diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11437.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11437.json new file mode 100644 index 00000000000..04ec453a387 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11437.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11437", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:06.150", + "lastModified": "2025-01-07T04:15:06.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/timeline-designer/trunk/admin/assets/admin-shortcode-list.php#L41", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12349179-e61c-42b8-b0ff-5b49fc4906c1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11777.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11777.json new file mode 100644 index 00000000000..0a3484e5591 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11777.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11777", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.200", + "lastModified": "2025-01-07T04:15:07.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/sell-media/trunk//gutenberg/blocks/sell-media-search-form/sell-media-search-form.php#L219", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/sell-media/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a35f0bb-691f-4acf-a30d-4ddabe3b919c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11899.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11899.json new file mode 100644 index 00000000000..1cb5a25cfcf --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11899.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-11899", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.350", + "lastModified": "2025-01-07T04:15:07.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/slider-pro-lite/tags/1.4.1/public/class-slider-renderer.php#L181", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/slider-pro-lite/tags/1.4.1/public/class-sliderpro.php#L310", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/slider-pro-lite/tags/1.4.1/public/class-sliderpro.php#L447", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/slider-pro-lite/tags/1.4.1/public/class-sliderpro.php#L98", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d10036de-940f-4772-9aca-13bc647548d2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11934.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11934.json new file mode 100644 index 00000000000..fa2abf92269 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11934.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11934", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.520", + "lastModified": "2025-01-07T04:15:07.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018address\u2019 parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/formaloo-form-builder/trunk/formaloo.php#L431", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/formaloo-form-builder/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b7ddf44-a1d2-4042-9219-591ebc8e4250?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12022.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12022.json new file mode 100644 index 00000000000..7d28cf2f248 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12022.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12022", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.677", + "lastModified": "2025-01-07T04:15:07.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-menu-image/trunk/init/wmi-functions.php#L126", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96193c0-ddde-463b-a68e-672ab6f812c7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12098.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12098.json new file mode 100644 index 00000000000..cae059bf05e --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12098.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12098", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.837", + "lastModified": "2025-01-07T04:15:07.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/ars-affiliate-page/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a25b2187-2ba8-4332-9f96-a003edd97ff6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12402.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12402.json new file mode 100644 index 00000000000..a183008ad12 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12402.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12402", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:07.990", + "lastModified": "2025-01-07T04:15:07.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/tc-ecommerce/trunk/controller/app_user.php#L338", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec14b1e-6d1a-4451-9fce-ac064623d92f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12416.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12416.json new file mode 100644 index 00000000000..cf5198d605a --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12416.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12416", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:08.143", + "lastModified": "2025-01-07T04:15:08.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woomotiv/trunk/lib/functions.php#693", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woomotiv/trunk/lib/functions.php#L521", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woomotiv/trunk/lib/functions.php#L614", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82016921-4efb-47b4-9a75-45cae4ad80f9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12419.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12419.json new file mode 100644 index 00000000000..9b7adc50bcc --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12419.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12419", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:08.337", + "lastModified": "2025-01-07T04:15:08.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cf7-styler/tags/1.6.9/admin/class-cf7-customizer-admin.php#L295", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cf7-styler/tags/1.6.9/admin/class-cf7-customizer-admin.php#L300", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cf7-styler/tags/1.6.9/admin/class-cf7-customizer-admin.php#L405", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d78ea71-5886-488e-a660-0dc25129a8b6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12528.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12528.json new file mode 100644 index 00000000000..9067bc95998 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12528.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12528", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:08.543", + "lastModified": "2025-01-07T04:15:08.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-survey-and-poll/trunk/wordpress-survey-and-poll.php#L146", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-survey-and-poll/trunk/wordpress-survey-and-poll.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51cc6247-1948-4de1-b347-c7d818400777?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12538.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12538.json new file mode 100644 index 00000000000..b1789783978 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12538.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12538", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:08.720", + "lastModified": "2025-01-07T04:15:08.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/duplicate-pp/trunk/duplicate-pp.php#L22", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f38543ff-1074-4273-be33-8142d59e904f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12540.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12540.json new file mode 100644 index 00000000000..3eed0a3afa9 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12540.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12540", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:08.917", + "lastModified": "2025-01-07T04:15:08.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ldd-directory-lite/trunk/templates/frontend/edit-submit.php#L10", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/ldd-directory-lite/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12541.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12541.json new file mode 100644 index 00000000000..9a422c3a203 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12541.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12541", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:09.083", + "lastModified": "2025-01-07T04:15:09.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/chative-live-chat-and-chatbot/trunk/chative-plugin.php#L51", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/chative-live-chat-and-chatbot/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61d3cb97-f12b-4480-88fc-2bdcbf4cdae3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12557.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12557.json new file mode 100644 index 00000000000..16b062e9364 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12557.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12557", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:09.260", + "lastModified": "2025-01-07T04:15:09.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/transportersio/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f79778c-c11a-4d98-bc26-8113c3fef630?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12559.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12559.json new file mode 100644 index 00000000000..79d9d8f9e31 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12559.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12559", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:09.433", + "lastModified": "2025-01-07T04:15:09.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/clickdesigns/tags/1.8.0/includes/clickdesigns-ajax.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/clickdesigns/tags/1.8.0/includes/clickdesigns-ajax.php#L79", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d19968-dbd8-4433-99a7-b973a59c4653?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12590.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12590.json new file mode 100644 index 00000000000..5eda02800a5 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12590.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12590", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:09.607", + "lastModified": "2025-01-07T04:15:09.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-youtube-gallery/trunk/wpyg-class.php#L87", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-youtube-gallery/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b9e6f21-4c26-4ff8-9d0f-c66cd537fdcc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12592.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12592.json new file mode 100644 index 00000000000..576279e4f07 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12592.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12592", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T04:15:09.783", + "lastModified": "2025-01-07T04:15:09.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/sellsy/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd3610c-cce4-420c-85c1-0b71679df650?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-223xx/CVE-2025-22395.json b/CVE-2025/CVE-2025-223xx/CVE-2025-22395.json new file mode 100644 index 00000000000..7b4b370e841 --- /dev/null +++ b/CVE-2025/CVE-2025-223xx/CVE-2025-22395.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22395", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-01-07T03:15:06.047", + "lastModified": "2025-01-07T03:15:06.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-280" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bd545887b1a..9272dfbefc1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-07T03:00:21.769231+00:00 +2025-01-07T05:00:19.408614+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-07T01:15:06.913000+00:00 +2025-01-07T04:15:09.783000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275855 +275873 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `18` +- [CVE-2024-11437](CVE-2024/CVE-2024-114xx/CVE-2024-11437.json) (`2025-01-07T04:15:06.150`) +- [CVE-2024-11777](CVE-2024/CVE-2024-117xx/CVE-2024-11777.json) (`2025-01-07T04:15:07.200`) +- [CVE-2024-11899](CVE-2024/CVE-2024-118xx/CVE-2024-11899.json) (`2025-01-07T04:15:07.350`) +- [CVE-2024-11934](CVE-2024/CVE-2024-119xx/CVE-2024-11934.json) (`2025-01-07T04:15:07.520`) +- [CVE-2024-12022](CVE-2024/CVE-2024-120xx/CVE-2024-12022.json) (`2025-01-07T04:15:07.677`) +- [CVE-2024-12098](CVE-2024/CVE-2024-120xx/CVE-2024-12098.json) (`2025-01-07T04:15:07.837`) +- [CVE-2024-12402](CVE-2024/CVE-2024-124xx/CVE-2024-12402.json) (`2025-01-07T04:15:07.990`) +- [CVE-2024-12416](CVE-2024/CVE-2024-124xx/CVE-2024-12416.json) (`2025-01-07T04:15:08.143`) +- [CVE-2024-12419](CVE-2024/CVE-2024-124xx/CVE-2024-12419.json) (`2025-01-07T04:15:08.337`) +- [CVE-2024-12528](CVE-2024/CVE-2024-125xx/CVE-2024-12528.json) (`2025-01-07T04:15:08.543`) +- [CVE-2024-12538](CVE-2024/CVE-2024-125xx/CVE-2024-12538.json) (`2025-01-07T04:15:08.720`) +- [CVE-2024-12540](CVE-2024/CVE-2024-125xx/CVE-2024-12540.json) (`2025-01-07T04:15:08.917`) +- [CVE-2024-12541](CVE-2024/CVE-2024-125xx/CVE-2024-12541.json) (`2025-01-07T04:15:09.083`) +- [CVE-2024-12557](CVE-2024/CVE-2024-125xx/CVE-2024-12557.json) (`2025-01-07T04:15:09.260`) +- [CVE-2024-12559](CVE-2024/CVE-2024-125xx/CVE-2024-12559.json) (`2025-01-07T04:15:09.433`) +- [CVE-2024-12590](CVE-2024/CVE-2024-125xx/CVE-2024-12590.json) (`2025-01-07T04:15:09.607`) +- [CVE-2024-12592](CVE-2024/CVE-2024-125xx/CVE-2024-12592.json) (`2025-01-07T04:15:09.783`) +- [CVE-2025-22395](CVE-2025/CVE-2025-223xx/CVE-2025-22395.json) (`2025-01-07T03:15:06.047`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-24992](CVE-2024/CVE-2024-249xx/CVE-2024-24992.json) (`2025-01-07T01:15:06.780`) -- [CVE-2024-54661](CVE-2024/CVE-2024-546xx/CVE-2024-54661.json) (`2025-01-07T01:15:06.913`) ## Download and Usage diff --git a/_state.csv b/_state.csv index db352c24c02..9f734fd4c11 100644 --- a/_state.csv +++ b/_state.csv @@ -244350,6 +244350,7 @@ CVE-2024-11432,0,0,23ac14594d755e6c7a831370f44441d1aa2fbce3d7125bf0c721d30eaec68 CVE-2024-11433,0,0,d7d2b17ecf1f1820c7a169038fcd2102a16fa9aa18d9b8e0d8b10a268cadf048,2024-12-12T04:15:05.990000 CVE-2024-11435,0,0,1380b27cd2035f7566d8c3a22d2255debbb483bdbc16e31011480f4da4fce733,2024-11-21T13:57:24.187000 CVE-2024-11436,0,0,d9ba482fa12f5a77f1e6d71752538b4ac13c80723176e1f973fa002876475cf9,2024-12-07T02:15:17.980000 +CVE-2024-11437,1,1,3b0251b583011184b79fa07b5e9f572dc3fbc9ec947d6b93edcf5e5a1fd4c171,2025-01-07T04:15:06.150000 CVE-2024-11438,0,0,f8be712e8ca0c6e2e4ec7ab8e5edf4587d3042f01694165651aa92a3bd58aa58,2024-11-21T13:57:24.187000 CVE-2024-11439,0,0,14a4773754279132bb32a6fa7230c5939b3fc3419bb20a864a23b6dac394549c,2024-12-18T03:15:24.583000 CVE-2024-1144,0,0,abce3af1982b67316bbd44c97fc519435f8a2ffe156205161918695ae799390d,2024-11-21T08:49:53.953000 @@ -244644,6 +244645,7 @@ CVE-2024-11773,0,0,8f508701342909bb3125bf0e1fc423b8efe31d0b55b4e2a3bdbbc0d7a1ff1 CVE-2024-11774,0,0,2f351d61aa038a49c773ab74e882e8cd2203f9cf3f3df13c0faa462f8ee3a46b,2024-12-20T07:15:10.393000 CVE-2024-11775,0,0,0be2b5775aa12c2634dedea0534264de5c8544551afcfc7760cb6a86958e9dd8,2024-12-20T07:15:10.597000 CVE-2024-11776,0,0,db96a767ae984aa946e97339afd57034a67d2d93961a6fe48dad1a311ebfe8b3,2024-12-20T03:15:06.420000 +CVE-2024-11777,1,1,3f98ebf065259973e17593034b9da476d62f4f3a8b02a7ab11c065a411f92301,2025-01-07T04:15:07.200000 CVE-2024-11779,0,0,66ab9533cf27509ff85b54c7dc6f857efc44402b9c1a2b7fc4f1c1fbd8a0b4e7,2024-12-05T10:31:39.980000 CVE-2024-1178,0,0,455b49ccf992fe53bd03a32d9f022f083f7714cf103a3dd0d2ba2a085047974c,2024-11-21T08:49:58.357000 CVE-2024-11781,0,0,c0e6be58a4f2f20ed752d41934ec31e6ef434c9b40a727cf73a45e49f6a0c1d4,2024-12-12T06:15:21.940000 @@ -244746,6 +244748,7 @@ CVE-2024-11894,0,0,9e31b28fa56a41e12b82fdf98576d9a13777f5eed7b6c3fc1f71a85af109e CVE-2024-11896,0,0,34f349ccc91bcf6d6c27bb81a454efc17924954cfa878d33ee370546a785a3f4,2024-12-24T09:15:05.663000 CVE-2024-11897,0,0,63c2369fafd5da048dd57864988be95602290ce10df0f51d423ab54c866c15e0,2024-12-04T03:15:05.380000 CVE-2024-11898,0,0,e843212abf00805a20f8b4b65b36c01f75cc2096cf65f2d0e7899f11eb517a82,2024-12-03T08:15:06.857000 +CVE-2024-11899,1,1,2d9622bde30df58f2b333ce412c343551a1059bea7bd567b64028a464b5ac3e7,2025-01-07T04:15:07.350000 CVE-2024-1190,0,0,234a49a5e7705658abf0b6e88d111180ae34b962c9b1fcba39bd09bd939fee39,2024-11-21T08:49:59.993000 CVE-2024-11900,0,0,907cc46cf6ec9c4d3d9c16ef3063c98e3f05e3d3fbaf96bdac5c807705a3d6e6,2024-12-17T00:15:04.917000 CVE-2024-11901,0,0,b4f47b708bd6950d29700a0fa25685f0a500c1152f87b15c0f3253f7e0b084c7,2024-12-12T04:15:06.817000 @@ -244768,6 +244771,7 @@ CVE-2024-11928,0,0,4eb81c3b991253e17b093831750d2f60d8030675796e16e7e29cc29429037 CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000 CVE-2024-11930,0,0,3d6f16686fbf2f10ff523adfd2c8cbb605e12592056b32937532511e03efa5aa,2025-01-04T09:15:05.880000 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 +CVE-2024-11934,1,1,df49356b7407c6592fac7ee78248ff2dfb17d24355b0e22b8f9a7697c9ad6729,2025-01-07T04:15:07.520000 CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000 CVE-2024-11938,0,0,6867b7d1c50742be481431f973c83467fcdb9442488abece06649b31c7a1e61f,2024-12-21T07:15:08.453000 CVE-2024-1194,0,0,2ad6fa2abb4bb109947132f87b19e7c09219cf51535c19102f3cbbfcba6ba405,2024-11-21T08:50:00.573000 @@ -244836,6 +244840,7 @@ CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000 CVE-2024-12018,0,0,593c05ac2f3dac4339301164983c309f8de674e944577becd0f305b7e0d23ef0,2024-12-12T06:15:22.737000 CVE-2024-1202,0,0,a098cbd545693e5d361995e28174ffa246c4ae019a07a45a38ebe2abdfe163e3,2024-11-21T08:50:01.790000 +CVE-2024-12022,1,1,08c553a81c76cd8c361877e5f844a3ca91d6fad54d361a7829130df17ee98a64,2025-01-07T04:15:07.677000 CVE-2024-12024,0,0,653613587e608bd6caaf8de2305d76e365d1bc24ca72c717531373600ef68f49,2024-12-17T10:15:05.643000 CVE-2024-12025,0,0,48a6a81843ce463d9a84b144c8201ecb34a901e35178968cb10c7b2b1d7242fe,2024-12-18T04:15:07.347000 CVE-2024-12026,0,0,cbdee4f4d341b218f2a9910c9db7c968e1470cd32e93684865d3bd2934d626d1,2024-12-07T02:15:18.520000 @@ -244871,6 +244876,7 @@ CVE-2024-12091,0,0,35c9100407a2a2f03cc09233dbdc35208e548ffdd088d484bb9b374c740b5 CVE-2024-12092,0,0,6cedbb52bdc4fd872b35781acb98ac9a9b54d520c5d29f314ba42350997260f9,2024-12-16T15:15:06.677000 CVE-2024-12094,0,0,918109c0341953bed354c9dc0c1e3bf994d002b139d0d147a6756e1d0b4180c2,2024-12-05T13:15:05.923000 CVE-2024-12096,0,0,a0b37dcc639d983cbff8481184c987ae3b7851e6c867f94b52bee5fdf38bc784,2024-12-24T17:15:07.497000 +CVE-2024-12098,1,1,b63726c5152f425567a10a211b5f28fbcff6e537525be9d0cac5349c5e9b327f,2025-01-07T04:15:07.837000 CVE-2024-12099,0,0,82c97da21165b875b9d77b9a11ed031ee03fad8a14b90d2e80c74afeac6e262d,2024-12-04T04:15:04.287000 CVE-2024-1210,0,0,f5a9389cac94cbfcfa3f0d961d1ea27115bf7afa331ce2988db15dbaf2efdf76,2024-11-21T08:50:02.867000 CVE-2024-12100,0,0,5d9bee140d619efc5bcb5724e98abb1747cc29824dfdae10a66de74940256d24,2024-12-24T06:15:32.830000 @@ -245047,6 +245053,7 @@ CVE-2024-12395,0,0,75ff5ef98722c35fb11d383db877ddbb73a300c7cb334e918191d763e2409 CVE-2024-12397,0,0,661288be67552f431f0a0bf144bed2d313b12b592e50cdc78451d7c1272f6fb5,2024-12-12T09:15:05.570000 CVE-2024-1240,0,0,28733ede53b96385ee0de4a7c5187b3db0d925b1e4ab6e977522dc277dee75de,2024-11-19T19:04:53.913000 CVE-2024-12401,0,0,ba741c7b51198b95eba245807f65253a1c54ea777ddd918337cd97bd144396fe,2024-12-12T09:15:05.790000 +CVE-2024-12402,1,1,8e35cfc4cf7a344abb45fa7331224e766525626c55ea5686a3d8b4838a76c51f,2025-01-07T04:15:07.990000 CVE-2024-12405,0,0,631a04fc890c6ac2fbe1fd822df1e67f289f1ef7b029b11f0950a96d4993c03b,2024-12-24T06:15:33.123000 CVE-2024-12406,0,0,3a24bd925fcaee835bc0ee30f7ad38b16626ae1e5c8470fedd28227d3dd60123,2024-12-12T05:15:12.210000 CVE-2024-12408,0,0,c9a97800ebdc971055fe039c0934b7c899913355f0545cc6cb71b6253bd484f6,2024-12-21T10:15:08.067000 @@ -245054,7 +245061,9 @@ CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67e CVE-2024-12411,0,0,fca8eab422ceda64b215d958b150a7f03625a9aa9df8afa22fe2b27e73430e47,2024-12-14T05:15:10.437000 CVE-2024-12413,0,0,fdd057a05387c9ace72d4ba4316c6065bf29813d0f1c7f4a169e0a5a81de204b,2024-12-25T04:15:06.607000 CVE-2024-12414,0,0,ecf25a2c3f536085b4d44f95471b078e2b7cb6ad454e7c12c9e7d103ff4fa2bb,2024-12-13T09:15:08.070000 +CVE-2024-12416,1,1,435759be4e4ba56188ea7f6720fc32442a546d90f18b812fdb1df1c91242e1f0,2025-01-07T04:15:08.143000 CVE-2024-12417,0,0,bd175c91ae947c344e10a61ee40da01cd87015ebf65316b1689d31a703a65c78,2024-12-13T09:15:08.353000 +CVE-2024-12419,1,1,1650645ff6c9400ef0ef895584325bbd55288f83ea55cd87214a983e3f37109a,2025-01-07T04:15:08.337000 CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc1314073,2024-11-21T08:50:08.620000 CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247bfd,2024-12-13T09:15:08.627000 CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000 @@ -245111,17 +245120,23 @@ CVE-2024-12518,0,0,e836e2bda2de8df1c322fb96b28c258a6308fb3f7a0cbb3b5a146ac83d3fa CVE-2024-1252,0,0,d03beb126367df5b21be601ec7e2ecf5f48cece91d0754af14f589827736f3cf,2024-11-21T08:50:09.700000 CVE-2024-12523,0,0,185a41d328f0e130d8ed17ada12f64a855433449910369cbbb025fff8ce0f4d8,2024-12-14T05:15:11.640000 CVE-2024-12526,0,0,b192d6e45212a3c6d09a8a6cd2198d071bb3ba4da94a4e2bf151be7ad2c18324,2024-12-12T05:15:13.577000 +CVE-2024-12528,1,1,b542d57e01c0c48ad9564b0890e0d12d29edb2156a8c53246e86bf7139add551,2025-01-07T04:15:08.543000 CVE-2024-1253,0,0,a598e10fa6d530af6148de164d99995412d597f7142ead42d62b85e905a98949,2024-11-21T08:50:09.843000 CVE-2024-12536,0,0,a925f1a48eff74b537962fd623796390384e9d276d37e7a9cb0d9ba10f9464b0,2024-12-13T17:14:44.007000 +CVE-2024-12538,1,1,b01ad61b9334acc7635ec3132a042fbc3171b4976dc799538cae1899a313c7bf,2025-01-07T04:15:08.720000 CVE-2024-12539,0,0,bf2bc8684b4967ec9692452689aaa296f660969c9ab0dd0ec9b638e64908ab0d,2024-12-17T21:15:07.183000 CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c91,2024-11-21T08:50:09.993000 +CVE-2024-12540,1,1,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000 +CVE-2024-12541,1,1,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000 CVE-2024-12545,0,0,5409af2cc867f9cbfaa0048cd65660c930731d490c0e60928807d15814cab2e6,2025-01-04T08:15:06.363000 CVE-2024-1255,0,0,5935182eb4eb024c7cf7e3cda464e0c74472c4e58bc0030bb090a2a8f708b72f,2024-11-21T08:50:10.150000 CVE-2024-12552,0,0,8443c6d0851e2c1de6fc0e2780c54c711d712f43dce29b5a9fc2e07cff55adf4,2024-12-13T23:15:05.553000 CVE-2024-12553,0,0,cd61f311646d40093b2eea8b09f233e945a3d877e60c1a1abbe43e2cfcd9ea6a,2024-12-13T23:15:06.310000 CVE-2024-12554,0,0,03325541f88792da1f6e44f52ff0851958b98ec9e3aa0b4c7708f85287495a8a,2024-12-18T10:15:08.493000 CVE-2024-12555,0,0,2e017ff0ee33b0c8a472113c693bd6d33089424aa43829233098413c47eb605b,2024-12-14T05:15:11.827000 +CVE-2024-12557,1,1,c9c6d6d60fa1e63d0c31dc33ceb551ab46ad22cb114705bc0dfb08def0caa40b,2025-01-07T04:15:09.260000 CVE-2024-12558,0,0,ff1dd3178bf5e061322cf2e1a359f721c0d270a183cd44116b64f362a8103982,2024-12-21T10:15:08.600000 +CVE-2024-12559,1,1,f54cf3f9991327e38603b9f68b85ad1beb15e578526394c2a7bc1915ca2539bc,2025-01-07T04:15:09.433000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 CVE-2024-12560,0,0,d33290fc3e54f51dd78cb0afaf9a18e8538f72db9dd0f598ab5a68b55bfe89a1,2024-12-19T07:15:13.507000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 @@ -245139,7 +245154,9 @@ CVE-2024-12582,0,0,bbfe1aae814f308a85392c13709691d46da248e6458c80cb519b63fa483aa CVE-2024-12583,0,0,6c1f345fbc3f1cc53302e61a1dfbebbfcc1b6c1ee5d98cc4a9e3c7ebaa7ceed3,2025-01-04T09:15:06.090000 CVE-2024-12588,0,0,9ef4dd85f085f6ba612688cc14a2c49d05248e20e75bd2d7bdd4aff39b5ac0f2,2024-12-21T09:15:06.233000 CVE-2024-1259,0,0,1c6bb100fc9cba505c4d696801bfd3102c508e530bb2e36c86a6685675278bd7,2024-11-21T08:50:10.730000 +CVE-2024-12590,1,1,78caf08663857a2f888f89c4842ba777750ad04068c078583ff87671d3a13c4e,2025-01-07T04:15:09.607000 CVE-2024-12591,0,0,ab3753b6008fbe3e6034e40f9f857196cd212596c7c67b4ab270eba30c140899,2024-12-21T10:15:09.177000 +CVE-2024-12592,1,1,f7078feab8fa5eead0a6efa9f90d4e3b58439abfb00aa0f348c4b0049b74503e,2025-01-07T04:15:09.783000 CVE-2024-12594,0,0,594b37b561926a174996b6f220ac2c193da316e698a771fbe44cfee2e4625e76,2024-12-24T06:15:33.297000 CVE-2024-12595,0,0,d10767ce84f7e81d5a6ad487503289a59f4d01b86cd7eb0b224ee74e49237f41,2025-01-06T21:15:14.003000 CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9a09,2024-12-18T04:15:08.253000 @@ -250003,7 +250020,7 @@ CVE-2024-24989,0,0,47235b2a829b48983692a66465ee23949950254e8806e809055cb12909af6 CVE-2024-2499,0,0,58df8167ded63ef11aaf8fbfc99b0704fcf662a903d318b087b95eac1c8b0467,2024-11-21T09:09:53.297000 CVE-2024-24990,0,0,2e71c7b065f4e6a1008eadb9235e495f55c4b8557060386a7a771ac2cc1951ab,2024-11-21T09:00:05.750000 CVE-2024-24991,0,0,ab571423a1a6309b0495c9db088adb19784d1783badb8b28c84a771e894ba6a8,2024-11-21T09:00:05.867000 -CVE-2024-24992,0,1,7e6c184fe11d55e75cf8acbe2688410429d81c016034216dd125188eaae17636,2025-01-07T01:15:06.780000 +CVE-2024-24992,0,0,7e6c184fe11d55e75cf8acbe2688410429d81c016034216dd125188eaae17636,2025-01-07T01:15:06.780000 CVE-2024-24993,0,0,705a08374da6010fc88afad1a4ae031351a7f03de838c5465f09adbda3ac0c72,2024-11-21T09:00:06.103000 CVE-2024-24994,0,0,d5fa27d8c94a2d607fb5891b23235d287f859792d3db8dfcbd3aad8f2c8f6749,2024-11-21T09:00:06.213000 CVE-2024-24995,0,0,bd458f0919161b900cd48d7020c00c84097b82150d627380f7837bd5ffd2aba0,2024-11-21T09:00:06.323000 @@ -271255,7 +271272,7 @@ CVE-2024-5463,0,0,357d166209285de4e8f9b5c7c2d63d7eb415952b3a9d1476d831eb91162afa CVE-2024-5464,0,0,255f781a5f94f0faf95d7c73d6b2015838426915e8e0274a4b6257e37377ce5d,2024-11-21T09:47:43.990000 CVE-2024-5465,0,0,d854caa252ac359088449fa3628f1e50a198f1dced6d951af90835f292847339,2024-11-21T09:47:44.140000 CVE-2024-5466,0,0,bd8eca91ebf8acc552049523b9652cf94021fa13aaf76627ede5f76950f6758d,2024-12-19T20:21:12.243000 -CVE-2024-54661,0,1,13e4cca9a8df33a1723e5327d2d34e809c611fe62aeebc75663d0c80abb5d0eb,2025-01-07T01:15:06.913000 +CVE-2024-54661,0,0,13e4cca9a8df33a1723e5327d2d34e809c611fe62aeebc75663d0c80abb5d0eb,2025-01-07T01:15:06.913000 CVE-2024-54662,0,0,40063869c5984ddcfcaf82116b2fa9ee6b8ef71c24c68deda4080eb1ea805f5c,2024-12-18T16:15:14.220000 CVE-2024-54663,0,0,f5353753ee157eb79c3a456bcb90fa176ea7107dfe149747714f2e06d4f48033,2024-12-31T19:15:47.500000 CVE-2024-54664,0,0,d20f70ea69f653338f16a7f1cc2d57f70600da4ca2ed7cb633c4eef98563304e,2024-12-04T15:15:18.093000 @@ -275854,3 +275871,4 @@ CVE-2025-22387,0,0,9dd5c36f62757a631fb5a2b118d56ec31778a4d5c7b66059ba094bd093cfa CVE-2025-22388,0,0,7b76724cf59a9c67f325da6bd673f3f15746ba083c4bc35be8117d11c0a0d8b4,2025-01-06T15:15:16.307000 CVE-2025-22389,0,0,50d6eaab20c8259cde700c821ce2570def076c6cb2eb277d3379fa3f59f6550e,2025-01-04T03:15:07.580000 CVE-2025-22390,0,0,36805a833480d9f50dee34ab32e5ed9b2707017fd5287eb5a8abd68b1059bfbf,2025-01-06T17:15:48.170000 +CVE-2025-22395,1,1,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000