admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-23T02:00:19.209049+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-23 02:03:58 +00:00
parent 512fe45c2f
commit f7ae5c96c6
6 changed files with 376 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2025/CVE-2025-529xx/CVE-2025-52926.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-52926",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-23T01:15:21.877",
"lastModified": "2025-06-23T01:15:21.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-223"
}
]
}
],
"references": [
{
"url": "https://github.com/spytrap-org/spytrap-adb/commit/277cec542466b75cf5a8c532581243fd4b7b9713",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/spytrap-org/spytrap-adb/pull/65",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/spytrap-org/spytrap-adb/releases/tag/v0.3.5",
"source": "cve@mitre.org"
}
]
}

16
CVE-2025/CVE-2025-62xx/CVE-2025-6264.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-6264",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-20T03:15:27.893",
"lastModified": "2025-06-20T03:15:27.893",
"lastModified": "2025-06-23T00:15:22.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.\u00a0 To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch.\n\nThe Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the \"Investigator\" role) to collect it from endpoints and update the configuration. \n\nThis can lead to arbitrary command execution and endpoint takeover.\n\nTo successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the \"Investigator' role)."
},
{
"lang": "es",
"value": "Velociraptor permite la recopilaci\u00f3n de consultas VQL empaquetadas en artefactos desde los endpoints. Estos artefactos pueden usarse para cualquier funci\u00f3n y suelen ejecutarse con permisos elevados. Para limitar el acceso a artefactos peligrosos, Velociraptor permite que estos requieran permisos elevados, como EXECVE, para su ejecuci\u00f3n. Admin.Client.UpdateClientConfig es un artefacto utilizado para actualizar la configuraci\u00f3n del cliente. Este artefacto no impuso un permiso adicional requerido, lo que permiti\u00f3 a los usuarios con permisos COLLECT_CLIENT (normalmente otorgados por el rol \"Investigador\") recopilarlos desde los endpoints y actualizar la configuraci\u00f3n. Esto puede provocar la ejecuci\u00f3n arbitraria de comandos y la toma de control del endpoint. Para explotar esta vulnerabilidad con \u00e9xito, el usuario debe tener acceso para recopilar artefactos desde el endpoint (es decir, tener el permiso COLLECT_CLIENT, normalmente otorgado por el rol \"Investigador\")."
}
],
"metrics": {
@ -18,19 +22,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.6,
"exploitabilityScore": 1.3,
"impactScore": 3.7
}
]

145
CVE-2025/CVE-2025-64xx/CVE-2025-6496.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-6496",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-23T00:15:23.117",
"lastModified": "2025-06-23T00:15:23.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/htacg/tidy-html5/issues/1141",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/19652942/tidy-html5_crash.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313612",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313612",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.601007",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-64xx/CVE-2025-6497.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-6497",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-23T01:15:22.073",
"lastModified": "2025-06-23T01:15:22.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://github.com/htacg/tidy-html5/issues/1142",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/19825297/tidy-html5_crash_2.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313613",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313613",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.601008",
"source": "cna@vuldb.com"
}
]
}

18
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-22T23:55:25.904022+00:00
2025-06-23T02:00:19.209049+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-22T23:15:20.103000+00:00
2025-06-23T01:15:22.073000+00:00
```
### Last Data Feed Release
@ -27,27 +27,29 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-06-22T00:00:04.317245+00:00
2025-06-23T00:00:04.301397+00:00
```
### Total Number of included CVEs
```plain
299053
299056
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `3`
- [CVE-2025-6493](CVE-2025/CVE-2025-64xx/CVE-2025-6493.json) (`2025-06-22T22:15:22.430`)
- [CVE-2025-6494](CVE-2025/CVE-2025-64xx/CVE-2025-6494.json) (`2025-06-22T23:15:20.103`)
- [CVE-2025-52926](CVE-2025/CVE-2025-529xx/CVE-2025-52926.json) (`2025-06-23T01:15:21.877`)
- [CVE-2025-6496](CVE-2025/CVE-2025-64xx/CVE-2025-6496.json) (`2025-06-23T00:15:23.117`)
- [CVE-2025-6497](CVE-2025/CVE-2025-64xx/CVE-2025-6497.json) (`2025-06-23T01:15:22.073`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-6264](CVE-2025/CVE-2025-62xx/CVE-2025-6264.json) (`2025-06-23T00:15:22.403`)
## Download and Usage

9
_state.csv
View File

@ -298266,6 +298266,7 @@ CVE-2025-52918,0,0,c6d463ed30e89c378c382dd97387682ec22ee25050cb7e01cbda9359dd298
CVE-2025-52919,0,0,6f74c19e10831d38a32e3f82b2d49209b35b6b6bdd6b9ca3f6db762bf063ee01,2025-06-22T00:15:25.073000
CVE-2025-5292,0,0,30cec8bd4cde62e6ca85175b601b2d9fd7dc117c201a288e7f0e6414bd251b48,2025-06-02T17:32:17.397000
CVE-2025-52923,0,0,825efd0bf97043c553869930f73d387d618324b6c5d516039439c06bdeeb2fce,2025-06-22T01:15:24.097000
CVE-2025-52926,1,1,a2ea71f5f513826223184ebdf984a9517b3b97a40b47a0432cc67e7fcc0b13bd,2025-06-23T01:15:21.877000
CVE-2025-5295,0,0,d0e6aa3b032b1532910154b10cc32ceaaf64a98256f38c6f6f628cd0a1c4bacc,2025-05-28T15:01:30.720000
CVE-2025-5297,0,0,32219ebb357b11c35687ad82e2d72808a3fe88681e14d78b6d0829c9d1dbc7ef,2025-06-10T19:33:01.990000
CVE-2025-5298,0,0,db5fe80cdf57c0cc24fb51e7a48139d5b1b81a3a48561037cf1b32b8be34d74f,2025-05-28T20:37:48.440000
@ -298888,7 +298889,7 @@ CVE-2025-6218,0,0,386d01b883c929bff548cb5481071418c556a3065dce9106f6ab3f59e4a0ef
CVE-2025-6220,0,0,5f7d83b19f9a74deb42015750f7b5335a45a31dba8653fadb3cf8eaf78a671be,2025-06-18T13:47:40.833000
CVE-2025-6240,0,0,afdbdd4423b9b6d85b5822d8414b4fba12d402c8710eb5b02e519fcba3d4ca1c,2025-06-18T15:15:28.187000
CVE-2025-6257,0,0,e5bdba27cb1463eb42cd6ae868d915e44efc32fc6d3f4209e4d4eb5689d367c3,2025-06-20T09:15:22.507000
CVE-2025-6264,0,0,5db3e3d5d8e24a6f5ba8a670412d82e81ad881e4004e68052b6897a87a081b01,2025-06-20T03:15:27.893000
CVE-2025-6264,0,1,fd2966c4c28d4ab1bdc09e31fd82b237ba3cacfbb2df157e65b86312a5f014bf,2025-06-23T00:15:22.403000
CVE-2025-6266,0,0,f88678c0ca6c6b4793348c364f2d4b51fa863b9a2b4f605e9b4cf59a8ae65084,2025-06-19T12:15:20.537000
CVE-2025-6267,0,0,abd4330b3858f9e21bdcec6fd248eb70ba09cf96ae2d8c82b03451247b5b4eab,2025-06-19T14:15:55.323000
CVE-2025-6268,0,0,6fa9140584959e948202f092432ac46aad7bd9559cbc482008db9c6d49de4338,2025-06-19T15:15:20.810000
@ -299050,5 +299051,7 @@ CVE-2025-6487,0,0,24e784a232cd8f124d85013955e4e21551f714b100e952bb10e264db938b4b
CVE-2025-6489,0,0,971a9bd0a1a72ae3f73fdaf4e3d9d8c0dc708f0cae7d8404552c50114055ec65,2025-06-22T19:15:19.843000
CVE-2025-6490,0,0,b5785fba3d09e5e40c600b2d07cffbd3014815c7c72569b13ae7bca50f9eb9a0,2025-06-22T19:15:20.790000
CVE-2025-6492,0,0,37c2ee6e912d11a549ad7370223cfbc8853f761832f2a62dffc4ba74e9ac72aa,2025-06-22T20:15:19.803000
CVE-2025-6493,1,1,b07984a53cd9acdb838d53ec36f19bf2b78d39f60ec9fbcd3799653f00698e46,2025-06-22T22:15:22.430000
CVE-2025-6494,1,1,86f1220d913db6a1ab74494e021685dc10d3e076bd7d139d8673bfd67dc71200,2025-06-22T23:15:20.103000
CVE-2025-6493,0,0,b07984a53cd9acdb838d53ec36f19bf2b78d39f60ec9fbcd3799653f00698e46,2025-06-22T22:15:22.430000
CVE-2025-6494,0,0,86f1220d913db6a1ab74494e021685dc10d3e076bd7d139d8673bfd67dc71200,2025-06-22T23:15:20.103000
CVE-2025-6496,1,1,2b5f2de3f64d739030644e9cc059b885cfe6a37938dff98fe008e38153a2053e,2025-06-23T00:15:23.117000
CVE-2025-6497,1,1,dc164f05cd4fbed7722e13df6028fdc1267acb81bac64b9f55e604144a684c22,2025-06-23T01:15:22.073000

Can't render this file because it is too large.