diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1355.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1355.json new file mode 100644 index 00000000000..5f66004407d --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1355.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-1355", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-16T17:15:07.973", + "lastModified": "2025-02-16T17:15:07.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.295963", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.295963", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.496075", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.websecurityinsights.my.id/2025/02/library-card-system-shell-by-maloyroyorko.html", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1356.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1356.json new file mode 100644 index 00000000000..d1c4e5dd36a --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1356.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-1356", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-16T18:15:07.383", + "lastModified": "2025-02-16T18:15:07.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.295964", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.295964", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.496087", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3638ad6eae2..8c9f0afff6b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-16T17:00:19.445534+00:00 +2025-02-16T19:00:19.560280+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-16T16:15:19.253000+00:00 +2025-02-16T18:15:07.383000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281485 +281487 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-1352](CVE-2025/CVE-2025-13xx/CVE-2025-1352.json) (`2025-02-16T15:15:09.133`) -- [CVE-2025-1353](CVE-2025/CVE-2025-13xx/CVE-2025-1353.json) (`2025-02-16T15:15:09.320`) -- [CVE-2025-1354](CVE-2025/CVE-2025-13xx/CVE-2025-1354.json) (`2025-02-16T16:15:19.253`) +- [CVE-2025-1355](CVE-2025/CVE-2025-13xx/CVE-2025-1355.json) (`2025-02-16T17:15:07.973`) +- [CVE-2025-1356](CVE-2025/CVE-2025-13xx/CVE-2025-1356.json) (`2025-02-16T18:15:07.383`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-1196](CVE-2025/CVE-2025-11xx/CVE-2025-1196.json) (`2025-02-16T15:15:08.200`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 79cce8b832e..006f7e81c8d 100644 --- a/_state.csv +++ b/_state.csv @@ -279237,7 +279237,7 @@ CVE-2025-1191,0,0,a9443451c80e7e8f60c9625659585c30e981d1cf45549b4cb91185c07237bb CVE-2025-1192,0,0,d1f7e39b32f8c53dde42a30e4b900bd146d3192392e3efbb1e9aa57fb4c397d2,2025-02-12T11:15:10.727000 CVE-2025-1193,0,0,27e75799b537e2de7edb54e06b6e2c56ad7e3022fd1313c3a37564f7ef341b08,2025-02-10T18:15:34.273000 CVE-2025-1195,0,0,8173ee044f7a44d277ecd5bcf18ea26c61474b7fa54bcdb4ba1d679169d475f8,2025-02-12T12:15:29.397000 -CVE-2025-1196,0,1,a341521c6ec36a359ca3a6997d6fc06dbecfef1b545e90026b0a9f15d85e65d3,2025-02-16T15:15:08.200000 +CVE-2025-1196,0,0,a341521c6ec36a359ca3a6997d6fc06dbecfef1b545e90026b0a9f15d85e65d3,2025-02-16T15:15:08.200000 CVE-2025-1197,0,0,a51ead443f214c0f6ef96f804505332b87f10dc50ce1367c994773610f655dcd,2025-02-12T15:15:17.670000 CVE-2025-1198,0,0,f6207b50eb6e80b33d6cce685120110cd12848ecf71b1003965e650eb121e529,2025-02-13T02:15:29.627000 CVE-2025-1199,0,0,0b2d000c300f1d87e0ba30963c3bee998d11347294a6daefb6410adbf670161a,2025-02-12T13:15:09.537000 @@ -279281,9 +279281,11 @@ CVE-2025-1338,0,0,e4858627d5b15f5a42c72ef7bfb61ece178b4c7bf6a8e3bbd9b24bc2581c61 CVE-2025-1339,0,0,d4e323ee96c3c4bba4a59429c645443db325cf6db89704cebcea62b9c5f4107d,2025-02-16T12:15:08.173000 CVE-2025-1340,0,0,78afdb04c2b4919abb81cb49f3fd474851adb52959b9ac1cfa9fca0a042c1fa8,2025-02-16T14:15:21.130000 CVE-2025-1341,0,0,7838ddb01ef868fbd34dbd01f3687bed0ca3d9c8221cff3a4fd8381a764860e9,2025-02-16T14:15:21.893000 -CVE-2025-1352,1,1,ab1cb0fadb1cda3a606d58709a21380ec7be19d2291c2f10fb161a98095b1c75,2025-02-16T15:15:09.133000 -CVE-2025-1353,1,1,a316f11e73501222d7275028224ec2135788f80ecfa55a4dc98afa0b590b3f15,2025-02-16T15:15:09.320000 -CVE-2025-1354,1,1,3d7667bfcb2c0b251ddb0a6e2cd2d09c76acedbca3edf8c1b754b38382240774,2025-02-16T16:15:19.253000 +CVE-2025-1352,0,0,ab1cb0fadb1cda3a606d58709a21380ec7be19d2291c2f10fb161a98095b1c75,2025-02-16T15:15:09.133000 +CVE-2025-1353,0,0,a316f11e73501222d7275028224ec2135788f80ecfa55a4dc98afa0b590b3f15,2025-02-16T15:15:09.320000 +CVE-2025-1354,0,0,3d7667bfcb2c0b251ddb0a6e2cd2d09c76acedbca3edf8c1b754b38382240774,2025-02-16T16:15:19.253000 +CVE-2025-1355,1,1,2b32faeae86cf10a841d554d3f1028e038f2f84a86d16604e50e5f2d459277b4,2025-02-16T17:15:07.973000 +CVE-2025-1356,1,1,ad47206c360f81c88d742a140cb46365165054af6533ecf378500f5e98562fa1,2025-02-16T18:15:07.383000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000