Auto-Update: 2025-01-20T03:00:25.884996+00:00

2025-07-09 16:05:11 +00:00 · 2025-01-20 03:03:51 +00:00 · 2025-01-20 03:03:51 +00:00 · d68ad64a2b
commit d68ad64a2b
parent 7a21209deb
4 changed files with 207 additions and 8 deletions
--- a/CVE-2025/CVE-2025-05xx/CVE-2025-0578.json
+++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0578.json
@ -0,0 +1,137 @@
+{
+  "id": "CVE-2025-0578",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-01-20T02:15:18.913",
+  "lastModified": "2025-01-20T02:15:18.913",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "baseScore": 4.0,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://vuldb.com/?ctiid.292596",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.292596",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.476305",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-05xx/CVE-2025-0583.json
+++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0583.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-0583",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2025-01-20T02:15:19.767",
+  "lastModified": "2025-01-20T02:15:19.767",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8368-1e317-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-20T00:55:31.087944+00:00
+2025-01-20T03:00:25.884996+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-20T00:15:16.320000+00:00
+2025-01-20T02:15:19.767000+00:00
 ```

 ### Last Data Feed Release
@ -27,21 +27,21 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-01-19T01:00:04.361223+00:00
+2025-01-20T01:00:04.380451+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-278125
+278127
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

- [CVE-2025-0575](CVE-2025/CVE-2025-05xx/CVE-2025-0575.json) (`2025-01-19T23:15:20.013`)
- [CVE-2025-0576](CVE-2025/CVE-2025-05xx/CVE-2025-0576.json) (`2025-01-20T00:15:16.320`)
+- [CVE-2025-0578](CVE-2025/CVE-2025-05xx/CVE-2025-0578.json) (`2025-01-20T02:15:18.913`)
+- [CVE-2025-0583](CVE-2025/CVE-2025-05xx/CVE-2025-0583.json) (`2025-01-20T02:15:19.767`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -277318,8 +277318,10 @@ CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91b
 CVE-2025-0565,0,0,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000
 CVE-2025-0566,0,0,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000
 CVE-2025-0567,0,0,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000
-CVE-2025-0575,1,1,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
-CVE-2025-0576,1,1,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
+CVE-2025-0575,0,0,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
+CVE-2025-0576,0,0,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
+CVE-2025-0578,1,1,764ff709c23ac6178f7d66316cb4aec54b2dfbe6625cd8cb6a69eb284ca4d3a9,2025-01-20T02:15:18.913000
+CVE-2025-0583,1,1,8ed8078758003cecf37178786f4bd906ad77d831a470114523ae1b97531b8713,2025-01-20T02:15:19.767000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000