Skip to content

Commit 4ff1ad4

Browse files
cad-safe-botcad-safe-bot
committed
Auto-Update: 2026-02-26T13:00:12.004670+00:00
1 parent 9af12af commit 4ff1ad4

File tree

4 files changed

+173
-14
lines changed

4 files changed

+173
-14
lines changed

CVE-2025/CVE-2025-649xx/CVE-2025-64999.json

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
{
2+
"id": "CVE-2025-64999",
3+
"sourceIdentifier": "security@checkmk.com",
4+
"published": "2026-02-26T11:16:02.203",
5+
"lastModified": "2026-02-26T11:16:02.203",
6+
"vulnStatus": "Received",
7+
"cveTags": [],
8+
"descriptions": [
9+
{
10+
"lang": "en",
11+
"value": "Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link."
12+
}
13+
],
14+
"metrics": {
15+
"cvssMetricV40": [
16+
{
17+
"source": "security@checkmk.com",
18+
"type": "Secondary",
19+
"cvssData": {
20+
"version": "4.0",
21+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
22+
"baseScore": 7.3,
23+
"baseSeverity": "HIGH",
24+
"attackVector": "NETWORK",
25+
"attackComplexity": "LOW",
26+
"attackRequirements": "PRESENT",
27+
"privilegesRequired": "LOW",
28+
"userInteraction": "ACTIVE",
29+
"vulnConfidentialityImpact": "HIGH",
30+
"vulnIntegrityImpact": "HIGH",
31+
"vulnAvailabilityImpact": "HIGH",
32+
"subConfidentialityImpact": "NONE",
33+
"subIntegrityImpact": "LOW",
34+
"subAvailabilityImpact": "NONE",
35+
"exploitMaturity": "NOT_DEFINED",
36+
"confidentialityRequirement": "NOT_DEFINED",
37+
"integrityRequirement": "NOT_DEFINED",
38+
"availabilityRequirement": "NOT_DEFINED",
39+
"modifiedAttackVector": "NOT_DEFINED",
40+
"modifiedAttackComplexity": "NOT_DEFINED",
41+
"modifiedAttackRequirements": "NOT_DEFINED",
42+
"modifiedPrivilegesRequired": "NOT_DEFINED",
43+
"modifiedUserInteraction": "NOT_DEFINED",
44+
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
45+
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
46+
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
47+
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
48+
"modifiedSubIntegrityImpact": "NOT_DEFINED",
49+
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
50+
"Safety": "NOT_DEFINED",
51+
"Automatable": "NOT_DEFINED",
52+
"Recovery": "NOT_DEFINED",
53+
"valueDensity": "NOT_DEFINED",
54+
"vulnerabilityResponseEffort": "NOT_DEFINED",
55+
"providerUrgency": "NOT_DEFINED"
56+
}
57+
}
58+
]
59+
},
60+
"weaknesses": [
61+
{
62+
"source": "security@checkmk.com",
63+
"type": "Secondary",
64+
"description": [
65+
{
66+
"lang": "en",
67+
"value": "CWE-79"
68+
}
69+
]
70+
}
71+
],
72+
"references": [
73+
{
74+
"url": "https://checkmk.com/werk/19238",
75+
"source": "security@checkmk.com"
76+
}
77+
]
78+
}

CVE-2026/CVE-2026-11xx/CVE-2026-1198.json

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
{
2+
"id": "CVE-2026-1198",
3+
"sourceIdentifier": "cvd@cert.pl",
4+
"published": "2026-02-26T12:15:58.550",
5+
"lastModified": "2026-02-26T12:15:58.550",
6+
"vulnStatus": "Received",
7+
"cveTags": [],
8+
"descriptions": [
9+
{
10+
"lang": "en",
11+
"value": "SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in \"Obroty na kontach\" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed.\nThis issue was fixed in 6.30@A04.4_u06."
12+
}
13+
],
14+
"metrics": {
15+
"cvssMetricV40": [
16+
{
17+
"source": "cvd@cert.pl",
18+
"type": "Secondary",
19+
"cvssData": {
20+
"version": "4.0",
21+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
22+
"baseScore": 8.6,
23+
"baseSeverity": "HIGH",
24+
"attackVector": "NETWORK",
25+
"attackComplexity": "LOW",
26+
"attackRequirements": "NONE",
27+
"privilegesRequired": "LOW",
28+
"userInteraction": "NONE",
29+
"vulnConfidentialityImpact": "HIGH",
30+
"vulnIntegrityImpact": "HIGH",
31+
"vulnAvailabilityImpact": "NONE",
32+
"subConfidentialityImpact": "NONE",
33+
"subIntegrityImpact": "NONE",
34+
"subAvailabilityImpact": "NONE",
35+
"exploitMaturity": "NOT_DEFINED",
36+
"confidentialityRequirement": "NOT_DEFINED",
37+
"integrityRequirement": "NOT_DEFINED",
38+
"availabilityRequirement": "NOT_DEFINED",
39+
"modifiedAttackVector": "NOT_DEFINED",
40+
"modifiedAttackComplexity": "NOT_DEFINED",
41+
"modifiedAttackRequirements": "NOT_DEFINED",
42+
"modifiedPrivilegesRequired": "NOT_DEFINED",
43+
"modifiedUserInteraction": "NOT_DEFINED",
44+
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
45+
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
46+
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
47+
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
48+
"modifiedSubIntegrityImpact": "NOT_DEFINED",
49+
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
50+
"Safety": "NOT_DEFINED",
51+
"Automatable": "NOT_DEFINED",
52+
"Recovery": "NOT_DEFINED",
53+
"valueDensity": "NOT_DEFINED",
54+
"vulnerabilityResponseEffort": "NOT_DEFINED",
55+
"providerUrgency": "NOT_DEFINED"
56+
}
57+
}
58+
]
59+
},
60+
"weaknesses": [
61+
{
62+
"source": "cvd@cert.pl",
63+
"type": "Primary",
64+
"description": [
65+
{
66+
"lang": "en",
67+
"value": "CWE-89"
68+
}
69+
]
70+
}
71+
],
72+
"references": [
73+
{
74+
"url": "https://cert.pl/posts/2026/02/CVE-2026-1198",
75+
"source": "cvd@cert.pl"
76+
},
77+
{
78+
"url": "https://simple.com.pl/",
79+
"source": "cvd@cert.pl"
80+
}
81+
]
82+
}

README.md

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
1313
### Last Repository Update
1414

1515
```plain
16-
2026-02-26T11:00:11.850186+00:00
16+
2026-02-26T13:00:12.004670+00:00
1717
```
1818

1919
### Most recent CVE Modification Timestamp synchronized with NVD
2020

2121
```plain
22-
2026-02-26T09:16:15.510000+00:00
22+
2026-02-26T12:15:58.550000+00:00
2323
```
2424

2525
### Last Data Feed Release
@@ -33,18 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
3333
### Total Number of included CVEs
3434

3535
```plain
36-
334911
36+
334913
3737
```
3838

3939
### CVEs added in the last Commit
4040

41-
Recently added CVEs: `5`
41+
Recently added CVEs: `2`
4242

43-
- [CVE-2026-28083](CVE-2026/CVE-2026-280xx/CVE-2026-28083.json) (`2026-02-26T09:16:14.857`)
44-
- [CVE-2026-28131](CVE-2026/CVE-2026-281xx/CVE-2026-28131.json) (`2026-02-26T09:16:15.050`)
45-
- [CVE-2026-28132](CVE-2026/CVE-2026-281xx/CVE-2026-28132.json) (`2026-02-26T09:16:15.217`)
46-
- [CVE-2026-28136](CVE-2026/CVE-2026-281xx/CVE-2026-28136.json) (`2026-02-26T09:16:15.363`)
47-
- [CVE-2026-28138](CVE-2026/CVE-2026-281xx/CVE-2026-28138.json) (`2026-02-26T09:16:15.510`)
43+
- [CVE-2025-64999](CVE-2025/CVE-2025-649xx/CVE-2025-64999.json) (`2026-02-26T11:16:02.203`)
44+
- [CVE-2026-1198](CVE-2026/CVE-2026-11xx/CVE-2026-1198.json) (`2026-02-26T12:15:58.550`)
4845

4946

5047
### CVEs modified in the last Commit

_state.csv

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -323942,6 +323942,7 @@ CVE-2025-64994,0,0,e317ac99d670fcd423151ebc0a269e1d2f7bce8cb9f91b4bcbe069f5b1540
323942323942
CVE-2025-64995,0,0,1f038023716eb9ce4f46d24a60f1dbde8070ce6cc433bf564f97e53ce0a5f4f6,2026-01-09T02:02:53.120000
323943323943
CVE-2025-64996,0,0,267f9988381414992b0e87cf3c49f6db7687d84ddcc3c643e91b2ac79e8b2566,2025-11-24T14:13:26.960000
323944323944
CVE-2025-64997,0,0,33844fa216603fd62e9f307b656ac6467b59badbc3a557999d329d43a075e742,2025-12-23T17:03:40.013000
323945+
CVE-2025-64999,1,1,b2286bf058293be510567a63dc3465520c40a931603212352e353e10e5cb30b1,2026-02-26T11:16:02.203000
323945323946
CVE-2025-6500,0,0,7602f435f20916b80cbc1166133738fb4cac000fa6415e2f6accb678745e58c5,2025-06-27T16:58:31.480000
323946323947
CVE-2025-65000,0,0,94d83667ad26449a09bc84df20f015bb2205806bd1e95cad6d30a8358a0fbd1a,2025-12-23T17:04:50.833000
323947323948
CVE-2025-65001,0,0,e60a7700b337b886de96839047cce631e6d0c2e130227287dea2f2997c3366a4,2026-02-25T06:16:24.607000
@@ -330582,6 +330583,7 @@ CVE-2026-1194,0,0,a596337f15ae0d21ee81158ddb5a6e70de700ee0b4af4c212d1e115e78f20d
330582330583
CVE-2026-1195,0,0,7b622316dc60c143845c0cd7046fcc7fa9d8fa1d1fef4428649aec43aad643c9,2026-02-05T20:12:24.977000
330583330584
CVE-2026-1196,0,0,e8c2dc953d74cfb244454ccd24c108fde048561b546a53ae7cd1b43969c00478,2026-02-05T20:19:41.073000
330584330585
CVE-2026-1197,0,0,21253ae16d02638492ab77ab089454cf92e44fdd600b0669ed187dd169d7c91f,2026-02-05T17:51:25.050000
330586+
CVE-2026-1198,1,1,ee7c40646414442c2b4d3ecd640d3af7c8e065886e5d5cac4d3552741ea96bea,2026-02-26T12:15:58.550000
330585330587
CVE-2026-1200,0,0,828fb7123e4eecc531e9b851757d9ef3d3ea5b1a66fa777c8d6f51032dbe3f7b,2026-02-19T15:53:02.850000
330586330588
CVE-2026-1201,0,0,51ed7723a81dd48adb2ba1673e00e037bd5e572cf1b610c8a8f93508631e3a02,2026-01-29T17:16:23.307000
330587330589
CVE-2026-1202,0,0,3c0e58fb65e7713f4b8283cc11fd433047c0eb5f3af2654a19c89aa24fd32bf6,2026-01-29T21:16:18.990000
@@ -334709,11 +334711,11 @@ CVE-2026-2804,0,0,ff0946aac68765f2064088b9ddf31a1896bc9370339381babd0dc454b58174
334709334711
CVE-2026-2805,0,0,6efef59f6850c20800591ee5507c8231fba27611c50b33109f26e18b8ddf82bc,2026-02-25T22:16:28.247000
334710334712
CVE-2026-2806,0,0,c9255c229c50758bbebb40e3ce852130d2972d1760c10139bca481726799174e,2026-02-25T22:16:28.437000
334711334713
CVE-2026-2807,0,0,a55213e3aed861c8638b894b969088394221306a71610bab70e6aabc05e46abd,2026-02-25T19:43:24.757000
334712-
CVE-2026-28083,1,1,00429bfb2e45c5d1a5bc9d3d766ba968b1f921ff1134e382cc2bbc43ff93afad,2026-02-26T09:16:14.857000
334713-
CVE-2026-28131,1,1,80f9d1d4e102de234a2e2246c1a0bc609c23017385ff921907aaadc07b11c773,2026-02-26T09:16:15.050000
334714-
CVE-2026-28132,1,1,5eb9c2452a45b95bacd3624444460073fcb28f298d774c1e99e50fc4e5987409,2026-02-26T09:16:15.217000
334715-
CVE-2026-28136,1,1,fa019f1908a326297f9d03cf1373e1069e3cb2f7ce1a441cda83fe61298f6267,2026-02-26T09:16:15.363000
334716-
CVE-2026-28138,1,1,ae5304ca7abc0ad7402506562246fb5e17d2f8dc020b1ff88dc3647159b47709,2026-02-26T09:16:15.510000
334714+
CVE-2026-28083,0,0,00429bfb2e45c5d1a5bc9d3d766ba968b1f921ff1134e382cc2bbc43ff93afad,2026-02-26T09:16:14.857000
334715+
CVE-2026-28131,0,0,80f9d1d4e102de234a2e2246c1a0bc609c23017385ff921907aaadc07b11c773,2026-02-26T09:16:15.050000
334716+
CVE-2026-28132,0,0,5eb9c2452a45b95bacd3624444460073fcb28f298d774c1e99e50fc4e5987409,2026-02-26T09:16:15.217000
334717+
CVE-2026-28136,0,0,fa019f1908a326297f9d03cf1373e1069e3cb2f7ce1a441cda83fe61298f6267,2026-02-26T09:16:15.363000
334718+
CVE-2026-28138,0,0,ae5304ca7abc0ad7402506562246fb5e17d2f8dc020b1ff88dc3647159b47709,2026-02-26T09:16:15.510000
334717334719
CVE-2026-2817,0,0,4fe2301c75ba0d1a541656044a69e243413adce0693b13aa068fb7d1a84f6831,2026-02-20T13:49:47.623000
334718334720
CVE-2026-2818,0,0,184247530971592cb3c6ae458fa5550515e95e0dae32f1391cbab3934df79c20,2026-02-20T18:57:15.973000
334719334721
CVE-2026-2819,0,0,2fa943bea09f1b16ff116c0c38ec42799e8a2ef8c5cfdcdff67b6657529ad12c,2026-02-20T13:49:47.623000

0 commit comments

Comments
 (0)