diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2921.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2921.json new file mode 100644 index 00000000000..9147d78f2a4 --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2921.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-2921", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-06-06T06:15:30.597", + "lastModified": "2025-06-06T06:15:30.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58114.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58114.json new file mode 100644 index 00000000000..3de6b0c2dff --- /dev/null +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58114.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-58114", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:24.560", + "lastModified": "2025-06-06T07:15:24.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Resource allocation control failure vulnerability in the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1777.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1777.json new file mode 100644 index 00000000000..bab492a7122 --- /dev/null +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1777.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-1777", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T06:15:31.163", + "lastModified": "2025-06-06T06:15:31.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://www.seatheme.net/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb3e0251-c3b7-4360-87f3-7e4612d4f285?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1778.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1778.json new file mode 100644 index 00000000000..30af925489b --- /dev/null +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1778.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-1778", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T06:15:31.397", + "lastModified": "2025-06-06T06:15:31.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/art-simple-clean-wordpress-theme-for-creatives/20170299", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2935.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2935.json new file mode 100644 index 00000000000..4e9ae1c17a0 --- /dev/null +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2935.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-2935", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:24.823", + "lastModified": "2025-06-06T07:15:24.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_option_maint.php#L73", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_user_filter_list.php#L239", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_user_filter_list.php#L447", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aefb192a-ed42-44a9-bbd1-5906909a419c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31171.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31171.json index df11c7aa272..606a7d9b485 100644 --- a/CVE-2025/CVE-2025-311xx/CVE-2025-31171.json +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31171.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31171", "sourceIdentifier": "psirt@huawei.com", "published": "2025-04-07T04:15:20.730", - "lastModified": "2025-05-07T20:09:08.480", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-06T07:15:25.090", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -100,11 +100,8 @@ ], "references": [ { - "url": "https://consumer.huawei.com/en/support/bulletin/2025/4/", - "source": "psirt@huawei.com", - "tags": [ - "Not Applicable" - ] + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json index dc28cc45c31..c300b3c4376 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json @@ -2,13 +2,13 @@ "id": "CVE-2025-4191", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T00:15:19.440", - "lastModified": "2025-05-09T13:41:58.530", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-06T07:15:27.087", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." }, { "lang": "es", @@ -22,7 +22,7 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", @@ -36,7 +36,7 @@ "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", - "exploitMaturity": "NOT_DEFINED", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", @@ -210,6 +210,10 @@ "VDB Entry" ] }, + { + "url": "https://vuldb.com/?submit.591204", + "source": "cna@vuldb.com" + }, { "url": "https://github.com/ideal-valli/myCVE/issues/3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48902.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48902.json new file mode 100644 index 00000000000..fd8bc7ae477 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48902.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48902", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:25.360", + "lastModified": "2025-06-06T07:15:25.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of uncontrolled system resource applications in the setting module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-118" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48903.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48903.json new file mode 100644 index 00000000000..6a440fe621a --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48903.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48903", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:25.577", + "lastModified": "2025-06-06T07:15:25.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Permission bypass vulnerability in the media library module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48904.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48904.json new file mode 100644 index 00000000000..c09c48f27cc --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48904.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48904", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:25.753", + "lastModified": "2025-06-06T07:15:25.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability that cards can call unauthorized APIs in the FRS process\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48905.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48905.json new file mode 100644 index 00000000000..7b60f437094 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48905.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48905", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:25.927", + "lastModified": "2025-06-06T07:15:25.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wasm exception capture vulnerability in the arkweb v8 module\nImpact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1068" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48906.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48906.json new file mode 100644 index 00000000000..efa21b6b15a --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48906.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48906", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.087", + "lastModified": "2025-06-06T07:15:26.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication bypass vulnerability in the DSoftBus module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48907.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48907.json new file mode 100644 index 00000000000..64bc84ca575 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48907.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48907", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.253", + "lastModified": "2025-06-06T07:15:26.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization vulnerability in the IPC module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-248" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48908.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48908.json new file mode 100644 index 00000000000..1ae50128731 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48908.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48908", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.417", + "lastModified": "2025-06-06T07:15:26.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Ability Auto Startup service vulnerability in the foundation process\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-567" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48909.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48909.json new file mode 100644 index 00000000000..417e5ef5074 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48909.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48909", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.593", + "lastModified": "2025-06-06T07:15:26.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Bypass vulnerability in the device management channel\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48910.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48910.json new file mode 100644 index 00000000000..280d5203a46 --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48910.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48910", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.760", + "lastModified": "2025-06-06T07:15:26.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in the DFile module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48911.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48911.json new file mode 100644 index 00000000000..df10ad51b9a --- /dev/null +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48911.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-48911", + "sourceIdentifier": "psirt@huawei.com", + "published": "2025-06-06T07:15:26.927", + "lastModified": "2025-06-06T07:15:26.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of improper permission assignment in the note sharing module\nImpact: Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2025/6/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4964.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4964.json new file mode 100644 index 00000000000..7686da0899b --- /dev/null +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4964.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-4964", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:27.603", + "lastModified": "2025-06-06T07:15:27.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018table_name\u2019 parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-online-users-stats/trunk/admin/class-wp-online-users-stats-admin.php#L118", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-online-users-stats/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ef66cf-ddf1-42be-82b1-cb6edcbf253c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4966.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4966.json new file mode 100644 index 00000000000..980d66e480a --- /dev/null +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4966.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-4966", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:27.790", + "lastModified": "2025-06-06T07:15:27.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-online-users-stats/trunk/admin/class-wp-online-users-stats-admin.php#L118", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-online-users-stats/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a41226ab-9732-4de2-843b-284c011c9224?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-50xx/CVE-2025-5018.json b/CVE-2025/CVE-2025-50xx/CVE-2025-5018.json new file mode 100644 index 00000000000..2432442e0c3 --- /dev/null +++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5018.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5018", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:27.970", + "lastModified": "2025-06-06T07:15:27.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site\u2019s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/hive-support/tags/1.2.4/backend/class-hive-support-ajax.php#L9", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/hive-support/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95c8722e-07c3-4728-8723-4d4a6188fe5e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-50xx/CVE-2025-5019.json b/CVE-2025/CVE-2025-50xx/CVE-2025-5019.json new file mode 100644 index 00000000000..86b3a8b3c5d --- /dev/null +++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5019.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5019", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:28.157", + "lastModified": "2025-06-06T07:15:28.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin\u2019s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/hive-support/tags/1.2.4/backend/class-hive-support-chat-ajax.php#L146", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/hive-support/tags/1.2.4/backend/class-hive-support-chat-ajax.php#L9", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/hive-support/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50542e5e-da66-4223-a6bf-dc9381687ddd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-54xx/CVE-2025-5486.json b/CVE-2025/CVE-2025-54xx/CVE-2025-5486.json new file mode 100644 index 00000000000..f656671a7c1 --- /dev/null +++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5486.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5486", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:28.347", + "lastModified": "2025-06-06T07:15:28.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-email-debug/trunk/hooks.php#L71", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5533.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5533.json new file mode 100644 index 00000000000..94bc2aa14f9 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5533.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5533", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:28.530", + "lastModified": "2025-06-06T07:15:28.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3306850%40knowledgebase&new=3306850%40knowledgebase&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/400564ba-70f8-4566-b2e7-cfa6450b609e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5534.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5534.json new file mode 100644 index 00000000000..fc0ddbbe149 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5534.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5534", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:28.727", + "lastModified": "2025-06-06T07:15:28.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/esv-bible-shortcode-for-wordpress/tags/1.0.2/esv-shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40e8dc83-6417-4881-a9a3-15525c5cc6ba?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5536.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5536.json new file mode 100644 index 00000000000..ee6e9d0bf9f --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5536.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5536", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:28.907", + "lastModified": "2025-06-06T07:15:28.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-freemind/trunk/wp-freemind.php#L36", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70eaf9b8-67a0-4e98-b65c-aea61b20b448?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5538.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5538.json new file mode 100644 index 00000000000..9d44e25805b --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5538.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5538", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:29.080", + "lastModified": "2025-06-06T07:15:29.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bns-featured-category/trunk/bns-featured-category.php#L1060", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9a9bec8-7a76-4819-91c7-d9fdae3d94de?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5541.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5541.json new file mode 100644 index 00000000000..1639712fc1e --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5541.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5541", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:29.280", + "lastModified": "2025-06-06T07:15:29.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/runners-log/trunk/runnerslog_chart.php#L50", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cca53aba-b7dd-4b78-b2ac-c69050308e94?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5563.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5563.json new file mode 100644 index 00000000000..ccbb66555a9 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5563.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5563", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:29.503", + "lastModified": "2025-06-06T07:15:29.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-addpub/trunk/wp-addpub.php#L541", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-addpub/trunk/wp-addpub.php#L57", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8945eed-eee4-4043-b6ab-d1ea553a4a23?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5565.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5565.json new file mode 100644 index 00000000000..379c646acac --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5565.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5565", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:29.700", + "lastModified": "2025-06-06T07:15:29.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/hide-it/tags/1.0.1/plugin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3d62ac3-7980-4817-ab22-e5d0a6a10d84?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5586.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5586.json new file mode 100644 index 00000000000..54010c30d4a --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5586.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5586", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:29.880", + "lastModified": "2025-06-06T07:15:29.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cpt-ajax-load-more/trunk/includes/class-cpt-alm-shortcodes.php#L126", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/cpt-ajax-load-more/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5be80195-192a-4b53-9d10-4d877fa0afbe?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5686.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5686.json new file mode 100644 index 00000000000..09c3b8e7a83 --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5686.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5686", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:30.070", + "lastModified": "2025-06-06T07:15:30.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/paged-gallery/trunk/paged-gallery.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc7dbdbe-fd0f-404b-9f9f-06e942f60a73?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5699.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5699.json new file mode 100644 index 00000000000..d24756ccbbd --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5699.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5699", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:30.270", + "lastModified": "2025-06-06T07:15:30.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/devformatter/trunk/devfmt_css.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/devformatter/trunk/devinterface.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/devformatter/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63192a95-778b-452b-9081-cf20dc7f7ec1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5703.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5703.json new file mode 100644 index 00000000000..396c7b27c98 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5703.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5703", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T07:15:30.463", + "lastModified": "2025-06-06T07:15:30.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018anchor\u2019 parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/stageshow/trunk/include/stageshowlib_salesplugin.php#L424", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/stageshow/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6543b8ad-e3f3-43c7-93f9-23f7df07e391?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5724.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5724.json new file mode 100644 index 00000000000..c8ec801c364 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5724.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5724", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T06:15:31.580", + "lastModified": "2025-06-06T06:15:31.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-4-subject-field-in-subjects-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311244", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311244", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5725.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5725.json new file mode 100644 index 00000000000..d672164dec6 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5725.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5725", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T06:15:32.100", + "lastModified": "2025-06-06T06:15:32.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-5-remark-field-in-grading-system-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311245", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311245", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5726.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5726.json new file mode 100644 index 00000000000..90722caa383 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5726.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5726", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T06:15:32.303", + "lastModified": "2025-06-06T06:15:32.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-6-division-field-in-division-system-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311246", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311246", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5727.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5727.json new file mode 100644 index 00000000000..3d1f8388893 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5727.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5727", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T07:15:30.657", + "lastModified": "2025-06-06T07:15:30.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-7-title-field-in-announcement-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311247", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311247", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5728.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5728.json new file mode 100644 index 00000000000..976eabb3455 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5728.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5728", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T07:15:30.887", + "lastModified": "2025-06-06T07:15:30.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mysq13/CVE/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311248", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311248", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590578", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5729.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5729.json new file mode 100644 index 00000000000..e17c9a32493 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5729.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5729", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T07:15:31.133", + "lastModified": "2025-06-06T07:15:31.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing_record.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311250", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311250", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590590", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bc7d4eea265..c74dd9e0462 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-06T06:00:20.510088+00:00 +2025-06-06T08:00:21.179474+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-06T05:15:26.180000+00:00 +2025-06-06T07:15:31.133000+00:00 ``` ### Last Data Feed Release @@ -33,30 +33,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -296637 +296674 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `37` -- [CVE-2024-46941](CVE-2024/CVE-2024-469xx/CVE-2024-46941.json) (`2025-06-06T04:15:48.717`) -- [CVE-2025-36513](CVE-2025/CVE-2025-365xx/CVE-2025-36513.json) (`2025-06-06T05:15:25.710`) -- [CVE-2025-5714](CVE-2025/CVE-2025-57xx/CVE-2025-5714.json) (`2025-06-06T04:15:54.847`) -- [CVE-2025-5715](CVE-2025/CVE-2025-57xx/CVE-2025-5715.json) (`2025-06-06T04:15:55.747`) -- [CVE-2025-5716](CVE-2025/CVE-2025-57xx/CVE-2025-5716.json) (`2025-06-06T04:15:57.157`) -- [CVE-2025-5719](CVE-2025/CVE-2025-57xx/CVE-2025-5719.json) (`2025-06-06T04:15:59.310`) -- [CVE-2025-5721](CVE-2025/CVE-2025-57xx/CVE-2025-5721.json) (`2025-06-06T04:16:00.297`) -- [CVE-2025-5722](CVE-2025/CVE-2025-57xx/CVE-2025-5722.json) (`2025-06-06T05:15:25.970`) -- [CVE-2025-5723](CVE-2025/CVE-2025-57xx/CVE-2025-5723.json) (`2025-06-06T05:15:26.180`) -- [CVE-2025-5733](CVE-2025/CVE-2025-57xx/CVE-2025-5733.json) (`2025-06-06T04:16:01.840`) +- [CVE-2025-48909](CVE-2025/CVE-2025-489xx/CVE-2025-48909.json) (`2025-06-06T07:15:26.593`) +- [CVE-2025-48910](CVE-2025/CVE-2025-489xx/CVE-2025-48910.json) (`2025-06-06T07:15:26.760`) +- [CVE-2025-48911](CVE-2025/CVE-2025-489xx/CVE-2025-48911.json) (`2025-06-06T07:15:26.927`) +- [CVE-2025-4964](CVE-2025/CVE-2025-49xx/CVE-2025-4964.json) (`2025-06-06T07:15:27.603`) +- [CVE-2025-4966](CVE-2025/CVE-2025-49xx/CVE-2025-4966.json) (`2025-06-06T07:15:27.790`) +- [CVE-2025-5018](CVE-2025/CVE-2025-50xx/CVE-2025-5018.json) (`2025-06-06T07:15:27.970`) +- [CVE-2025-5019](CVE-2025/CVE-2025-50xx/CVE-2025-5019.json) (`2025-06-06T07:15:28.157`) +- [CVE-2025-5486](CVE-2025/CVE-2025-54xx/CVE-2025-5486.json) (`2025-06-06T07:15:28.347`) +- [CVE-2025-5533](CVE-2025/CVE-2025-55xx/CVE-2025-5533.json) (`2025-06-06T07:15:28.530`) +- [CVE-2025-5534](CVE-2025/CVE-2025-55xx/CVE-2025-5534.json) (`2025-06-06T07:15:28.727`) +- [CVE-2025-5536](CVE-2025/CVE-2025-55xx/CVE-2025-5536.json) (`2025-06-06T07:15:28.907`) +- [CVE-2025-5538](CVE-2025/CVE-2025-55xx/CVE-2025-5538.json) (`2025-06-06T07:15:29.080`) +- [CVE-2025-5541](CVE-2025/CVE-2025-55xx/CVE-2025-5541.json) (`2025-06-06T07:15:29.280`) +- [CVE-2025-5563](CVE-2025/CVE-2025-55xx/CVE-2025-5563.json) (`2025-06-06T07:15:29.503`) +- [CVE-2025-5565](CVE-2025/CVE-2025-55xx/CVE-2025-5565.json) (`2025-06-06T07:15:29.700`) +- [CVE-2025-5586](CVE-2025/CVE-2025-55xx/CVE-2025-5586.json) (`2025-06-06T07:15:29.880`) +- [CVE-2025-5686](CVE-2025/CVE-2025-56xx/CVE-2025-5686.json) (`2025-06-06T07:15:30.070`) +- [CVE-2025-5699](CVE-2025/CVE-2025-56xx/CVE-2025-5699.json) (`2025-06-06T07:15:30.270`) +- [CVE-2025-5703](CVE-2025/CVE-2025-57xx/CVE-2025-5703.json) (`2025-06-06T07:15:30.463`) +- [CVE-2025-5724](CVE-2025/CVE-2025-57xx/CVE-2025-5724.json) (`2025-06-06T06:15:31.580`) +- [CVE-2025-5725](CVE-2025/CVE-2025-57xx/CVE-2025-5725.json) (`2025-06-06T06:15:32.100`) +- [CVE-2025-5726](CVE-2025/CVE-2025-57xx/CVE-2025-5726.json) (`2025-06-06T06:15:32.303`) +- [CVE-2025-5727](CVE-2025/CVE-2025-57xx/CVE-2025-5727.json) (`2025-06-06T07:15:30.657`) +- [CVE-2025-5728](CVE-2025/CVE-2025-57xx/CVE-2025-5728.json) (`2025-06-06T07:15:30.887`) +- [CVE-2025-5729](CVE-2025/CVE-2025-57xx/CVE-2025-5729.json) (`2025-06-06T07:15:31.133`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `2` -- [CVE-2011-10007](CVE-2011/CVE-2011-100xx/CVE-2011-10007.json) (`2025-06-06T04:15:41.237`) +- [CVE-2025-31171](CVE-2025/CVE-2025-311xx/CVE-2025-31171.json) (`2025-06-06T07:15:25.090`) +- [CVE-2025-4191](CVE-2025/CVE-2025-41xx/CVE-2025-4191.json) (`2025-06-06T07:15:27.087`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e5ad95aa67f..04689e44ee5 100644 --- a/_state.csv +++ b/_state.csv @@ -47847,7 +47847,7 @@ CVE-2011-10003,0,0,6412423cbcc1d2918013fc1df3cebbbcb3b7584426cce9ea1b9953240234b CVE-2011-10004,0,0,ec3da51d090457791c200e7f71e78a08f52c2aec5e3aab2bdb5915aa68bee988,2024-11-21T01:25:17.503000 CVE-2011-10005,0,0,627c8d48b59c9d04a5be3ca9721abb26f33a91af30259ed758e346cc8b2645eb,2024-11-21T01:25:17.667000 CVE-2011-10006,0,0,dd734ea71adfdfffdfb5628f909ca34f56f35c648e0de9eca7d4ff5e5f1df3de,2025-04-11T12:51:20.457000 -CVE-2011-10007,0,1,6962a55b1aab80e87d1c7a0c82160ab4ec4f8c96c7727325a3ab834ddb151ac6,2025-06-06T04:15:41.237000 +CVE-2011-10007,0,0,6962a55b1aab80e87d1c7a0c82160ab4ec4f8c96c7727325a3ab834ddb151ac6,2025-06-06T04:15:41.237000 CVE-2011-1001,0,0,11839c7b8e84067f9cb7b0fb6341ae801683b41bcddc1fb61a0d4d9d0b6749f0,2025-04-11T00:51:21.963000 CVE-2011-1002,0,0,d33347c721e3b89d36f002b1fe6013c7e41d667ea328068299497443349dd1dd,2025-04-11T00:51:21.963000 CVE-2011-1003,0,0,d7e1f3fe9a186593ca7a3a72b1b932ddf10706cfcc913dbcaa45bff48d214fa4,2025-04-11T00:51:21.963000 @@ -224101,6 +224101,7 @@ CVE-2023-29206,0,0,05757323076564194eb0d2d2908b8334d6e6a978aa54bc6ee226a0d36cc62 CVE-2023-29207,0,0,0af945ef09065db90527ef274d7ce0495ad84a6920d29cd49153411b29baf617,2024-11-21T07:56:42.957000 CVE-2023-29208,0,0,d72b1806b1a1227f32e97378fed3e89636f834684f9c16c8299375c3bb3bce52,2024-11-21T07:56:43.067000 CVE-2023-29209,0,0,b1a441944c74810d18fc5489d956cef09498551551095624d6742251ccaf5fbb,2024-11-21T07:56:43.173000 +CVE-2023-2921,1,1,1a7d731e85d883141b07d3d279ef6b7b27b0476a700a0f8210647f7ebffb7b7c,2025-06-06T06:15:30.597000 CVE-2023-29210,0,0,c3845ea336ba86b11c4eb91d03d31293cb5fa7d22a81e37d92159250f0782f95,2024-11-21T07:56:43.280000 CVE-2023-29211,0,0,2c3cbb186baea22a317d036509e1c123cdef6e9162bb76b6980c83b9c51f1fd5,2024-11-21T07:56:43.390000 CVE-2023-29212,0,0,7e4cfc930a4d95e84076cf66c0dc7b198644afe8874cd82ae3f152882ef5d0b8,2024-11-21T07:56:43.500000 @@ -270536,7 +270537,7 @@ CVE-2024-46936,0,0,8b90383cd17b05972139dd51260528d7de429165343a27e0f637b90d1d54a CVE-2024-46937,0,0,d5f32b3cddab159921daee092a94e4abd7655b1fb9295966ce6c0abdbf2c4704,2024-10-24T17:35:09.287000 CVE-2024-46938,0,0,8b4b4affa32c0cbd87e13612fba65244fd60ee500ac511fb6da9f8420258ca02,2024-09-20T18:15:10.590000 CVE-2024-46939,0,0,b38fd104d15bb555e6fe4b520952eb24d5dd854a2748488f8470e93ef0ec4eb4,2024-11-28T04:15:03.987000 -CVE-2024-46941,1,1,7ac1295cb5a356628044085f34ad5ba09f7b7f0cf7873698b5abf43b11a8dcc9,2025-06-06T04:15:48.717000 +CVE-2024-46941,0,0,7ac1295cb5a356628044085f34ad5ba09f7b7f0cf7873698b5abf43b11a8dcc9,2025-06-06T04:15:48.717000 CVE-2024-46942,0,0,40d44cce7ab46d5125a0047deedf2c1db1ce7b2bb78e48d8ea29206d2f37f23d,2025-03-14T19:15:47.533000 CVE-2024-46943,0,0,9e33ddcf657c60af51e9f608ff73a5fa960b1aca6307108982621af4ff97025e,2025-03-14T19:15:47.707000 CVE-2024-46946,0,0,a4e07dc5ad75fbae4520cef9e33c0e117d786edf5f3362d441ee46603ff6340e,2024-09-20T12:30:17.483000 @@ -278401,6 +278402,7 @@ CVE-2024-58110,0,0,641dae961843e3f416d88441b261a089881d9641b0266741558a2b74760f2 CVE-2024-58111,0,0,e7f16f22506ab98702484e29b0b264af82491b83dea5fddb042a910069929230,2025-05-07T20:15:48.627000 CVE-2024-58112,0,0,60f726caad9effa393a905f9a343246cefb1492679a59aab68341eebfe34f5d0,2025-05-07T20:21:40.357000 CVE-2024-58113,0,0,37d5efe126105105f509f811c1f66010427e6d8dfea43d5348f5a10e754f0d29,2025-05-07T20:15:32.183000 +CVE-2024-58114,1,1,70e4d877949741668274aa40d607ab9afad5ef132ad8daf39d2cce1250a4141e,2025-06-06T07:15:24.560000 CVE-2024-58115,0,0,8ee2d57aa555a84811a17c06b65aa39cf412a6df9d198ae25f7d44238b3b5ce0,2025-05-07T20:37:34.593000 CVE-2024-58116,0,0,f58b4e66b242172378a49c65b24c27c96f9911918be8c66bf34686462ff2d8ae,2025-05-07T20:37:53.310000 CVE-2024-5812,0,0,6925a842f54ea6dbd38d5338f4d1bba7949620aed85abec9f4ea1fe79df642ce,2025-02-11T21:36:43.423000 @@ -283746,6 +283748,8 @@ CVE-2025-1771,0,0,c85ae8d5b444fca4235a111290e26baf0c09c1219a46277bdb0b1ec9dbd793 CVE-2025-1773,0,0,10b8afc2b67c1ec534acf6a2e864bcd7ed785a68ced539a560488e697d406767,2025-03-28T15:02:33.313000 CVE-2025-1774,0,0,b7bc9b6d14117ea41567dc2b1ec0413a34cc48ebc3a8f058e66c949851cae578,2025-03-17T15:15:43.523000 CVE-2025-1776,0,0,9f5910c7138c13ec1de71b228a6c2b4d183ead70b893aab7547c66452e55fc54,2025-02-28T14:15:35.943000 +CVE-2025-1777,1,1,76029098bf8da4b73ba7b62707c68f3f2a1941a310ad81be86279ab9f24f0d5f,2025-06-06T06:15:31.163000 +CVE-2025-1778,1,1,ba98c528d43aaa4023dfac924d5b6b08618128945fd25bb15a8b37cfa3a7776e,2025-06-06T06:15:31.397000 CVE-2025-1780,0,0,27a42e84da655d8b64968225ee9bb0ae9c4002296681b59ea51446bf623485ad,2025-05-26T01:36:29.360000 CVE-2025-1781,0,0,822d9dd7d94e5b498257a849d2a77ab936366d257a4d3fe0593c5d9951a3a28b,2025-03-28T18:11:40.180000 CVE-2025-1782,0,0,c63bbaca795d770dd3d41b498ef50010308f74d5485f5283e76b3450888c5cab,2025-04-30T18:15:37.500000 @@ -290089,6 +290093,7 @@ CVE-2025-29316,0,0,edbfef5d2b6ba20f5ddacf4404f4ebf4c89ebe5fca32750f4069bf616e710 CVE-2025-29322,0,0,2d154ec4512c8c4d705799afa2ea73c17ca8f22a9dcc44f2fe16f737f7f4c5a2,2025-04-08T19:15:48.650000 CVE-2025-2933,0,0,d2bf8266af3293189f2fc83d9c7224df7d9162ddc33d6ffbeb12c1b55081638f,2025-04-07T14:17:50.220000 CVE-2025-29339,0,0,37cf2a028a70e363b59096bf53fd42cd5e9f43c9e6d14e2e5b30f23715c8736c,2025-04-23T14:15:28.957000 +CVE-2025-2935,1,1,757a8519dff0b0960bd9eddadc94f93010094963ecd36ffdb6a82af77e32a110,2025-06-06T07:15:24.823000 CVE-2025-29357,0,0,eb014a723aa009227f0255b17dfaab32ae69c018e0a2e5c6777057d80a0cac3f,2025-04-02T20:33:45.110000 CVE-2025-29358,0,0,610f6132677edbf66dfcad4906cefbaf7edab86ba5e1c4ae5ea8eda11e0df66d,2025-04-02T20:33:25.387000 CVE-2025-29359,0,0,bc55d7beb5c2520d4a35b3c9d88ad54b81653c8af5ca4e66e75dd78808d6a6dd,2025-04-02T20:33:36.983000 @@ -291271,7 +291276,7 @@ CVE-2025-31163,0,0,0d23fc46a79319324af9251b76f99e828668eada4156c0f4488a35318beeb CVE-2025-31164,0,0,4b001c140896288467c92c772e2ebf8f58e53bdc0e31f0e36dc064cef4c67cc1,2025-04-01T20:26:39.627000 CVE-2025-31165,0,0,890d4b71d79960b8670f39224093c3ef99c7f92edd823784cbe3204f4aa998a2,2025-03-27T16:45:27.850000 CVE-2025-31170,0,0,c3da7797f519ed212ad3546b655748de4a071c1dd7a177d6ab90edafcaedfe9b,2025-05-07T20:46:57.603000 -CVE-2025-31171,0,0,9817a2deb0a357c49dde85652b87927a552f686611eddf08b32ce14bb7f84305,2025-05-07T20:09:08.480000 +CVE-2025-31171,0,1,4a534626edebc2023d516705ae4ea70b272964868d24a4e37b00e8d466eedd94,2025-06-06T07:15:25.090000 CVE-2025-31172,0,0,90e32b574e57aaae3c88f8457f70e0bd6dfca1d0be15fef48145d614510dc82f,2025-05-07T20:08:51.903000 CVE-2025-31173,0,0,2700554065e1cb73ad11576db038a3f6fd80ed44a1be6e9fcc460b1120bb3ab2,2025-05-07T21:05:41.260000 CVE-2025-31174,0,0,d76e0798a38b9d3731c9101790223eb496cf1566e3e50e96ab78e847bf060e3f,2025-05-07T21:06:10.167000 @@ -293086,7 +293091,7 @@ CVE-2025-3647,0,0,d085366814e191fa929649b449c3c94db9fdfb290fac2614b251f62d5616ef CVE-2025-3649,0,0,df5be861cb9901de2ff346df6053edd181ced31f9d06ef10ebd9788e09b37197,2025-06-05T14:27:28.437000 CVE-2025-36504,0,0,30afeffa7b8ef5e478f29856811f9be90f1ece9e22dbe373c856a36c842492cb,2025-05-08T14:39:09.683000 CVE-2025-3651,0,0,30e087cb1671b81c1bf0c1d2a4d51e77f706a32948b7aa67dbe7688506dce698,2025-04-17T20:21:48.243000 -CVE-2025-36513,1,1,8a512964bb90d307762b1231a66d6057fd723922e20492e123c6128a1f375770,2025-06-06T05:15:25.710000 +CVE-2025-36513,0,0,8a512964bb90d307762b1231a66d6057fd723922e20492e123c6128a1f375770,2025-06-06T05:15:25.710000 CVE-2025-36521,0,0,76dbe5c9e005eebc45d03f4e270884a68d88e62c1e707e433be80dfc20224dd6,2025-05-02T13:52:51.693000 CVE-2025-36525,0,0,304058dc6057ec0d8f22d43f92f7c943e71e5e18bc158b199ea34013a3ed45ac,2025-05-08T14:39:09.683000 CVE-2025-36527,0,0,020ac4647f700215df1a929fd367ca00f7a928aa1186e2cc968570239b95437f,2025-05-23T15:54:42.643000 @@ -294164,7 +294169,7 @@ CVE-2025-4186,0,0,dab70a09e90dae7c54c24591d73076ac14325c30ca1a211bf9896872e7af04 CVE-2025-4188,0,0,dae4661d96faab4b86b2442932d3ed4a7d5e86b7964e0bf5b5ad937c7ef62825,2025-05-05T20:54:19.760000 CVE-2025-4189,0,0,a0e2a19d22d932ca0e26b1ac038e49b5f17b80b816561f13c2c6e3219b687b6c,2025-05-19T13:35:20.460000 CVE-2025-4190,0,0,4f395a948a9f8a0068a130270d47a0c65aedf94728f2f75941d0b07c1298d467,2025-05-19T16:15:33.407000 -CVE-2025-4191,0,0,293215fc7f88fb3db0196494de8902624e8e0ba413d7b0c39ca5c95a23d9743c,2025-05-09T13:41:58.530000 +CVE-2025-4191,0,1,bbbe8d67bb74bdd05ea1211ceee38512f649d31b51b17b6f1de22c3899d95218,2025-06-06T07:15:27.087000 CVE-2025-4192,0,0,f5bd51fdd6a57b3e7b0960a876219c503d94779bf69ab8792a4e156b268d3bfb,2025-05-16T17:39:07.340000 CVE-2025-4193,0,0,43d431ac130cb754304de4c62b810821f57782b8e3f9ada6696d50cdcedddf5d,2025-05-16T17:37:40.313000 CVE-2025-4194,0,0,962435944fa606c9dfc6528593d51587b297f686f224bc6850f700765555ffdc,2025-05-19T13:35:20.460000 @@ -296018,7 +296023,17 @@ CVE-2025-48888,0,0,e337e94b85d7a08366e0c5a3cc16b222a86bb1703b8b9d4a80140797b44cc CVE-2025-48889,0,0,10193c433a4bb6349663dd15365e40e7749e3028945374c079cc00a7a9212044,2025-05-30T16:31:03.107000 CVE-2025-4889,0,0,01c7a8037082d88b5ac656519933c8c5460517579f14e0273e6b2875f7942bab,2025-05-28T15:30:05.053000 CVE-2025-4890,0,0,81e619b8915c0f1194bf5df58e7b0a9363ea517d5998dc711619ba92ff360f3e,2025-05-21T19:37:54.033000 +CVE-2025-48902,1,1,51c6ba361b3391fcaaa07eb79c87176f51cec3b0ed0939e6037c6172f56c355d,2025-06-06T07:15:25.360000 +CVE-2025-48903,1,1,f6ae229b55430123040e697902b395c49c9ed4d7cf71ee4f04e46fe68a599968,2025-06-06T07:15:25.577000 +CVE-2025-48904,1,1,ee08748eaafc1504d72e263a3636ec45e247fb3c6528e1088feaf8f596f7f6f2,2025-06-06T07:15:25.753000 +CVE-2025-48905,1,1,8e1725dde9195a346fbba8978954d03ae3b36017663add4c1d6384e8f010d8b9,2025-06-06T07:15:25.927000 +CVE-2025-48906,1,1,ec41ae0aa0279bccbb7a227fd5958b4603ddc1331de5e7cd0421b2db32ab1b39,2025-06-06T07:15:26.087000 +CVE-2025-48907,1,1,764df93cc9ee4a416ccb5fcc6a374538213c1d5f68b6d9bc89c1701ae45b964b,2025-06-06T07:15:26.253000 +CVE-2025-48908,1,1,bbc5bfcba3e06fe09869ec53436edc41efd4f289dcbaf5d30958976aefb2c508,2025-06-06T07:15:26.417000 +CVE-2025-48909,1,1,5a54870c55eb996401a3aa1f95d70de35b8e4a1907d567ef5b852fa527b22a41,2025-06-06T07:15:26.593000 CVE-2025-4891,0,0,ce5eadb58621294f252fd31aa2b4c3c08be14da6ad289e0467dbab1173f36755,2025-05-27T15:29:23.960000 +CVE-2025-48910,1,1,a1afd509fe96f4b5d721737b8707d10863eb3912b002621330f39a48a682a2df,2025-06-06T07:15:26.760000 +CVE-2025-48911,1,1,cec89b7dfc146318c148f288473cd855927880ad0b1dc83837dc000419a7f53d,2025-06-06T07:15:26.927000 CVE-2025-48912,0,0,4848d33489117f53b877c948399935df619e976eec472273191f1ca26ec7244c,2025-06-04T18:29:44.323000 CVE-2025-4892,0,0,002d5f2a93da7cbbf0db54aa5606cb91f8377f6151252d2e3edadf3dcfd06185,2025-05-28T15:32:12.643000 CVE-2025-48925,0,0,21a2cb4f4a9620e34d454c14028a00f2b70dc9544a21aca3383488609c689c05,2025-05-29T14:29:50.247000 @@ -296138,6 +296153,8 @@ CVE-2025-4948,0,0,2d8928ecccf769064199e618193b5181fd943840af74729dd43fad03a17cb7 CVE-2025-4949,0,0,c11b53f05ae94538ba622256f90c8d8b1286550f417cb15b7dccd733b074e027,2025-05-23T07:15:21.160000 CVE-2025-4951,0,0,8d2965f90ffa46a261e1b06cd533aeb358abbd5115dc1f57a5b34acf12ab582b,2025-05-21T20:25:16.407000 CVE-2025-4963,0,0,bcea30a5657c56e720740d0c1da3f6ecccc2ea27495c62c19f4e987237e46939,2025-05-28T15:01:30.720000 +CVE-2025-4964,1,1,656c5afe35770d0a2235cb7879cbe0ca3dcffaa3e145e6bd06bddd27612b87ce,2025-06-06T07:15:27.603000 +CVE-2025-4966,1,1,161fd3e919a301686e6f1e42fcab5b4eb851e6e0912aebe8bda34dd0c694e63d,2025-06-06T07:15:27.790000 CVE-2025-4967,0,0,fa5aaf72596dd505e2f8bb43a15bd743497bb32df510d8b3798c90dfaee37959,2025-05-30T16:31:03.107000 CVE-2025-4969,0,0,4f90cc424a2a0f4e9ed8afa3693879db2394c134460b9fa8753024f2852d3968,2025-05-21T20:24:58.133000 CVE-2025-4971,0,0,ec01b010a198b670732c969d73dfa53bbd76f2e075f866245cc573c614982079,2025-05-21T20:25:16.407000 @@ -296171,6 +296188,8 @@ CVE-2025-5010,0,0,93497e2b48b334d59fac1bb8ca9073e5f336f986ef89ce0b89f9db876e65e8 CVE-2025-5011,0,0,d1caeeaa784d143902e41e16fc8809733bc411c4665df188f33764965bcab2ec,2025-05-21T23:15:55.447000 CVE-2025-5013,0,0,9e2206cee3d9a4da13b7d790d61a24286d0c704fc74b7b095d3cf27be2eea613,2025-05-21T23:15:55.563000 CVE-2025-5016,0,0,b9a08e54f0dc13772d502436f2596aa0967ba42878080f55f50a463435bfc853,2025-06-02T17:32:17.397000 +CVE-2025-5018,1,1,7dfab08a9475c5b96c87b9dcc5b25cb12afca820e6d65365667a7862063fb4a1,2025-06-06T07:15:27.970000 +CVE-2025-5019,1,1,4e2769a90681d727eb7939f1d179352b378b0b141463bc8bdf541c802c050a14,2025-06-06T07:15:28.157000 CVE-2025-5020,0,0,8e92e81268cb02470f5321fbe111bd1217491079f6b87fc538686f0917f7768a,2025-05-21T20:24:58.133000 CVE-2025-5024,0,0,ccdd8a7db520a87487d39e567caff85e7e094c68165b88263d5456db37c53d13,2025-05-23T15:55:02.040000 CVE-2025-5025,0,0,d8851777e61365e1aa05e5e547ad31f1c257710ee925f9d10fb7d3665c7bb24a,2025-05-30T17:15:30.200000 @@ -296455,6 +296474,7 @@ CVE-2025-5446,0,0,9d168da398a778ce0b0095a7e0a8e3bca462cdb12a826e6bb187c380e071a1 CVE-2025-5447,0,0,a5cb8bc4c7a4de9ae3bfa5d338b695456ece1a5a0b2112b238cb5da4d8fbdcc4,2025-06-02T17:32:17.397000 CVE-2025-5455,0,0,49ebfbc7472b909f08e0e5deb4e4ea5f4cedd298a2046130e62c9603cffb4aad,2025-06-02T17:32:17.397000 CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0b3,2025-06-04T14:54:33.783000 +CVE-2025-5486,1,1,5c4b35712b5e7110eb1bfafff041827c6ab96d34cfe36a0c216dafa8adfbc410,2025-06-06T07:15:28.347000 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000 CVE-2025-5495,0,0,119827a376db9a3a9ce1110409fd703f076cb8ae90c38353380ea0b67ec862d6,2025-06-04T14:54:33.783000 @@ -296484,7 +296504,12 @@ CVE-2025-5525,0,0,477ad6529ca0081701a09dd27019e99028d161ae7825de60804c5f6a4ef5cb CVE-2025-5527,0,0,5dead2f90bfa336b299d2790c248c3e2b665e86fc2c3c9c7ff0f4ee35f1af83c,2025-06-04T14:54:33.783000 CVE-2025-5531,0,0,6d27f31038761ad0a1ccad441f88039d5d4e8afb6e2422d32c208713130619d5,2025-06-04T14:54:33.783000 CVE-2025-5532,0,0,d307f7aa5ca0395a7c8a1bde45bdc53cca6e2426e0b9fc80212fdc7f65c5fbe7,2025-06-04T14:54:33.783000 +CVE-2025-5533,1,1,e9a4341f4bfcae12d2241b41cf681ad2d09259809ef20b71fd0f9a91f56a8abb,2025-06-06T07:15:28.530000 +CVE-2025-5534,1,1,e56e58a109e19da353f22368cd09990dac85acb57d83699262b0278f241d45b9,2025-06-06T07:15:28.727000 +CVE-2025-5536,1,1,36e82228d4377ff24ba9e713c06920dd59355061d068aa6d6549c720c115fe4c,2025-06-06T07:15:28.907000 +CVE-2025-5538,1,1,68028f6f7691e9204fa1e1790947ea4a9eb60c9ecd1980fa172b0cfb75d8ed44,2025-06-06T07:15:29.080000 CVE-2025-5539,0,0,298ac745dff309bfc9c32d271927b52132f95cd6835d223a8ca6e238897e44d1,2025-06-04T14:54:33.783000 +CVE-2025-5541,1,1,23c4eec6a38d029a165d1505b65939ad33a6ebcb9066c40f2b3ec1bd7d694ffc,2025-06-06T07:15:29.280000 CVE-2025-5542,0,0,d6f73127563d185f85d4ea7483a6651c4389b791fccb5a0f74ef856dec9c4d33,2025-06-04T14:54:33.783000 CVE-2025-5543,0,0,1d8a435ed88a5df21f363a761b25c4a0cbf09f84f022d0fbe70e5e84f11f1af7,2025-06-04T14:54:33.783000 CVE-2025-5544,0,0,020a516e79a3f89efe59dfb651e1ec3f5e799cf4a3d54ccd47ef877829750c60,2025-06-04T14:54:33.783000 @@ -296504,6 +296529,8 @@ CVE-2025-5558,0,0,2ac6d8dec4afd7e15c38ca1bcadede5871807c94fd2187d1936fb3e8f723e2 CVE-2025-5560,0,0,9af623a67baf1975e1c266a9dd2b23fb673ba32b97484cf97dfcbc25c8056283,2025-06-04T14:54:33.783000 CVE-2025-5561,0,0,89bf58530abc9290057be65b322800672f7156f0149b4511ecbae6f44f339e6b,2025-06-04T14:54:33.783000 CVE-2025-5562,0,0,343add22f2528d1ab365d74b6c653aeb153b343601b0ebacf12124363f3af2da,2025-06-04T14:54:33.783000 +CVE-2025-5563,1,1,9ba007a5aba5914c7afc992f033f345805b01d0cc864ca194a7c0fdace2b7675,2025-06-06T07:15:29.503000 +CVE-2025-5565,1,1,3efa99f6546952148f7c0ecd237cd60f6636b777e01abc140255962f39f49736,2025-06-06T07:15:29.700000 CVE-2025-5566,0,0,6cd1b19db0a2abdf35ae21538de449c05d1cecfb40c37f0b82d89c2ca9b4dcf9,2025-06-04T14:54:33.783000 CVE-2025-5569,0,0,4c30b6740d26360ebc0aa84c2a25fe04c9749eefc6a71facbba872eca1a65c71,2025-06-04T14:54:33.783000 CVE-2025-5571,0,0,88815a4b21737d58e162800981d93fa4afd05c1cd7a98afd3597a0eeba47b636,2025-06-04T14:54:33.783000 @@ -296520,6 +296547,7 @@ CVE-2025-5581,0,0,c54747d4f47de2d53a0450ac3d2803f6b1ce7f3a8f3dd0d32c7ea29ca0ea8b CVE-2025-5582,0,0,d2f1baa22f55fc38a8f865d0e99938121f7ce9bfb4e6584060e61c164943f9d6,2025-06-04T17:44:37.780000 CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991ad,2025-06-04T17:44:26.393000 CVE-2025-5584,0,0,33fb5e30c150aff6fd49d9e5053812971ddea6fb06de04e2dfe2862137521fb0,2025-06-04T14:54:33.783000 +CVE-2025-5586,1,1,9c5568e51dc5d2bcfd051b14ad5913d1ba052b4c44a3b163ed9911df016d6a34,2025-06-06T07:15:29.880000 CVE-2025-5592,0,0,788797f86c46be9691efa8bf5e6ca7f39860f123d70f12f2bbf93e8b3cfcaa8b,2025-06-04T15:15:24.060000 CVE-2025-5593,0,0,2fc870a522f11936dac0dea9ff39b04ab227f9c952baf080bcd9f5e32f30e2b0,2025-06-05T20:12:23.777000 CVE-2025-5594,0,0,b27966499bfacb8dd28a0b76f2459af0a87ee57098cc25d08139feded7c76259,2025-06-05T20:12:23.777000 @@ -296607,6 +296635,7 @@ CVE-2025-5679,0,0,59c0e847ad907b313509a8a7262ed706ea6357cc7a8feeba56ceeee73456c7 CVE-2025-5680,0,0,ac61e1c24d8324f72dbb4e75c264ec0155ce51688ab2ace27a8ae029c32873af,2025-06-05T20:15:26.790000 CVE-2025-5683,0,0,1a3b3cb960b03a08fa5b7c4079149ff9fe6c9f4a5d5c8b0f22c43f750a1037ab,2025-06-05T20:12:23.777000 CVE-2025-5685,0,0,059cd6cc5ce733bf6647de7ff24aa5771721f8c52c4a7ad93daf964feb01b718,2025-06-05T20:15:26.993000 +CVE-2025-5686,1,1,bc6301a77db1957a9012cb31693e5b573d2ec31b1abea4c579e33a73c67e711b,2025-06-06T07:15:30.070000 CVE-2025-5688,0,0,8859de4a9377955821b5e59f7a118128be39b8ffcd1a35e1ff851cd9073a522a,2025-06-05T20:12:23.777000 CVE-2025-5690,0,0,2e6ec95a91973b0c3c4a92b7ee6f9cd8669b2bfbe2e8890344ec60c22753f2e7,2025-06-05T20:12:23.777000 CVE-2025-5693,0,0,73ee6abfd203da68e2c70f3b21c71009f66bd2babb7c5a3cb5b33a3a3f586bf3,2025-06-05T20:15:27.193000 @@ -296615,8 +296644,10 @@ CVE-2025-5695,0,0,063f24d0c2b1152f4531ba63d7cdd6a17fbb245b44cbd467b6e26c69533236 CVE-2025-5696,0,0,0347b4cba043d5ba1e68709292fc67d2e42e886a13ba655971fee5068f4d39bb,2025-06-05T22:15:21.770000 CVE-2025-5697,0,0,65255ba505c3d3bfa33ff57560884cd8e0bdaf4e8acec4cb7c5189e886e27235,2025-06-05T22:15:22.760000 CVE-2025-5698,0,0,3bc6d68f8bac4465e140c6fad804f5cb232019488237f1cd169082769509a350,2025-06-05T22:15:22.963000 +CVE-2025-5699,1,1,be5d21dcad32dfe086150ecb00fddb907565548870e00d0bede1b020172e3ca4,2025-06-06T07:15:30.270000 CVE-2025-5701,0,0,4e463ab950f8de8dad2504c9adb1bf69b81ba722d49ef312bfe8e0759a419475,2025-06-05T20:12:23.777000 CVE-2025-5702,0,0,ee47ef64676a08151d4b3eb2425d567b0db2b91fed39f1554b45738f903b4519,2025-06-05T21:15:22.873000 +CVE-2025-5703,1,1,02b101ce8060ed20cc3786565adee8f340de9a049c1fc1ed9223f64bf87b9ff2,2025-06-06T07:15:30.463000 CVE-2025-5704,0,0,04beee8a3eb537701c59a3d3797878b13a52af2c4eb1c98a2bf9ef70bf69db6a,2025-06-05T23:15:22.613000 CVE-2025-5705,0,0,0ff358d25cdbb96d1c496b09520f013c9f6b28418dd17b468ae2205989a211b4,2025-06-06T00:15:33.750000 CVE-2025-5706,0,0,69c700685b786445db1c34156db2d8aaab66cbb1389db417b2eef29b7620471b,2025-06-06T01:15:25.233000 @@ -296627,12 +296658,18 @@ CVE-2025-5710,0,0,a4986961ebccf1c24aaef38468ee4c037385b5ea06c111b45687d9f4d48952 CVE-2025-5711,0,0,1cbcff38819e4b0de061a1e070f8ba26efe4081b1dd87e928b9890c4ea932a8a,2025-06-06T03:15:25.353000 CVE-2025-5712,0,0,ee9e7789cb5702291be6cc02ae0ee2cf59d33cf8f17551fc654883c0c0fa095a,2025-06-06T03:15:26.607000 CVE-2025-5713,0,0,d5230e66b12296377504b357aeb57df100cb8735f6970717192be22c1778c708,2025-06-06T03:15:26.820000 -CVE-2025-5714,1,1,f325293e0bdf11a2d38c8fe0b7d300abfe06a4c48eb29d4e6740ddedc26323da,2025-06-06T04:15:54.847000 -CVE-2025-5715,1,1,c549dedf8f18a31a17db5b0d12ac2c0f1758259cc84d6914876e1b910f2f066e,2025-06-06T04:15:55.747000 -CVE-2025-5716,1,1,05ff8b0d50f12fc788cd1a5b5ea78ab1cb92e4f2bf9d52de36a876188c5bb048,2025-06-06T04:15:57.157000 -CVE-2025-5719,1,1,3365d07b7e5244b36ebf3c7bbd556f60e4dbcd5f59cc57d85eb20811268f6c41,2025-06-06T04:15:59.310000 -CVE-2025-5721,1,1,acdc1323104c8cc68eca290c87ee12b78e828ea873146b345ae84261c9b36539,2025-06-06T04:16:00.297000 -CVE-2025-5722,1,1,65a4a236210b7d71e031a5f5f15f548284ef2ad5496ba10919780942893e7304,2025-06-06T05:15:25.970000 -CVE-2025-5723,1,1,0907f9f8fe7d9c18c43315b01a0ef8041cb166ff8c26b47419c61da0483b148c,2025-06-06T05:15:26.180000 -CVE-2025-5733,1,1,c5f5665f9dab87dd0d97339541a9cd2f4bf8981198cfcb514e8a85cacbcd9a75,2025-06-06T04:16:01.840000 +CVE-2025-5714,0,0,f325293e0bdf11a2d38c8fe0b7d300abfe06a4c48eb29d4e6740ddedc26323da,2025-06-06T04:15:54.847000 +CVE-2025-5715,0,0,c549dedf8f18a31a17db5b0d12ac2c0f1758259cc84d6914876e1b910f2f066e,2025-06-06T04:15:55.747000 +CVE-2025-5716,0,0,05ff8b0d50f12fc788cd1a5b5ea78ab1cb92e4f2bf9d52de36a876188c5bb048,2025-06-06T04:15:57.157000 +CVE-2025-5719,0,0,3365d07b7e5244b36ebf3c7bbd556f60e4dbcd5f59cc57d85eb20811268f6c41,2025-06-06T04:15:59.310000 +CVE-2025-5721,0,0,acdc1323104c8cc68eca290c87ee12b78e828ea873146b345ae84261c9b36539,2025-06-06T04:16:00.297000 +CVE-2025-5722,0,0,65a4a236210b7d71e031a5f5f15f548284ef2ad5496ba10919780942893e7304,2025-06-06T05:15:25.970000 +CVE-2025-5723,0,0,0907f9f8fe7d9c18c43315b01a0ef8041cb166ff8c26b47419c61da0483b148c,2025-06-06T05:15:26.180000 +CVE-2025-5724,1,1,49c6ef1293e6731b483955069191bcabd979b75dcc354f6a529ea3c857a17f76,2025-06-06T06:15:31.580000 +CVE-2025-5725,1,1,d1122b8979774b4a2e61d076b9f6302dc15071155841a7fb8ba34a15d6aca47c,2025-06-06T06:15:32.100000 +CVE-2025-5726,1,1,3abf0ce7ba6937b7c90f700ec89f4d28cc39d472bdb23dbf9b7631fe30198bce,2025-06-06T06:15:32.303000 +CVE-2025-5727,1,1,e5e3e497eb82aa63292cdcce97d3dda88ce7a00ba89a5582c82cda30c3334f9d,2025-06-06T07:15:30.657000 +CVE-2025-5728,1,1,915cd940e6a694a406d67f11e01a4a8982093111b44ff0d642c0ae837fa934f5,2025-06-06T07:15:30.887000 +CVE-2025-5729,1,1,b3363eefc598c66fa7db81b4ea346a67cf3dc12efe772c7327c2c105460d25c7,2025-06-06T07:15:31.133000 +CVE-2025-5733,0,0,c5f5665f9dab87dd0d97339541a9cd2f4bf8981198cfcb514e8a85cacbcd9a75,2025-06-06T04:16:01.840000 CVE-2025-5745,0,0,a48c97f3295325ba0b67cceb39fcc754c3ef6872892d5057110c8e62080215c2,2025-06-05T21:15:23.023000