21:15:15.260000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -291483 +291486 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2025-46652](CVE-2025/CVE-2025-466xx/CVE-2025-46652.json) (`2025-04-26T18:15:31.297`) +- [CVE-2025-46653](CVE-2025/CVE-2025-466xx/CVE-2025-46653.json) (`2025-04-26T21:15:14.403`) +- [CVE-2025-46654](CVE-2025/CVE-2025-466xx/CVE-2025-46654.json) (`2025-04-26T21:15:15.100`) +- [CVE-2025-46655](CVE-2025/CVE-2025-466xx/CVE-2025-46655.json) (`2025-04-26T21:15:15.260`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `4` +- [CVE-2023-28746](CVE-2023/CVE-2023-287xx/CVE-2023-28746.json) (`2025-04-26T20:15:30.640`) +- [CVE-2023-46841](CVE-2023/CVE-2023-468xx/CVE-2023-46841.json) (`2025-04-26T20:15:31.460`) +- [CVE-2024-31143](CVE-2024/CVE-2024-311xx/CVE-2024-31143.json) (`2025-04-26T20:15:31.653`) +- [CVE-2024-31144](CVE-2024/CVE-2024-311xx/CVE-2024-31144.json) (`2025-04-26T20:15:31.833`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 606f1eb196b..8a66b7e2bc3 100644 --- a/_state.csv +++ b/_state.csv @@ -223324,7 +223324,7 @@ CVE-2023-28742,0,0,ada10fc997bd120b4f742153b80b44f6a20229008df00ef5c9c41fa487ff0 CVE-2023-28743,0,0,57067d7683a6fed27e34c4ec75642d81f73f48fbbb1fafe2372bab781574cf2b,2024-11-21T07:55:54.943000 CVE-2023-28744,0,0,1cc4bd136abaee20571456b24479cb53c2faff59d90643235c832416a354303c,2024-11-21T07:55:55.073000 CVE-2023-28745,0,0,d3b473d827ee800b93bc59ff1d523f8f67d95ddd1627f866e3f0c815315cfe59,2024-11-21T07:55:55.213000 -CVE-2023-28746,0,0,007d4dafb2e02fdd57e9b0e25212b6bbee2399a784e58681462ac6a302943c4e,2024-11-21T07:55:55.327000 +CVE-2023-28746,0,1,ee0a008b2581cab0a5a95ca9d7f2d41ffbba9e0de84cb248c6fa49ed571c5575,2025-04-26T20:15:30.640000 CVE-2023-28747,0,0,e91f519bd27935b2d5612c80b838a70c976c3c4f9fcf35e880eb42a1609a49ab,2024-11-21T07:55:55.500000 CVE-2023-28748,0,0,30743d136d99c59904b1d590dbb0a9c982b8108b01134aeeac79d26937c0cb76,2024-11-21T07:55:55.623000 CVE-2023-28749,0,0,40070758c0df765748ff23debb18cfeb2af7249c6dd395239aa9b516b7d729a7,2024-11-21T07:55:55.813000 @@ -237104,7 +237104,7 @@ CVE-2023-46837,0,0,1bb6613e2e07b449f908ca9113d195b087a4c2a6aa5d2fdfb0d8a9fa0ba02 CVE-2023-46838,0,0,db3fef68cebce35a0ce0d218196de4978c9f87e6ce7dc703512382bf87b6a727,2025-02-13T18:15:37.433000 CVE-2023-46839,0,0,110c4574be648ab625e9ba9b9f041f367f3cfe8e1328db16490d89d1854556ab,2024-11-21T20:15:36.450000 CVE-2023-46840,0,0,35101892971cbf6355ae8df6a82236e4f3dffa9cecb80f1c3349b445a8ac7edf,2024-11-21T08:29:24.200000 -CVE-2023-46841,0,0,e0cbaab1e5dae6d2bc9cd39fb6d454088c039b25c27d2de7b07925690d5cb01a,2025-02-13T18:15:37.603000 +CVE-2023-46841,0,1,ed6a17d8ba10683842b2e471f7f5235e21e3e78cc8b90b289f691ab4e8dc2ed5,2025-04-26T20:15:31.460000 CVE-2023-46842,0,0,79191b4d36ae3903ee5a7b9711e63bf5596944942e06d8c4bd75cd870ab3491c,2024-12-04T17:15:11.343000 CVE-2023-46845,0,0,8cca69f35c18b37d1e400c1780d51f45ac93f2d00dcfe2123c24403e52459030,2024-11-21T08:29:24.673000 CVE-2023-46846,0,0,b73bc8a6a9a81e5c869755df7f9ec3e498228884dcb6e74b5679aa1ec816512a,2024-12-18T01:15:06.010000 @@ -257698,8 +257698,8 @@ CVE-2024-3114,0,0,ade433a65127555302d65b2c164d94e533c3b45e4239cf2791c7a999f14d79 CVE-2024-31140,0,0,8d4feb999561527fd03ad2e67dd311029f29e7334774d14942143f4dc9376a40,2024-12-16T15:58:11 CVE-2024-31141,0,0,d3e6234dd5f7853dd5cc5624c4460d246120bc3e8971c692c1eba3ffde4baa26,2025-01-31T15:15:12.987000 CVE-2024-31142,0,0,2dfd590e58a88f8700b5069e4a92d888e33d858010972d20e44ed086d437002d,2025-03-27T21:15:48.497000 -CVE-2024-31143,0,0,4790e02a9527ae34971a6ec375e16b193baf2e8575d041b48c7869872729bd6c,2024-11-21T09:12:55.220000 -CVE-2024-31144,0,0,ef6f78f259561eb4d342edb6d84335a73e62df62c2b5a9db02f48dfc8ecfd42d,2025-02-18T15:15:16.050000 +CVE-2024-31143,0,1,961c16f155c37ecd0e5382248df2d629faec3d2f6915ccd9385a86af7ed282bd,2025-04-26T20:15:31.653000 +CVE-2024-31144,0,1,4ffb3b3a5b16ac58376b78e79ae18e86e71077716a5f3c82967577c9a5a102a8,2025-04-26T20:15:31.833000 CVE-2024-31145,0,0,f3ca8145921f17e384184f2a401130163f6a98a09ec4c0f02db53b87f0633d0f,2024-11-21T09:12:55.410000 CVE-2024-31146,0,0,f936f8b5375e47cb092f8aa6bf5893d1570fca2bfcf5c7722e061d7922c4e65a,2024-11-21T09:12:55.600000 CVE-2024-3115,0,0,024eb87cadd8b40aad338eb052d3545e6328aa34b164f2cfa51cbda6bfdbee78,2024-11-21T09:28:56 @@ -291481,4 +291481,7 @@ CVE-2025-46616,0,0,6f77a3deea80513a0e444e82f1b969313a83fb972c392a9b077d9c4200172 CVE-2025-46617,0,0,8264fe3c72bbb8b882b06aaed5126806c5af44dc16714e5ba80c3b2cd476f946,2025-04-25T07:15:48.837000 CVE-2025-46618,0,0,4e5b2699bfdedc6ad58a2dd050f1132b14684461f25e6c5475feda78ee59e7e9,2025-04-25T15:15:40.957000 CVE-2025-46646,0,0,949a77c3146b1ad773ec42268b57ffae39a9f8969f54ab4f38eda1edb565c7c9,2025-04-26T15:15:45.057000 -CVE-2025-46652,1,1,17d0ae8d967893798935696878eb08b4ea46575925e50d143227a3cf80b7c5c5,2025-04-26T18:15:31.297000 +CVE-2025-46652,0,0,17d0ae8d967893798935696878eb08b4ea46575925e50d143227a3cf80b7c5c5,2025-04-26T18:15:31.297000 +CVE-2025-46653,1,1,ef2c2588ef89c2be60dffff5cf2fbf7f6b584e234cba5660dbff8aaa5fdfdff8,2025-04-26T21:15:14.403000 +CVE-2025-46654,1,1,572c4d63fa2f8afca64ec12e1381813d160fa2c2ee84d4e0448e47cdcd412a94,2025-04-26T21:15:15.100000 +CVE-2025-46655,1,1,a9f672e75f586721e3ec47d88a24167a5da40f45a10ccbe0303bfb6061c72944,2025-04-26T21:15:15.260000