From f4d46574dcb2a383b58c7d9f194ceb7248f0672e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 6 Jun 2025 04:03:55 +0000 Subject: [PATCH] Auto-Update: 2025-06-06T04:00:19.319559+00:00 --- CVE-2024/CVE-2024-223xx/CVE-2024-22330.json | 56 ++++++++ CVE-2024/CVE-2024-563xx/CVE-2024-56342.json | 56 ++++++++ CVE-2024/CVE-2024-563xx/CVE-2024-56343.json | 56 ++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5709.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5710.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5711.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5712.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5713.json | 145 ++++++++++++++++++++ README.md | 24 ++-- _state.csv | 20 ++- 10 files changed, 920 insertions(+), 17 deletions(-) create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22330.json create mode 100644 CVE-2024/CVE-2024-563xx/CVE-2024-56342.json create mode 100644 CVE-2024/CVE-2024-563xx/CVE-2024-56343.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5709.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5710.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5711.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5712.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5713.json diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22330.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22330.json new file mode 100644 index 00000000000..7cf79d22419 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22330.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-22330", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-06T02:15:21.310", + "lastModified": "2025-06-06T02:15:21.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7235779", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56342.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56342.json new file mode 100644 index 00000000000..f3856315129 --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56342.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56342", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-06T02:15:21.790", + "lastModified": "2025-06-06T02:15:21.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7235710", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56343.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56343.json new file mode 100644 index 00000000000..d2dcd7bea0b --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56343.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-56343", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-06-06T02:15:21.943", + "lastModified": "2025-06-06T02:15:21.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-771" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7235710", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5709.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5709.json new file mode 100644 index 00000000000..9522160fbc4 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5709.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5709", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T02:15:22.100", + "lastModified": "2025-06-06T02:15:22.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/YanHanQihomework/cve/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311230", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311230", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590501", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5710.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5710.json new file mode 100644 index 00000000000..4e081e2bc8c --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5710.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5710", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T02:15:22.283", + "lastModified": "2025-06-06T02:15:22.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/YanHanQihomework/cve/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311231", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311231", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590505", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5711.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5711.json new file mode 100644 index 00000000000..6b3061d7137 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5711.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5711", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T03:15:25.353", + "lastModified": "2025-06-06T03:15:25.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/kingmamalv/cve/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311232", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311232", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590522", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5712.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5712.json new file mode 100644 index 00000000000..382c2052af1 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5712.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5712", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T03:15:26.607", + "lastModified": "2025-06-06T03:15:26.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mysq13/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311233", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311233", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590530", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5713.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5713.json new file mode 100644 index 00000000000..91488cf0f0b --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5713.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5713", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T03:15:26.820", + "lastModified": "2025-06-06T03:15:26.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Solu\u00e7\u00f5esCoop iSolu\u00e7\u00f5esWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descri\u00e7\u00e3o da solicita\u00e7\u00e3o leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lfparizzi/CVE-SolucoesCoop", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/lfparizzi/CVE-SolucoesCoop#stored-xss", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311234", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311234", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.579504", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 24e55eaeec2..a70e8100df6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-06T02:00:20.211086+00:00 +2025-06-06T04:00:19.319559+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-06T01:15:25.630000+00:00 +2025-06-06T03:15:26.820000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -296619 +296627 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `8` -- [CVE-2025-5705](CVE-2025/CVE-2025-57xx/CVE-2025-5705.json) (`2025-06-06T00:15:33.750`) -- [CVE-2025-5706](CVE-2025/CVE-2025-57xx/CVE-2025-5706.json) (`2025-06-06T01:15:25.233`) -- [CVE-2025-5707](CVE-2025/CVE-2025-57xx/CVE-2025-5707.json) (`2025-06-06T01:15:25.440`) -- [CVE-2025-5708](CVE-2025/CVE-2025-57xx/CVE-2025-5708.json) (`2025-06-06T01:15:25.630`) +- [CVE-2024-22330](CVE-2024/CVE-2024-223xx/CVE-2024-22330.json) (`2025-06-06T02:15:21.310`) +- [CVE-2024-56342](CVE-2024/CVE-2024-563xx/CVE-2024-56342.json) (`2025-06-06T02:15:21.790`) +- [CVE-2024-56343](CVE-2024/CVE-2024-563xx/CVE-2024-56343.json) (`2025-06-06T02:15:21.943`) +- [CVE-2025-5709](CVE-2025/CVE-2025-57xx/CVE-2025-5709.json) (`2025-06-06T02:15:22.100`) +- [CVE-2025-5710](CVE-2025/CVE-2025-57xx/CVE-2025-5710.json) (`2025-06-06T02:15:22.283`) +- [CVE-2025-5711](CVE-2025/CVE-2025-57xx/CVE-2025-5711.json) (`2025-06-06T03:15:25.353`) +- [CVE-2025-5712](CVE-2025/CVE-2025-57xx/CVE-2025-5712.json) (`2025-06-06T03:15:26.607`) +- [CVE-2025-5713](CVE-2025/CVE-2025-57xx/CVE-2025-5713.json) (`2025-06-06T03:15:26.820`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2025-4664](CVE-2025/CVE-2025-46xx/CVE-2025-4664.json) (`2025-06-06T01:00:02.617`) -- [CVE-2025-5419](CVE-2025/CVE-2025-54xx/CVE-2025-5419.json) (`2025-06-06T01:00:03.300`) ## Download and Usage diff --git a/_state.csv b/_state.csv index cb1da464de2..bdcaa338ba6 100644 --- a/_state.csv +++ b/_state.csv @@ -251814,6 +251814,7 @@ CVE-2024-22326,0,0,03ab7e593952b876b9cb339b704b2b46f23342f74868815306698c7dec3a4 CVE-2024-22328,0,0,98146e86883d2cf1f24ca1525304767c224ce80b2935a2d0c79d4752d146005b,2025-01-14T20:56:44.643000 CVE-2024-22329,0,0,7cc48c4964dc239d2c6bba4c47d6cf2b037f8a718ce338a4a15dd2fed9127379,2025-03-06T19:22:23.563000 CVE-2024-2233,0,0,2fea642ce3d14914965eae0cece785e4cceb2050ac4db1eacec76f3cdc7ea0d1,2024-11-21T09:09:18.773000 +CVE-2024-22330,1,1,b74005a55319f6ae8dea1b0406920f92ba072e3f1780b367ab7feb1ec2d67c01,2025-06-06T02:15:21.310000 CVE-2024-22331,0,0,3835b96eb02af640aaa046eca31cb00be6e17050c69d5a96646d09b17e9a00b4,2024-11-21T08:56:04.093000 CVE-2024-22332,0,0,f9dfd1d3a871989aa0391494a54720c73e254d144bd83668196cb6405e1f7887,2024-11-21T08:56:04.243000 CVE-2024-22333,0,0,b3da8d04c5153e3fdba25de6efb92ef0161da6e1b68c8c638a08b61489e62910,2024-11-21T08:56:04.383000 @@ -277219,6 +277220,8 @@ CVE-2024-56338,0,0,4dc84d85d1d4c34745a0186b7368986a5e4779a39c54f58e3297e7741d876 CVE-2024-5634,0,0,a3b1c7a96781d36c1038c26ab5a2d267e349913830cb93adfed7285bdb2a684b,2024-11-21T09:48:03.610000 CVE-2024-56340,0,0,9b453f173d43e3f7b37887ea91bdbb36629dfe55ccdad720659cf38188277eaa,2025-02-28T03:15:10.363000 CVE-2024-56341,0,0,c8da1f15ba5d7868dd70dc6a1bbb0bb76f16fdf3368030fab34e5ce4733a4946,2025-04-07T14:18:49.830000 +CVE-2024-56342,1,1,96ce87bfb47cfce074f16cbec78fb1f6e1b70395c4aea9fee8d85bdadce954b9,2025-06-06T02:15:21.790000 +CVE-2024-56343,1,1,7c3d3a978386dcf22f6c859122554192c8b8d0bd9e8afba8481e21237526c72a,2025-06-06T02:15:21.943000 CVE-2024-56346,0,0,fd1df2e02fb2746764d74d8e4f208253efc23632d23d644f29c3211d870b9254,2025-03-18T17:15:44.173000 CVE-2024-56347,0,0,452693105314a427797e537553e535a62415f6b1b1070e835942056a8c55ff52,2025-03-18T17:15:44.470000 CVE-2024-56348,0,0,8aaa2ba55d8fe9db8a92a2d0ab499d623c381253cc0adc64426705df2faaf22a,2025-01-02T18:51:41.037000 @@ -295097,7 +295100,7 @@ CVE-2025-46632,0,0,0bf5e14d2a9861100f068ef9191d439e475832a5082afd70556ba0f5d20a6 CVE-2025-46633,0,0,b92f3e99ef5a6cd524565a81957289165fe9f2e810843a53729ae762f5459fec,2025-05-27T14:17:34.780000 CVE-2025-46634,0,0,adbdc53bb91ce45c108dfae363ac172a5467f9ef6b9ad8bfd5e234ff22520926,2025-05-27T14:18:00.567000 CVE-2025-46635,0,0,c81a16a7aac883be5eb8baced44885a6963efe19158222244e53c4c42c8380a1,2025-05-27T14:18:12.740000 -CVE-2025-4664,0,1,d4044bce681082456ae2ed2a3baaa6f65e61937d9e24855cf4b96203efa26903,2025-06-06T01:00:02.617000 +CVE-2025-4664,0,0,d4044bce681082456ae2ed2a3baaa6f65e61937d9e24855cf4b96203efa26903,2025-06-06T01:00:02.617000 CVE-2025-46646,0,0,777aacedd29eb87d2f3d4179421a3b07a825895319bd1804480c003b4bbcf895,2025-04-29T13:52:10.697000 CVE-2025-46652,0,0,9d812ecaad689bd29eeb08cd6e51fc2313308ed71660c22dce020d578677f79a,2025-04-29T13:52:10.697000 CVE-2025-46653,0,0,3b6009fc3a51ec55453aaec5d1f7a19d2114d1ff8e2f811535a6f418b5dab168,2025-04-29T16:15:37.150000 @@ -296419,7 +296422,7 @@ CVE-2025-5409,0,0,209b521ab5ccc30904997673163794c81e8bbcd661514ad5d6db90496c692a CVE-2025-5410,0,0,8f6aec665b1901bf160e99989f915904c0b12f976e27a46b4117cb6a4d26984d,2025-06-02T17:32:17.397000 CVE-2025-5411,0,0,bda57e821f06e7acb04b67298784cbbe1631c5e86f17b6a45cfc7ca79da6e664,2025-06-02T17:32:17.397000 CVE-2025-5412,0,0,753b4152a593f449df2c00057cf330d4f98993025991e4c159242de574477a9d,2025-06-02T17:32:17.397000 -CVE-2025-5419,0,1,36b3b4fd8694c8182e333b12d51dc519287ba680aafbb848dd210da76090343d,2025-06-06T01:00:03.300000 +CVE-2025-5419,0,0,36b3b4fd8694c8182e333b12d51dc519287ba680aafbb848dd210da76090343d,2025-06-06T01:00:03.300000 CVE-2025-5420,0,0,febb25c16bce360c4a759b2a4127c671c1e4f8d4aafbd5e7bf731b1578cd725f,2025-06-02T17:32:17.397000 CVE-2025-5421,0,0,aaf7308ceb57221ad68dbb7db22ba2000af542ccf461039f6c7d796fca57cef7,2025-06-02T17:32:17.397000 CVE-2025-5422,0,0,9e450c046e1f91b7dd55771f187d3de2563113f044a3b50f5e4e98096355fb9a,2025-06-02T17:32:17.397000 @@ -296613,8 +296616,13 @@ CVE-2025-5698,0,0,3bc6d68f8bac4465e140c6fad804f5cb232019488237f1cd169082769509a3 CVE-2025-5701,0,0,4e463ab950f8de8dad2504c9adb1bf69b81ba722d49ef312bfe8e0759a419475,2025-06-05T20:12:23.777000 CVE-2025-5702,0,0,ee47ef64676a08151d4b3eb2425d567b0db2b91fed39f1554b45738f903b4519,2025-06-05T21:15:22.873000 CVE-2025-5704,0,0,04beee8a3eb537701c59a3d3797878b13a52af2c4eb1c98a2bf9ef70bf69db6a,2025-06-05T23:15:22.613000 -CVE-2025-5705,1,1,0ff358d25cdbb96d1c496b09520f013c9f6b28418dd17b468ae2205989a211b4,2025-06-06T00:15:33.750000 -CVE-2025-5706,1,1,69c700685b786445db1c34156db2d8aaab66cbb1389db417b2eef29b7620471b,2025-06-06T01:15:25.233000 -CVE-2025-5707,1,1,f4593f842da197a203ef3a1f4001e4a533245929a189587ec24de709f5bef4fc,2025-06-06T01:15:25.440000 -CVE-2025-5708,1,1,bd1bb4b05969bea723151eac155c7e23970334229192788accb8a41f85a57d9a,2025-06-06T01:15:25.630000 +CVE-2025-5705,0,0,0ff358d25cdbb96d1c496b09520f013c9f6b28418dd17b468ae2205989a211b4,2025-06-06T00:15:33.750000 +CVE-2025-5706,0,0,69c700685b786445db1c34156db2d8aaab66cbb1389db417b2eef29b7620471b,2025-06-06T01:15:25.233000 +CVE-2025-5707,0,0,f4593f842da197a203ef3a1f4001e4a533245929a189587ec24de709f5bef4fc,2025-06-06T01:15:25.440000 +CVE-2025-5708,0,0,bd1bb4b05969bea723151eac155c7e23970334229192788accb8a41f85a57d9a,2025-06-06T01:15:25.630000 +CVE-2025-5709,1,1,78c8376c46174c753a08caad1aee97c9100e8540cd75c14c823fafc54b09e3a2,2025-06-06T02:15:22.100000 +CVE-2025-5710,1,1,a4986961ebccf1c24aaef38468ee4c037385b5ea06c111b45687d9f4d4895291,2025-06-06T02:15:22.283000 +CVE-2025-5711,1,1,1cbcff38819e4b0de061a1e070f8ba26efe4081b1dd87e928b9890c4ea932a8a,2025-06-06T03:15:25.353000 +CVE-2025-5712,1,1,ee9e7789cb5702291be6cc02ae0ee2cf59d33cf8f17551fc654883c0c0fa095a,2025-06-06T03:15:26.607000 +CVE-2025-5713,1,1,d5230e66b12296377504b357aeb57df100cb8735f6970717192be22c1778c708,2025-06-06T03:15:26.820000 CVE-2025-5745,0,0,a48c97f3295325ba0b67cceb39fcc754c3ef6872892d5057110c8e62080215c2,2025-06-05T21:15:23.023000