Auto-Update: 2025-06-18T06:00:15.255153+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-18 06:03:54 +00:00 · 2025-06-18 06:03:54 +00:00 · d232b24cf0
commit d232b24cf0
parent f293387096
6 changed files with 192 additions and 11 deletions
--- a/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json
+++ b/CVE-2025/CVE-2025-264xx/CVE-2025-26412.json
@ -2,7 +2,7 @@
  "id": "CVE-2025-26412",
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "published": "2025-06-11T09:15:22.067",
-  "lastModified": "2025-06-12T16:06:20.180",
+  "lastModified": "2025-06-18T05:15:48.290",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -55,6 +55,10 @@
    {
      "url": "https://r.sec-consult.com/simcom",
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
+    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2025/Jun/17",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-502xx/CVE-2025-50202.json
+++ b/CVE-2025/CVE-2025-502xx/CVE-2025-50202.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-50202",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2025-06-18T05:15:49.900",
+  "lastModified": "2025-06-18T05:15:49.900",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/LycheeOrg/Lychee/blob/0709f5d984d4df77fc5e23a29a0231437e684e99/app/Http/Controllers/SecurePathController.php#L61",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/LycheeOrg/Lychee/commit/ae7270b7b47e4a284ea1f69d260e52d592711072",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-6rj9-gm78-vhf9",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-513xx/CVE-2025-51381.json
+++ b/CVE-2025/CVE-2025-513xx/CVE-2025-51381.json
@ -0,0 +1,104 @@
+{
+  "id": "CVE-2025-51381",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-06-18T05:15:50.090",
+  "lastModified": "2025-06-18T05:15:50.090",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 9.3,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN46288336/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://notices.jcom.co.jp/notice/93847.html",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json
+++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5301.json
@ -2,7 +2,7 @@
  "id": "CVE-2025-5301",
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "published": "2025-06-12T08:15:23.603",
-  "lastModified": "2025-06-12T16:06:20.180",
+  "lastModified": "2025-06-18T05:15:50.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -60,6 +60,10 @@
      "url": "https://r.sec-consult.com/onlyoffice",
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2025/Jun/18",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
    {
      "url": "https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-onlyoffice-docs-documentserver/",
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-06-18T04:00:19.139961+00:00
+2025-06-18T06:00:15.255153+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-06-18T03:15:25.560000+00:00
+2025-06-18T05:15:50.287000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-298255
+298257
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2025-4413](CVE-2025/CVE-2025-44xx/CVE-2025-4413.json) (`2025-06-18T03:15:25.560`)
+- [CVE-2025-50202](CVE-2025/CVE-2025-502xx/CVE-2025-50202.json) (`2025-06-18T05:15:49.900`)
+- [CVE-2025-51381](CVE-2025/CVE-2025-513xx/CVE-2025-51381.json) (`2025-06-18T05:15:50.090`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `2`

+- [CVE-2025-26412](CVE-2025/CVE-2025-264xx/CVE-2025-26412.json) (`2025-06-18T05:15:48.290`)
+- [CVE-2025-5301](CVE-2025/CVE-2025-53xx/CVE-2025-5301.json) (`2025-06-18T05:15:50.287`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -288739,7 +288739,7 @@ CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048
 CVE-2025-2641,0,0,0c4e7f6e917c2684e1ef81919020337c8afbfd73d5a46107cea6f98fc25ffc5c,2025-04-02T14:32:40.757000
 CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000
 CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000
-CVE-2025-26412,0,0,1efe827c122fc8417da9e6f860042f85ac5cc7450e28c13b1ce83b93ab4b6736,2025-06-12T16:06:20.180000
+CVE-2025-26412,0,1,be5b0dafab79b68d6e1cacb610b6b8956f530fb6f9158afbebe1ed7ee6a7624f,2025-06-18T05:15:48.290000
 CVE-2025-26413,0,0,2158c3399ea37dae246e6333a0208fa039262ef589c11e6030057cf377da68cd,2025-05-12T16:15:23.023000
 CVE-2025-2642,0,0,9fd74d08c30eb46678d329dd538a5586185726ca4d8ec1276ca17b4f6bd06bab,2025-04-02T13:48:31.510000
 CVE-2025-2643,0,0,f96a1e9165c8c6b99a098f4d86d5cf57a75b6fe768e009b644ffd8b873a80653,2025-04-02T13:42:29.387000
@ -295052,7 +295052,7 @@ CVE-2025-44108,0,0,7f74cb8563a8e2b89a17733e62268b2a8dcb711594c4c578db48bdedf50f4
 CVE-2025-44110,0,0,40655c12d535de96e9af0530c97aab6193addb0ec4d9bc7565ff96634b123dda,2025-06-12T13:56:06.197000
 CVE-2025-44115,0,0,f4048a768a9c3bfb169ae566f384c1b85dd60f51eddb9136d8a89bd9c2a57faa,2025-06-13T17:21:25.870000
 CVE-2025-4412,0,0,8c8c59397117a84a167d36fb79f68c5cd99b79261327a1fb082cf24faee6cc19,2025-05-28T15:01:30.720000
-CVE-2025-4413,1,1,24647813affdd75d29c39ccffacc32088a199512f81a5133a92bf8d8a28f0d79,2025-06-18T03:15:25.560000
+CVE-2025-4413,0,0,24647813affdd75d29c39ccffacc32088a199512f81a5133a92bf8d8a28f0d79,2025-06-18T03:15:25.560000
 CVE-2025-44134,0,0,45b85d904dd860695476948041d246707a0696d9dc7fe9b405a5e27a85d44980,2025-05-14T13:05:17.200000
 CVE-2025-44135,0,0,e8d32c865e9ccdb8b63503c21fad4c48843876d5709a3df063410109f034ccc9,2025-05-14T13:04:58.830000
 CVE-2025-44148,0,0,440749a71814d76edeed70dd30fc58f3e0b75eaee931968ee8c88b7d1e24e11d,2025-06-09T18:04:33.580000
@ -297443,6 +297443,7 @@ CVE-2025-5016,0,0,d907c2ff3d5c65fe44aee01e8b0e3594629d2dcb543e14c1a3c5bbcba44c80
 CVE-2025-5018,0,0,e6074d13c744f0bbc4fedce0adf645747389e40f5acdd13f0492e74df313cc90,2025-06-06T14:07:28.330000
 CVE-2025-5019,0,0,9e77689bce77b4f77cc10eef8ecd39dc784fee948cba6d9ab205fa6a8f33f986,2025-06-06T14:07:28.330000
 CVE-2025-5020,0,0,a009d51287904279a69fbc7b7d45e7044fc45e21284eb97bd084f038009245ee,2025-06-13T18:55:32.903000
+CVE-2025-50202,1,1,8759d773d18f67248ca37c757c14e798e8a6e85cb81a231a5a4ef5c30991c95a,2025-06-18T05:15:49.900000
 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000
 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000
 CVE-2025-5026,0,0,d9b074ad09f171f2cc858535f05c167fb3f2b46a82934574183f725586b2f8f2,2025-06-07T23:15:21.897000
@ -297516,6 +297517,7 @@ CVE-2025-5135,0,0,ff5e4b4f352f002c704ddb4fec56d312bfa70e7ac4d7428009d05887b065c4
 CVE-2025-5136,0,0,bd0c27de50ee06fcb71ffb69b26d594d7fa702a9a559c430c5d629f3be8d9822,2025-05-28T18:15:29.530000
 CVE-2025-5137,0,0,a461b4cd382da5c206010b8729faf9840aa41b3d9e8c8cf8ba7880897f06f378,2025-06-10T19:33:16.710000
 CVE-2025-5138,0,0,3bae41860cd01f5b3b29a66081652cec538a389d28958af017b419d06b38908c,2025-05-28T14:58:52.920000
+CVE-2025-51381,1,1,29140a805d62521ea28abcefcc38f9840d782bc35bbf66b114018943e2a68296,2025-06-18T05:15:50.090000
 CVE-2025-5139,0,0,478cd92def8402421385452923781dbb1e2d7c36d24453f72439415b1b27838f,2025-06-11T14:15:37.437000
 CVE-2025-5140,0,0,7eb8851e623e7595aeb04f88f3b17c4f06b9055459a202a999065089d465d23f,2025-05-28T14:58:52.920000
 CVE-2025-5141,0,0,c15f6868f26f87e39a3f43de04f54fd301d39ee102b85bad5264f415113350ff,2025-06-17T20:50:23.507000
@ -297659,7 +297661,7 @@ CVE-2025-5295,0,0,d0e6aa3b032b1532910154b10cc32ceaaf64a98256f38c6f6f628cd0a1c4ba
 CVE-2025-5297,0,0,32219ebb357b11c35687ad82e2d72808a3fe88681e14d78b6d0829c9d1dbc7ef,2025-06-10T19:33:01.990000
 CVE-2025-5298,0,0,db5fe80cdf57c0cc24fb51e7a48139d5b1b81a3a48561037cf1b32b8be34d74f,2025-05-28T20:37:48.440000
 CVE-2025-5299,0,0,1f89fdfea84380ce22c226fdfd1b89a6ae1b920a9c80e662b58b6ab3dafee162,2025-06-10T15:46:55.753000
-CVE-2025-5301,0,0,dc00636bd8e4b6f6472ca62f8ed089a9a14eb4a12bc1ed6844530d3e972592df,2025-06-12T16:06:20.180000
+CVE-2025-5301,0,1,172c3938c2a9928b9f8edd9f7241e7981b7b3a36108e0e0149558a51f65a1594,2025-06-18T05:15:50.287000
 CVE-2025-5303,0,0,546057fa156dd0bfd15529f37c8ab9dae75346583c1c67316386c3461de42474,2025-06-09T12:15:47.880000
 CVE-2025-5307,0,0,7244ff154b85c92ca09019f8de869bb0541c220b74776be3851e4cfba38a0ca8,2025-05-30T16:31:03.107000
 CVE-2025-5309,0,0,4f40b16e57161a0b02ce9c3f4d7e0ba4cf08b0282b7954a09175078f67da41cb,2025-06-17T20:50:23.507000