From 264604f1e2991498bbf75a58c2df1625a1b85075 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 5 Mar 2025 11:03:50 +0000 Subject: [PATCH] Auto-Update: 2025-03-05T11:00:21.846465+00:00 --- CVE-2024/CVE-2024-117xx/CVE-2024-11731.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12815.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13232.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-133xx/CVE-2024-13350.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13747.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13757.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13777.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13778.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13779.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13780.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-137xx/CVE-2024-13787.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13809.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13810.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13811.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13815.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13827.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13839.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13866.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-56xx/CVE-2024-5667.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-86xx/CVE-2024-8682.json | 60 ++++++++++++++++++ CVE-2025/CVE-2025-09xx/CVE-2025-0954.json | 60 ++++++++++++++++++ CVE-2025/CVE-2025-09xx/CVE-2025-0956.json | 60 ++++++++++++++++++ CVE-2025/CVE-2025-09xx/CVE-2025-0990.json | 60 ++++++++++++++++++ CVE-2025/CVE-2025-10xx/CVE-2025-1008.json | 64 +++++++++++++++++++ CVE-2025/CVE-2025-14xx/CVE-2025-1435.json | 68 +++++++++++++++++++++ CVE-2025/CVE-2025-15xx/CVE-2025-1515.json | 60 ++++++++++++++++++ CVE-2025/CVE-2025-224xx/CVE-2025-22493.json | 56 +++++++++++++++++ CVE-2025/CVE-2025-250xx/CVE-2025-25015.json | 56 +++++++++++++++++ README.md | 34 +++++++++-- _state.csv | 30 ++++++++- 30 files changed, 1770 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11731.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12815.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13232.json create mode 100644 CVE-2024/CVE-2024-133xx/CVE-2024-13350.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13747.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13757.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13777.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13778.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13779.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13780.json create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13787.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13809.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13810.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13811.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13815.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13827.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13839.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13866.json create mode 100644 CVE-2024/CVE-2024-56xx/CVE-2024-5667.json create mode 100644 CVE-2024/CVE-2024-86xx/CVE-2024-8682.json create mode 100644 CVE-2025/CVE-2025-09xx/CVE-2025-0954.json create mode 100644 CVE-2025/CVE-2025-09xx/CVE-2025-0956.json create mode 100644 CVE-2025/CVE-2025-09xx/CVE-2025-0990.json create mode 100644 CVE-2025/CVE-2025-10xx/CVE-2025-1008.json create mode 100644 CVE-2025/CVE-2025-14xx/CVE-2025-1435.json create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1515.json create mode 100644 CVE-2025/CVE-2025-224xx/CVE-2025-22493.json create mode 100644 CVE-2025/CVE-2025-250xx/CVE-2025-25015.json diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11731.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11731.json new file mode 100644 index 00000000000..89ee923d62a --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11731.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11731", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:10.123", + "lastModified": "2025-03-05T10:15:10.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/master-slider/tags/3.10.0/includes/msp-shortcodes.php#L526", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/master-slider/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1dcafe1-bdba-4476-bcc7-ad844da38a01?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12815.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12815.json new file mode 100644 index 00000000000..cb2af7318bc --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12815.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12815", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:13.563", + "lastModified": "2025-03-05T10:15:13.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/point-maker/trunk/shortcode.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/point-maker/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a46d4c-3f03-4d41-8382-b43a02b59cb2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13232.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13232.json new file mode 100644 index 00000000000..2c7589efd44 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13232.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13232", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:14.197", + "lastModified": "2025-03-05T10:15:14.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/wordpress-awesome-import-export-plugin-v-24/12896266", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f24f0673-b5c8-4086-8795-692228a413af?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13350.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13350.json new file mode 100644 index 00000000000..086c937ffee --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13350.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13350", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:09.163", + "lastModified": "2025-03-05T09:15:09.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SearchIQ \u2013 The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/searchiq/trunk/library/shortcode.php#L132", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/searchiq", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a04f074c-448d-4c5f-ae46-0ad1a3effdb4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13747.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13747.json new file mode 100644 index 00000000000..469cf4662ae --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13747.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13747", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:14.617", + "lastModified": "2025-03-05T10:15:14.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject SQL into an existing post deletion query." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/email-customizer-for-woocommerce-with-drag-drop-builder-woo-email-editor/22400984", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e74e1a7c-4fe6-4041-8c4c-13389dacb9db?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13757.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13757.json new file mode 100644 index 00000000000..b9134b209eb --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13757.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13757", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:14.923", + "lastModified": "2025-03-05T10:15:14.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L815", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/master-slider/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26a7fb51-f40d-46b8-9f52-495716032a1b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13777.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13777.json new file mode 100644 index 00000000000..86caf4a10f9 --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13777.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13777", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:15.367", + "lastModified": "2025-03-05T10:15:15.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec4633a-0742-4646-accd-cc0b9e01302a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13778.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13778.json new file mode 100644 index 00000000000..5e009d439dd --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13778.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13778", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:15.720", + "lastModified": "2025-03-05T10:15:15.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bdf04e6-6d9d-41a3-ac54-1a95f4617ea4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13779.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13779.json new file mode 100644 index 00000000000..7931e6066fd --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13779.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13779", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:16.213", + "lastModified": "2025-03-05T10:15:16.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18d37650-057d-4cd1-bfeb-e40885d22566?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13780.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13780.json new file mode 100644 index 00000000000..65437244bfa --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13780.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13780", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:16.513", + "lastModified": "2025-03-05T10:15:16.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17872fe4-b566-44ca-8218-3677fb75cb1c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13787.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13787.json new file mode 100644 index 00000000000..4195a6ca65a --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13787.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13787", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:16.810", + "lastModified": "2025-03-05T10:15:16.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/veda-multipurpose-theme/15860489", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0966138-b28b-4c03-a2cf-b51c5f478276?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13809.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13809.json new file mode 100644 index 00000000000..4662a316e0b --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13809.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13809", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:17.313", + "lastModified": "2025-03-05T10:15:17.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/hero-slider-wordpress-slider-plugin/13067813", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a692d9c4-66e0-4461-ad13-65e1446106c5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13810.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13810.json new file mode 100644 index 00000000000..dbf9c4878d2 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13810.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13810", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:17.503", + "lastModified": "2025-03-05T10:15:17.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/zass-wordpress-woocommerce-theme/19614113", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d85e54c2-dff6-42e6-8123-767438f9c5f1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13811.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13811.json new file mode 100644 index 00000000000..5e942ec3e79 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13811.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13811", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:17.877", + "lastModified": "2025-03-05T10:15:17.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data that overrides the site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/lafka-fast-food-restaurant-woocommerce-theme/23969682", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d60e4f-7680-4ec0-9183-bdc8439679db?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13815.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13815.json new file mode 100644 index 00000000000..d9c1012a31f --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13815.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13815", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:18.210", + "lastModified": "2025-03-05T10:15:18.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/listingo-business-listing-wordpress-directory-theme/20617051", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4595a79-c7d0-4e37-b19b-9ae985c9d713?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13827.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13827.json new file mode 100644 index 00000000000..be8d00040dd --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13827.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13827", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:09.390", + "lastModified": "2025-03-05T09:15:09.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/razorpay-subscription-button-elementor/tags/1.0.3/includes/rzp-payment-buttons.php#L78", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/razorpay-subscription-button-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8cdde8d-db43-4702-81c3-ea2d867baa8d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13839.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13839.json new file mode 100644 index 00000000000..e97656cef7d --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13839.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13839", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:18.443", + "lastModified": "2025-03-05T10:15:18.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/staff-directory-pro/trunk/include/tgmpa/init.php#L99", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/staff-directory-pro/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80203516-8546-441a-b51d-2d09968492b5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13866.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13866.json new file mode 100644 index 00000000000..7e4b48b8370 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13866.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13866", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:09.587", + "lastModified": "2025-03-05T09:15:09.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/simple-notification/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e814f798-5ebc-4bea-838f-d0a803f9bdbc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5667.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5667.json new file mode 100644 index 00000000000..53f70129613 --- /dev/null +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5667.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-5667", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:18.910", + "lastModified": "2025-03-05T10:15:18.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-featherlight/trunk/js/wpFeatherlight.pkgd.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3137531/responsive-lightbox", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8682.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8682.json new file mode 100644 index 00000000000..e383f50367c --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8682.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8682", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:09.770", + "lastModified": "2025-03-05T09:15:09.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the register_handler() function. This makes it possible for unauthenticated attackers to register as a user even when user registration is disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/jnews-one-stop-solution-for-web-publishing/20566392", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b0d7ee7-a358-4487-a0cc-31ed810ae8bc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0954.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0954.json new file mode 100644 index 00000000000..0f80882fe05 --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0954.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0954", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:19.130", + "lastModified": "2025-03-05T10:15:19.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/wp-online-contract/7698011", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70f464ca-ff6c-4c2e-8b56-bf5e4bc6bd1f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0956.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0956.json new file mode 100644 index 00000000000..f9fd669262e --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0956.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0956", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:19.480", + "lastModified": "2025-03-05T10:15:19.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.3.0 via deserialization of untrusted input from the 'raccookie_guest_email' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/woocommerce-recover-abandoned-cart/7715167", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/067c974c-b3bb-4f06-8f7c-3963112c40d2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0990.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0990.json new file mode 100644 index 00000000000..9372ced5bbf --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0990.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0990", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:09.947", + "lastModified": "2025-03-05T09:15:09.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenant ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/gloria-assistant-by-webtronic-labs/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33fd44dc-b4f8-4429-8dcd-5161602bb318?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1008.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1008.json new file mode 100644 index 00000000000..06a6a1d14eb --- /dev/null +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1008.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-1008", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:10.110", + "lastModified": "2025-03-05T09:15:10.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018view\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/recently-purchased-products-for-woo/tags/1.1.3/includes/class-rppw-public.php#L160", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/recently-purchased-products-for-woo/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9ebcd32-90c1-419c-a67c-6fe41ee9fab1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1435.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1435.json new file mode 100644 index 00000000000..a26c6096e69 --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1435.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-1435", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T09:15:10.267", + "lastModified": "2025-03-05T09:15:10.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of a bbPress Keymaster via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Rather than implementing a nonce check to provide protection against this vulnerability, which would break functionality, the plugin no longer makes it possible to select a role during registration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bbpress/trunk/includes/users/signups.php#L151", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3247345/bbpress/branches/2.6/includes/users/capabilities.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3247345%40bbpress&new=3247345%40bbpress&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d776d94-8c81-4e88-bae3-946824a75c09?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1515.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1515.json new file mode 100644 index 00000000000..45d0a1645d2 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1515.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-1515", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-03-05T10:15:19.850", + "lastModified": "2025-03-05T10:15:19.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f08111-d116-46f9-9765-28966e338753?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-224xx/CVE-2025-22493.json b/CVE-2025/CVE-2025-224xx/CVE-2025-22493.json new file mode 100644 index 00000000000..1177c4fb345 --- /dev/null +++ b/CVE-2025/CVE-2025-224xx/CVE-2025-22493.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22493", + "sourceIdentifier": "CybersecurityCOE@eaton.com", + "published": "2025-03-05T09:15:10.443", + "lastModified": "2025-03-05T09:15:10.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "CybersecurityCOE@eaton.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "CybersecurityCOE@eaton.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf", + "source": "CybersecurityCOE@eaton.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25015.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25015.json new file mode 100644 index 00000000000..f3fa0c7182b --- /dev/null +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25015.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25015", + "sourceIdentifier": "bressers@elastic.co", + "published": "2025-03-05T10:15:20.160", + "lastModified": "2025-03-05T10:15:20.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests.\nIn Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 55fce64d565..2f397218770 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-05T09:00:23.675940+00:00 +2025-03-05T11:00:21.846465+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-05T08:15:35.107000+00:00 +2025-03-05T10:15:20.160000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284193 +284221 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `28` -- [CVE-2025-1393](CVE-2025/CVE-2025-13xx/CVE-2025-1393.json) (`2025-03-05T08:15:35.107`) +- [CVE-2024-13350](CVE-2024/CVE-2024-133xx/CVE-2024-13350.json) (`2025-03-05T09:15:09.163`) +- [CVE-2024-13747](CVE-2024/CVE-2024-137xx/CVE-2024-13747.json) (`2025-03-05T10:15:14.617`) +- [CVE-2024-13757](CVE-2024/CVE-2024-137xx/CVE-2024-13757.json) (`2025-03-05T10:15:14.923`) +- [CVE-2024-13777](CVE-2024/CVE-2024-137xx/CVE-2024-13777.json) (`2025-03-05T10:15:15.367`) +- [CVE-2024-13778](CVE-2024/CVE-2024-137xx/CVE-2024-13778.json) (`2025-03-05T10:15:15.720`) +- [CVE-2024-13779](CVE-2024/CVE-2024-137xx/CVE-2024-13779.json) (`2025-03-05T10:15:16.213`) +- [CVE-2024-13780](CVE-2024/CVE-2024-137xx/CVE-2024-13780.json) (`2025-03-05T10:15:16.513`) +- [CVE-2024-13787](CVE-2024/CVE-2024-137xx/CVE-2024-13787.json) (`2025-03-05T10:15:16.810`) +- [CVE-2024-13809](CVE-2024/CVE-2024-138xx/CVE-2024-13809.json) (`2025-03-05T10:15:17.313`) +- [CVE-2024-13810](CVE-2024/CVE-2024-138xx/CVE-2024-13810.json) (`2025-03-05T10:15:17.503`) +- [CVE-2024-13811](CVE-2024/CVE-2024-138xx/CVE-2024-13811.json) (`2025-03-05T10:15:17.877`) +- [CVE-2024-13815](CVE-2024/CVE-2024-138xx/CVE-2024-13815.json) (`2025-03-05T10:15:18.210`) +- [CVE-2024-13827](CVE-2024/CVE-2024-138xx/CVE-2024-13827.json) (`2025-03-05T09:15:09.390`) +- [CVE-2024-13839](CVE-2024/CVE-2024-138xx/CVE-2024-13839.json) (`2025-03-05T10:15:18.443`) +- [CVE-2024-13866](CVE-2024/CVE-2024-138xx/CVE-2024-13866.json) (`2025-03-05T09:15:09.587`) +- [CVE-2024-5667](CVE-2024/CVE-2024-56xx/CVE-2024-5667.json) (`2025-03-05T10:15:18.910`) +- [CVE-2024-8682](CVE-2024/CVE-2024-86xx/CVE-2024-8682.json) (`2025-03-05T09:15:09.770`) +- [CVE-2025-0954](CVE-2025/CVE-2025-09xx/CVE-2025-0954.json) (`2025-03-05T10:15:19.130`) +- [CVE-2025-0956](CVE-2025/CVE-2025-09xx/CVE-2025-0956.json) (`2025-03-05T10:15:19.480`) +- [CVE-2025-0990](CVE-2025/CVE-2025-09xx/CVE-2025-0990.json) (`2025-03-05T09:15:09.947`) +- [CVE-2025-1008](CVE-2025/CVE-2025-10xx/CVE-2025-1008.json) (`2025-03-05T09:15:10.110`) +- [CVE-2025-1435](CVE-2025/CVE-2025-14xx/CVE-2025-1435.json) (`2025-03-05T09:15:10.267`) +- [CVE-2025-1515](CVE-2025/CVE-2025-15xx/CVE-2025-1515.json) (`2025-03-05T10:15:19.850`) +- [CVE-2025-22493](CVE-2025/CVE-2025-224xx/CVE-2025-22493.json) (`2025-03-05T09:15:10.443`) +- [CVE-2025-25015](CVE-2025/CVE-2025-250xx/CVE-2025-25015.json) (`2025-03-05T10:15:20.160`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index d17f652e188..169056417c9 100644 --- a/_state.csv +++ b/_state.csv @@ -245841,6 +245841,7 @@ CVE-2024-11728,0,0,5e9159dace0814fc830296f55a0ef2bdfd45169f1876af9b643a1fa92428c CVE-2024-11729,0,0,caceb42e577677b25830d89e8b00977431d6b11836cf2743d53fd41981238f7f,2025-02-05T14:43:07.597000 CVE-2024-1173,0,0,09593502756eff2c1a7f19d3864d082fe5b606a2b3bd8feeb9fa5c26088825cd,2025-01-30T15:55:07.793000 CVE-2024-11730,0,0,66d346922147603139b8a4c96d43965a67c99833d69103da415f26d21f19a6e2,2025-02-05T14:41:42.507000 +CVE-2024-11731,1,1,fa1081a73fa42b77d748f5cc43d66fc2996e7cb469f30ade5cede49dca150ca9,2025-03-05T10:15:10.123000 CVE-2024-11732,0,0,6786f7c223dbf5c7abf2566386e4c9fbb35edf5a2ada6569df25893c7ff24b7c,2024-12-03T08:15:06.383000 CVE-2024-11733,0,0,95cac917a7c172e334d8c411bd7e32914cf640694af4ffd3d3de8eaf57fddbb7,2025-01-03T23:15:06.313000 CVE-2024-11734,0,0,78c28d43096a77334429bffad85c310a594f71e1430baf5f4b291aea9769bdcc,2025-01-14T09:15:19.443000 @@ -246809,6 +246810,7 @@ CVE-2024-12807,0,0,1d134b4e10fd5c2df6e8d1acfd31e14ba142e002cf7d83d94986fb0c56cb2 CVE-2024-12811,0,0,7b65aed7c38336017d2295502f243dfa9e67fffcf73b1c7d1e13c0db617852f7,2025-02-28T00:15:35.790000 CVE-2024-12813,0,0,3b639e8b48ce8f9359f78eb0fcbfb138e695095dcc7dc21b7df78520a10ef17d,2025-02-24T14:24:12.300000 CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000 +CVE-2024-12815,1,1,3b2ba5b8c2b3264395cc1bb7b90d5a5255aaeb67f7649b89ead6051135f61295,2025-03-05T10:15:13.563000 CVE-2024-12816,0,0,94a80e9971eaa7e870e47359d4c3d1f8fa9ff5419e2a80ed33d726940db7be36,2025-01-25T08:15:08.137000 CVE-2024-12817,0,0,177c0c1ee17fbeb45fd7a30a85d211f5e3e78b0121812fcf822599a3e7e7f5fa,2025-01-25T08:15:08.300000 CVE-2024-12818,0,0,84584f689c6c77a45a4884a21e812302b20927c35cf898200120c33746d2aaa2,2025-01-15T10:15:07.803000 @@ -247189,6 +247191,7 @@ CVE-2024-13229,0,0,537699d3a79de9fbc27e9b2746c3e5b03ecf899f1fa640e3c8fa1fd5bdf5f CVE-2024-1323,0,0,4b7fa94b4154618460e40e6b98637f7cb2a430b6e413bf16925f79721ae6c94f,2025-01-16T19:29:54.047000 CVE-2024-13230,0,0,77b1ecbf192b34e98ac8a66dc9d4d1a94979c767aa5e8f2b9158ee6752bafedc,2025-01-21T11:15:09.267000 CVE-2024-13231,0,0,e7167177f9b23ac9afad3eac07b555a05861f1dc2e64891ec43f7636c5cda4d2,2025-02-19T09:15:08.930000 +CVE-2024-13232,1,1,f036609e4d8f0beba878db5f7c74fe0dbd7cad8905042cfc3d1a6197e09f841c,2025-03-05T10:15:14.197000 CVE-2024-13234,0,0,4c493a769573d261245a83332615004948f6e06f366df55b9e6c3d12849e4b0c,2025-02-04T21:05:33.863000 CVE-2024-13235,0,0,716a7c5d7c159a6b2d91aeded07fe8d912083980a02e58547aa8d39dbb30ccd0,2025-02-25T17:46:21.047000 CVE-2024-13236,0,0,64abe32b85dcd45ec9ab991a4d5209e0313b6971aeb9b551d0d126d46b2b126d,2025-01-31T16:03:09.630000 @@ -247308,6 +247311,7 @@ CVE-2024-13347,0,0,b0b65e85dad4db5b5f94ca2399763501cda822d2d7559302507963a880f04 CVE-2024-13348,0,0,e7356b4b7de40bfcab5dcbdec8635d94ba57c9cc43546ece560a6873afe1ba28,2025-01-30T15:15:16.223000 CVE-2024-13349,0,0,1a00cf757b3ec26bd50ea0e563207e24798d3893002c58755b8b9af1d412744e,2025-01-31T17:58:59.027000 CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000 +CVE-2024-13350,1,1,e9c5b87923a91edcb842bb6a28d1d6fd2f2943c4b4751dbc1e510c5e7ccbce8a,2025-03-05T09:15:09.163000 CVE-2024-13351,0,0,7985eca9113b0e4ff9b5606ce71f06a97acfce6eac97b8c91847c6875b508284,2025-01-15T10:15:07.993000 CVE-2024-13352,0,0,e3b517ead7778233dbb1fb4b3ec3651780c4dec33a82aff69cd76909bd75eb05,2025-02-07T16:15:35.960000 CVE-2024-13353,0,0,81d2cc0d68c32fbd9c01652b235787fa907c22cf877db2ecf0577a18d517802d,2025-02-25T03:32:38.597000 @@ -247663,6 +247667,7 @@ CVE-2024-13741,0,0,78f05de9655a03d53c2e8400793bb4a26c0069c47279ba1e219e404df9296 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000 CVE-2024-13743,0,0,55c8dc190eb39157b66a10e1b93cb1305bc4d10ce4cb3fd182854193f3e3c946,2025-02-18T23:15:09.267000 CVE-2024-13746,0,0,45f35ee3764d47b28653409950f2c901c1dd16389bb6dfa869d16b5b737ece40,2025-03-01T05:15:15.103000 +CVE-2024-13747,1,1,0722e9214a8d8932f08f4c85730f4f5420b18fd6467ccbbf76398fb9b25cdfac,2025-03-05T10:15:14.617000 CVE-2024-13748,0,0,434305d89c46996e593a1c20227391db3e976db9a09c9806ae0372c5517d7c24,2025-02-25T20:54:55.803000 CVE-2024-13749,0,0,1bb4ba9b57bf7068dfada9bae681ca9d14d8a8db535388f781f86c86d7cb8a7e,2025-02-25T03:54:36.293000 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000 @@ -247670,6 +247675,7 @@ CVE-2024-13750,0,0,60d2ac37a119c74457a43f16e0c72392975ebfbcb619894e9f656befe0d71 CVE-2024-13751,0,0,0e5e1a96a42a91f86024c5c9d88e569f1562fea2d46c5a10de41a49f75bc1fa9,2025-02-25T17:11:28.037000 CVE-2024-13752,0,0,58abec1a9c719742a0301542b70a1d6e3b887ea15505a7f86a0c807e31da0095,2025-02-24T12:30:24.827000 CVE-2024-13753,0,0,35689cdd5b64ee3991abd63fa8ef5f0b529fd8b40e65045b74e26e44ce0a06bd,2025-02-25T20:55:58.420000 +CVE-2024-13757,1,1,5995cc65fdbedf43c54445a608a23fd0f5333d3ce6f4a7aa69eb1a8c69fe5ff0,2025-03-05T10:15:14.923000 CVE-2024-13758,0,0,2e4bd9fb3fef024cef02d2b8f2dacb7555196f6b2dc915351eaf15ff5ed3368d,2025-01-31T20:28:53.477000 CVE-2024-1376,0,0,34411a3106e4c74f2617f4da0b50ff6e7d812385caea8af0b8361fb64d6e9d04,2024-11-21T08:50:26.737000 CVE-2024-13767,0,0,5e2a432b5514ebb28e43fc58238979fb079695a503a95ef3a2bddb1da15dea7c,2025-01-31T03:15:10.693000 @@ -247677,8 +247683,13 @@ CVE-2024-13769,0,0,6fa2e289d8cf3e90cab0c96a01fffe9940909434acbdd1bee567bf2a5e72c CVE-2024-1377,0,0,76446229d1bded69224cd2e98212f244bd2380b3470adb0152ce2b85f9216c33,2025-01-07T18:20:57.347000 CVE-2024-13770,0,0,eedd6cc35f686f8347a61efabc64272551833ee2e82bdd330567f722ff99ade8,2025-02-24T17:08:04.307000 CVE-2024-13775,0,0,4f9074e732a3ab519a109b5697b6e141a486c1977d56f68019ad553f34df5449,2025-02-24T19:04:52.170000 +CVE-2024-13777,1,1,c2d4f81a8dc3230470a4ddcfe8af4c9f8f5e51801d3ccbf118c1aa1e9f87533b,2025-03-05T10:15:15.367000 +CVE-2024-13778,1,1,673d14896e529308de549f2928918225a2196f03731d1b9fcc9954d189005174,2025-03-05T10:15:15.720000 +CVE-2024-13779,1,1,b99bad6f9e8dab81292dacf47b36bc0dcc6133647baf854afd6307e5257a8b27,2025-03-05T10:15:16.213000 CVE-2024-1378,0,0,041aa523b6aa5691bc95edbf2c3845e6125399d35aa90aa412089416e101b866,2024-11-21T08:50:26.997000 +CVE-2024-13780,1,1,f38211ca5b11c6d5cd76c7738bc5c283f5fd75664e09e943a4af464361a3c1f8,2025-03-05T10:15:16.513000 CVE-2024-13783,0,0,4d1adc087edd34d52079e199658ef345cbd94c9c74350c99493fda1d34bf23f7,2025-02-21T12:19:42.537000 +CVE-2024-13787,1,1,03e570e664ce22f94ad75fa40c6deb8d23c12b83a62b56497cc82237079e1cd5,2025-03-05T10:15:16.810000 CVE-2024-13789,0,0,2b0af9ac1cf71402f1bdf617ac72ff1dc3e5b91a3734626a9c4e88889f4b7dad,2025-02-25T20:56:25.757000 CVE-2024-1379,0,0,d57d063aae1fbcb792bd04eccc73dc16507c20c6267e19d5bea5a4e5413062c5,2024-11-21T08:50:27.157000 CVE-2024-13791,0,0,87d34d666cc6abe64fd811a08f4df25c9dcd54e5f0bd075f781061adfbd26e98,2025-02-25T04:01:52.803000 @@ -247694,14 +247705,19 @@ CVE-2024-13800,0,0,db269d664e8ffceb549584ac138b0b3d8532020dce3ad8c5501401929c306 CVE-2024-13802,0,0,799c1258f4b5634a2f6e5dae2a8b0b5fa69324e493bf460e3d6851ce5d4c3675,2025-02-25T20:57:34.193000 CVE-2024-13803,0,0,a4ca05408d0abeceec03de1e4e8a92703bc1137cacd6d3f3c6907b063c9f6ae7,2025-02-26T13:15:38.027000 CVE-2024-13806,0,0,063c52d53f81bbfeb772e150fd3eb5657c9535abcd0ad4b4f1bb05b9b53e7d78,2025-03-01T08:15:33.653000 +CVE-2024-13809,1,1,6be28e896bf75936478f58fa45f377cf413bed10859f0939689dc8ea299b4f20,2025-03-05T10:15:17.313000 CVE-2024-1381,0,0,f79abe04d98fb58eb4a1bc15edce6ddf9cf798d335c45513b35103feeb919d6b,2024-11-21T08:50:27.453000 +CVE-2024-13810,1,1,861c61a523529d8053cf536a51b7d802aa6990937f6cb4926ae7f49fc0b3dc67,2025-03-05T10:15:17.503000 +CVE-2024-13811,1,1,5b94a426632e0b7858178241c275865820be67c397c2529c7a30884806a0bfbc,2025-03-05T10:15:17.877000 CVE-2024-13813,0,0,fdc4ad5ea8556267af57de167767e42189cf8d83fe0a9d1183500203243c2b38,2025-02-20T15:56:04.087000 CVE-2024-13814,0,0,1eaa34671c59ff347de019eb0f7db92c91d554728619786a007d058e64ccd6e0,2025-02-18T21:30:00.523000 +CVE-2024-13815,1,1,c26d747b30e16449187df89ae1a63f232878b2518b742ef230f0e1b934e49302,2025-03-05T10:15:18.210000 CVE-2024-13817,0,0,b5a69d8e5693042f6213842e77c8ea5e9adad031b258d4d25f98e0b0bd22c27b,2025-01-31T03:15:10.910000 CVE-2024-13818,0,0,b34cef01cb19d809209555e3902d48d3c034a9e483326b43d02f63f2eb6722a8,2025-02-25T17:03:16.093000 CVE-2024-1382,0,0,46ba372cc585c5cc80406db23ae24542751b0e1ef43905cbc6e0bcf967676a5e,2025-01-21T17:04:33.737000 CVE-2024-13821,0,0,74f5b87067df469dcc6e71e5e4a2f7f3dcf26b1308f6ab7ad834a12bda68d3f3,2025-02-25T19:37:29.223000 CVE-2024-13822,0,0,3edf451af12e328cb622d46a3fda862fd00644484907c17ca32254fbaff076b3,2025-02-24T12:15:11.193000 +CVE-2024-13827,1,1,40b9b2f1bee49602bcbc26b5d44dfb98f0e80093153eca031d92ad08d38031db,2025-03-05T09:15:09.390000 CVE-2024-13829,0,0,0eb68c1cd51e57e24834aa430c28539b9740e4aeaf2e4bf4d57d2d018e612c3a,2025-02-05T06:15:31.257000 CVE-2024-1383,0,0,93ff0b2eb9f4abe59909f3b49d94bb9635c166ee2ef0054262af8a40f59e1121,2025-02-13T20:02:55.647000 CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000 @@ -247710,6 +247726,7 @@ CVE-2024-13832,0,0,ec5b2acd93db5978e9a901bf338782a10b26bfa5fce10324f0a5b3fac0b88 CVE-2024-13833,0,0,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000 CVE-2024-13834,0,0,43e5ae6cc904537a30eeccc37c7b9a07fd2bfb264b9574278bc2a72960c00c36,2025-02-24T12:37:18.957000 CVE-2024-13837,0,0,b186071e4ea62233d731f5821d490b3ab777186a5f4da25e22f6fedfafcbdd0c,2025-02-17T19:15:09.463000 +CVE-2024-13839,1,1,62f4a375bbf895765f28a4885fa21c7e3b5b50d77a9c8d8b3041b6036594e93c,2025-03-05T10:15:18.443000 CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000 CVE-2024-13841,0,0,42857531268142aae6c02637b3b6e7d79dd71736d6804136946d48ddaede14a2,2025-02-07T07:15:14.573000 CVE-2024-13842,0,0,e27bb87d0390ea96b584ec0f6fbe747157fb2de816ea15a1791b354e66567fcd,2025-02-20T15:55:29.770000 @@ -247724,6 +247741,7 @@ CVE-2024-13852,0,0,dd2c33f18b8ccbee6b646903a658fcb7af55315e978ebdb8f9c794cc0b1e0 CVE-2024-13854,0,0,b568f01b297c5912b2612b134f4f5250b2d30544244315a9c47edd8900e54042,2025-02-19T08:15:21.440000 CVE-2024-13855,0,0,9aad1f9df577d823156d8f799c672a44111ca2c006ede84d8cbdc8cff07c1227,2025-02-25T18:23:31.507000 CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c824b,2024-11-21T08:50:28.063000 +CVE-2024-13866,1,1,7b6522806f9fda20a87affc69ae1455066ad3672ed7237b6480428aa11037ef9,2025-03-05T09:15:09.587000 CVE-2024-13867,0,0,d1ccd3c88095b1998a7fe8f4f64aebb963278c8b08e66fe2014f445cd5f48e2a,2025-02-18T18:41:21.660000 CVE-2024-13869,0,0,0918273a7ae15011be1debf6016e48d8cf14f846fa38b8a2ca6e7c9fb94375dd,2025-02-23T04:15:23.797000 CVE-2024-1387,0,0,8e6bcbdaec79085616e17d0cff8f7e9074033b4370339ebb2fb375231d6ccb3f,2025-01-07T18:19:26.400000 @@ -275535,6 +275553,7 @@ CVE-2024-56666,0,0,21f26ce12addeba29595c53677883f3a92e9d33b51f0211bdc6b5982f3c5d CVE-2024-56667,0,0,1a9434d05c1117f8ebea126370a3323c87f5ea30d38cebd3e2ed4ea6d126e457,2025-01-06T18:21:07.280000 CVE-2024-56668,0,0,bb0b1b28b41959171a614b3f974621ac0d2ac6eb7e9f87ec2a3ef420c316bb90,2025-01-06T18:20:19.580000 CVE-2024-56669,0,0,76b9a886334184c642413928921758334a8bfa8c2d41db9984b5b251de81dfa7,2025-02-11T16:15:47.333000 +CVE-2024-5667,1,1,29f4f8a3f893c802c08b765dee7f22b2665101f41127421981899c33d6ca7588,2025-03-05T10:15:18.910000 CVE-2024-56670,0,0,09dfad71a0a648bb5acf88bdf9f65707f93ff084785c319fcc16bdd4e85df5fb,2025-01-06T18:13:02.807000 CVE-2024-56671,0,0,965424f9a0cbe2a465372879236df9fbdb2bda68b251d088efe5ee351e22168f,2025-01-06T16:56:36.777000 CVE-2024-56672,0,0,8417cd992fb4acd954e058be26fcceec7435ffb29efc02edc31fe1a61610bfcc,2025-02-10T18:15:31.643000 @@ -278877,6 +278896,7 @@ CVE-2024-8678,0,0,c9f19131bded613da0c19c1444b8e8a8b9cc51fc5c1cf15447ee67809c6ea1 CVE-2024-8679,0,0,2b814e408085282aa43a44f419617020b8c9c8c614fcd1f864e869f9853d89cd,2024-12-07T02:15:19.457000 CVE-2024-8680,0,0,d26d5eba91e9e07ee9b59e08affa3d4d4587baedebb8830ed04ba5321bbb1f0e,2024-09-27T13:53:47.910000 CVE-2024-8681,0,0,cc400ecaa32dd9e4f3bd8a7ca6c51e9d6c2c86f98de06f0d89656986f17c2119,2024-10-04T19:04:49.490000 +CVE-2024-8682,1,1,daddf41a6d4cb8d01566af592e3a1c558195f98ff5032141058ebb14a08fe832,2025-03-05T09:15:09.770000 CVE-2024-8684,0,0,654446cab325131fc0e44f97b13320fdc554516047e5f89a6437f77c3112522f,2025-02-10T13:15:26.103000 CVE-2024-8685,0,0,f81829db7e24f10a279a46bb1f2309fba8584ad62cd972b00bc9c625257a6f1f,2025-02-10T13:15:26.270000 CVE-2024-8686,0,0,5fbeef78ba158f7453367f08deedd44d4c0bfb4e67586077c3301c73e0fcba8c,2024-10-03T01:35:10.317000 @@ -280544,6 +280564,8 @@ CVE-2025-0948,0,0,3906e65d2be079846a7fc328fa3e08005b25ee0a1547c5d7622270f9efb6c8 CVE-2025-0949,0,0,0738bb2b66672fae5fd020ba0f9a70fb106ebc19e1971dce25f2e18c30dd0c12,2025-02-03T18:15:41.727000 CVE-2025-0950,0,0,7903835c96a972c16989f2cc1ccaf15a7fc2f203d2ad321ca6bcf09943e4f0e2,2025-02-03T18:15:41.847000 CVE-2025-0953,0,0,921a82da6ab0ef8d3d98803db3946d447f0517778af0c3f71c90d1c8292a158b,2025-02-22T13:15:11.850000 +CVE-2025-0954,1,1,55c8c6eabee890f4a1412381487e5b6ca68e980f9a34924a7044201a06392acf,2025-03-05T10:15:19.130000 +CVE-2025-0956,1,1,90ca98fb49cd01a3ccd80c5453322603e06017a60dda3995c69f6a47d8f4e41d,2025-03-05T10:15:19.480000 CVE-2025-0957,0,0,495f2d5b6e1d536933c2ca0f5f42b3b064381124c6d04bc27597b46752e07780,2025-02-22T14:15:29.710000 CVE-2025-0958,0,0,571b6daa8412a8dbab85a507fad7b4f36ac7400535cbebe7229ffe82ac243e85,2025-03-04T10:15:10.817000 CVE-2025-0960,0,0,499907aaf0daa1209acd23a8382909ccee8a784758e88e7f103cadb30772d3d2,2025-02-04T20:15:50.103000 @@ -280560,6 +280582,7 @@ CVE-2025-0981,0,0,c89c9554a0a46e5bb181583fd08bedc64f240c126360b9216686d47b4afcea CVE-2025-0982,0,0,521fffa92ca7a4349f9839f1725ef4c0f2728323e40055a01784086e989d43e4,2025-02-06T12:15:27.267000 CVE-2025-0985,0,0,b26b31af0c06da0ecdbbec5923f39fbb50dadbe219faf9bd5908c2a08e5b3d3e,2025-02-28T17:15:15.937000 CVE-2025-0989,0,0,346e8aea80123cafe9a430449f66c84d4597763274e13e564f95baea22982f1f,2025-02-11T21:15:12.823000 +CVE-2025-0990,1,1,92e6e15cb16b6e29b8e9ac767cd0ef53fbf77548976d34469bb9d167b90fd0a7,2025-03-05T09:15:09.947000 CVE-2025-0994,0,0,7e9665376804e5d3cecbef020101144a587ced5be1a96d3160dfb8d1e8544f4a,2025-02-12T19:29:30.383000 CVE-2025-0995,0,0,0a5529eb09e1f54f24a3e7e605d2f8400aae44234054dd248f74781d7e042133,2025-02-19T15:15:16.073000 CVE-2025-0996,0,0,f5bee85fd326d78b72ed64a9f49b28f7be5f9f9202e5d7fbf61706dd2200814c,2025-02-19T15:15:16.243000 @@ -280573,6 +280596,7 @@ CVE-2025-1004,0,0,9cae67c415976182c9e721c9cd510a26d80715a77eb7b99e0e645fceac3cfb CVE-2025-1005,0,0,6634395cbbb9a7c65c4fbb122df0f4ce8e0e536d41583c0c210842e7f1160ca8,2025-02-24T12:31:01.313000 CVE-2025-1006,0,0,d649cff08ce4b1c1c688483cba24b8f6211ab5d71e1f74150bdc986243148c7c,2025-02-19T20:15:36.163000 CVE-2025-1007,0,0,a3f70a46cd73e0586b87b15b1921e7689062414b24fcb0ed834a9ea125db4d4f,2025-02-19T09:15:10.117000 +CVE-2025-1008,1,1,51e628e9e44fe449c04c94758013fbbd1872f4c3055304670259874b4c1ea543,2025-03-05T09:15:10.110000 CVE-2025-1009,0,0,2eaef1afd010c535fd50fceaedaa339dbea694d459d94247ca2cdf1816ccd1a0,2025-02-06T19:28:52.820000 CVE-2025-1010,0,0,62a03586b01b5384628b2b24394869ef4f272c9b8354e05188dae652a849042c,2025-02-06T19:30:13.637000 CVE-2025-1011,0,0,c7aab2f6a9c0415627154b90d3f96ebb209e4ddce064fa55ea39e2629e66c93d,2025-02-06T19:31:38.610000 @@ -280799,7 +280823,7 @@ CVE-2025-1389,0,0,795a35efe21e6a34ebaee5d031621504f5de1cd150eb87bc8f92558df8e464 CVE-2025-1390,0,0,4fc86a10da8dd3f0a18ea2e30ae82e3cb10771daa7275bed87235a02cfa82a05,2025-02-18T03:15:10.447000 CVE-2025-1391,0,0,d90cb6e9a989a8a68c01cf8b9c7ddb91844bc2ec06595b67c0549c7c80f8bc3a,2025-02-17T14:15:08.413000 CVE-2025-1392,0,0,f08bbb9b69f485fd54fc78272460b890a55805f93dc93ed202a1f5ce9ea26d62,2025-02-17T16:15:16.120000 -CVE-2025-1393,1,1,7e67ea62469d5decfffee901208f62ab89eaada4966e37e0b8373112ec3c539d,2025-03-05T08:15:35.107000 +CVE-2025-1393,0,0,7e67ea62469d5decfffee901208f62ab89eaada4966e37e0b8373112ec3c539d,2025-03-05T08:15:35.107000 CVE-2025-1402,0,0,c23c451cfa1d570fb16b3d38ae224aa085b42cdb084d4b1dbd67b0732fd42aba,2025-02-25T04:04:59.860000 CVE-2025-1403,0,0,d98767ffbbabf7b703d6464c4760704cf18c9952a200d902dfdc98a149c5818d,2025-02-21T18:15:20.550000 CVE-2025-1404,0,0,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000 @@ -280813,6 +280837,7 @@ CVE-2025-1414,0,0,b3b9c3affbe2798ab158992b46088a156edfb77f4ed4319f53d9b7d1a64ef9 CVE-2025-1424,0,0,7bc1486ceca0565cfcc9a2d34ce95560808df7da09f34dab3d4f23862348c153,2025-03-04T16:15:36.663000 CVE-2025-1425,0,0,43fb3b1f1ada208e5c93084c37982591e83549c344ec272dd4837e6ef4cf756b,2025-03-04T16:15:36.803000 CVE-2025-1426,0,0,834f194c9c92d88c2a5fa9395038ff6b865679b1740d05e480244e8e7428755b,2025-02-19T20:15:36.467000 +CVE-2025-1435,1,1,5769f1e4d835d83465db5788f65be161aa498d69888f34e730e0859889f385a0,2025-03-05T09:15:10.267000 CVE-2025-1441,0,0,a148724949d3a67ddbdb90d03ba8b4c0c01959027f1d8b9da83469468076f49e,2025-02-28T19:47:07.220000 CVE-2025-1447,0,0,b52fc293ec2c8f7276787d8ec4e27a605d8feb40937673c00f5fe8646d83ab92,2025-02-19T01:15:09.407000 CVE-2025-1448,0,0,dcd55b821241f3fcd52c60ec5d939cca30ac2e0644079f21a4efc2df8a0c8c2d,2025-02-19T02:15:08.833000 @@ -280836,6 +280861,7 @@ CVE-2025-1509,0,0,96513da0fa9cb03c336b83bf5bddf52acacdda9db2e967b5f8ef0dc0a4de0f CVE-2025-1510,0,0,5e7f4e908d48e1455cf18a81d8dfff338614746cef18c3315cc85b0c64b8c8df,2025-02-22T04:15:10.040000 CVE-2025-1511,0,0,92d16ec9cdb5f4e3f37d1ead50a4ecde4e869b1ac9e9b474b39bd9ef65a37b75,2025-02-28T06:15:25.750000 CVE-2025-1513,0,0,49686153eb93c741adb1d6d7e23372a0773d0f92ceeb66d85a64053bd21ac0c5,2025-02-28T06:15:25.937000 +CVE-2025-1515,1,1,40fb5af3561fa8566133f431829f949e2515107ad298d86ca1e6887d1d266212,2025-03-05T10:15:19.850000 CVE-2025-1517,0,0,f77151ae5031cf639b38b016ea952fb6438aadc87174ef04eae6ee15efb2dd99,2025-02-26T13:15:41.193000 CVE-2025-1535,0,0,6080c0c0968f3ab3c5259d9031c93f6d6c93dcaef1c71aa8b7e3b62645a6a84e,2025-02-21T12:15:30.877000 CVE-2025-1536,0,0,13d2bb79966b022c194b53190d029539a3b9db0220df5fb889249e7f79d2fadc,2025-02-21T15:15:12.270000 @@ -281928,6 +281954,7 @@ CVE-2025-22475,0,0,15e2f0e4f859c49a221c12f5e1eb7e46b6c6aca8f0ab3cc88af90136ef2fd CVE-2025-22480,0,0,30f78fb08b81b0a4a0f02016506c54aff4f612e77005946c54cb0114603ea9f7,2025-02-18T18:39:56.053000 CVE-2025-22491,0,0,e26a392df2afadce272fd73c1e836888f4b2c5b4ac6036088413dff6be206365,2025-02-28T09:15:12.540000 CVE-2025-22492,0,0,e9bde4f21fb6310ad0cfe4e54a5331c3fe81f9a835d2382636a7b0f15d89bca3,2025-02-28T09:15:12.680000 +CVE-2025-22493,1,1,3fd8c45326186b19600084db23ec5bee27e935681d6364607bb1969dbbc7ba96,2025-03-05T09:15:10.443000 CVE-2025-22495,0,0,8392620cb3f5289df4103c4151ecb349dfb461cd09122f2d139b36566f51370b,2025-02-24T17:15:13.723000 CVE-2025-22498,0,0,f3f7d57a5c074cef7d66fd0b0c22de1f5c4ac45e596ff524016d32b7cab75963,2025-01-13T14:15:10.787000 CVE-2025-22499,0,0,2c7469ba06cedcc8f30abf0610d7acbf7462216a8d6077933c22c805fba653a7,2025-01-13T14:15:10.960000 @@ -283407,6 +283434,7 @@ CVE-2025-24980,0,0,a17fd16fc181710dc23e803283e1d6d1f933f1a8ebddaf620892759c050de CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000 CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000 CVE-2025-24989,0,0,41bc3ff3ec452f1ed2e007691180803f1ca2c43c5c00d6d0ec8842763c09b177,2025-02-24T14:55:58.823000 +CVE-2025-25015,1,1,eb1050bd5b65a4dad7d526191a26a4661ea59db9fd330a6daf35730bcf0718dc,2025-03-05T10:15:20.160000 CVE-2025-25039,0,0,2c724cd99b172314f0551d5e25be43761b6ee80f3cb5f750659e6bd374aa7b28,2025-02-04T19:15:33.977000 CVE-2025-25054,0,0,5be11f7aa8767f62986e873818aa7bafb83a58f1dfa102f5a36254246868acc6,2025-02-19T06:15:22.010000 CVE-2025-25055,0,0,715a07bb29b79c7fb7ed93b83baf8d9d3a9109839cf0cb0b13f9fa08d28e54fd,2025-02-18T00:15:21.277000