admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-10T06:00:19.655133+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-10 06:03:56 +00:00
parent 42be2c9bd0
commit cbf9470789
11 changed files with 1017 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2025/CVE-2025-30xx/CVE-2025-3076.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-3076",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-10T05:15:22.503",
"lastModified": "2025-06-10T05:15:22.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_text\u2019 parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://elementor.com/pro/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c796ee7-5394-40f3-9158-1a006efbf085?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-43xx/CVE-2025-4387.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-4387",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-10T04:15:34.623",
"lastModified": "2025-06-10T04:15:34.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may allow for either remote or local code execution depending on the server configuration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.tychesoftwares.com/docs/docs/abandoned-cart-pro-for-woocommerce-new/changelog-abandoned-cart-pro/#changelog-abandon-cart-pro-for-woocommerce-9-17-0-release-date-m",
"source": "security@wordfence.com"
},
{
"url": "https://www.tychesoftwares.com/products/woocommerce-abandoned-cart-pro-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d2f07bb-89b3-41d4-b606-9722deecf816?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-46xx/CVE-2025-4601.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-4601",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-10T04:15:49.113",
"lastModified": "2025-06-10T04:15:49.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"RH - Real Estate WordPress Theme\" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/real-homes-wordpress-real-estate-theme/5373914",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a816e5a8-2494-4bcf-869d-5214b21f7791?source=cve",
"source": "security@wordfence.com"
}
]
}

156
CVE-2025/CVE-2025-59xx/CVE-2025-5912.json Normal file
View File

@ -0,0 +1,156 @@
{
"id": "CVE-2025-5912",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-10T04:15:49.300",
"lastModified": "2025-06-10T04:15:49.300",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink#poc",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311686",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311686",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.592307",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-59xx/CVE-2025-5913.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5913",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-10T04:15:54.063",
"lastModified": "2025-06-10T04:15:54.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/kakalalaww/CVE/issues/3",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311687",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311687",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.592310",
"source": "cna@vuldb.com"
}
]
}

60
CVE-2025/CVE-2025-59xx/CVE-2025-5925.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-5925",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-10T04:15:54.330",
"lastModified": "2025-06-10T04:15:54.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bunny\u2019s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bunnys-print-css/trunk/print-css.php#L49",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53282bec-cd47-4db4-8ffe-6647521c0d49?source=cve",
"source": "security@wordfence.com"
}
]
}

156
CVE-2025/CVE-2025-59xx/CVE-2025-5934.json Normal file
View File

@ -0,0 +1,156 @@
{
"id": "CVE-2025-5934",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-10T04:15:55.327",
"lastModified": "2025-06-10T04:15:55.327",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/xiaobor123/vul-finds/tree/main/vul-find-ex3700-netgear",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/xiaobor123/vul-finds/tree/main/vul-find-ex3700-netgear#poc",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311712",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311712",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.588258",
"source": "cna@vuldb.com"
},
{
"url": "https://www.netgear.com/",
"source": "cna@vuldb.com"
}
]
}

149
CVE-2025/CVE-2025-59xx/CVE-2025-5935.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-5935",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-10T05:15:22.780",
"lastModified": "2025-06-10T05:15:22.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://github.com/open5gs/open5gs/commit/62cb99755243c9c38e4c060c5d8d0e158fe8cdd5",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3874",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/open5gs/open5gs/issues/3874#issuecomment-2853547622",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/19863206/Problematic.handover.required.process.zip",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311713",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311713",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.589354",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-59xx/CVE-2025-5952.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-5952",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-10T05:15:23.023",
"lastModified": "2025-06-10T05:15:23.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://matheuscezar.github.io/2025/05/24/0-day-in-zend-to.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311789",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311789",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.589178",
"source": "cna@vuldb.com"
}
]
}

21
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-10T04:00:19.883863+00:00
2025-06-10T06:00:19.655133+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-10T03:15:39.060000+00:00
2025-06-10T05:15:23.023000+00:00
```
### Last Data Feed Release
@ -33,17 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
297215
297224
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `9`
- [CVE-2024-55595](CVE-2024/CVE-2024-555xx/CVE-2024-55595.json) (`2025-06-10T03:15:38.093`)
- [CVE-2025-5909](CVE-2025/CVE-2025-59xx/CVE-2025-5909.json) (`2025-06-10T02:15:21.007`)
- [CVE-2025-5910](CVE-2025/CVE-2025-59xx/CVE-2025-5910.json) (`2025-06-10T03:15:38.583`)
- [CVE-2025-5911](CVE-2025/CVE-2025-59xx/CVE-2025-5911.json) (`2025-06-10T03:15:39.060`)
- [CVE-2025-3076](CVE-2025/CVE-2025-30xx/CVE-2025-3076.json) (`2025-06-10T05:15:22.503`)
- [CVE-2025-4387](CVE-2025/CVE-2025-43xx/CVE-2025-4387.json) (`2025-06-10T04:15:34.623`)
- [CVE-2025-4601](CVE-2025/CVE-2025-46xx/CVE-2025-4601.json) (`2025-06-10T04:15:49.113`)
- [CVE-2025-5912](CVE-2025/CVE-2025-59xx/CVE-2025-5912.json) (`2025-06-10T04:15:49.300`)
- [CVE-2025-5913](CVE-2025/CVE-2025-59xx/CVE-2025-5913.json) (`2025-06-10T04:15:54.063`)
- [CVE-2025-5925](CVE-2025/CVE-2025-59xx/CVE-2025-5925.json) (`2025-06-10T04:15:54.330`)
- [CVE-2025-5934](CVE-2025/CVE-2025-59xx/CVE-2025-5934.json) (`2025-06-10T04:15:55.327`)
- [CVE-2025-5935](CVE-2025/CVE-2025-59xx/CVE-2025-5935.json) (`2025-06-10T05:15:22.780`)
- [CVE-2025-5952](CVE-2025/CVE-2025-59xx/CVE-2025-5952.json) (`2025-06-10T05:15:23.023`)
### CVEs modified in the last Commit

17
_state.csv
View File

@ -276785,7 +276785,7 @@ CVE-2024-55591,0,0,92e19e8d5fbeb8ffc3cb8033dbc9038c812258b0e349023cae68889d8104a
CVE-2024-55592,0,0,9816656964d5ec6954045a42352f94d21e8e010544dae859d96c107f7d4d5d94,2025-03-11T15:15:43.823000
CVE-2024-55593,0,0,4651565ceba3085bb8ca70fe9039d9f6a893a058022ead3391b6c8b5d7155600,2025-02-03T22:06:19.163000
CVE-2024-55594,0,0,652ca5f6fdc5cee2f95cb982d050eb42d5c2e6c532d86b32904ea69a07dd0bba,2025-03-14T17:15:48.653000
CVE-2024-55595,1,1,dd39ac830a7ce3fd7123109fe2470943243b0c9cac027695c909c21a06e819a7,2025-06-10T03:15:38.093000
CVE-2024-55595,0,0,dd39ac830a7ce3fd7123109fe2470943243b0c9cac027695c909c21a06e819a7,2025-06-10T03:15:38.093000
CVE-2024-55597,0,0,2f74eb8473fbbc1a45915a4593898ee2573223ce1862d3dcd91f3235728a48ad,2025-03-11T15:15:44.010000
CVE-2024-5560,0,0,201a92ce337d2fd4d85cefc5a8b186dd1f339de19f8ea6d91a69fddcd5fd3ef6,2024-11-21T09:47:55.983000
CVE-2024-55601,0,0,9b35d862d187fd3c6770804bae011b28b724e76b6c1dd4a3a89f0f4207a3e507,2024-12-09T22:15:23.100000
@ -291069,6 +291069,7 @@ CVE-2025-3074,0,0,d69ef3f25f99151a78aec61757586e7933094482b036c8ca2d58b4730d2480
CVE-2025-30740,0,0,c1996fd4f11ae45fb45e60e2a09090c033caf9e010b7aa14d0c4e920a51d9467,2025-04-21T19:17:51.487000
CVE-2025-30741,0,0,a7ba724d5523a4cf0c1b38678a2ee1b0c99bfb24f80e0249782577c8771159ad,2025-03-27T16:45:46.410000
CVE-2025-30742,0,0,86ca35df94be3200dc999955b93d6c2b0d3e9fbdd347944fb57613c93c49228a,2025-03-27T16:45:46.410000
CVE-2025-3076,1,1,bfb5abef197d816a3b8cabd83cc3730e72813343813915a2881ece0c911c5a11,2025-06-10T05:15:22.503000
CVE-2025-30763,0,0,8cae761cd1fe343dec958c3bde26a021d7b611e1f3fb5c049ea6e8543db73e0c,2025-03-27T16:45:27.850000
CVE-2025-30764,0,0,c2a0dd624071e543aa5659c2a18c25c37cb6242533fd227b0bac92cd7149744c,2025-03-27T16:45:27.850000
CVE-2025-30765,0,0,0badfbc63d413d99adc463414606a43aab2344afb0d9457b7cf4d0a25dbd17b0,2025-03-27T16:45:27.850000
@ -294659,6 +294660,7 @@ CVE-2025-43861,0,0,cc812f35df5ffcb8f443a4d7ada84bcfa5f243dfadf66db64d9528b5b0331
CVE-2025-43862,0,0,2069c29142377e87b6ac6717f988918c57aef9b91da36da9422600c6b1db6517,2025-04-29T13:52:28.490000
CVE-2025-43864,0,0,4a74404ae1412d4adedf36bca3c18b62d4e73dc491c1dfc2b32ce26efe001d3b,2025-04-29T13:52:28.490000
CVE-2025-43865,0,0,c649a0f837f30d7ca72312925d2a9794983503f9ad275427cd38dd25847f7ed8,2025-04-29T13:52:28.490000
CVE-2025-4387,1,1,3e4181de57780cae8aab035c2029357efc95d3201bc4c74915804d700ffd492c,2025-06-10T04:15:34.623000
CVE-2025-43878,0,0,35cf7c07b8b80c3378b7e206d0f6773b587f978a8b7a7526ac0a236c37d60b0d,2025-05-08T14:39:09.683000
CVE-2025-4388,0,0,97a1b6eacb96a5a89fd1b724cb794d70ee55608bc796c2eb710dc788294d8025,2025-05-07T14:13:20.483000
CVE-2025-4389,0,0,45c746d75c230b521e0d7fa0f7ed2e2bcf19d590062d4846efcc391c1f917c66,2025-05-19T13:35:20.460000
@ -295047,6 +295049,7 @@ CVE-2025-4597,0,0,dcada8bd747b5d8fe51a3029b8ca767324f59d50104363211751e377151167
CVE-2025-4598,0,0,0afb48f5d4beb8ba717edab0a2c1dbaaa02bcad15f4563ef46c0692744ec8051,2025-06-05T07:15:23.047000
CVE-2025-45997,0,0,6427fb401720f5a1ec9f9ddb9a7287b863d0733096e213df5c6d6f0eb039c3d2,2025-06-09T18:53:36.927000
CVE-2025-4600,0,0,026383a000ee9b132f9dd97af63a0401be9be3b21241dcdc822424d27f013326,2025-05-16T14:42:18.700000
CVE-2025-4601,1,1,2309b0bed0606989b7e2431ae1a82f72fd7585cae299bb458362cd32abf54463,2025-06-10T04:15:49.113000
CVE-2025-46011,0,0,c1776a78cb3800147b82714f56c78717ef81a5a9688b212486314b16953839ea,2025-06-09T21:15:46.517000
CVE-2025-4602,0,0,409776dd4d3f5aa956641458acdab541ced8aee4cc4b0cac3a447338c59994d1,2025-05-28T14:58:52.920000
CVE-2025-4603,0,0,353abd9188b7471dff5b9b62f88597abbd29f78728037be18e8dafefcd5f4d4e,2025-05-28T14:58:52.920000
@ -297206,11 +297209,17 @@ CVE-2025-5905,0,0,4640c69ee55ba9dd6382404c2da278693c59fedc07931752dc25ae9a7fc40a
CVE-2025-5906,0,0,aa989b7dcccb5c034fc1eea8eff37f01bc4327bb2f6ad2c0f749ad5ccfddb4ac,2025-06-10T01:15:23.720000
CVE-2025-5907,0,0,5d329676c8670997ed9bbd9ec920c44010fa9710ac335febffe90162e564e157,2025-06-10T01:15:23.963000
CVE-2025-5908,0,0,37a781f179b1660861001bee4d6c7fb2b67dae046e6af7975b6ededfbac21b41,2025-06-10T01:15:24.167000
CVE-2025-5909,1,1,ab669f12f4fae3bd2f0735d7b1e7ccb7a4a13f9471f08d5428635b990107078e,2025-06-10T02:15:21.007000
CVE-2025-5910,1,1,715eda73591903f377a983344c94f5b98f27bef425aa0c6a6a65f0932e6208e0,2025-06-10T03:15:38.583000
CVE-2025-5911,1,1,d7e3dcb7d9bb0675f96fabf6f38549f2456bb2d26953b2e2b03a3110da86f3a8,2025-06-10T03:15:39.060000
CVE-2025-5909,0,0,ab669f12f4fae3bd2f0735d7b1e7ccb7a4a13f9471f08d5428635b990107078e,2025-06-10T02:15:21.007000
CVE-2025-5910,0,0,715eda73591903f377a983344c94f5b98f27bef425aa0c6a6a65f0932e6208e0,2025-06-10T03:15:38.583000
CVE-2025-5911,0,0,d7e3dcb7d9bb0675f96fabf6f38549f2456bb2d26953b2e2b03a3110da86f3a8,2025-06-10T03:15:39.060000
CVE-2025-5912,1,1,b4a379b730919f23bbfd564747bb9b00dbf90200eb93653aaa62f644e11ed9f6,2025-06-10T04:15:49.300000
CVE-2025-5913,1,1,c61460384b72cb88f96178b08fff9f8b0ce36776535ad07f09e982e6f3eaba0a,2025-06-10T04:15:54.063000
CVE-2025-5914,0,0,ca2950efdb51e21bbb1b52a25d765df8575e0ffa29446d96c03c3ef2bb78c27f,2025-06-09T20:15:26.123000
CVE-2025-5915,0,0,0e67ccac333c7a11c03869b01cbfabaf1cb283cb5a64338a4f2ca5aab164415e,2025-06-09T20:15:26.317000
CVE-2025-5916,0,0,de33dac47619c4e1d912727e7eb0e9fccd9c7c67167013ac3aa335bd776c0a9e,2025-06-09T20:15:27.170000
CVE-2025-5917,0,0,479e3dcc90af3e8467020be4388f622f5adbb9e240dc38ecb4cf9119d478c05a,2025-06-09T20:15:27.330000
CVE-2025-5918,0,0,5fae4533f01b7c4f6585a87e7b2331625bf70aa585af023c3c09519081c4b2f9,2025-06-09T20:15:27.493000
CVE-2025-5925,1,1,573daaf55ea018a58bf2bd7e92cad13cf577779f7064f5ad7d1f8de96931b737,2025-06-10T04:15:54.330000
CVE-2025-5934,1,1,1ba42daaa63d058bbd118ea21d90f49dd5a949e0cf3049fe0f8f381cc6ec4483,2025-06-10T04:15:55.327000
CVE-2025-5935,1,1,bca6b82aff793b09175597d3d76faef10a884937cddad66c78fab2ba223eb2cd,2025-06-10T05:15:22.780000
CVE-2025-5952,1,1,f3a4e649f505b0fd93baf65191971ffe21485a7c802124ab53f303aeb8bcf467,2025-06-10T05:15:23.023000

Can't render this file because it is too large.