diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13690.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13690.json new file mode 100644 index 00000000000..39c5cd4600a --- /dev/null +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13690.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-13690", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T09:15:13.673", + "lastModified": "2025-03-25T09:15:13.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-form-display.php", + "source": "security@wordfence.com" + }, + { + "url": "http://plugins.svn.wordpress.org/wp-church-donation/tags/1.7/includes/church-donation-listings.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-church-donation/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8ac20f-d6ae-4e55-9337-4fb5ebd4f24a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13710.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13710.json new file mode 100644 index 00000000000..de07ef8b66d --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13710.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13710", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T09:15:15.700", + "lastModified": "2025-03-25T09:15:15.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/estatebud-properties-listings/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13731.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13731.json new file mode 100644 index 00000000000..2389f5dc09b --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13731.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13731", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T09:15:15.940", + "lastModified": "2025-03-25T09:15:15.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Alert Box Block \u2013 Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/alert-box-block/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d63cd13e-4a16-483f-8165-6c8090ceebab?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53678.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53678.json new file mode 100644 index 00000000000..b49ca39b207 --- /dev/null +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53678.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-53678", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-25T10:15:13.303", + "lastModified": "2025-03-25T10:15:13.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by the attacker.\n\nThis issue affects all versions of Apache VCL from 2.2 through 2.5.1.\n\nUsers are recommended to upgrade to version 2.5.2, which fixes the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/2bmjnzgjwwq59nv6xw44w0tnpz4k4pf4", + "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/03/24/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53679.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53679.json new file mode 100644 index 00000000000..f32b089278c --- /dev/null +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53679.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-53679", + "sourceIdentifier": "security@apache.org", + "published": "2025-03-25T10:15:16.027", + "lastModified": "2025-03-25T10:15:16.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.\n\n\n\nThis issue affects all versions of Apache VCL through 2.5.1.\n\n\n\nUsers are recommended to upgrade to version 2.5.2, which fixes the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/bq5vs0hndt9cz9b6rpfr5on1nd4qrmyr", + "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/03/24/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-23xx/CVE-2025-2319.json b/CVE-2025/CVE-2025-23xx/CVE-2025-2319.json new file mode 100644 index 00000000000..63f72dba584 --- /dev/null +++ b/CVE-2025/CVE-2025-23xx/CVE-2025-2319.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2025-2319", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T09:15:16.377", + "lastModified": "2025-03-25T09:15:16.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.13/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.15/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.33/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.11.37/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.16.38/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.38/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.42/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.21.35/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.25.08/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2510.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2510.json new file mode 100644 index 00000000000..39d5b4636ab --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2510.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2510", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T09:15:16.597", + "lastModified": "2025-03-25T09:15:16.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/frndzk-expandable-bottom-bar/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4261c81e-13a2-4022-8048-aeb0ea4e9ee4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2542.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2542.json new file mode 100644 index 00000000000..e1a08937dbf --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2542.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-2542", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T10:15:16.220", + "lastModified": "2025-03-25T10:15:16.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/your-simple-svg-support/tags/1.0.0/your-simple-svg-support.php#L16", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/your-simple-svg-support/tags/1.0.0/your-simple-svg-support.php#L20", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3259951/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/your-simple-svg-support/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa9d836-4e13-4c6a-b1e6-a8f984805842?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2559.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2559.json new file mode 100644 index 00000000000..80824e8f876 --- /dev/null +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2559.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2559", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-03-25T09:15:17.047", + "lastModified": "2025-03-25T09:15:17.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-2559", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2635.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2635.json new file mode 100644 index 00000000000..24d637886b5 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2635.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-2635", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-25T10:15:16.430", + "lastModified": "2025-03-25T10:15:16.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/digital-license-manager/trunk/includes/ListTables/Activations.php#L476", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3260900/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/digital-license-manager/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a266e003-3a0a-4832-a88b-60c2a26b387c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2753.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2753.json new file mode 100644 index 00000000000..0ee25ec3087 --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2753.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2753", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-25T09:15:17.247", + "lastModified": "2025-03-25T09:15:17.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/assimp/assimp/issues/6014", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/assimp/assimp/issues/6014#issue-2877372462", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300858", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300858", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.517787", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2754.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2754.json new file mode 100644 index 00000000000..9febd5b6559 --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2754.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2754", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-25T09:15:17.730", + "lastModified": "2025-03-25T09:15:17.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/assimp/assimp/issues/6015", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/assimp/assimp/issues/6015#issue-2877373501", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300859", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300859", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.517788", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2755.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2755.json new file mode 100644 index 00000000000..c23dc29e0e4 --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2755.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2755", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-25T09:15:17.983", + "lastModified": "2025-03-25T09:15:17.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument src.entries leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/assimp/assimp/issues/6017", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/assimp/assimp/issues/6017#issue-2877374161", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300860", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300860", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.517789", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2756.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2756.json new file mode 100644 index 00000000000..3b43f32c49c --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2756.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2756", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-25T10:15:16.627", + "lastModified": "2025-03-25T10:15:16.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/assimp/assimp/issues/6018", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/assimp/assimp/issues/6018#issue-2877375815", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300861", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300861", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.517790", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2757.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2757.json new file mode 100644 index 00000000000..f8fb43357ec --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2757.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2757", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-25T10:15:16.887", + "lastModified": "2025-03-25T10:15:16.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/assimp/assimp/issues/6019", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/assimp/assimp/issues/6019#issue-2877376386", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.517817", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 367a574301b..5f440c05b2d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-25T09:00:19.500208+00:00 +2025-03-25T11:00:19.549197+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-25T08:15:20.193000+00:00 +2025-03-25T10:15:16.887000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -286499 +286514 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `15` -- [CVE-2024-12623](CVE-2024/CVE-2024-126xx/CVE-2024-12623.json) (`2025-03-25T07:15:36.827`) -- [CVE-2025-1320](CVE-2025/CVE-2025-13xx/CVE-2025-1320.json) (`2025-03-25T07:15:38.180`) -- [CVE-2025-2252](CVE-2025/CVE-2025-22xx/CVE-2025-2252.json) (`2025-03-25T07:15:38.337`) -- [CVE-2025-2740](CVE-2025/CVE-2025-27xx/CVE-2025-2740.json) (`2025-03-25T07:15:38.493`) -- [CVE-2025-2742](CVE-2025/CVE-2025-27xx/CVE-2025-2742.json) (`2025-03-25T07:15:38.700`) -- [CVE-2025-2743](CVE-2025/CVE-2025-27xx/CVE-2025-2743.json) (`2025-03-25T07:15:38.883`) -- [CVE-2025-2744](CVE-2025/CVE-2025-27xx/CVE-2025-2744.json) (`2025-03-25T07:15:39.103`) -- [CVE-2025-2750](CVE-2025/CVE-2025-27xx/CVE-2025-2750.json) (`2025-03-25T08:15:19.203`) -- [CVE-2025-2751](CVE-2025/CVE-2025-27xx/CVE-2025-2751.json) (`2025-03-25T08:15:20.013`) -- [CVE-2025-2752](CVE-2025/CVE-2025-27xx/CVE-2025-2752.json) (`2025-03-25T08:15:20.193`) +- [CVE-2024-13690](CVE-2024/CVE-2024-136xx/CVE-2024-13690.json) (`2025-03-25T09:15:13.673`) +- [CVE-2024-13710](CVE-2024/CVE-2024-137xx/CVE-2024-13710.json) (`2025-03-25T09:15:15.700`) +- [CVE-2024-13731](CVE-2024/CVE-2024-137xx/CVE-2024-13731.json) (`2025-03-25T09:15:15.940`) +- [CVE-2024-53678](CVE-2024/CVE-2024-536xx/CVE-2024-53678.json) (`2025-03-25T10:15:13.303`) +- [CVE-2024-53679](CVE-2024/CVE-2024-536xx/CVE-2024-53679.json) (`2025-03-25T10:15:16.027`) +- [CVE-2025-2319](CVE-2025/CVE-2025-23xx/CVE-2025-2319.json) (`2025-03-25T09:15:16.377`) +- [CVE-2025-2510](CVE-2025/CVE-2025-25xx/CVE-2025-2510.json) (`2025-03-25T09:15:16.597`) +- [CVE-2025-2542](CVE-2025/CVE-2025-25xx/CVE-2025-2542.json) (`2025-03-25T10:15:16.220`) +- [CVE-2025-2559](CVE-2025/CVE-2025-25xx/CVE-2025-2559.json) (`2025-03-25T09:15:17.047`) +- [CVE-2025-2635](CVE-2025/CVE-2025-26xx/CVE-2025-2635.json) (`2025-03-25T10:15:16.430`) +- [CVE-2025-2753](CVE-2025/CVE-2025-27xx/CVE-2025-2753.json) (`2025-03-25T09:15:17.247`) +- [CVE-2025-2754](CVE-2025/CVE-2025-27xx/CVE-2025-2754.json) (`2025-03-25T09:15:17.730`) +- [CVE-2025-2755](CVE-2025/CVE-2025-27xx/CVE-2025-2755.json) (`2025-03-25T09:15:17.983`) +- [CVE-2025-2756](CVE-2025/CVE-2025-27xx/CVE-2025-2756.json) (`2025-03-25T10:15:16.627`) +- [CVE-2025-2757](CVE-2025/CVE-2025-27xx/CVE-2025-2757.json) (`2025-03-25T10:15:16.887`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 11d5e3afd08..f1734c68ffb 100644 --- a/_state.csv +++ b/_state.csv @@ -246964,7 +246964,7 @@ CVE-2024-1262,0,0,b26d9641a8cbc2c5642fa36dfff4a6fef92b6772e7113385af431217d75dfe CVE-2024-12620,0,0,e537581ee6f9b9e41db6bae290af071a0bca6c5bd387497ad5b828939e579290,2025-02-24T16:41:10.847000 CVE-2024-12621,0,0,c2adae066a86c184a771a0d948073e2bc06ef58867852e158c90f4e2e54ac114,2025-01-09T11:15:15.417000 CVE-2024-12622,0,0,44dabce1b6e9706e1913dedf06e830c5e84e3b2aacb10e32270b16def1e102ad,2024-12-24T06:15:33.433000 -CVE-2024-12623,1,1,9d00343bb5e8bdb91e8eb02610fa0daf7c1fc38f11160faa9882431283e8980d,2025-03-25T07:15:36.827000 +CVE-2024-12623,0,0,9d00343bb5e8bdb91e8eb02610fa0daf7c1fc38f11160faa9882431283e8980d,2025-03-25T07:15:36.827000 CVE-2024-12624,0,0,5e7ff0728298740b51bc71547c6153c6f49e2311f395bfc0566af7f4601437d1,2025-02-04T17:09:29.943000 CVE-2024-12626,0,0,dc01f58442ef4eb4425488c755c4a1d0852a1ed618c4541c829e9e2584781b84,2024-12-19T12:15:06.160000 CVE-2024-12627,0,0,022af0cec2036ad3cef4dfbe1da5009a76ffbe6b2f826e6feb835dd2d0810966,2025-01-11T03:15:21.587000 @@ -247997,6 +247997,7 @@ CVE-2024-13686,0,0,795cf4f104c4a48dc013b04bf384c3723c0dc095e307556322181b529220b CVE-2024-13687,0,0,8a954d90e2ecf3e0bfefe90b1ebf331e7dcd9b3ff81bc3892382c9536696e182,2025-02-21T16:00:16.287000 CVE-2024-13689,0,0,41b530aa4ba65a02f514116414a57fc5db58dbb6ffe52efa3c6202ae2808e2eb,2025-02-18T15:15:15.547000 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000 +CVE-2024-13690,1,1,bc4cbc4c5d875915762b2e6474f2fb25f04c6fcc4f8b7e5d9b397ee7dd1e94db,2025-03-25T09:15:13.673000 CVE-2024-13691,0,0,e2ffbabc297e59a5c1d2ebf52a7761c6c116f558696876672f6c292ae9c9a1ee,2025-02-21T14:22:06.687000 CVE-2024-13692,0,0,dd428cbed85db3481f00689aa7810df65625b6d6cab80d30a96dd09c938f8def,2025-02-25T19:40:09.050000 CVE-2024-13693,0,0,da2fdb073502d90c8b80614853f1996297ea5b16d4af7c623bcd02f019fbeff3,2025-02-28T01:35:34.740000 @@ -248016,6 +248017,7 @@ CVE-2024-13706,0,0,ab3c260451f5aeaf628499ae0037d8fc16844264bd9ec15ebc42f8eab05dd CVE-2024-13707,0,0,032e2a9cb1b090228bf905c1e52e11efae679d2f0165154d533e21d339074c69,2025-01-31T18:12:42.913000 CVE-2024-13709,0,0,89bb0c649902e7b71dd397a2d1262eb45ecb5db3a49c5090d0564ce4341f03af,2025-01-25T04:15:07.670000 CVE-2024-1371,0,0,700f360c37065b466d7daf295c0b566055365a6732e2b4756cd7fe3bd3dfd8e6,2024-11-21T08:50:26.150000 +CVE-2024-13710,1,1,63d436a684af1d6bfd91e543151cba4a23cc0be0c7b3e02a237f383c2c898e85,2025-03-25T09:15:15.700000 CVE-2024-13711,0,0,1a1ffe5071fb9e346fad9e860d757c762a5262c3605ff7f2e04763dde7cb4152,2025-03-06T14:59:01.473000 CVE-2024-13712,0,0,52f360393dc3e1dcb6dc207c273369745f8a2e5b7527a4679e8162f004aa11ea,2025-03-06T14:59:42.753000 CVE-2024-13713,0,0,90954b7583c56b27a881e3e89dac99a8fe4d669edd575847540b2c9eda75eaf1,2025-02-25T03:28:44.207000 @@ -248035,6 +248037,7 @@ CVE-2024-13725,0,0,3ae67647de598849d6499031064f2ab84aae12fe373705e9378e4edd2b924 CVE-2024-13726,0,0,6f933b5330ba37986acbe4c29892bcb7173ac142380eeae5f3195ee1c4836999,2025-02-19T22:15:23.043000 CVE-2024-13728,0,0,fc3600c0f61ce7085e8da7204bc76ef6f37fa32ad9251533dccbbb08ac5789f5,2025-02-23T06:15:08.710000 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000 +CVE-2024-13731,1,1,cdef5b0b1d1c9ce333494380127ded46d4002f45d5821b356ce1ba07faffc800,2025-03-25T09:15:15.940000 CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb99ad,2025-01-31T20:22:33.503000 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000 CVE-2024-13734,0,0,17fab3f74e78896a40ac1961915d61db429551aa26d55adeda206fce66c88861,2025-03-11T15:55:48.603000 @@ -274328,6 +274331,8 @@ CVE-2024-53674,0,0,f555b7f03d33cd061d1493d8fc99309d52915e66d5ae0672802dcf1d36a50 CVE-2024-53675,0,0,1183b1bd94841ad73311a268c8a0b2c37f3657514fc74825a9481690ca681ab0,2024-12-12T19:48:48.443000 CVE-2024-53676,0,0,c490c381bc4cf20362ca2fe80c2a42d5885518e67b502c7eb2104a16d0af86f5,2025-03-05T15:15:14.717000 CVE-2024-53677,0,0,8366436219755b1800912ef688e04813e43d75c9b7c1b34216e46bc5e5cd4bc2,2025-01-03T12:15:26.673000 +CVE-2024-53678,1,1,00fc387abb394d40e7a856cd83ccab50673147b06e584b1d1ae5997db92d7db9,2025-03-25T10:15:13.303000 +CVE-2024-53679,1,1,982610c7038379ffe1077d25375dcb6547a7ff94bb83745ca5f324c791859fd7,2025-03-25T10:15:16.027000 CVE-2024-5368,0,0,4db869339549cb4714f0e6f3106633eed75b9851fe17301802bf3860ddc20de9,2025-02-11T18:32:28.793000 CVE-2024-53680,0,0,d00cdef75190d88cc2c8633c99dc18973cdcb2e6508d8e02eb8a8af87c5c3651,2025-01-11T13:15:25.710000 CVE-2024-53681,0,0,275dd62378dbefc087157f568efe3961eacafb9ec6438e48555a840aa194132c,2025-01-15T13:15:10.963000 @@ -281708,7 +281713,7 @@ CVE-2025-1314,0,0,bafad489ff1eadbb41395d6cf3743ce464b25bb7da82ca4e71ee61d8353e84 CVE-2025-1315,0,0,b2e5cb43d68af8915879a41f899eac8effc6f5ff149f94a7a5bed3683712a9b7,2025-03-13T15:00:51.697000 CVE-2025-1316,0,0,b820806d7f30742e1f310d479db0e6f1081291250a05ea270fa97a86d0378e82,2025-03-20T01:00:01.543000 CVE-2025-1319,0,0,d637e8c27cef5c6953f5ca61f84240e7056619d466e4788e83e08596d90aba8a,2025-03-06T15:09:58.827000 -CVE-2025-1320,1,1,39a72468987bcfc60b1fe2932fec5e6611406b56e9f8ca4fd638da3fe64efbb2,2025-03-25T07:15:38.180000 +CVE-2025-1320,0,0,39a72468987bcfc60b1fe2932fec5e6611406b56e9f8ca4fd638da3fe64efbb2,2025-03-25T07:15:38.180000 CVE-2025-1321,0,0,3da7738bfdaa0898de004d40e4fadbe2a67a378d68f0f0d09a0d5c3a6126abd2,2025-03-05T18:46:16.890000 CVE-2025-1322,0,0,44942778a32b04e3546dd86fb81e0e8dd33a2d074585a18f158028a80293af84,2025-03-13T13:01:31.400000 CVE-2025-1323,0,0,b0f3bc5e76c99481e26517f66c3e5ae3fc1e8b63a6b6098651bbb6d69ab76e54,2025-03-12T16:24:59.343000 @@ -283275,7 +283280,7 @@ CVE-2025-22516,0,0,1e00a835018f3d8a5a2146e73ca06f663e6b5f20899e52befe5b59b682de3 CVE-2025-22517,0,0,ee21d3d31a992a68c979e6accd10715a11d5e1ec6f6b3eed9bfa95834b0fad80,2025-01-07T16:15:46.820000 CVE-2025-22518,0,0,535bc53910b4248a1835af44484cc739f218823417d517b592446b7a4732b124,2025-01-07T16:15:46.990000 CVE-2025-22519,0,0,9eba78dca6b6275629a253d65542149e1a61504a2abb269961c4820ebeee5845,2025-01-07T16:15:47.140000 -CVE-2025-2252,1,1,e7ef39b3db2cb939b5f30f9e121b60a855d58b985c88482502a863ee8cc3c166,2025-03-25T07:15:38.337000 +CVE-2025-2252,0,0,e7ef39b3db2cb939b5f30f9e121b60a855d58b985c88482502a863ee8cc3c166,2025-03-25T07:15:38.337000 CVE-2025-22520,0,0,d90fcded13c83210ff25a704cf2d7700ad6fc2bbd95729d89ec73c52d86588de,2025-01-07T16:15:47.310000 CVE-2025-22521,0,0,e62fb335e410addf0641d689eefeeec9d9054d8a13b83f38fee365914160d44b,2025-01-09T16:16:27.743000 CVE-2025-22522,0,0,1ebc82346c4e34dee12844f6aa464ab0e7c0d220eb4925eee3392344e450fdee,2025-01-07T16:15:47.513000 @@ -283688,6 +283693,7 @@ CVE-2025-23185,0,0,6a8fc3993811d2ce0c7ae31663c2f10b11720d00b7d18acd6d25289de30c4 CVE-2025-23187,0,0,c290fe7dd4f9aea98485c447bf9862acb0a55538c675ba503d3516720f3efd65,2025-02-18T18:15:33.497000 CVE-2025-23188,0,0,38b58d0edc10fc1a9c41231926b7cfaaaf380211f861dba5aaca5167b534434b,2025-03-11T01:15:34.480000 CVE-2025-23189,0,0,b372693675c5d6d50e215d8acb54007642608e3ca2a789b9ea116e268e1e263e,2025-02-11T01:15:10.263000 +CVE-2025-2319,1,1,4ae0a60aaaa49e68f1d26f281cf56e92f6b0f7779bd37758285d4635a07e86e9,2025-03-25T09:15:16.377000 CVE-2025-23190,0,0,87842373d301ca780cfdfed4b8137d271e812becd8d75ff110dd7b27091c3193,2025-02-11T01:15:10.413000 CVE-2025-23191,0,0,93bf39b052d32c7fd79bf315d4657bdb3b25800f484d8ee22918be2670f1ecea,2025-02-11T01:15:10.557000 CVE-2025-23193,0,0,dd2b7306807ec40f9912fb49ee68934fd2efddf05fc31efb201a5ebd32befe04,2025-02-11T01:15:10.700000 @@ -284999,6 +285005,7 @@ CVE-2025-25096,0,0,236222022f87a86e77bd8ba463e844df698349f963210d6765a3437ea99cd CVE-2025-25097,0,0,e516102cedda1395b6abdb8786b776f94af95ec136f76e62dc90cc8ba092528b,2025-02-07T10:15:15.327000 CVE-2025-25098,0,0,d51cf54051461684fbfbca4232445e97f072cd7fa5f46b19018d123dcd09d044,2025-02-07T10:15:15.500000 CVE-2025-25099,0,0,9f4d5bc16129f8aeab3ce15b15ca359e827725b5005628a8e16e352d8cb393f7,2025-03-03T14:15:50.490000 +CVE-2025-2510,1,1,2c2372aa137669bccc706a771ff1dfad99dcd69e6aeaaa029f73a3cb03e72c71,2025-03-25T09:15:16.597000 CVE-2025-25101,0,0,b55978e51ad28a269a135a73512b84912bf7da148b6e45135907e1256d3b35de,2025-02-07T10:15:15.670000 CVE-2025-25102,0,0,5f9e7463562618c549bf2e4d3e5dd8db7fee9ab199f55b3f6ce01b6dcabdde0f,2025-03-03T14:15:50.630000 CVE-2025-25103,0,0,8f0bbbc68659bdd6583cb7a4bc5992aad3b30e946386462de20a44c10a02c12a,2025-02-07T10:15:15.850000 @@ -285168,6 +285175,7 @@ CVE-2025-25387,0,0,8227bd6f57bafc5fc7f8bddfd6ec6a78dcca117ca404c22469842eba5d4e3 CVE-2025-25388,0,0,e086cda7e4e5c05ccba48ad30906fb7e59dedc66fc1b83e5645bd434397a431f,2025-02-13T20:15:49.730000 CVE-2025-25389,0,0,c4fa8037812de3d612838c95ec3fcc9b936e3b28bc2aa3e854f709efa62e78c8,2025-02-14T17:15:20.663000 CVE-2025-2539,0,0,d08575a7f1943ad408e267113207b31d934ab07db617ed66f8aa571dc440dc3c,2025-03-20T12:15:14.900000 +CVE-2025-2542,1,1,67e4d722d96a77fb9a5146fca8c747083c84a6cab3c4e89992a118eafa867028,2025-03-25T10:15:16.220000 CVE-2025-25426,0,0,108c4b754e54717537bad215341cffab6a867457930f1858a7d85368cf0a6951,2025-03-05T17:15:15.320000 CVE-2025-25428,0,0,a4039c579030febd59545c017c3c1beb99a5f4778526e73f910acc016f0edd9b,2025-03-04T16:15:39.597000 CVE-2025-25429,0,0,a95bef6ecb2c9e9037f1ebf79f87a2b0c7101933c3f64e22cf3f921f022ed0ed,2025-02-28T23:15:10.903000 @@ -285233,6 +285241,7 @@ CVE-2025-25582,0,0,71a429a4688f0b98eba65a76fc9404b2639d529bc96a639c12359f9c6efb4 CVE-2025-25585,0,0,aa4f3350849e7a6d1d328ba035f3acd3940e4357ca726a2c6819200e720715c1,2025-03-19T19:15:45.203000 CVE-2025-25586,0,0,f763f28731952889e3c39cdd70010ecdc2ffdd540fe5ee3db5db0cbca0c50d19,2025-03-19T19:15:45.367000 CVE-2025-25589,0,0,279eb4ff22a60008293d709d8e850b13874c50e8c6f1e23d8361c430349b0055,2025-03-21T14:15:16.007000 +CVE-2025-2559,1,1,9843849bcea3358635c2fa0a7b7baba041a077ce39d4d7bbad36bdcbbec005a5,2025-03-25T09:15:17.047000 CVE-2025-25590,0,0,3893b0a4da36be48d36967b7837bf6fae4ec31547efd1c3211b9404b64ed4014,2025-03-19T19:15:45.640000 CVE-2025-25595,0,0,aa00b2d1ab7849343e6db405365eeb91adac3488c36ef66088e11f27457b2723,2025-03-18T17:15:46.203000 CVE-2025-25598,0,0,ea8ff451786059144f97b5402e36a3bbb5df978993f22c0b25b2578aad85418d,2025-03-19T14:15:39.140000 @@ -285468,6 +285477,7 @@ CVE-2025-26346,0,0,be21a62ce61f2d55e2ee1237c267ca5c40463dafd81220bdef97f257cccd1 CVE-2025-26347,0,0,da5df29b91dc5eca83f7a6c3957a394103acb4ae7a841760c94a02881ddf6af6,2025-02-12T14:15:34.687000 CVE-2025-26348,0,0,58fb90d30dca3d8a4c20eaaf3cd36fd2293f4ce01fe3997d760c693d5e908d9b,2025-02-12T14:15:34.827000 CVE-2025-26349,0,0,12a2016c5e52ef6cce782d618f523cf7cef1cfe9e792d320af44534ba7f3734e,2025-02-12T14:15:34.960000 +CVE-2025-2635,1,1,bebbe0e5bd53e24d8f0f2ddcc0fdbc47a51f0be4fa8e198cacea9893ca33060f,2025-03-25T10:15:16.430000 CVE-2025-26350,0,0,afbfee825fdf77a6f15cd07ce25142fdc9efc0be3e606cb33c000483e401fe74,2025-02-12T14:15:35.107000 CVE-2025-26351,0,0,607a4941da7c4232aed5e04718bd94d2cdc824014a06ec451aa2fdd8d2bb413d,2025-02-12T14:15:35.270000 CVE-2025-26352,0,0,d97dbb0f143285ca7ed1b8832eb49e14976c1d64263e58848d3e2279556dd75a,2025-02-12T14:15:35.430000 @@ -285999,7 +286009,7 @@ CVE-2025-27396,0,0,eadc58c9c625c288d8817b5497a9be2ced63972085e268f74b6cfbad20e39 CVE-2025-27397,0,0,956a25b040033d89cdbeac3073d670e6783aa568f3a9850c3446f06c3a9a7f0e,2025-03-11T10:15:19.083000 CVE-2025-27398,0,0,4873fb1d9330833240d0c3956ffddabe528327a366ea9eaa669a80b91d791657,2025-03-11T10:15:19.247000 CVE-2025-27399,0,0,78ad55c708db0eacfc60a4739f25b01ac5122592f5e6277695a1cd74fcb32c63,2025-02-27T18:15:30.380000 -CVE-2025-2740,1,1,a65d825df0f856d453b396956fc58926fb8411794a6ec56f0fc9fa779fdacd94,2025-03-25T07:15:38.493000 +CVE-2025-2740,0,0,a65d825df0f856d453b396956fc58926fb8411794a6ec56f0fc9fa779fdacd94,2025-03-25T07:15:38.493000 CVE-2025-27400,0,0,3420eb7304b08f9fb1c25aec87192bc56067f699b82d2cfeb510bc8097e34509,2025-02-28T16:15:40.237000 CVE-2025-27401,0,0,f4a40e6f24af923d22cbd4869ba6e62f802add03358279293f26a3440d2f2d83,2025-03-04T17:15:19.547000 CVE-2025-27402,0,0,ef47d48bfaf1f7969fb8808de0077363418ad8a4d4aaaf238d494e9d3e9d6ba8,2025-03-04T17:15:19.703000 @@ -286016,7 +286026,7 @@ CVE-2025-27416,0,0,7d697ee2a206d2c6a4b9875052c6dbb5339b6641445690f52932a9ae6193d CVE-2025-27417,0,0,cdcf8fc02cc79b9a0b20b04560621cd31c16ef1455c76722ca7ab3938e8044e5,2025-03-04T17:15:19.857000 CVE-2025-27418,0,0,41f3eb54bc8960a9271d089bac74e54194694ac4af5959c0bca02edfdd330c78,2025-03-04T17:15:19.967000 CVE-2025-27419,0,0,d7b7cf11d35eeb3fa0afbc8e178d471065b3eebc40c5e5d6f63fef0c0db9e934,2025-03-07T20:42:56.750000 -CVE-2025-2742,1,1,284fcfd66c80d738a6875f6d02882f2ae3048813b142771792d58d289cd290c3,2025-03-25T07:15:38.700000 +CVE-2025-2742,0,0,284fcfd66c80d738a6875f6d02882f2ae3048813b142771792d58d289cd290c3,2025-03-25T07:15:38.700000 CVE-2025-27420,0,0,b3c5167d23216466badc66bb683feb7a3d63f11b0877f522ded65752258de9d9,2025-03-04T17:15:20.137000 CVE-2025-27421,0,0,d05fea08a71a3936a2f096f07356bdc55c206f7da4ad4a6502a071cb1952b476,2025-03-03T17:15:15.630000 CVE-2025-27422,0,0,cce8795dfe16ac096ec644088df76a3fc7ab0f6058c93abaa8f18c6deb644b95,2025-03-03T17:15:15.787000 @@ -286024,7 +286034,7 @@ CVE-2025-27423,0,0,76136ac7a97f6b3b77c306faa15fa09b7bae261cd8dfd81b49033906f60d3 CVE-2025-27424,0,0,5e5449f71c6f33c3acb1ec312a6d712650821e7af73edb97a00595ed47249653,2025-03-04T16:15:40.647000 CVE-2025-27425,0,0,eefa8de598cb14b10db9fda893507ccbe08d3f46d7345c6568f153f085ae9419,2025-03-04T16:15:40.797000 CVE-2025-27426,0,0,265e1042156a6e72609e420079ebda71f3f2436cf1969deb71bd21f2f87de83e,2025-03-04T16:15:40.933000 -CVE-2025-2743,1,1,1c9cbed5f86c19a6e2b17c68433c96fa150391f82237627f4925b2890cd09cff,2025-03-25T07:15:38.883000 +CVE-2025-2743,0,0,1c9cbed5f86c19a6e2b17c68433c96fa150391f82237627f4925b2890cd09cff,2025-03-25T07:15:38.883000 CVE-2025-27430,0,0,c8635f0b92dae7bf8e99c5e4e8dabb23fa1cb6267b38122c26d97fb0aff537e6,2025-03-11T01:15:36.157000 CVE-2025-27431,0,0,85033e3af4b6365958fcf162dc58009a9515212b38e9ac59600dfcd228492344,2025-03-11T01:15:36.310000 CVE-2025-27432,0,0,0097aad049d9f686ea71d8a6054e6d326f3e360a2d590fa8120819d74b49d0b1,2025-03-11T01:15:36.467000 @@ -286033,7 +286043,7 @@ CVE-2025-27434,0,0,9f3eccd1b65f086459b76c648d1b4ecbb9099d890e6e2239c04c850b487f5 CVE-2025-27436,0,0,e9dd40ff33da1e03b4af0fe710cae520f535a38763cba00e5b84d8f0ada2e28f,2025-03-11T01:15:36.920000 CVE-2025-27438,0,0,aa271b66950b27900a45ff14fb7ffa30a34f109c554f6e3ef42a2a6604aa6c9a,2025-03-11T10:15:19.407000 CVE-2025-27439,0,0,0adb16bdd8175e50b2012f79d28e4b0f799da16ee6499b9aa741287f255e0365,2025-03-11T18:15:36.510000 -CVE-2025-2744,1,1,8db9a855af260ae40aa72cbc117ae5e803203544dc1c56691be9bfbac19fbae5,2025-03-25T07:15:39.103000 +CVE-2025-2744,0,0,8db9a855af260ae40aa72cbc117ae5e803203544dc1c56691be9bfbac19fbae5,2025-03-25T07:15:39.103000 CVE-2025-27440,0,0,86277272131892140b431c748dacaa4d43e60fedf1d6315607fc09340bd3b7ff,2025-03-11T18:15:36.653000 CVE-2025-2746,0,0,8b49cf8556842032cb9b550f823ae11ffd02db0055ace58ce20ec5e4796c43b4,2025-03-24T19:15:51.460000 CVE-2025-2747,0,0,a5f6032f0a95c9cfd0d7472546abd5bc27c63ce330f073ac2f4795d2515fca31,2025-03-24T19:15:51.967000 @@ -286045,14 +286055,14 @@ CVE-2025-27496,0,0,ccff5911af72635aa70d4fd8c0ad1b78ee109057412ec57494c2c4bd15ca4 CVE-2025-27497,0,0,743ee7f38dd6b9e10078c7bfc9ce8eb62501de8f23ae65ae5e5da5d98837ac89,2025-03-05T16:15:40.587000 CVE-2025-27498,0,0,7cb66b0e34a52fccf99fcea1075b68d5f7e08d30f7f5bc4fcc53c0689130dbca,2025-03-03T17:15:16.443000 CVE-2025-27499,0,0,5f67388884f61cbdff1996d64d628e46709b8560c17359d456ecd050bc05a679,2025-03-06T12:26:32.607000 -CVE-2025-2750,1,1,03b24cc04b628803193db6bc08742bb1fa248d80a3d68dfb2b13301b7b3369a8,2025-03-25T08:15:19.203000 +CVE-2025-2750,0,0,03b24cc04b628803193db6bc08742bb1fa248d80a3d68dfb2b13301b7b3369a8,2025-03-25T08:15:19.203000 CVE-2025-27500,0,0,86395c642c95ea913b918c9cd4b508655a7fe40b1107839113b18708952581b3,2025-03-05T20:30:38.860000 CVE-2025-27501,0,0,fe43d553fd2a0bea6e473eff498e72d409b5df6cf90a7412dab8463d58fd0323,2025-03-05T20:24:50.943000 CVE-2025-27506,0,0,32b11c29187a961e8c53dd6e270016dcdaaf49f193aef3211b78316072c8bd71,2025-03-06T19:15:27.833000 CVE-2025-27507,0,0,f102904d74ef14427d4091398f7ee4e6c4c616cd5703ded2fd821f8eb925d7b3,2025-03-04T17:15:20.360000 CVE-2025-27508,0,0,f715817c4f100acb64f230b192c6c7e1e45a0a1b5dc8999db4503d2d4c79106a,2025-03-07T18:15:48.033000 CVE-2025-27509,0,0,b19e817ae53fb2adc8450fe87e6915009aecb03de30411e2e5b5d839939c31c7,2025-03-06T19:15:27.973000 -CVE-2025-2751,1,1,c5b4c098940f744d5b18f20bdd24d70d759f0f364ec9cbe6dd5ec174edc5efc5,2025-03-25T08:15:20.013000 +CVE-2025-2751,0,0,c5b4c098940f744d5b18f20bdd24d70d759f0f364ec9cbe6dd5ec174edc5efc5,2025-03-25T08:15:20.013000 CVE-2025-27510,0,0,ac4f7f7024da7b86cbb69ce4ceeef3932c0db8be95e2227b9a01f0be4cf0881d,2025-03-05T17:15:16.597000 CVE-2025-27512,0,0,cb13c383ff3aa78a3f0c9d992177778ab6adc9bbc3ab0c4dc852c858ba416c50,2025-03-17T15:15:44.557000 CVE-2025-27513,0,0,1ed9139bbfb8391739a7cca7d4cdbd5b57d836b7a54ea10db84c6c5c6b66d52e,2025-03-05T19:15:39.337000 @@ -286061,10 +286071,15 @@ CVE-2025-27516,0,0,f21ea87f2fa7d6c189d50fb2ccebb86df369317f622219bd7aa7038d86bc2 CVE-2025-27517,0,0,0c6e1cbd03f08aa0c28a052f1a961fd35d2b58b4844c0e34e3b438f6bc1c89ff,2025-03-05T20:16:05.960000 CVE-2025-27518,0,0,33c2ec7c1e9790b801dd04e89fd77042adb014555e9a900add53790edfc9f15c,2025-03-07T16:15:39.187000 CVE-2025-27519,0,0,ccdb73c39ee93a016094b17abcf363c0c91c0cb8a87d6bd768900a706722d9f7,2025-03-07T16:15:39.623000 -CVE-2025-2752,1,1,966bab4733c1248f653f0907b6dae224fa3e2a100502d1c65b8bc77950fc752c,2025-03-25T08:15:20.193000 +CVE-2025-2752,0,0,966bab4733c1248f653f0907b6dae224fa3e2a100502d1c65b8bc77950fc752c,2025-03-25T08:15:20.193000 CVE-2025-27521,0,0,238fcbb4ddab85c97db2ebf1a5930f855cf28b2ad902f1b11a70a00fedb1566e,2025-03-05T14:00:54.577000 +CVE-2025-2753,1,1,c4f223f01f43a4bc41fb6e6000479abc3fcfdfa8bea381ce5d291229dae4b9e3,2025-03-25T09:15:17.247000 +CVE-2025-2754,1,1,a326bc3858285141a99f7245126546f196cdca853219c40a22fbd6bab233bcc7,2025-03-25T09:15:17.730000 +CVE-2025-2755,1,1,2be4e1e06353a961288a1ac89a57890790aa2d17e4e656d7cb4215a8ecda9be5,2025-03-25T09:15:17.983000 CVE-2025-27553,0,0,183dc3a86b8b1f61354b767d69fc5cfccf39fac83a814abf975899e48ebf1d50,2025-03-24T14:15:18.687000 CVE-2025-27554,0,0,cf23284196495ef624f6aebb4a495f3e36a6b5bfc39b634f5a2b752d43a7754d,2025-03-01T06:15:34.693000 +CVE-2025-2756,1,1,58b5bd5add05519b3703c9867b1ef41f7806d55535cab28fb5b5ea6f68937930,2025-03-25T10:15:16.627000 +CVE-2025-2757,1,1,50a4e494f69ed3370c82ac525cf6a129eaf9845acd3fb8519ece62c6c1c89803,2025-03-25T10:15:16.887000 CVE-2025-27579,0,0,e37901d639203dabeb0abb1f8d25952e3d9090042ecc93a0b94bf072c75c186f,2025-03-04T19:15:38.800000 CVE-2025-27583,0,0,0323a5ab9427edc3fc5fcf52b07bbd68cd541b31029bf0b1077e85dabad17762,2025-03-05T17:15:16.693000 CVE-2025-27584,0,0,7c36caae7b88889d70bacae0c47b7b1525e549e4aea51dfda3fa9c2476496e88,2025-03-04T17:15:20.527000