From ffc47fed6881278072e493aaedd913035af0ebbc Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Apr 2025 04:03:51 +0000 Subject: [PATCH] Auto-Update: 2025-04-16T04:00:19.757928+00:00 --- CVE-2024/CVE-2024-134xx/CVE-2024-13452.json | 64 +++++++++ CVE-2025/CVE-2025-23xx/CVE-2025-2314.json | 64 +++++++++ CVE-2025/CVE-2025-301xx/CVE-2025-30100.json | 56 ++++++++ CVE-2025/CVE-2025-31xx/CVE-2025-3155.json | 14 +- CVE-2025/CVE-2025-34xx/CVE-2025-3495.json | 60 ++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3663.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3664.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3665.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3698.json | 37 +++++ README.md | 21 ++- _state.csv | 14 +- 11 files changed, 748 insertions(+), 17 deletions(-) create mode 100644 CVE-2024/CVE-2024-134xx/CVE-2024-13452.json create mode 100644 CVE-2025/CVE-2025-23xx/CVE-2025-2314.json create mode 100644 CVE-2025/CVE-2025-301xx/CVE-2025-30100.json create mode 100644 CVE-2025/CVE-2025-34xx/CVE-2025-3495.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3663.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3664.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3665.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3698.json diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json new file mode 100644 index 00000000000..55cd13f5c35 --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13452", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-16T03:15:17.067", + "lastModified": "2025-04-16T03:15:17.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/contact-form-by-supsystic/tags/1.7.29/modules/forms/models/forms.php#L933", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3267149/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2dbf510-d99f-4918-8462-66696b68003c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json b/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json new file mode 100644 index 00000000000..d7ffca7d2c7 --- /dev/null +++ b/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2314", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-16T03:15:17.240", + "lastModified": "2025-04-16T03:15:17.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\r\nThe issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/profile-builder/tags/3.13.4/front-end/logout.php#L9", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3268402/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ccf2b56-0355-43e6-a616-d06196e90972?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json b/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json new file mode 100644 index 00000000000..715ca1d4e63 --- /dev/null +++ b/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30100", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-16T02:15:41.270", + "lastModified": "2025-04-16T02:15:41.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000305002/dsa-2025-168", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3155.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3155.json index 2d5f1314a2e..a9a81fe82b4 100644 --- a/CVE-2025/CVE-2025-31xx/CVE-2025-3155.json +++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3155.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3155", "sourceIdentifier": "secalert@redhat.com", "published": "2025-04-03T14:15:46.413", - "lastModified": "2025-04-08T13:15:41.573", + "lastModified": "2025-04-16T03:15:17.380", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -19,23 +19,23 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 7.4, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", - "scope": "UNCHANGED", + "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, - "impactScore": 3.6 + "impactScore": 4.0 } ] }, diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json new file mode 100644 index 00000000000..ba8b75e652e --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3495", + "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "published": "2025-04-16T03:15:17.530", + "lastModified": "2025-04-16T03:15:17.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics COMMGR v1 and v2\u00a0uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf", + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07", + "source": "759f5e80-c8e1-4224-bead-956d7b33c98b" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json new file mode 100644 index 00000000000..519bf6d91c8 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3663", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T03:15:17.680", + "lastModified": "2025-04-16T03:15:17.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyCfg-1cb53a41781f809f807efe1284f5eb1a?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304841", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304841", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551295", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json new file mode 100644 index 00000000000..2c529a0f013 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3664", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T03:15:17.883", + "lastModified": "2025-04-16T03:15:17.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyGuestCfg-1cb53a41781f805f9ee3f1b2d362d3f2?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304842", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304842", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551296", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json new file mode 100644 index 00000000000..8710e471fa5 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3665", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T03:15:18.057", + "lastModified": "2025-04-16T03:15:18.057", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setSmartQosCfg-1cb53a41781f80ce9b7aca2c6ff9bea4?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304843", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304843", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551297", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json new file mode 100644 index 00000000000..4ad767e2d5a --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-3698", + "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "published": "2025-04-16T03:15:18.223", + "lastModified": "2025-04-16T03:15:18.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://security.tecno.com/SRC/blogdetail/410?lang=en_US", + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + }, + { + "url": "https://security.tecno.com/SRC/securityUpdates", + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00f28780608..85451ecc927 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-16T02:00:20.245395+00:00 +2025-04-16T04:00:19.757928+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-16T01:15:53.670000+00:00 +2025-04-16T03:15:18.223000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290094 +290102 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `8` -- [CVE-2025-30215](CVE-2025/CVE-2025-302xx/CVE-2025-30215.json) (`2025-04-16T00:15:19.767`) -- [CVE-2025-32385](CVE-2025/CVE-2025-323xx/CVE-2025-32385.json) (`2025-04-16T00:15:19.907`) +- [CVE-2024-13452](CVE-2024/CVE-2024-134xx/CVE-2024-13452.json) (`2025-04-16T03:15:17.067`) +- [CVE-2025-2314](CVE-2025/CVE-2025-23xx/CVE-2025-2314.json) (`2025-04-16T03:15:17.240`) +- [CVE-2025-30100](CVE-2025/CVE-2025-301xx/CVE-2025-30100.json) (`2025-04-16T02:15:41.270`) +- [CVE-2025-3495](CVE-2025/CVE-2025-34xx/CVE-2025-3495.json) (`2025-04-16T03:15:17.530`) +- [CVE-2025-3663](CVE-2025/CVE-2025-36xx/CVE-2025-3663.json) (`2025-04-16T03:15:17.680`) +- [CVE-2025-3664](CVE-2025/CVE-2025-36xx/CVE-2025-3664.json) (`2025-04-16T03:15:17.883`) +- [CVE-2025-3665](CVE-2025/CVE-2025-36xx/CVE-2025-3665.json) (`2025-04-16T03:15:18.057`) +- [CVE-2025-3698](CVE-2025/CVE-2025-36xx/CVE-2025-3698.json) (`2025-04-16T03:15:18.223`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-3155](CVE-2025/CVE-2025-31xx/CVE-2025-3155.json) (`2025-04-16T03:15:17.380`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f2592f09317..036fe00700e 100644 --- a/_state.csv +++ b/_state.csv @@ -247932,6 +247932,7 @@ CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6 CVE-2024-13449,0,0,52b88677fd423c43b44e149505ef75bf01f315f780529f08af2d104c0e8e8913,2025-02-04T18:12:53.713000 CVE-2024-1345,0,0,b705c881b64934a656687f4bb2d7ed2b74763da5751afa84b0b2fd5eae033431,2025-03-24T17:12:18.113000 CVE-2024-13450,0,0,43fcdfa95c84c4f9958bcf0ed96f0c3b1c10185c108adb08c789dbe5f2feb02b,2025-02-04T20:48:58 +CVE-2024-13452,1,1,2079e104d1bed0137893188a6db0bbcc1e1ab71aca174566063b19936f12faf5,2025-04-16T03:15:17.067000 CVE-2024-13453,0,0,e64fc58d83e3540bb01a99edb8cd9df274ae0c7a0249b0fd357ec05d1fc54281,2025-02-18T19:15:13.770000 CVE-2024-13454,0,0,14313d18c59abf0795f9e65c924b2232675b3f5fcf8c69fe1d32af5f5cac5a65,2025-01-21T20:15:30.793000 CVE-2024-13455,0,0,8457fc75e884c82a6bed373b6665661978e54463bf4d1b7eab90cc8af418d768,2025-02-25T03:29:41.680000 @@ -284558,6 +284559,7 @@ CVE-2025-23125,0,0,2e6f0fce9ee8e787d649705f4cf1025930f6b72d6ac2efc70c4c1837b8d7d CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4089,2025-01-11T15:15:09.100000 CVE-2025-23127,0,0,ef1aeaee3e917139d62386eaa309c28fa46e54be8ed45ecdaab4f9d4f96931db,2025-01-11T15:15:09.173000 CVE-2025-23128,0,0,856260a69fb4f1bb5d13296c47ffc7dac686c7ca9a44fff8151b1b7f11a740a9,2025-01-11T15:15:09.250000 +CVE-2025-2314,1,1,a168ed8a8a8a7cfcbab4e3fb8a001b095c099632f3d69009fa8c80f6783c6347,2025-04-16T03:15:17.240000 CVE-2025-2317,0,0,9ea9ba34615d5bc5ee8806158627db355af143699ea415828af46066a4160dd0,2025-04-07T14:18:15.560000 CVE-2025-23184,0,0,d117de9ebd2827a8b285a215a95edfb5f2bc8c36d298a840f4f419212fe8e651,2025-02-15T01:15:11.010000 CVE-2025-23185,0,0,6a8fc3993811d2ce0c7ae31663c2f10b11720d00b7d18acd6d25289de30c4360,2025-03-11T01:15:34.330000 @@ -288128,6 +288130,7 @@ CVE-2025-30092,0,0,81be76bd5e4d358e5e497793b136a481ab98791f4e442314445db080e37b8 CVE-2025-30093,0,0,1b6f9f05e31019a953ba5e0a3595825a9aa3d03b71a7b0fef4f489c7f79cb737,2025-03-28T18:11:40.180000 CVE-2025-30095,0,0,93e17bec8d1cf481725cf4f9bcf311125c6633428f3ca644a0806bd1e05b67db,2025-04-11T14:15:24.813000 CVE-2025-3010,0,0,0be162920eaabdfafeeb15da6565caf83eea25a19d64f9d941d63d7a5862718e,2025-04-01T20:26:22.890000 +CVE-2025-30100,1,1,f36b418785fbf99ed7e3d43ce256d83a9a639566d1d4080521516a5311ad481c,2025-04-16T02:15:41.270000 CVE-2025-30106,0,0,d0ec2fed531a791fcdb7e275c6cc676f11c96b4c23a970884370a41e87a3b6a0,2025-03-21T17:15:40.227000 CVE-2025-30107,0,0,7ae7d3e2db9a3bcfc7100b14968701083bbe2237ed720df55c99fa3bf4e70491,2025-03-24T22:15:14.450000 CVE-2025-30109,0,0,c697d3ced89db3fb240ff33efe8653842b736020e748d3eead592e6135cb99ac,2025-03-21T17:15:40.447000 @@ -288192,7 +288195,7 @@ CVE-2025-30211,0,0,6f934d1391ac57ee0e441fec63067c5b8a66d2fe9be5fdffdfe7b65e836f0 CVE-2025-30212,0,0,972410e2716e8f2e53ffd488d4d423564ff98176b3c1d36a04eac762d7cbcb18,2025-03-27T16:45:46.410000 CVE-2025-30213,0,0,9bc622ae8e82b32e191467dd2fc76643485ad29790111a6b5bc5c8f5ed285211,2025-03-27T16:45:46.410000 CVE-2025-30214,0,0,18b0a8e5b0aa52930309829b5c50a4314f3b9445c89b2192f63b40d54ef90591,2025-03-27T16:45:46.410000 -CVE-2025-30215,1,1,fa054c25808a3888174e1f30e9df56e9a3b059a0fd95562f12add7995bb8550e,2025-04-16T01:15:53.670000 +CVE-2025-30215,0,0,fa054c25808a3888174e1f30e9df56e9a3b059a0fd95562f12add7995bb8550e,2025-04-16T01:15:53.670000 CVE-2025-30216,0,0,4a4e5b54f04495c4df1b80922555eeaa5f35ae1f03a9f789985b2bdeebb439d3,2025-03-27T16:45:46.410000 CVE-2025-30217,0,0,255ed4a5f5d331010e4f8f80bb9c804fc57df9c07f06a9ea33aa8ab1adac0ffe,2025-03-31T13:15:45.683000 CVE-2025-30218,0,0,0938dca1e8d47564f064f28410796b8b85eb62ded957e7109b8e0c2e3158457f,2025-04-07T14:18:34.453000 @@ -289047,7 +289050,7 @@ CVE-2025-31546,0,0,ea1a0fbb32fc0d8f843e251c2900c9f3bf773f8bead39ce5af4bea45a6c7d CVE-2025-31547,0,0,f5607c580924af16dd0ada70846ece32dcd8885ccfe1f299b8e940090918b0c6,2025-04-01T20:26:30.593000 CVE-2025-31548,0,0,d1b4214b4f31dcd8a9025f858166713a075840a49164ed00e12986869a0aecde,2025-04-02T14:58:07.527000 CVE-2025-31549,0,0,6e04d0af8bd8de1ee53eb25324158c685c942726fcb5a8e75e9378a9fbb44aac,2025-04-01T20:26:30.593000 -CVE-2025-3155,0,0,4c655058ba8507752997992f548ef355bd8a4c2040437a6bcc8ac21390dc4ebb,2025-04-08T13:15:41.573000 +CVE-2025-3155,0,1,3f2f8cbb10b024f8148edc291194a81ce813e84f90c23c60b4a12cc9e9054afe,2025-04-16T03:15:17.380000 CVE-2025-31550,0,0,83f208aa53a9d367608231584d9c7b6b24f74f32a0a08dd8a80b85123a4b82ee,2025-04-02T14:58:07.527000 CVE-2025-31551,0,0,01a6ff107cfbcc3282db3d6ad9a7d1be104aab604084a23cac69debe8b4c1934,2025-04-02T14:58:07.527000 CVE-2025-31552,0,0,acadf09f28068f6285801331d50088e92d056876ddaa343a4a85705dae7fcdc2,2025-04-02T14:58:07.527000 @@ -289652,7 +289655,7 @@ CVE-2025-32380,0,0,c8e502ca2a1d7848aa29488649458187bb1c1a319841e66316c941fb4f151 CVE-2025-32381,0,0,9a021bccb8055e9ac06ab545154eb07d7cb170bef3ba75a0a61768987e904be0,2025-04-09T20:02:41.860000 CVE-2025-32382,0,0,500e2233bfdde4ca81f1cd7422b1483ead79a7537a8327f54eb95ab0c00c34d0,2025-04-11T15:39:52.920000 CVE-2025-32383,0,0,0af06fa6169ce711a7266c3fcbd3f7c3bdf408f8bfe0c4ec49d8139c73ec676b,2025-04-11T15:39:52.920000 -CVE-2025-32385,1,1,3971c96b1694f29505bcc6ea03127f5fb9e32904c841e72f29aca63a4ddc9a8c,2025-04-16T00:15:19.907000 +CVE-2025-32385,0,0,3971c96b1694f29505bcc6ea03127f5fb9e32904c841e72f29aca63a4ddc9a8c,2025-04-16T00:15:19.907000 CVE-2025-32386,0,0,35fa478ec866097c61376bec0ef1c1b1fc66dbd01bb69c1c6b6e024f68419ecd,2025-04-11T15:40:10.277000 CVE-2025-32387,0,0,d79aab09e55ea3579243a6297cec6b2889716102a81419246cfea55d51fc569c,2025-04-11T15:40:10.277000 CVE-2025-32388,0,0,08a806e8c80b0e5ceead86839bdea82fded1ed701016ef6b56fdadf847a9f42a,2025-04-15T23:15:42.843000 @@ -290028,6 +290031,7 @@ CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a390 CVE-2025-3474,0,0,86c754cf553decd220dba53e5d0d63448d8121da39946fc69feccec714981904,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,443d35ed0e717701a1888d83d8695b8f16fb37648583a3e79025b880997d544a,2025-04-09T20:02:41.860000 CVE-2025-3489,0,0,67fcd6c9f94bb6bf638f4e8bb2240b0887ef71aca32f3728fb5180eccf26711c,2025-04-11T15:40:10.277000 +CVE-2025-3495,1,1,33f3b3c0a3fdb55ad65eb4232402007b3699ef75002cf367ec54d67d64f7957b,2025-04-16T03:15:17.530000 CVE-2025-3512,0,0,036d013cd0e3204c7e29f8f12826d9befccf940571ea0ad101dc3475585d72f8,2025-04-11T15:39:52.920000 CVE-2025-3522,0,0,13b86e2113b9916628d4f3c98532160fc0a580631a97f6054902fe5b2e21cfb5,2025-04-15T19:16:08.057000 CVE-2025-3523,0,0,fa61e276ed520c60ef470d9ec997dd78ddb7b8dd8cb8ae65af3613434a0804b4,2025-04-15T18:39:27.967000 @@ -290093,3 +290097,7 @@ CVE-2025-3613,0,0,9c314abbc6473987a4462c7f86d0ede7026d1a1d89f3e10127913343b31eed CVE-2025-3617,0,0,8b166380afe19241854c65e4319a7a4bf7fa4a3b21b435fec16e6239c6e67cc8,2025-04-15T18:39:27.967000 CVE-2025-3618,0,0,eda45473138c6808735db2df162e6171a422dd9195142056b67b3d52202066c7,2025-04-15T18:39:27.967000 CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000 +CVE-2025-3663,1,1,fa2e0960b918812c638afdd8c1c2fafb9b500a45bc96c2abddaf978fcf1b98a1,2025-04-16T03:15:17.680000 +CVE-2025-3664,1,1,cf22f719d3698b38e86a180ea4652dc27df85c18f033ca8e0b197b572edbf120,2025-04-16T03:15:17.883000 +CVE-2025-3665,1,1,1f4374ee4287f0666887b1c9fc6ecdfcbb0aa03e9e8bb8ffd16185df92964133,2025-04-16T03:15:18.057000 +CVE-2025-3698,1,1,ef82dc028cd253273764159d19762bdf354152d22755dd0186a08209438342d7,2025-04-16T03:15:18.223000