admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-31T11:00:19.367074+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-31 11:03:43 +00:00
parent a6402cdbc3
commit 20518ac212
16 changed files with 883 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
CVE-2024/CVE-2024-130xx/CVE-2024-13067.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-13067",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-31T09:15:05.307",
"lastModified": "2024-12-31T09:15:05.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://codeastro.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/shaturo1337/POCs/blob/main/Broken%20Access%20Control%20in%20Online%20Food%20Ordering%20System.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289823",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289823",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.472081",
"source": "cna@vuldb.com"
}
]
}

50
CVE-2024/CVE-2024-215xx/CVE-2024-21520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21520",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-26T05:15:50.093",
"lastModified": "2024-11-21T08:54:36.510",
"lastModified": "2024-12-31T10:15:06.317",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "report@snyk.io",
@ -56,10 +100,6 @@
"url": "https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642",
"source": "report@snyk.io"
},
{
"url": "https://github.com/encode/django-rest-framework/compare/3.15.1...3.15.2",
"source": "report@snyk.io"
},
{
"url": "https://github.com/encode/django-rest-framework/pull/9435",
"source": "report@snyk.io"

44
CVE-2024/CVE-2024-494xx/CVE-2024-49422.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-49422",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-12-31T09:15:05.740",
"lastModified": "2024-12-31T09:15:05.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10",
"source": "mobile.security@samsung.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56211.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56211",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:09.390",
"lastModified": "2024-12-31T10:15:09.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-authenticated-arbitrary-user-meta-update-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56212.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56212",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:09.573",
"lastModified": "2024-12-31T10:15:09.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56213.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56213",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:09.727",
"lastModified": "2024-12-31T10:15:09.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-plugin-4-0-7-contributor-limited-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56214.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56214",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:09.890",
"lastModified": "2024-12-31T10:15:09.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56216.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56216",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.060",
"lastModified": "2024-12-31T10:15:10.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56218.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56218",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.233",
"lastModified": "2024-12-31T10:15:10.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-dynamic-text-extension/vulnerability/wordpress-contact-form-7-dynamic-text-extension-plugin-5-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56220.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56220",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.403",
"lastModified": "2024-12-31T10:15:10.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/ssl-wireless-sms-notification/vulnerability/wordpress-ssl-wireless-sms-notification-plugin-3-5-0-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56222.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56222",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.583",
"lastModified": "2024-12-31T10:15:10.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/codebard-help-desk/vulnerability/wordpress-codebard-help-desk-plugin-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56229.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.760",
"lastModified": "2024-12-31T10:15:10.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-6-cross-site-requst-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56230.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56230",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:10.930",
"lastModified": "2024-12-31T10:15:10.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/dynamic-product-categories-design/vulnerability/wordpress-dynamic-product-category-grid-slider-for-woocommerce-plugin-1-1-3-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-562xx/CVE-2024-56232.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56232",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-31T10:15:11.140",
"lastModified": "2024-12-31T10:15:11.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-nice-loader/vulnerability/wordpress-wp-nice-loader-plugin-0-1-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

23
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-31T09:00:19.716421+00:00
2024-12-31T11:00:19.367074+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-31T07:15:11.307000+00:00
2024-12-31T10:15:11.140000+00:00
```
### Last Data Feed Release
@ -33,20 +33,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
275207
275220
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `13`
- [CVE-2024-13067](CVE-2024/CVE-2024-130xx/CVE-2024-13067.json) (`2024-12-31T09:15:05.307`)
- [CVE-2024-49422](CVE-2024/CVE-2024-494xx/CVE-2024-49422.json) (`2024-12-31T09:15:05.740`)
- [CVE-2024-56211](CVE-2024/CVE-2024-562xx/CVE-2024-56211.json) (`2024-12-31T10:15:09.390`)
- [CVE-2024-56212](CVE-2024/CVE-2024-562xx/CVE-2024-56212.json) (`2024-12-31T10:15:09.573`)
- [CVE-2024-56213](CVE-2024/CVE-2024-562xx/CVE-2024-56213.json) (`2024-12-31T10:15:09.727`)
- [CVE-2024-56214](CVE-2024/CVE-2024-562xx/CVE-2024-56214.json) (`2024-12-31T10:15:09.890`)
- [CVE-2024-56216](CVE-2024/CVE-2024-562xx/CVE-2024-56216.json) (`2024-12-31T10:15:10.060`)
- [CVE-2024-56218](CVE-2024/CVE-2024-562xx/CVE-2024-56218.json) (`2024-12-31T10:15:10.233`)
- [CVE-2024-56220](CVE-2024/CVE-2024-562xx/CVE-2024-56220.json) (`2024-12-31T10:15:10.403`)
- [CVE-2024-56222](CVE-2024/CVE-2024-562xx/CVE-2024-56222.json) (`2024-12-31T10:15:10.583`)
- [CVE-2024-56229](CVE-2024/CVE-2024-562xx/CVE-2024-56229.json) (`2024-12-31T10:15:10.760`)
- [CVE-2024-56230](CVE-2024/CVE-2024-562xx/CVE-2024-56230.json) (`2024-12-31T10:15:10.930`)
- [CVE-2024-56232](CVE-2024/CVE-2024-562xx/CVE-2024-56232.json) (`2024-12-31T10:15:11.140`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
- [CVE-2024-51464](CVE-2024/CVE-2024-514xx/CVE-2024-51464.json) (`2024-12-31T07:15:11.307`)
- [CVE-2024-21520](CVE-2024/CVE-2024-215xx/CVE-2024-21520.json) (`2024-12-31T10:15:06.317`)
## Download and Usage

17
_state.csv
View File

@ -245299,6 +245299,7 @@ CVE-2024-13050,0,0,84109de165147e4a5232ee1fdc9c6d22162f7758c34e8757df3c209c53af5
CVE-2024-13051,0,0,1be1ae94a61dba469e5e49f0e3a210eb507d631c9c82589acffd3c63211509af,2024-12-30T21:15:07.717000
CVE-2024-13058,0,0,91396049ed5baf4a6f156f57d5990485463c9e52e997b4c7fdc31249002c7bf7,2024-12-30T22:15:05.957000
CVE-2024-1306,0,0,0542247252f536db3d3f5f372f6b06cf8f9322e7de2b3d2f5040c13d3f80547b,2024-11-21T08:50:17.053000
CVE-2024-13067,1,1,dac89381ddeb2bd239b81d96b3005b135a2a8c3e5a25d9e952411ecf22b373e9,2024-12-31T09:15:05.307000
CVE-2024-1307,0,0,791d403fd6ce043b636953425f5891ef42986249387c4cd3003ec2c058fbc715,2024-11-21T08:50:17.233000
CVE-2024-1308,0,0,b2bb733c7402260f9ace902e9d676967e691f690d52b513a8afbdef713b7d4c5,2024-11-21T08:50:17.413000
CVE-2024-1309,0,0,46059633232401d149997e4f4dfdb966bb51f1c7d1649dc6d177fd25783e7c4a,2024-11-22T20:03:02.910000
@ -247315,7 +247316,7 @@ CVE-2024-21517,0,0,71e12b43226e2a3b487e6ff6fb65bd8c154254848a0a34c039dd34c5fa8f3
CVE-2024-21518,0,0,d147bbbdb00d33e9919b4e00455fd4d118ef1b58e469f947369c25e12ebd2500,2024-11-21T08:54:36.223000
CVE-2024-21519,0,0,847e1cd4eb3a390981cb70fcaa8a9f794d31a430107ae76bd7b814306d528c12,2024-11-21T08:54:36.377000
CVE-2024-2152,0,0,c1376433b3da8765c2809fe086daca92323bdf8c0d0c7833abccd0e9fbc0df64,2024-12-20T19:37:50.807000
CVE-2024-21520,0,0,9fe0eb627307afa98a7e700e94dd795cf9b826574227036cecd2dad2b9c451d1,2024-11-21T08:54:36.510000
CVE-2024-21520,0,1,5e547b18267dcaae317db1ad1de87bfb370e8f29e785a6fe54608475471cda4e,2024-12-31T10:15:06.317000
CVE-2024-21521,0,0,dd4dbc6b6caa697a204d1f25a03cccd69d475e8249033ed79cb42c5ca4571633,2024-11-21T08:54:36.637000
CVE-2024-21522,0,0,ab99178ca7bf4d5693b2b017e36fa9c863c7d75c2a02fd0b4b775f31c0f098fa,2024-11-21T08:54:36.760000
CVE-2024-21523,0,0,899e1723b3d4ef8dc9531de2159de1a5a2bf71bfd9781b579d36649995048d02,2024-11-21T08:54:36.877000
@ -267428,6 +267429,7 @@ CVE-2024-49419,0,0,a5a819bfe5a9799735b4e639f835a9c23b57c3f1fc4456607d48faf2f5774
CVE-2024-4942,0,0,fa20ab38a1078a726b9a100f42578147d69df08621b5e1a638f41b48603f8405,2024-11-21T09:43:55.063000
CVE-2024-49420,0,0,97029bba266be94c493b393755bc15c85ed7da79c235f00baf1a98d893a5bd80,2024-12-03T06:15:10.253000
CVE-2024-49421,0,0,16e0a57305b9d5bb74efae9fe2470ed3315349d30a3f738565603fde91a637ce,2024-12-03T06:15:10.393000
CVE-2024-49422,1,1,34932e0ca9c7a34733fa3277557fa3dbbd58948cdf152bed38a1c8911c39654b,2024-12-31T09:15:05.740000
CVE-2024-4943,0,0,90b9ef9fb616c7eac2dd8fd3f589a71055cfcb2bdae44cccbc0c6aa4988e9e62,2024-11-21T09:43:55.193000
CVE-2024-4944,0,0,09398dee46be5f9be62ece5ee06ab5c9bc55e44daea49d24602cf09b051c68ba,2024-11-21T09:43:55.310000
CVE-2024-4945,0,0,0c472cf3594efbe18607e870522e0a7b06d6a229b03f8639830c411ab0f637e0,2024-11-21T09:43:55.460000
@ -268766,7 +268768,7 @@ CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8
CVE-2024-5145,0,0,1ce6a725d120216d833ed23f25099d9f4810ecb9d4c63ffcf11012cbf68534d1,2024-11-21T09:47:03.920000
CVE-2024-51460,0,0,0d1d0884deead80ce10e102d7fe3745fd378c1bb1816cc36f4177c2f9263fd37,2024-12-11T13:15:06.510000
CVE-2024-51463,0,0,c0364c05afe1e0b2d0890e7f96c1b512b7afe4d3c2862d4a930e0585099ce1e6,2024-12-21T14:15:21.453000
CVE-2024-51464,0,1,1b2031370218977af474f39ea7b9c6eb15448100f9427860fc8d10cdd981ce8b,2024-12-31T07:15:11.307000
CVE-2024-51464,0,0,1b2031370218977af474f39ea7b9c6eb15448100f9427860fc8d10cdd981ce8b,2024-12-31T07:15:11.307000
CVE-2024-51465,0,0,b984a1f47331a027471db6ecd22c9db67a7b4679236a111706732d4e42cb3082,2024-12-04T14:15:20.223000
CVE-2024-51466,0,0,1b90c245992e2f466d154423146cea90d99df5f3b80547b5f6626d10019e0238,2024-12-20T14:15:24.250000
CVE-2024-5147,0,0,b4fda03873bf91b8aee1014c1d03851aae8f0afeab0edb3aed7529ff221065c3,2024-11-21T09:47:04.057000
@ -271214,8 +271216,19 @@ CVE-2024-5619,0,0,847b29035ced8b12638c0c9edc7633e1fcbe758edecd5717d697d3abb49553
CVE-2024-5620,0,0,240638ef58a29a459ed1037710fcf1b7e875e31a78e263978233bb4c4a8442da,2024-11-21T09:48:01.930000
CVE-2024-56200,0,0,3879bcf029467f661c4f86f22f421720527f4e18cebe03faa8ac0ac24cb0d998,2024-12-19T19:15:08.280000
CVE-2024-56201,0,0,8a150a16c59122912c829dcd4ae74581ec42a93463074adfa3bf7e42e1708846,2024-12-24T02:15:06.580000
CVE-2024-56211,1,1,2561ac63bcd02a4c3d6e2563fe50f290b21325c58f8548dae7eb232bdf996af3,2024-12-31T10:15:09.390000
CVE-2024-56212,1,1,faae60261349dc3edb80fb398c429b73a210473a2c9693a314eada91472fb263,2024-12-31T10:15:09.573000
CVE-2024-56213,1,1,7972b71001bbc96c25bc75a0b90aab41342cf8b8507f9782df8baed82fd4b7a8,2024-12-31T10:15:09.727000
CVE-2024-56214,1,1,537314a9b1e6270ee651f360e23d6f9f7f5ecd99a83c3b546c1ec39938adf6a5,2024-12-31T10:15:09.890000
CVE-2024-56216,1,1,6d10a1f2eedc777cff745866582314493bedb336702653baf4173bdc458fc7b1,2024-12-31T10:15:10.060000
CVE-2024-56218,1,1,04936fc1a90e38a6ad3a7c732c0117a555fb64a22f7d6cc3b697674fc52c766c,2024-12-31T10:15:10.233000
CVE-2024-5622,0,0,48dd50139cd0fb0b9e32ff1d34b4004b39a7c87dde414648422613d43b5d51e5,2024-09-13T20:21:38.610000
CVE-2024-56220,1,1,fa8c17176c6a7385721ca51b743f1e1e3db77dc75e585bef828b7711bc20a817,2024-12-31T10:15:10.403000
CVE-2024-56222,1,1,caabc5f3fbffe8317d5c373a8d57fc45e1f9c1e294c2218748a9283876145b1f,2024-12-31T10:15:10.583000
CVE-2024-56229,1,1,780291cf9257aeb905df3026fd98d748aa407f4154387d50cbe21d7f39417330,2024-12-31T10:15:10.760000
CVE-2024-5623,0,0,7a27a8a8bb2e29efe02be8c957247e288b25a39c8598c86d8533218d73dc7a15,2024-09-13T20:19:53.477000
CVE-2024-56230,1,1,78c6f283efec144cf5d356e25ccaff84a0966acc7cda3708fbe4f6dca25e40c8,2024-12-31T10:15:10.930000
CVE-2024-56232,1,1,3d1c538ec528db125916594384d3faf9ca5d73c65a614223f5b640922dbb5427,2024-12-31T10:15:11.140000
CVE-2024-5624,0,0,7f93c754c9c6e0a4611cd66d82be3519ca19fdbb2803818bcf7cbddb963f07b6,2024-09-13T20:23:28.787000
CVE-2024-5625,0,0,d3de3914e71e24c0640febb528961abd09321cf732dc235d08627199bf00a95c,2024-11-21T09:48:02.390000
CVE-2024-5626,0,0,93ceb7b86ba8ddeb56f02be4839062ac9cafc2abafa79ca42f7d116eca5e4c5a,2024-11-21T09:48:02.503000

Can't render this file because it is too large.