admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-05T11:00:21.846465+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-05 11:03:50 +00:00
parent dc59849140
commit 264604f1e2
30 changed files with 1770 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2024/CVE-2024-117xx/CVE-2024-11731.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11731",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:10.123",
"lastModified": "2025-03-05T10:15:10.123",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.10.0/includes/msp-shortcodes.php#L526",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/master-slider/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1dcafe1-bdba-4476-bcc7-ad844da38a01?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-128xx/CVE-2024-12815.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12815",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:13.563",
"lastModified": "2025-03-05T10:15:13.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/point-maker/trunk/shortcode.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/point-maker/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a46d4c-3f03-4d41-8382-b43a02b59cb2?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-132xx/CVE-2024-13232.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13232",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:14.197",
"lastModified": "2025-03-05T10:15:14.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/wordpress-awesome-import-export-plugin-v-24/12896266",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f24f0673-b5c8-4086-8795-692228a413af?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-133xx/CVE-2024-13350.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13350",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:09.163",
"lastModified": "2025-03-05T09:15:09.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SearchIQ \u2013 The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/searchiq/trunk/library/shortcode.php#L132",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/searchiq",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a04f074c-448d-4c5f-ae46-0ad1a3effdb4?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13747.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13747",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:14.617",
"lastModified": "2025-03-05T10:15:14.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject SQL into an existing post deletion query."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/email-customizer-for-woocommerce-with-drag-drop-builder-woo-email-editor/22400984",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e74e1a7c-4fe6-4041-8c4c-13389dacb9db?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-137xx/CVE-2024-13757.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13757",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:14.923",
"lastModified": "2025-03-05T10:15:14.923",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L815",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/master-slider/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26a7fb51-f40d-46b8-9f52-495716032a1b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13777.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13777",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:15.367",
"lastModified": "2025-03-05T10:15:15.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec4633a-0742-4646-accd-cc0b9e01302a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13778.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13778",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:15.720",
"lastModified": "2025-03-05T10:15:15.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bdf04e6-6d9d-41a3-ac54-1a95f4617ea4?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13779.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13779",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:16.213",
"lastModified": "2025-03-05T10:15:16.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18d37650-057d-4cd1-bfeb-e40885d22566?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13780.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13780",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:16.513",
"lastModified": "2025-03-05T10:15:16.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17872fe4-b566-44ca-8218-3677fb75cb1c?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-137xx/CVE-2024-13787.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13787",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:16.810",
"lastModified": "2025-03-05T10:15:16.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/veda-multipurpose-theme/15860489",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0966138-b28b-4c03-a2cf-b51c5f478276?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-138xx/CVE-2024-13809.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13809",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:17.313",
"lastModified": "2025-03-05T10:15:17.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/hero-slider-wordpress-slider-plugin/13067813",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a692d9c4-66e0-4461-ad13-65e1446106c5?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-138xx/CVE-2024-13810.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13810",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:17.503",
"lastModified": "2025-03-05T10:15:17.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/zass-wordpress-woocommerce-theme/19614113",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d85e54c2-dff6-42e6-8123-767438f9c5f1?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-138xx/CVE-2024-13811.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13811",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:17.877",
"lastModified": "2025-03-05T10:15:17.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data that overrides the site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/lafka-fast-food-restaurant-woocommerce-theme/23969682",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d60e4f-7680-4ec0-9183-bdc8439679db?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-138xx/CVE-2024-13815.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13815",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:18.210",
"lastModified": "2025-03-05T10:15:18.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/listingo-business-listing-wordpress-directory-theme/20617051",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4595a79-c7d0-4e37-b19b-9ae985c9d713?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-138xx/CVE-2024-13827.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13827",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:09.390",
"lastModified": "2025-03-05T09:15:09.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/razorpay-subscription-button-elementor/tags/1.0.3/includes/rzp-payment-buttons.php#L78",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/razorpay-subscription-button-elementor/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8cdde8d-db43-4702-81c3-ea2d867baa8d?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-138xx/CVE-2024-13839.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13839",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:18.443",
"lastModified": "2025-03-05T10:15:18.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/staff-directory-pro/trunk/include/tgmpa/init.php#L99",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/staff-directory-pro/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80203516-8546-441a-b51d-2d09968492b5?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-138xx/CVE-2024-13866.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13866",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:09.587",
"lastModified": "2025-03-05T09:15:09.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/simple-notification/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e814f798-5ebc-4bea-838f-d0a803f9bdbc?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-56xx/CVE-2024-5667.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-5667",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:18.910",
"lastModified": "2025-03-05T10:15:18.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-featherlight/trunk/js/wpFeatherlight.pkgd.js",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3137531/responsive-lightbox",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-86xx/CVE-2024-8682.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8682",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:09.770",
"lastModified": "2025-03-05T09:15:09.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the register_handler() function. This makes it possible for unauthenticated attackers to register as a user even when user registration is disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/jnews-one-stop-solution-for-web-publishing/20566392",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b0d7ee7-a358-4487-a0cc-31ed810ae8bc?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-09xx/CVE-2025-0954.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0954",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:19.130",
"lastModified": "2025-03-05T10:15:19.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/wp-online-contract/7698011",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70f464ca-ff6c-4c2e-8b56-bf5e4bc6bd1f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-09xx/CVE-2025-0956.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0956",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:19.480",
"lastModified": "2025-03-05T10:15:19.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.3.0 via deserialization of untrusted input from the 'raccookie_guest_email' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/woocommerce-recover-abandoned-cart/7715167",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/067c974c-b3bb-4f06-8f7c-3963112c40d2?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-09xx/CVE-2025-0990.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0990",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:09.947",
"lastModified": "2025-03-05T09:15:09.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenant ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/gloria-assistant-by-webtronic-labs/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33fd44dc-b4f8-4429-8dcd-5161602bb318?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-10xx/CVE-2025-1008.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-1008",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:10.110",
"lastModified": "2025-03-05T09:15:10.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018view\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/recently-purchased-products-for-woo/tags/1.1.3/includes/class-rppw-public.php#L160",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/recently-purchased-products-for-woo/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9ebcd32-90c1-419c-a67c-6fe41ee9fab1?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2025/CVE-2025-14xx/CVE-2025-1435.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-1435",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T09:15:10.267",
"lastModified": "2025-03-05T09:15:10.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of a bbPress Keymaster via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Rather than implementing a nonce check to provide protection against this vulnerability, which would break functionality, the plugin no longer makes it possible to select a role during registration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bbpress/trunk/includes/users/signups.php#L151",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3247345/bbpress/branches/2.6/includes/users/capabilities.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3247345%40bbpress&new=3247345%40bbpress&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d776d94-8c81-4e88-bae3-946824a75c09?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-15xx/CVE-2025-1515.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-1515",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-05T10:15:19.850",
"lastModified": "2025-03-05T10:15:19.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f08111-d116-46f9-9765-28966e338753?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2025/CVE-2025-224xx/CVE-2025-22493.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22493",
"sourceIdentifier": "CybersecurityCOE@eaton.com",
"published": "2025-03-05T09:15:10.443",
"lastModified": "2025-03-05T09:15:10.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "CybersecurityCOE@eaton.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "CybersecurityCOE@eaton.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf",
"source": "CybersecurityCOE@eaton.com"
}
]
}

56
CVE-2025/CVE-2025-250xx/CVE-2025-25015.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-25015",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-03-05T10:15:20.160",
"lastModified": "2025-03-05T10:15:20.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests.\nIn Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441",
"source": "bressers@elastic.co"
}
]
}

34
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-05T09:00:23.675940+00:00
2025-03-05T11:00:21.846465+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-05T08:15:35.107000+00:00
2025-03-05T10:15:20.160000+00:00
```
### Last Data Feed Release
@ -33,14 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
284193
284221
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `28`
- [CVE-2025-1393](CVE-2025/CVE-2025-13xx/CVE-2025-1393.json) (`2025-03-05T08:15:35.107`)
- [CVE-2024-13350](CVE-2024/CVE-2024-133xx/CVE-2024-13350.json) (`2025-03-05T09:15:09.163`)
- [CVE-2024-13747](CVE-2024/CVE-2024-137xx/CVE-2024-13747.json) (`2025-03-05T10:15:14.617`)
- [CVE-2024-13757](CVE-2024/CVE-2024-137xx/CVE-2024-13757.json) (`2025-03-05T10:15:14.923`)
- [CVE-2024-13777](CVE-2024/CVE-2024-137xx/CVE-2024-13777.json) (`2025-03-05T10:15:15.367`)
- [CVE-2024-13778](CVE-2024/CVE-2024-137xx/CVE-2024-13778.json) (`2025-03-05T10:15:15.720`)
- [CVE-2024-13779](CVE-2024/CVE-2024-137xx/CVE-2024-13779.json) (`2025-03-05T10:15:16.213`)
- [CVE-2024-13780](CVE-2024/CVE-2024-137xx/CVE-2024-13780.json) (`2025-03-05T10:15:16.513`)
- [CVE-2024-13787](CVE-2024/CVE-2024-137xx/CVE-2024-13787.json) (`2025-03-05T10:15:16.810`)
- [CVE-2024-13809](CVE-2024/CVE-2024-138xx/CVE-2024-13809.json) (`2025-03-05T10:15:17.313`)
- [CVE-2024-13810](CVE-2024/CVE-2024-138xx/CVE-2024-13810.json) (`2025-03-05T10:15:17.503`)
- [CVE-2024-13811](CVE-2024/CVE-2024-138xx/CVE-2024-13811.json) (`2025-03-05T10:15:17.877`)
- [CVE-2024-13815](CVE-2024/CVE-2024-138xx/CVE-2024-13815.json) (`2025-03-05T10:15:18.210`)
- [CVE-2024-13827](CVE-2024/CVE-2024-138xx/CVE-2024-13827.json) (`2025-03-05T09:15:09.390`)
- [CVE-2024-13839](CVE-2024/CVE-2024-138xx/CVE-2024-13839.json) (`2025-03-05T10:15:18.443`)
- [CVE-2024-13866](CVE-2024/CVE-2024-138xx/CVE-2024-13866.json) (`2025-03-05T09:15:09.587`)
- [CVE-2024-5667](CVE-2024/CVE-2024-56xx/CVE-2024-5667.json) (`2025-03-05T10:15:18.910`)
- [CVE-2024-8682](CVE-2024/CVE-2024-86xx/CVE-2024-8682.json) (`2025-03-05T09:15:09.770`)
- [CVE-2025-0954](CVE-2025/CVE-2025-09xx/CVE-2025-0954.json) (`2025-03-05T10:15:19.130`)
- [CVE-2025-0956](CVE-2025/CVE-2025-09xx/CVE-2025-0956.json) (`2025-03-05T10:15:19.480`)
- [CVE-2025-0990](CVE-2025/CVE-2025-09xx/CVE-2025-0990.json) (`2025-03-05T09:15:09.947`)
- [CVE-2025-1008](CVE-2025/CVE-2025-10xx/CVE-2025-1008.json) (`2025-03-05T09:15:10.110`)
- [CVE-2025-1435](CVE-2025/CVE-2025-14xx/CVE-2025-1435.json) (`2025-03-05T09:15:10.267`)
- [CVE-2025-1515](CVE-2025/CVE-2025-15xx/CVE-2025-1515.json) (`2025-03-05T10:15:19.850`)
- [CVE-2025-22493](CVE-2025/CVE-2025-224xx/CVE-2025-22493.json) (`2025-03-05T09:15:10.443`)
- [CVE-2025-25015](CVE-2025/CVE-2025-250xx/CVE-2025-25015.json) (`2025-03-05T10:15:20.160`)
### CVEs modified in the last Commit

30
_state.csv
View File

@ -245841,6 +245841,7 @@ CVE-2024-11728,0,0,5e9159dace0814fc830296f55a0ef2bdfd45169f1876af9b643a1fa92428c
CVE-2024-11729,0,0,caceb42e577677b25830d89e8b00977431d6b11836cf2743d53fd41981238f7f,2025-02-05T14:43:07.597000
CVE-2024-1173,0,0,09593502756eff2c1a7f19d3864d082fe5b606a2b3bd8feeb9fa5c26088825cd,2025-01-30T15:55:07.793000
CVE-2024-11730,0,0,66d346922147603139b8a4c96d43965a67c99833d69103da415f26d21f19a6e2,2025-02-05T14:41:42.507000
CVE-2024-11731,1,1,fa1081a73fa42b77d748f5cc43d66fc2996e7cb469f30ade5cede49dca150ca9,2025-03-05T10:15:10.123000
CVE-2024-11732,0,0,6786f7c223dbf5c7abf2566386e4c9fbb35edf5a2ada6569df25893c7ff24b7c,2024-12-03T08:15:06.383000
CVE-2024-11733,0,0,95cac917a7c172e334d8c411bd7e32914cf640694af4ffd3d3de8eaf57fddbb7,2025-01-03T23:15:06.313000
CVE-2024-11734,0,0,78c28d43096a77334429bffad85c310a594f71e1430baf5f4b291aea9769bdcc,2025-01-14T09:15:19.443000
@ -246809,6 +246810,7 @@ CVE-2024-12807,0,0,1d134b4e10fd5c2df6e8d1acfd31e14ba142e002cf7d83d94986fb0c56cb2
CVE-2024-12811,0,0,7b65aed7c38336017d2295502f243dfa9e67fffcf73b1c7d1e13c0db617852f7,2025-02-28T00:15:35.790000
CVE-2024-12813,0,0,3b639e8b48ce8f9359f78eb0fcbfb138e695095dcc7dc21b7df78520a10ef17d,2025-02-24T14:24:12.300000
CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000
CVE-2024-12815,1,1,3b2ba5b8c2b3264395cc1bb7b90d5a5255aaeb67f7649b89ead6051135f61295,2025-03-05T10:15:13.563000
CVE-2024-12816,0,0,94a80e9971eaa7e870e47359d4c3d1f8fa9ff5419e2a80ed33d726940db7be36,2025-01-25T08:15:08.137000
CVE-2024-12817,0,0,177c0c1ee17fbeb45fd7a30a85d211f5e3e78b0121812fcf822599a3e7e7f5fa,2025-01-25T08:15:08.300000
CVE-2024-12818,0,0,84584f689c6c77a45a4884a21e812302b20927c35cf898200120c33746d2aaa2,2025-01-15T10:15:07.803000
@ -247189,6 +247191,7 @@ CVE-2024-13229,0,0,537699d3a79de9fbc27e9b2746c3e5b03ecf899f1fa640e3c8fa1fd5bdf5f
CVE-2024-1323,0,0,4b7fa94b4154618460e40e6b98637f7cb2a430b6e413bf16925f79721ae6c94f,2025-01-16T19:29:54.047000
CVE-2024-13230,0,0,77b1ecbf192b34e98ac8a66dc9d4d1a94979c767aa5e8f2b9158ee6752bafedc,2025-01-21T11:15:09.267000
CVE-2024-13231,0,0,e7167177f9b23ac9afad3eac07b555a05861f1dc2e64891ec43f7636c5cda4d2,2025-02-19T09:15:08.930000
CVE-2024-13232,1,1,f036609e4d8f0beba878db5f7c74fe0dbd7cad8905042cfc3d1a6197e09f841c,2025-03-05T10:15:14.197000
CVE-2024-13234,0,0,4c493a769573d261245a83332615004948f6e06f366df55b9e6c3d12849e4b0c,2025-02-04T21:05:33.863000
CVE-2024-13235,0,0,716a7c5d7c159a6b2d91aeded07fe8d912083980a02e58547aa8d39dbb30ccd0,2025-02-25T17:46:21.047000
CVE-2024-13236,0,0,64abe32b85dcd45ec9ab991a4d5209e0313b6971aeb9b551d0d126d46b2b126d,2025-01-31T16:03:09.630000
@ -247308,6 +247311,7 @@ CVE-2024-13347,0,0,b0b65e85dad4db5b5f94ca2399763501cda822d2d7559302507963a880f04
CVE-2024-13348,0,0,e7356b4b7de40bfcab5dcbdec8635d94ba57c9cc43546ece560a6873afe1ba28,2025-01-30T15:15:16.223000
CVE-2024-13349,0,0,1a00cf757b3ec26bd50ea0e563207e24798d3893002c58755b8b9af1d412744e,2025-01-31T17:58:59.027000
CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000
CVE-2024-13350,1,1,e9c5b87923a91edcb842bb6a28d1d6fd2f2943c4b4751dbc1e510c5e7ccbce8a,2025-03-05T09:15:09.163000
CVE-2024-13351,0,0,7985eca9113b0e4ff9b5606ce71f06a97acfce6eac97b8c91847c6875b508284,2025-01-15T10:15:07.993000
CVE-2024-13352,0,0,e3b517ead7778233dbb1fb4b3ec3651780c4dec33a82aff69cd76909bd75eb05,2025-02-07T16:15:35.960000
CVE-2024-13353,0,0,81d2cc0d68c32fbd9c01652b235787fa907c22cf877db2ecf0577a18d517802d,2025-02-25T03:32:38.597000
@ -247663,6 +247667,7 @@ CVE-2024-13741,0,0,78f05de9655a03d53c2e8400793bb4a26c0069c47279ba1e219e404df9296
CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000
CVE-2024-13743,0,0,55c8dc190eb39157b66a10e1b93cb1305bc4d10ce4cb3fd182854193f3e3c946,2025-02-18T23:15:09.267000
CVE-2024-13746,0,0,45f35ee3764d47b28653409950f2c901c1dd16389bb6dfa869d16b5b737ece40,2025-03-01T05:15:15.103000
CVE-2024-13747,1,1,0722e9214a8d8932f08f4c85730f4f5420b18fd6467ccbbf76398fb9b25cdfac,2025-03-05T10:15:14.617000
CVE-2024-13748,0,0,434305d89c46996e593a1c20227391db3e976db9a09c9806ae0372c5517d7c24,2025-02-25T20:54:55.803000
CVE-2024-13749,0,0,1bb4ba9b57bf7068dfada9bae681ca9d14d8a8db535388f781f86c86d7cb8a7e,2025-02-25T03:54:36.293000
CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@ -247670,6 +247675,7 @@ CVE-2024-13750,0,0,60d2ac37a119c74457a43f16e0c72392975ebfbcb619894e9f656befe0d71
CVE-2024-13751,0,0,0e5e1a96a42a91f86024c5c9d88e569f1562fea2d46c5a10de41a49f75bc1fa9,2025-02-25T17:11:28.037000
CVE-2024-13752,0,0,58abec1a9c719742a0301542b70a1d6e3b887ea15505a7f86a0c807e31da0095,2025-02-24T12:30:24.827000
CVE-2024-13753,0,0,35689cdd5b64ee3991abd63fa8ef5f0b529fd8b40e65045b74e26e44ce0a06bd,2025-02-25T20:55:58.420000
CVE-2024-13757,1,1,5995cc65fdbedf43c54445a608a23fd0f5333d3ce6f4a7aa69eb1a8c69fe5ff0,2025-03-05T10:15:14.923000
CVE-2024-13758,0,0,2e4bd9fb3fef024cef02d2b8f2dacb7555196f6b2dc915351eaf15ff5ed3368d,2025-01-31T20:28:53.477000
CVE-2024-1376,0,0,34411a3106e4c74f2617f4da0b50ff6e7d812385caea8af0b8361fb64d6e9d04,2024-11-21T08:50:26.737000
CVE-2024-13767,0,0,5e2a432b5514ebb28e43fc58238979fb079695a503a95ef3a2bddb1da15dea7c,2025-01-31T03:15:10.693000
@ -247677,8 +247683,13 @@ CVE-2024-13769,0,0,6fa2e289d8cf3e90cab0c96a01fffe9940909434acbdd1bee567bf2a5e72c
CVE-2024-1377,0,0,76446229d1bded69224cd2e98212f244bd2380b3470adb0152ce2b85f9216c33,2025-01-07T18:20:57.347000
CVE-2024-13770,0,0,eedd6cc35f686f8347a61efabc64272551833ee2e82bdd330567f722ff99ade8,2025-02-24T17:08:04.307000
CVE-2024-13775,0,0,4f9074e732a3ab519a109b5697b6e141a486c1977d56f68019ad553f34df5449,2025-02-24T19:04:52.170000
CVE-2024-13777,1,1,c2d4f81a8dc3230470a4ddcfe8af4c9f8f5e51801d3ccbf118c1aa1e9f87533b,2025-03-05T10:15:15.367000
CVE-2024-13778,1,1,673d14896e529308de549f2928918225a2196f03731d1b9fcc9954d189005174,2025-03-05T10:15:15.720000
CVE-2024-13779,1,1,b99bad6f9e8dab81292dacf47b36bc0dcc6133647baf854afd6307e5257a8b27,2025-03-05T10:15:16.213000
CVE-2024-1378,0,0,041aa523b6aa5691bc95edbf2c3845e6125399d35aa90aa412089416e101b866,2024-11-21T08:50:26.997000
CVE-2024-13780,1,1,f38211ca5b11c6d5cd76c7738bc5c283f5fd75664e09e943a4af464361a3c1f8,2025-03-05T10:15:16.513000
CVE-2024-13783,0,0,4d1adc087edd34d52079e199658ef345cbd94c9c74350c99493fda1d34bf23f7,2025-02-21T12:19:42.537000
CVE-2024-13787,1,1,03e570e664ce22f94ad75fa40c6deb8d23c12b83a62b56497cc82237079e1cd5,2025-03-05T10:15:16.810000
CVE-2024-13789,0,0,2b0af9ac1cf71402f1bdf617ac72ff1dc3e5b91a3734626a9c4e88889f4b7dad,2025-02-25T20:56:25.757000
CVE-2024-1379,0,0,d57d063aae1fbcb792bd04eccc73dc16507c20c6267e19d5bea5a4e5413062c5,2024-11-21T08:50:27.157000
CVE-2024-13791,0,0,87d34d666cc6abe64fd811a08f4df25c9dcd54e5f0bd075f781061adfbd26e98,2025-02-25T04:01:52.803000
@ -247694,14 +247705,19 @@ CVE-2024-13800,0,0,db269d664e8ffceb549584ac138b0b3d8532020dce3ad8c5501401929c306
CVE-2024-13802,0,0,799c1258f4b5634a2f6e5dae2a8b0b5fa69324e493bf460e3d6851ce5d4c3675,2025-02-25T20:57:34.193000
CVE-2024-13803,0,0,a4ca05408d0abeceec03de1e4e8a92703bc1137cacd6d3f3c6907b063c9f6ae7,2025-02-26T13:15:38.027000
CVE-2024-13806,0,0,063c52d53f81bbfeb772e150fd3eb5657c9535abcd0ad4b4f1bb05b9b53e7d78,2025-03-01T08:15:33.653000
CVE-2024-13809,1,1,6be28e896bf75936478f58fa45f377cf413bed10859f0939689dc8ea299b4f20,2025-03-05T10:15:17.313000
CVE-2024-1381,0,0,f79abe04d98fb58eb4a1bc15edce6ddf9cf798d335c45513b35103feeb919d6b,2024-11-21T08:50:27.453000
CVE-2024-13810,1,1,861c61a523529d8053cf536a51b7d802aa6990937f6cb4926ae7f49fc0b3dc67,2025-03-05T10:15:17.503000
CVE-2024-13811,1,1,5b94a426632e0b7858178241c275865820be67c397c2529c7a30884806a0bfbc,2025-03-05T10:15:17.877000
CVE-2024-13813,0,0,fdc4ad5ea8556267af57de167767e42189cf8d83fe0a9d1183500203243c2b38,2025-02-20T15:56:04.087000
CVE-2024-13814,0,0,1eaa34671c59ff347de019eb0f7db92c91d554728619786a007d058e64ccd6e0,2025-02-18T21:30:00.523000
CVE-2024-13815,1,1,c26d747b30e16449187df89ae1a63f232878b2518b742ef230f0e1b934e49302,2025-03-05T10:15:18.210000
CVE-2024-13817,0,0,b5a69d8e5693042f6213842e77c8ea5e9adad031b258d4d25f98e0b0bd22c27b,2025-01-31T03:15:10.910000
CVE-2024-13818,0,0,b34cef01cb19d809209555e3902d48d3c034a9e483326b43d02f63f2eb6722a8,2025-02-25T17:03:16.093000
CVE-2024-1382,0,0,46ba372cc585c5cc80406db23ae24542751b0e1ef43905cbc6e0bcf967676a5e,2025-01-21T17:04:33.737000
CVE-2024-13821,0,0,74f5b87067df469dcc6e71e5e4a2f7f3dcf26b1308f6ab7ad834a12bda68d3f3,2025-02-25T19:37:29.223000
CVE-2024-13822,0,0,3edf451af12e328cb622d46a3fda862fd00644484907c17ca32254fbaff076b3,2025-02-24T12:15:11.193000
CVE-2024-13827,1,1,40b9b2f1bee49602bcbc26b5d44dfb98f0e80093153eca031d92ad08d38031db,2025-03-05T09:15:09.390000
CVE-2024-13829,0,0,0eb68c1cd51e57e24834aa430c28539b9740e4aeaf2e4bf4d57d2d018e612c3a,2025-02-05T06:15:31.257000
CVE-2024-1383,0,0,93ff0b2eb9f4abe59909f3b49d94bb9635c166ee2ef0054262af8a40f59e1121,2025-02-13T20:02:55.647000
CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000
@ -247710,6 +247726,7 @@ CVE-2024-13832,0,0,ec5b2acd93db5978e9a901bf338782a10b26bfa5fce10324f0a5b3fac0b88
CVE-2024-13833,0,0,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000
CVE-2024-13834,0,0,43e5ae6cc904537a30eeccc37c7b9a07fd2bfb264b9574278bc2a72960c00c36,2025-02-24T12:37:18.957000
CVE-2024-13837,0,0,b186071e4ea62233d731f5821d490b3ab777186a5f4da25e22f6fedfafcbdd0c,2025-02-17T19:15:09.463000
CVE-2024-13839,1,1,62f4a375bbf895765f28a4885fa21c7e3b5b50d77a9c8d8b3041b6036594e93c,2025-03-05T10:15:18.443000
CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000
CVE-2024-13841,0,0,42857531268142aae6c02637b3b6e7d79dd71736d6804136946d48ddaede14a2,2025-02-07T07:15:14.573000
CVE-2024-13842,0,0,e27bb87d0390ea96b584ec0f6fbe747157fb2de816ea15a1791b354e66567fcd,2025-02-20T15:55:29.770000
@ -247724,6 +247741,7 @@ CVE-2024-13852,0,0,dd2c33f18b8ccbee6b646903a658fcb7af55315e978ebdb8f9c794cc0b1e0
CVE-2024-13854,0,0,b568f01b297c5912b2612b134f4f5250b2d30544244315a9c47edd8900e54042,2025-02-19T08:15:21.440000
CVE-2024-13855,0,0,9aad1f9df577d823156d8f799c672a44111ca2c006ede84d8cbdc8cff07c1227,2025-02-25T18:23:31.507000
CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c824b,2024-11-21T08:50:28.063000
CVE-2024-13866,1,1,7b6522806f9fda20a87affc69ae1455066ad3672ed7237b6480428aa11037ef9,2025-03-05T09:15:09.587000
CVE-2024-13867,0,0,d1ccd3c88095b1998a7fe8f4f64aebb963278c8b08e66fe2014f445cd5f48e2a,2025-02-18T18:41:21.660000
CVE-2024-13869,0,0,0918273a7ae15011be1debf6016e48d8cf14f846fa38b8a2ca6e7c9fb94375dd,2025-02-23T04:15:23.797000
CVE-2024-1387,0,0,8e6bcbdaec79085616e17d0cff8f7e9074033b4370339ebb2fb375231d6ccb3f,2025-01-07T18:19:26.400000
@ -275535,6 +275553,7 @@ CVE-2024-56666,0,0,21f26ce12addeba29595c53677883f3a92e9d33b51f0211bdc6b5982f3c5d
CVE-2024-56667,0,0,1a9434d05c1117f8ebea126370a3323c87f5ea30d38cebd3e2ed4ea6d126e457,2025-01-06T18:21:07.280000
CVE-2024-56668,0,0,bb0b1b28b41959171a614b3f974621ac0d2ac6eb7e9f87ec2a3ef420c316bb90,2025-01-06T18:20:19.580000
CVE-2024-56669,0,0,76b9a886334184c642413928921758334a8bfa8c2d41db9984b5b251de81dfa7,2025-02-11T16:15:47.333000
CVE-2024-5667,1,1,29f4f8a3f893c802c08b765dee7f22b2665101f41127421981899c33d6ca7588,2025-03-05T10:15:18.910000
CVE-2024-56670,0,0,09dfad71a0a648bb5acf88bdf9f65707f93ff084785c319fcc16bdd4e85df5fb,2025-01-06T18:13:02.807000
CVE-2024-56671,0,0,965424f9a0cbe2a465372879236df9fbdb2bda68b251d088efe5ee351e22168f,2025-01-06T16:56:36.777000
CVE-2024-56672,0,0,8417cd992fb4acd954e058be26fcceec7435ffb29efc02edc31fe1a61610bfcc,2025-02-10T18:15:31.643000
@ -278877,6 +278896,7 @@ CVE-2024-8678,0,0,c9f19131bded613da0c19c1444b8e8a8b9cc51fc5c1cf15447ee67809c6ea1
CVE-2024-8679,0,0,2b814e408085282aa43a44f419617020b8c9c8c614fcd1f864e869f9853d89cd,2024-12-07T02:15:19.457000
CVE-2024-8680,0,0,d26d5eba91e9e07ee9b59e08affa3d4d4587baedebb8830ed04ba5321bbb1f0e,2024-09-27T13:53:47.910000
CVE-2024-8681,0,0,cc400ecaa32dd9e4f3bd8a7ca6c51e9d6c2c86f98de06f0d89656986f17c2119,2024-10-04T19:04:49.490000
CVE-2024-8682,1,1,daddf41a6d4cb8d01566af592e3a1c558195f98ff5032141058ebb14a08fe832,2025-03-05T09:15:09.770000
CVE-2024-8684,0,0,654446cab325131fc0e44f97b13320fdc554516047e5f89a6437f77c3112522f,2025-02-10T13:15:26.103000
CVE-2024-8685,0,0,f81829db7e24f10a279a46bb1f2309fba8584ad62cd972b00bc9c625257a6f1f,2025-02-10T13:15:26.270000
CVE-2024-8686,0,0,5fbeef78ba158f7453367f08deedd44d4c0bfb4e67586077c3301c73e0fcba8c,2024-10-03T01:35:10.317000
@ -280544,6 +280564,8 @@ CVE-2025-0948,0,0,3906e65d2be079846a7fc328fa3e08005b25ee0a1547c5d7622270f9efb6c8
CVE-2025-0949,0,0,0738bb2b66672fae5fd020ba0f9a70fb106ebc19e1971dce25f2e18c30dd0c12,2025-02-03T18:15:41.727000
CVE-2025-0950,0,0,7903835c96a972c16989f2cc1ccaf15a7fc2f203d2ad321ca6bcf09943e4f0e2,2025-02-03T18:15:41.847000
CVE-2025-0953,0,0,921a82da6ab0ef8d3d98803db3946d447f0517778af0c3f71c90d1c8292a158b,2025-02-22T13:15:11.850000
CVE-2025-0954,1,1,55c8c6eabee890f4a1412381487e5b6ca68e980f9a34924a7044201a06392acf,2025-03-05T10:15:19.130000
CVE-2025-0956,1,1,90ca98fb49cd01a3ccd80c5453322603e06017a60dda3995c69f6a47d8f4e41d,2025-03-05T10:15:19.480000
CVE-2025-0957,0,0,495f2d5b6e1d536933c2ca0f5f42b3b064381124c6d04bc27597b46752e07780,2025-02-22T14:15:29.710000
CVE-2025-0958,0,0,571b6daa8412a8dbab85a507fad7b4f36ac7400535cbebe7229ffe82ac243e85,2025-03-04T10:15:10.817000
CVE-2025-0960,0,0,499907aaf0daa1209acd23a8382909ccee8a784758e88e7f103cadb30772d3d2,2025-02-04T20:15:50.103000
@ -280560,6 +280582,7 @@ CVE-2025-0981,0,0,c89c9554a0a46e5bb181583fd08bedc64f240c126360b9216686d47b4afcea
CVE-2025-0982,0,0,521fffa92ca7a4349f9839f1725ef4c0f2728323e40055a01784086e989d43e4,2025-02-06T12:15:27.267000
CVE-2025-0985,0,0,b26b31af0c06da0ecdbbec5923f39fbb50dadbe219faf9bd5908c2a08e5b3d3e,2025-02-28T17:15:15.937000
CVE-2025-0989,0,0,346e8aea80123cafe9a430449f66c84d4597763274e13e564f95baea22982f1f,2025-02-11T21:15:12.823000
CVE-2025-0990,1,1,92e6e15cb16b6e29b8e9ac767cd0ef53fbf77548976d34469bb9d167b90fd0a7,2025-03-05T09:15:09.947000
CVE-2025-0994,0,0,7e9665376804e5d3cecbef020101144a587ced5be1a96d3160dfb8d1e8544f4a,2025-02-12T19:29:30.383000
CVE-2025-0995,0,0,0a5529eb09e1f54f24a3e7e605d2f8400aae44234054dd248f74781d7e042133,2025-02-19T15:15:16.073000
CVE-2025-0996,0,0,f5bee85fd326d78b72ed64a9f49b28f7be5f9f9202e5d7fbf61706dd2200814c,2025-02-19T15:15:16.243000
@ -280573,6 +280596,7 @@ CVE-2025-1004,0,0,9cae67c415976182c9e721c9cd510a26d80715a77eb7b99e0e645fceac3cfb
CVE-2025-1005,0,0,6634395cbbb9a7c65c4fbb122df0f4ce8e0e536d41583c0c210842e7f1160ca8,2025-02-24T12:31:01.313000
CVE-2025-1006,0,0,d649cff08ce4b1c1c688483cba24b8f6211ab5d71e1f74150bdc986243148c7c,2025-02-19T20:15:36.163000
CVE-2025-1007,0,0,a3f70a46cd73e0586b87b15b1921e7689062414b24fcb0ed834a9ea125db4d4f,2025-02-19T09:15:10.117000
CVE-2025-1008,1,1,51e628e9e44fe449c04c94758013fbbd1872f4c3055304670259874b4c1ea543,2025-03-05T09:15:10.110000
CVE-2025-1009,0,0,2eaef1afd010c535fd50fceaedaa339dbea694d459d94247ca2cdf1816ccd1a0,2025-02-06T19:28:52.820000
CVE-2025-1010,0,0,62a03586b01b5384628b2b24394869ef4f272c9b8354e05188dae652a849042c,2025-02-06T19:30:13.637000
CVE-2025-1011,0,0,c7aab2f6a9c0415627154b90d3f96ebb209e4ddce064fa55ea39e2629e66c93d,2025-02-06T19:31:38.610000
@ -280799,7 +280823,7 @@ CVE-2025-1389,0,0,795a35efe21e6a34ebaee5d031621504f5de1cd150eb87bc8f92558df8e464
CVE-2025-1390,0,0,4fc86a10da8dd3f0a18ea2e30ae82e3cb10771daa7275bed87235a02cfa82a05,2025-02-18T03:15:10.447000
CVE-2025-1391,0,0,d90cb6e9a989a8a68c01cf8b9c7ddb91844bc2ec06595b67c0549c7c80f8bc3a,2025-02-17T14:15:08.413000
CVE-2025-1392,0,0,f08bbb9b69f485fd54fc78272460b890a55805f93dc93ed202a1f5ce9ea26d62,2025-02-17T16:15:16.120000
CVE-2025-1393,1,1,7e67ea62469d5decfffee901208f62ab89eaada4966e37e0b8373112ec3c539d,2025-03-05T08:15:35.107000
CVE-2025-1393,0,0,7e67ea62469d5decfffee901208f62ab89eaada4966e37e0b8373112ec3c539d,2025-03-05T08:15:35.107000
CVE-2025-1402,0,0,c23c451cfa1d570fb16b3d38ae224aa085b42cdb084d4b1dbd67b0732fd42aba,2025-02-25T04:04:59.860000
CVE-2025-1403,0,0,d98767ffbbabf7b703d6464c4760704cf18c9952a200d902dfdc98a149c5818d,2025-02-21T18:15:20.550000
CVE-2025-1404,0,0,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000
@ -280813,6 +280837,7 @@ CVE-2025-1414,0,0,b3b9c3affbe2798ab158992b46088a156edfb77f4ed4319f53d9b7d1a64ef9
CVE-2025-1424,0,0,7bc1486ceca0565cfcc9a2d34ce95560808df7da09f34dab3d4f23862348c153,2025-03-04T16:15:36.663000
CVE-2025-1425,0,0,43fb3b1f1ada208e5c93084c37982591e83549c344ec272dd4837e6ef4cf756b,2025-03-04T16:15:36.803000
CVE-2025-1426,0,0,834f194c9c92d88c2a5fa9395038ff6b865679b1740d05e480244e8e7428755b,2025-02-19T20:15:36.467000
CVE-2025-1435,1,1,5769f1e4d835d83465db5788f65be161aa498d69888f34e730e0859889f385a0,2025-03-05T09:15:10.267000
CVE-2025-1441,0,0,a148724949d3a67ddbdb90d03ba8b4c0c01959027f1d8b9da83469468076f49e,2025-02-28T19:47:07.220000
CVE-2025-1447,0,0,b52fc293ec2c8f7276787d8ec4e27a605d8feb40937673c00f5fe8646d83ab92,2025-02-19T01:15:09.407000
CVE-2025-1448,0,0,dcd55b821241f3fcd52c60ec5d939cca30ac2e0644079f21a4efc2df8a0c8c2d,2025-02-19T02:15:08.833000
@ -280836,6 +280861,7 @@ CVE-2025-1509,0,0,96513da0fa9cb03c336b83bf5bddf52acacdda9db2e967b5f8ef0dc0a4de0f
CVE-2025-1510,0,0,5e7f4e908d48e1455cf18a81d8dfff338614746cef18c3315cc85b0c64b8c8df,2025-02-22T04:15:10.040000
CVE-2025-1511,0,0,92d16ec9cdb5f4e3f37d1ead50a4ecde4e869b1ac9e9b474b39bd9ef65a37b75,2025-02-28T06:15:25.750000
CVE-2025-1513,0,0,49686153eb93c741adb1d6d7e23372a0773d0f92ceeb66d85a64053bd21ac0c5,2025-02-28T06:15:25.937000
CVE-2025-1515,1,1,40fb5af3561fa8566133f431829f949e2515107ad298d86ca1e6887d1d266212,2025-03-05T10:15:19.850000
CVE-2025-1517,0,0,f77151ae5031cf639b38b016ea952fb6438aadc87174ef04eae6ee15efb2dd99,2025-02-26T13:15:41.193000
CVE-2025-1535,0,0,6080c0c0968f3ab3c5259d9031c93f6d6c93dcaef1c71aa8b7e3b62645a6a84e,2025-02-21T12:15:30.877000
CVE-2025-1536,0,0,13d2bb79966b022c194b53190d029539a3b9db0220df5fb889249e7f79d2fadc,2025-02-21T15:15:12.270000
@ -281928,6 +281954,7 @@ CVE-2025-22475,0,0,15e2f0e4f859c49a221c12f5e1eb7e46b6c6aca8f0ab3cc88af90136ef2fd
CVE-2025-22480,0,0,30f78fb08b81b0a4a0f02016506c54aff4f612e77005946c54cb0114603ea9f7,2025-02-18T18:39:56.053000
CVE-2025-22491,0,0,e26a392df2afadce272fd73c1e836888f4b2c5b4ac6036088413dff6be206365,2025-02-28T09:15:12.540000
CVE-2025-22492,0,0,e9bde4f21fb6310ad0cfe4e54a5331c3fe81f9a835d2382636a7b0f15d89bca3,2025-02-28T09:15:12.680000
CVE-2025-22493,1,1,3fd8c45326186b19600084db23ec5bee27e935681d6364607bb1969dbbc7ba96,2025-03-05T09:15:10.443000
CVE-2025-22495,0,0,8392620cb3f5289df4103c4151ecb349dfb461cd09122f2d139b36566f51370b,2025-02-24T17:15:13.723000
CVE-2025-22498,0,0,f3f7d57a5c074cef7d66fd0b0c22de1f5c4ac45e596ff524016d32b7cab75963,2025-01-13T14:15:10.787000
CVE-2025-22499,0,0,2c7469ba06cedcc8f30abf0610d7acbf7462216a8d6077933c22c805fba653a7,2025-01-13T14:15:10.960000
@ -283407,6 +283434,7 @@ CVE-2025-24980,0,0,a17fd16fc181710dc23e803283e1d6d1f933f1a8ebddaf620892759c050de
CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000
CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000
CVE-2025-24989,0,0,41bc3ff3ec452f1ed2e007691180803f1ca2c43c5c00d6d0ec8842763c09b177,2025-02-24T14:55:58.823000
CVE-2025-25015,1,1,eb1050bd5b65a4dad7d526191a26a4661ea59db9fd330a6daf35730bcf0718dc,2025-03-05T10:15:20.160000
CVE-2025-25039,0,0,2c724cd99b172314f0551d5e25be43761b6ee80f3cb5f750659e6bd374aa7b28,2025-02-04T19:15:33.977000
CVE-2025-25054,0,0,5be11f7aa8767f62986e873818aa7bafb83a58f1dfa102f5a36254246868acc6,2025-02-19T06:15:22.010000
CVE-2025-25055,0,0,715a07bb29b79c7fb7ed93b83baf8d9d3a9109839cf0cb0b13f9fa08d28e54fd,2025-02-18T00:15:21.277000

Can't render this file because it is too large.