admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-06T22:00:45.731836+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-06 22:04:21 +00:00
parent fd98c6d23b
commit eadaf6de3b
5 changed files with 250 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2025/CVE-2025-314xx/CVE-2025-31488.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-31488",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-06T20:15:14.310",
"lastModified": "2025-04-06T20:15:14.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/Hex-Dragon/PCL2/security/advisories/GHSA-wfpw-hfcp-9m73",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2025/CVE-2025-314xx/CVE-2025-31492.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-31492",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-06T20:15:15.063",
"lastModified": "2025-04-06T20:15:15.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenIDC/mod_auth_openidc/commit/b59b8ad63411857090ba1088e23fe414c690c127",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-59jp-rwph-878r",
"source": "security-advisories@github.com"
}
]
}

78
CVE-2025/CVE-2025-320xx/CVE-2025-32013.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-32013",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-06T20:15:15.217",
"lastModified": "2025-04-06T20:15:15.217",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/lnbits/lnbits/security/advisories/GHSA-qp8j-p87f-c8cc",
"source": "security-advisories@github.com"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-06T20:00:19.408971+00:00
2025-04-06T22:00:45.731836+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-06T19:15:41.153000+00:00
2025-04-06T20:15:15.217000+00:00
```
### Last Data Feed Release
@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
288726
288729
```
### CVEs added in the last Commit
Recently added CVEs: `3`
- [CVE-2025-2258](CVE-2025/CVE-2025-22xx/CVE-2025-2258.json) (`2025-04-06T19:15:40.197`)
- [CVE-2025-2259](CVE-2025/CVE-2025-22xx/CVE-2025-2259.json) (`2025-04-06T19:15:41.020`)
- [CVE-2025-2260](CVE-2025/CVE-2025-22xx/CVE-2025-2260.json) (`2025-04-06T19:15:41.153`)
- [CVE-2025-31488](CVE-2025/CVE-2025-314xx/CVE-2025-31488.json) (`2025-04-06T20:15:14.310`)
- [CVE-2025-31492](CVE-2025/CVE-2025-314xx/CVE-2025-31492.json) (`2025-04-06T20:15:15.063`)
- [CVE-2025-32013](CVE-2025/CVE-2025-320xx/CVE-2025-32013.json) (`2025-04-06T20:15:15.217`)
### CVEs modified in the last Commit

9
_state.csv
View File

@ -283858,7 +283858,7 @@ CVE-2025-22576,0,0,d91ec1220267346d1a0f0443983782bbf181c797facca8f491a7bfecb878d
CVE-2025-22577,0,0,de49ca44634bd4c2dcd4ed4b2c861f3aeca16b15d3e20dc646883514b316145b,2025-01-07T16:15:53.823000
CVE-2025-22578,0,0,a663c0074d74b9b4b7e504663f4236ea23bd746235c7a6cf544a9a518e4833f7,2025-01-07T16:15:53.970000
CVE-2025-22579,0,0,dec211853384da65ca43ab843ad0ef7d38624586cc8219bff72d8bb4860195e9,2025-01-07T16:15:54.130000
CVE-2025-2258,1,1,0cd74c3c079054629f3b7fe0c23cdb301c762243761a12a2db00d9a9f07c09d5,2025-04-06T19:15:40.197000
CVE-2025-2258,0,0,0cd74c3c079054629f3b7fe0c23cdb301c762243761a12a2db00d9a9f07c09d5,2025-04-06T19:15:40.197000
CVE-2025-22580,0,0,987481d428d626ab3a636b089b28e62611932bb1aa3674325a18a905b6d8d87d,2025-01-07T16:15:54.303000
CVE-2025-22581,0,0,f24e3c65602b83836f496886c24039cf1c8846e00c33a0a0c021007f597e352b,2025-01-07T16:15:54.467000
CVE-2025-22582,0,0,bbd386f1b2f8f011e4028e09374da7622be33dbcfbf78736ef844c0c8abee84b,2025-01-07T16:15:54.640000
@ -283869,7 +283869,7 @@ CVE-2025-22586,0,0,16804334a047b2f01340eb62615a8dd9316b9a12b35e95c16e6a136bd06b6
CVE-2025-22587,0,0,2bf5cc749481686a77b87726094a1b5a9d61f7be75b7c5b80afd006567747bd5,2025-01-15T16:15:35.097000
CVE-2025-22588,0,0,3237594a1e0f94efbc9060e1729c2d2e97f5964f4414bc5b9057647a8c2b5034,2025-01-13T14:15:12.660000
CVE-2025-22589,0,0,04766fb247e57bcb66805699f5e7d85615d427973633880479f532a655c1369c,2025-01-07T16:15:55.053000
CVE-2025-2259,1,1,68846400b8097b692c6ea924ac979253412bd794b75a493b4641799303edb2fe,2025-04-06T19:15:41.020000
CVE-2025-2259,0,0,68846400b8097b692c6ea924ac979253412bd794b75a493b4641799303edb2fe,2025-04-06T19:15:41.020000
CVE-2025-22590,0,0,c88e366f105099929b737c28e4e59657f86cfa9e8944fe204794560a0673da79,2025-01-07T16:15:55.200000
CVE-2025-22591,0,0,9dc7be8606e10b7ca53ae284810d2833be8121f6bd7b217f458b2b42cfb403cb,2025-01-07T16:15:55.337000
CVE-2025-22592,0,0,f03fcd01ef66d026e28f7de006f4752785662917cd91a853528350917c3e1917,2025-01-07T16:15:55.470000
@ -283880,7 +283880,7 @@ CVE-2025-22596,0,0,85a91d84b086cf2d26ea13cd9daa28bfb104cad323d8ccc40a1c8d7f329fb
CVE-2025-22597,0,0,17f31e496d6f89ce90e67d8d3354a46b69c965ce65fd32dbc48c02e3fb30a22a,2025-01-10T16:15:30.343000
CVE-2025-22598,0,0,0c44771a87717f07aa16150607f16cb1b938a538d21078934565966886608cde,2025-01-10T16:15:30.540000
CVE-2025-22599,0,0,20809292b1d6f857c32458a3cd86c68344c8e6624af18d1980e2ad05be7596b8,2025-01-10T16:15:30.737000
CVE-2025-2260,1,1,c431dfa2bc816b6bda9f95593a59e0f27ac80b299217b3c32775f06827f9e040,2025-04-06T19:15:41.153000
CVE-2025-2260,0,0,c431dfa2bc816b6bda9f95593a59e0f27ac80b299217b3c32775f06827f9e040,2025-04-06T19:15:41.153000
CVE-2025-22600,0,0,d3a9bca45ae0c92a9f59f04a8a63958720efe424d52a1aec0d078cf124c20863,2025-01-10T16:15:30.940000
CVE-2025-22601,0,0,e5a036684b4e6e1204af1b20135d30f3904e4c5af4a80eedecb01794128ea749,2025-02-04T21:15:27.800000
CVE-2025-22602,0,0,c8f7aea9374385130d2049dfea6e2ee228c262f087909008185d3a99dec96d21,2025-02-04T21:15:27.950000
@ -288142,8 +288142,10 @@ CVE-2025-31484,0,0,dcc45bae9152a2eda779f3ce6fd498af89197d18dcaca27bbfad7d5d40b3c
CVE-2025-31485,0,0,3ce57b1a6c12ba06f7b3b66de6a64de00dd26fff1bca804bc7432b5387f8923a,2025-04-03T20:15:25.740000
CVE-2025-31486,0,0,d2fbc9bc8815e6c1911b69d3264b835fbbf5113ea68b932a40b7cb7330e74afe,2025-04-03T21:15:40.780000
CVE-2025-31487,0,0,3f4d76b673be9965a55fabed05694ce4639b6fdcf96fe5526adc43780e833374,2025-04-03T19:15:40.047000
CVE-2025-31488,1,1,9068007bdb4f843f7bbcb41c83538d151466458d3748e0f9261fdc006a5a4aab,2025-04-06T20:15:14.310000
CVE-2025-31489,0,0,827329a27d4d1d91b2af32fe95d065d67d2d778a8681281e8c2f3c11ae8b2ffd,2025-04-03T20:15:25.897000
CVE-2025-3149,0,0,af49735aae9ca4f8a710a35d5f3768baf512a088c3087e4dad0ba0732b0ea72d,2025-04-03T08:15:16.643000
CVE-2025-31492,1,1,7075c509ada2edbe615bb8b142f5453cb2a8230bc2bd0bb60e92395e4d94dd31,2025-04-06T20:15:15.063000
CVE-2025-3150,0,0,2f84b70bd2548c5ef88db20ca82ee0901e096008ccf16e815e848c6d8c838c37,2025-04-03T08:15:16.863000
CVE-2025-3151,0,0,f881852acca4e3affb5dd59eacd825c2eab6abdc9da16667107850eed4aeb5a6,2025-04-03T08:15:17.070000
CVE-2025-31515,0,0,65e0cceff3005eb000d81df9c13b2b61bcc11ce5d49244e52c4f8300da4f784d,2025-04-01T03:15:17.700000
@ -288520,6 +288522,7 @@ CVE-2025-3196,0,0,26b0db7feaca8ae723927487d6d4a9c9a11dc70ce2c85c499a6715b61b71da
CVE-2025-3197,0,0,5a556a9ac012adcd51d84fc77560a4f5657c4092158c86aad255d2be783abbb5,2025-04-04T15:15:49.640000
CVE-2025-3198,0,0,88fc5645e3833e1f30debf14281cb0b943583fde4ba84f2bff1e070ecb732aff,2025-04-04T02:15:18.803000
CVE-2025-3199,0,0,54026901290f1fc3766afed97a730bb577739c4f60fe7ee2d96548cbd413a5ea,2025-04-04T02:15:19.013000
CVE-2025-32013,1,1,7b41959c3a416dbe772a9b06950084687c942b65a4de28c6053c82078a595789,2025-04-06T20:15:15.217000
CVE-2025-3202,0,0,558b8c852358ff11061e77a127be2099982b8ad54bbc39d0fa0787770f4378c8,2025-04-04T16:15:39.600000
CVE-2025-3203,0,0,a5de3d0e4e2c48129754c7a98ad009abad812146aa44cb4bdbd3d73cafc0fc0f,2025-04-04T16:15:39.753000
CVE-2025-3204,0,0,312cc95228fe73003ec3ebf2ef4e97ce4945abbe3fe9ec6145f4ed560d9816a3,2025-04-04T16:15:39.893000

Can't render this file because it is too large.