diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1579.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1579.json new file mode 100644 index 00000000000..afe3bff848d --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1579.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-1579", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T09:15:09.393", + "lastModified": "2025-02-23T09:15:09.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argument email leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/R2og/cve/blob/main/xss-r2og.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296555", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296555", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.502876", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1580.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1580.json new file mode 100644 index 00000000000..706268cb70b --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1580.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-1580", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T10:15:09.623", + "lastModified": "2025-02-23T10:15:09.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wqywfvc/CVE/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296556", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296556", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.504234", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b2890bf1e53..42d0bcecd67 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-23T09:00:19.952724+00:00 +2025-02-23T11:00:20.255270+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-23T08:15:09.213000+00:00 +2025-02-23T10:15:09.623000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -282093 +282095 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2025-1577](CVE-2025/CVE-2025-15xx/CVE-2025-1577.json) (`2025-02-23T07:15:08.970`) -- [CVE-2025-1578](CVE-2025/CVE-2025-15xx/CVE-2025-1578.json) (`2025-02-23T08:15:08.187`) +- [CVE-2025-1579](CVE-2025/CVE-2025-15xx/CVE-2025-1579.json) (`2025-02-23T09:15:09.393`) +- [CVE-2025-1580](CVE-2025/CVE-2025-15xx/CVE-2025-1580.json) (`2025-02-23T10:15:09.623`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-21655](CVE-2025/CVE-2025-216xx/CVE-2025-21655.json) (`2025-02-23T08:15:09.213`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4083c9f07c3..1068ff84157 100644 --- a/_state.csv +++ b/_state.csv @@ -279698,8 +279698,10 @@ CVE-2025-1556,0,0,724b13759326d4daa23c48d02c1ce795525d880ae020ac09a68b1de9594640 CVE-2025-1557,0,0,49607b48e972d9fd5d215f054ea7353b084df75dff065ecc488af6c52d9e37af,2025-02-22T13:15:12.247000 CVE-2025-1575,0,0,4f36554ed6482f45b74d35521d78ee1f8257f79829174fda75a5bd3bf6296f94,2025-02-23T04:15:24.980000 CVE-2025-1576,0,0,1f104649f17b82a7de320595b093dfc1101ef45ab193119cf4c9a764ae0261d6,2025-02-23T05:15:11.853000 -CVE-2025-1577,1,1,511daa570f9ea062413f2bed6b33eae352829c776630ae7166a5c1ba24874bf7,2025-02-23T07:15:08.970000 -CVE-2025-1578,1,1,9663cb9a61689a740797a4de202f81544c2c3f2bf9e4fb29d5fb5a51628924ab,2025-02-23T08:15:08.187000 +CVE-2025-1577,0,0,511daa570f9ea062413f2bed6b33eae352829c776630ae7166a5c1ba24874bf7,2025-02-23T07:15:08.970000 +CVE-2025-1578,0,0,9663cb9a61689a740797a4de202f81544c2c3f2bf9e4fb29d5fb5a51628924ab,2025-02-23T08:15:08.187000 +CVE-2025-1579,1,1,47f84216a9e36312caff9085c25b1754bae23eca9fa0ebf71bb86844e73f7fc4,2025-02-23T09:15:09.393000 +CVE-2025-1580,1,1,6f6f51b8629fb2b91628569d15501b66d6e9cad6c386219f7f6f91a4bc91b70f,2025-02-23T10:15:09.623000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000 @@ -280191,7 +280193,7 @@ CVE-2025-21651,0,0,d057ff764ce31c4ac7e93c37cb4ba424635250ef668040e2530ccd52f14e8 CVE-2025-21652,0,0,20d739461f3527398cd43bd52a6f89c66a16cc1ddb96e5765be31fe2e5b35e8e,2025-02-10T18:15:34.883000 CVE-2025-21653,0,0,4054ad842aceda82766dc1a772620a2211cc9da6d0c6c3e3c2a1ffa9a7bf55f6,2025-02-02T11:15:15.557000 CVE-2025-21654,0,0,4ec90f1484bdb180e8872bd379989357ef5549f6f68655399ae0221a6a448c8e,2025-01-24T16:15:38.177000 -CVE-2025-21655,0,1,6e9215916a7e9022c7ca7cf15b85806e97f4a400b6169b8f57fa0fabd676ccc4,2025-02-23T08:15:09.213000 +CVE-2025-21655,0,0,6e9215916a7e9022c7ca7cf15b85806e97f4a400b6169b8f57fa0fabd676ccc4,2025-02-23T08:15:09.213000 CVE-2025-21656,0,0,a701e9e2df732a25c44be693e4bcc732f0353202bde61b2316a6229f867fa42c,2025-01-21T13:15:09.240000 CVE-2025-21657,0,0,1965d9c3d1118ed3d2f0e817295e796ed532b053adb84b7658e4c043ba09b4dd,2025-01-21T13:15:09.340000 CVE-2025-21658,0,0,49f4fb1da0e36dec3735688e008c1d1b6e11cd524605dedd795d9dba62770702,2025-01-22T23:02:59.383000