From d232b24cf0c661466b738803a106e710026af2c3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 18 Jun 2025 06:03:54 +0000 Subject: [PATCH] Auto-Update: 2025-06-18T06:00:15.255153+00:00 --- CVE-2025/CVE-2025-264xx/CVE-2025-26412.json | 6 +- CVE-2025/CVE-2025-502xx/CVE-2025-50202.json | 64 ++++++++++++ CVE-2025/CVE-2025-513xx/CVE-2025-51381.json | 104 ++++++++++++++++++++ CVE-2025/CVE-2025-53xx/CVE-2025-5301.json | 6 +- README.md | 15 +-- _state.csv | 8 +- 6 files changed, 192 insertions(+), 11 deletions(-) create mode 100644 CVE-2025/CVE-2025-502xx/CVE-2025-50202.json create mode 100644 CVE-2025/CVE-2025-513xx/CVE-2025-51381.json diff --git a/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json b/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json index 1d0af45e8f9..6e1cff8867d 100644 --- a/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json +++ b/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json @@ -2,7 +2,7 @@ "id": "CVE-2025-26412", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2025-06-11T09:15:22.067", - "lastModified": "2025-06-12T16:06:20.180", + "lastModified": "2025-06-18T05:15:48.290", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -55,6 +55,10 @@ { "url": "https://r.sec-consult.com/simcom", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + }, + { + "url": "http://seclists.org/fulldisclosure/2025/Jun/17", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-502xx/CVE-2025-50202.json b/CVE-2025/CVE-2025-502xx/CVE-2025-50202.json new file mode 100644 index 00000000000..175b8172707 --- /dev/null +++ b/CVE-2025/CVE-2025-502xx/CVE-2025-50202.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-50202", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-18T05:15:49.900", + "lastModified": "2025-06-18T05:15:49.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LycheeOrg/Lychee/blob/0709f5d984d4df77fc5e23a29a0231437e684e99/app/Http/Controllers/SecurePathController.php#L61", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/LycheeOrg/Lychee/commit/ae7270b7b47e4a284ea1f69d260e52d592711072", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-6rj9-gm78-vhf9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-513xx/CVE-2025-51381.json b/CVE-2025/CVE-2025-513xx/CVE-2025-51381.json new file mode 100644 index 00000000000..502362dbe84 --- /dev/null +++ b/CVE-2025/CVE-2025-513xx/CVE-2025-51381.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2025-51381", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-06-18T05:15:50.090", + "lastModified": "2025-06-18T05:15:50.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN46288336/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://notices.jcom.co.jp/notice/93847.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json index ef0d0df9bdb..5367cb9ba25 100644 --- a/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json @@ -2,7 +2,7 @@ "id": "CVE-2025-5301", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2025-06-12T08:15:23.603", - "lastModified": "2025-06-12T16:06:20.180", + "lastModified": "2025-06-18T05:15:50.287", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -60,6 +60,10 @@ "url": "https://r.sec-consult.com/onlyoffice", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" }, + { + "url": "http://seclists.org/fulldisclosure/2025/Jun/18", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-onlyoffice-docs-documentserver/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" diff --git a/README.md b/README.md index 7496a677036..672e95aed95 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-18T04:00:19.139961+00:00 +2025-06-18T06:00:15.255153+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-18T03:15:25.560000+00:00 +2025-06-18T05:15:50.287000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298255 +298257 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-4413](CVE-2025/CVE-2025-44xx/CVE-2025-4413.json) (`2025-06-18T03:15:25.560`) +- [CVE-2025-50202](CVE-2025/CVE-2025-502xx/CVE-2025-50202.json) (`2025-06-18T05:15:49.900`) +- [CVE-2025-51381](CVE-2025/CVE-2025-513xx/CVE-2025-51381.json) (`2025-06-18T05:15:50.090`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2025-26412](CVE-2025/CVE-2025-264xx/CVE-2025-26412.json) (`2025-06-18T05:15:48.290`) +- [CVE-2025-5301](CVE-2025/CVE-2025-53xx/CVE-2025-5301.json) (`2025-06-18T05:15:50.287`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 79f23436fbc..4e52fd5656c 100644 --- a/_state.csv +++ b/_state.csv @@ -288739,7 +288739,7 @@ CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048 CVE-2025-2641,0,0,0c4e7f6e917c2684e1ef81919020337c8afbfd73d5a46107cea6f98fc25ffc5c,2025-04-02T14:32:40.757000 CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000 CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000 -CVE-2025-26412,0,0,1efe827c122fc8417da9e6f860042f85ac5cc7450e28c13b1ce83b93ab4b6736,2025-06-12T16:06:20.180000 +CVE-2025-26412,0,1,be5b0dafab79b68d6e1cacb610b6b8956f530fb6f9158afbebe1ed7ee6a7624f,2025-06-18T05:15:48.290000 CVE-2025-26413,0,0,2158c3399ea37dae246e6333a0208fa039262ef589c11e6030057cf377da68cd,2025-05-12T16:15:23.023000 CVE-2025-2642,0,0,9fd74d08c30eb46678d329dd538a5586185726ca4d8ec1276ca17b4f6bd06bab,2025-04-02T13:48:31.510000 CVE-2025-2643,0,0,f96a1e9165c8c6b99a098f4d86d5cf57a75b6fe768e009b644ffd8b873a80653,2025-04-02T13:42:29.387000 @@ -295052,7 +295052,7 @@ CVE-2025-44108,0,0,7f74cb8563a8e2b89a17733e62268b2a8dcb711594c4c578db48bdedf50f4 CVE-2025-44110,0,0,40655c12d535de96e9af0530c97aab6193addb0ec4d9bc7565ff96634b123dda,2025-06-12T13:56:06.197000 CVE-2025-44115,0,0,f4048a768a9c3bfb169ae566f384c1b85dd60f51eddb9136d8a89bd9c2a57faa,2025-06-13T17:21:25.870000 CVE-2025-4412,0,0,8c8c59397117a84a167d36fb79f68c5cd99b79261327a1fb082cf24faee6cc19,2025-05-28T15:01:30.720000 -CVE-2025-4413,1,1,24647813affdd75d29c39ccffacc32088a199512f81a5133a92bf8d8a28f0d79,2025-06-18T03:15:25.560000 +CVE-2025-4413,0,0,24647813affdd75d29c39ccffacc32088a199512f81a5133a92bf8d8a28f0d79,2025-06-18T03:15:25.560000 CVE-2025-44134,0,0,45b85d904dd860695476948041d246707a0696d9dc7fe9b405a5e27a85d44980,2025-05-14T13:05:17.200000 CVE-2025-44135,0,0,e8d32c865e9ccdb8b63503c21fad4c48843876d5709a3df063410109f034ccc9,2025-05-14T13:04:58.830000 CVE-2025-44148,0,0,440749a71814d76edeed70dd30fc58f3e0b75eaee931968ee8c88b7d1e24e11d,2025-06-09T18:04:33.580000 @@ -297443,6 +297443,7 @@ CVE-2025-5016,0,0,d907c2ff3d5c65fe44aee01e8b0e3594629d2dcb543e14c1a3c5bbcba44c80 CVE-2025-5018,0,0,e6074d13c744f0bbc4fedce0adf645747389e40f5acdd13f0492e74df313cc90,2025-06-06T14:07:28.330000 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000 CVE-2025-5020,0,0,a009d51287904279a69fbc7b7d45e7044fc45e21284eb97bd084f038009245ee,2025-06-13T18:55:32.903000 +CVE-2025-50202,1,1,8759d773d18f67248ca37c757c14e798e8a6e85cb81a231a5a4ef5c30991c95a,2025-06-18T05:15:49.900000 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000 CVE-2025-5026,0,0,d9b074ad09f171f2cc858535f05c167fb3f2b46a82934574183f725586b2f8f2,2025-06-07T23:15:21.897000 @@ -297516,6 +297517,7 @@ CVE-2025-5135,0,0,ff5e4b4f352f002c704ddb4fec56d312bfa70e7ac4d7428009d05887b065c4 CVE-2025-5136,0,0,bd0c27de50ee06fcb71ffb69b26d594d7fa702a9a559c430c5d629f3be8d9822,2025-05-28T18:15:29.530000 CVE-2025-5137,0,0,a461b4cd382da5c206010b8729faf9840aa41b3d9e8c8cf8ba7880897f06f378,2025-06-10T19:33:16.710000 CVE-2025-5138,0,0,3bae41860cd01f5b3b29a66081652cec538a389d28958af017b419d06b38908c,2025-05-28T14:58:52.920000 +CVE-2025-51381,1,1,29140a805d62521ea28abcefcc38f9840d782bc35bbf66b114018943e2a68296,2025-06-18T05:15:50.090000 CVE-2025-5139,0,0,478cd92def8402421385452923781dbb1e2d7c36d24453f72439415b1b27838f,2025-06-11T14:15:37.437000 CVE-2025-5140,0,0,7eb8851e623e7595aeb04f88f3b17c4f06b9055459a202a999065089d465d23f,2025-05-28T14:58:52.920000 CVE-2025-5141,0,0,c15f6868f26f87e39a3f43de04f54fd301d39ee102b85bad5264f415113350ff,2025-06-17T20:50:23.507000 @@ -297659,7 +297661,7 @@ CVE-2025-5295,0,0,d0e6aa3b032b1532910154b10cc32ceaaf64a98256f38c6f6f628cd0a1c4ba CVE-2025-5297,0,0,32219ebb357b11c35687ad82e2d72808a3fe88681e14d78b6d0829c9d1dbc7ef,2025-06-10T19:33:01.990000 CVE-2025-5298,0,0,db5fe80cdf57c0cc24fb51e7a48139d5b1b81a3a48561037cf1b32b8be34d74f,2025-05-28T20:37:48.440000 CVE-2025-5299,0,0,1f89fdfea84380ce22c226fdfd1b89a6ae1b920a9c80e662b58b6ab3dafee162,2025-06-10T15:46:55.753000 -CVE-2025-5301,0,0,dc00636bd8e4b6f6472ca62f8ed089a9a14eb4a12bc1ed6844530d3e972592df,2025-06-12T16:06:20.180000 +CVE-2025-5301,0,1,172c3938c2a9928b9f8edd9f7241e7981b7b3a36108e0e0149558a51f65a1594,2025-06-18T05:15:50.287000 CVE-2025-5303,0,0,546057fa156dd0bfd15529f37c8ab9dae75346583c1c67316386c3461de42474,2025-06-09T12:15:47.880000 CVE-2025-5307,0,0,7244ff154b85c92ca09019f8de869bb0541c220b74776be3851e4cfba38a0ca8,2025-05-30T16:31:03.107000 CVE-2025-5309,0,0,4f40b16e57161a0b02ce9c3f4d7e0ba4cf08b0282b7954a09175078f67da41cb,2025-06-17T20:50:23.507000