From 27a325c7cf73de033e1ebb4f2323d0b5207ed8d0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 7 Jan 2025 07:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-01-07T07:00:21.236145+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10102.json | 21 ++++ CVE-2024/CVE-2024-105xx/CVE-2024-10527.json | 60 +++++++++++ CVE-2024/CVE-2024-105xx/CVE-2024-10536.json | 60 +++++++++++ CVE-2024/CVE-2024-105xx/CVE-2024-10562.json | 21 ++++ CVE-2024/CVE-2024-112xx/CVE-2024-11290.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11337.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11338.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11363.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11369.json | 72 +++++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11375.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11377.json | 80 ++++++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11378.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11382.json | 60 +++++++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11383.json | 60 +++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11434.json | 60 +++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11445.json | 64 ++++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11465.json | 76 ++++++++++++++ CVE-2024/CVE-2024-114xx/CVE-2024-11496.json | 64 ++++++++++++ CVE-2024/CVE-2024-116xx/CVE-2024-11606.json | 21 ++++ CVE-2024/CVE-2024-116xx/CVE-2024-11690.json | 60 +++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11749.json | 60 +++++++++++ CVE-2024/CVE-2024-117xx/CVE-2024-11756.json | 60 +++++++++++ CVE-2024/CVE-2024-118xx/CVE-2024-11810.json | 60 +++++++++++ CVE-2024/CVE-2024-118xx/CVE-2024-11887.json | 64 ++++++++++++ CVE-2024/CVE-2024-120xx/CVE-2024-12049.json | 72 +++++++++++++ CVE-2024/CVE-2024-120xx/CVE-2024-12073.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12124.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12126.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12140.json | 64 ++++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12153.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12157.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12158.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12159.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12170.json | 60 +++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12176.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12207.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12208.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12214.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12252.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12256.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12261.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12264.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12288.json | 64 ++++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12290.json | 60 +++++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12291.json | 60 +++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12313.json | 72 +++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12322.json | 72 +++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12324.json | 60 +++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12327.json | 64 ++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12332.json | 68 ++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12383.json | 68 ++++++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12384.json | 68 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12435.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12438.json | 80 ++++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12439.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12440.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12445.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12453.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12457.json | 60 +++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12462.json | 64 ++++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12464.json | 60 +++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12470.json | 60 +++++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12471.json | 60 +++++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12535.json | 60 +++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12633.json | 60 +++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12849.json | 68 ++++++++++++ CVE-2024/CVE-2024-76xx/CVE-2024-7696.json | 56 ++++++++++ CVE-2024/CVE-2024-88xx/CVE-2024-8855.json | 21 ++++ CVE-2024/CVE-2024-88xx/CVE-2024-8857.json | 21 ++++ CVE-2024/CVE-2024-92xx/CVE-2024-9208.json | 60 +++++++++++ CVE-2024/CVE-2024-96xx/CVE-2024-9638.json | 21 ++++ CVE-2024/CVE-2024-96xx/CVE-2024-9697.json | 68 ++++++++++++ CVE-2024/CVE-2024-97xx/CVE-2024-9702.json | 60 +++++++++++ README.md | 51 +++++---- _state.csv | 109 ++++++++++++++++---- 75 files changed, 4454 insertions(+), 40 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10102.json create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10527.json create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10536.json create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10562.json create mode 100644 CVE-2024/CVE-2024-112xx/CVE-2024-11290.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11337.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11338.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11363.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11369.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11375.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11377.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11378.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11382.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11383.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11434.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11445.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11465.json create mode 100644 CVE-2024/CVE-2024-114xx/CVE-2024-11496.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11606.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11690.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11749.json create mode 100644 CVE-2024/CVE-2024-117xx/CVE-2024-11756.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11810.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11887.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12049.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12073.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12124.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12126.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12140.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12153.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12157.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12158.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12159.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12170.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12176.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12207.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12208.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12214.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12252.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12256.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12261.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12264.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12288.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12290.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12291.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12313.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12322.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12324.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12327.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12332.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12383.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12384.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12435.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12438.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12439.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12440.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12445.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12453.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12457.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12462.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12464.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12470.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12471.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12535.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12633.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12849.json create mode 100644 CVE-2024/CVE-2024-76xx/CVE-2024-7696.json create mode 100644 CVE-2024/CVE-2024-88xx/CVE-2024-8855.json create mode 100644 CVE-2024/CVE-2024-88xx/CVE-2024-8857.json create mode 100644 CVE-2024/CVE-2024-92xx/CVE-2024-9208.json create mode 100644 CVE-2024/CVE-2024-96xx/CVE-2024-9638.json create mode 100644 CVE-2024/CVE-2024-96xx/CVE-2024-9697.json create mode 100644 CVE-2024/CVE-2024-97xx/CVE-2024-9702.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10102.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10102.json new file mode 100644 index 00000000000..1e0a9c5b0ce --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10102.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10102", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:13.730", + "lastModified": "2025-01-07T06:15:13.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10527.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10527.json new file mode 100644 index 00000000000..d2317d1c679 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10527.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10527", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:09.497", + "lastModified": "2025-01-07T05:15:09.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/spacer/tags/3.0.7/index.php#L85", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112ece28-27ac-4d3c-b302-7acab43390fb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10536.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10536.json new file mode 100644 index 00000000000..1f66442b168 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10536.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10536", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:13.920", + "lastModified": "2025-01-07T06:15:13.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/post-block/trunk/custom-fields/options/admin-backup.php#L171", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e573648e-215f-4858-a4d3-a3e85119dbcf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10562.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10562.json new file mode 100644 index 00000000000..15e036aac2b --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10562.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10562", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:14.120", + "lastModified": "2025-01-07T06:15:14.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/317f6cb7-774f-4381-a855-858c051aa1d5/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11290.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11290.json new file mode 100644 index 00000000000..a494bf9aa5f --- /dev/null +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11290", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:11.117", + "lastModified": "2025-01-07T05:15:11.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/member-access/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4c7c448-fe9d-496d-84f2-0da8d1e13d64?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11337.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11337.json new file mode 100644 index 00000000000..cefe94e9bbe --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11337.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11337", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:11.320", + "lastModified": "2025-01-07T05:15:11.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/horoscope-and-tarot/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d833338-a343-446f-a3f1-cb5e2cff6585?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11338.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11338.json new file mode 100644 index 00000000000..b418c70f918 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11338.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11338", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:11.520", + "lastModified": "2025-01-07T05:15:11.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/pixnet/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/165bafd4-0cef-4936-af21-6a8ffcfccaef?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11363.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11363.json new file mode 100644 index 00000000000..03e12c42f91 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11363.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11363", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:11.713", + "lastModified": "2025-01-07T05:15:11.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Same but Different \u2013 Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/same-but-different/tags/1.0.15/library/template-parts/tabs.php#L27", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d262a3b-6205-45b3-8d8e-da541e07de46?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11369.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11369.json new file mode 100644 index 00000000000..2f2e1365dbe --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11369.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-11369", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:14.233", + "lastModified": "2025-01-07T06:15:14.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L113", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L119", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L95", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3213698/store-credit-for-woocommerce/trunk/admin/report.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e8527c0-a4b0-436d-901a-c07f93c7ec5e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11375.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11375.json new file mode 100644 index 00000000000..3252fa85987 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11375.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11375", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:11.907", + "lastModified": "2025-01-07T05:15:11.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wc1c-main/tags/0.23.0/views/promo/activation.php#L25", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52293a10-4240-4a6b-a05b-33675a4ed6b6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11377.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11377.json new file mode 100644 index 00000000000..c55a0886afb --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11377.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2024-11377", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:12.083", + "lastModified": "2025-01-07T05:15:12.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/c/clickup/clickup.php#L92", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/e/encharge/encharge.php#L82", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/g/getgist/getgist.php#L85", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/g/googlecontact/googlecontact.php#L100", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/m/mailchimp/mailchimp.php#L179", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/t/teamwork/teamwork.php#L82", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a143eb71-d039-441b-871e-d1c5cefb0529?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11378.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11378.json new file mode 100644 index 00000000000..d7cd162564d --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11378.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11378", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:12.270", + "lastModified": "2025-01-07T05:15:12.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bizapp-for-woocommerce/trunk/admin/class-bizapp-woocommerce-order.php#L599", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45cf9e0e-3a8a-400a-b766-7b352e739b7c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11382.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11382.json new file mode 100644 index 00000000000..7517415ecf3 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11382.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11382", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:12.457", + "lastModified": "2025-01-07T05:15:12.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/common-ninja/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1205432-4de0-4745-b8d5-e36aa8f3da49?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11383.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11383.json new file mode 100644 index 00000000000..3be1c688866 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11383.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11383", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:12.650", + "lastModified": "2025-01-07T05:15:12.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216591%40cc-canadian-mortgage-calculator&new=3216591%40cc-canadian-mortgage-calculator&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0654e3c9-106d-4d90-a4e4-9705c36f7564?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11434.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11434.json new file mode 100644 index 00000000000..7547d74238e --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11434.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11434", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:12.873", + "lastModified": "2025-01-07T05:15:12.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-bulk-sms/trunk/includes/admin/outbox/class-wpsmstobulk-outbox.php#L171", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17acbf24-b0ae-42c8-af8f-17e82213507d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11445.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11445.json new file mode 100644 index 00000000000..019356ff93e --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11445.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11445", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:13.077", + "lastModified": "2025-01-07T05:15:13.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-magnify/trunk/image-magnify.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/image-magnify/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55838de5-0795-429b-be87-a0d57b29e471?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11465.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11465.json new file mode 100644 index 00000000000..75a47042c21 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11465.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-11465", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:13.287", + "lastModified": "2025-01-07T05:15:13.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-generate-html.php#L19", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-saved-tabs.php#L222", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-saved-tabs.php#L449", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/public/class.yikes-woo-tabs-display.php#L47", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/yikes-inc-easy-custom-woocommerce-product-tabs.php#L262", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ad0d6eb-aafa-4f0b-bf1c-73d94e361087?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11496.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11496.json new file mode 100644 index 00000000000..cbac48eeec1 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11496.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11496", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:13.480", + "lastModified": "2025-01-07T05:15:13.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/infility-global/trunk/include/class/action.class.php#L80", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/infility-global/trunk/infility_global.php#L121", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fd1c19-b752-4562-9365-165d709b91b2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11606.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11606.json new file mode 100644 index 00000000000..ef05b8f6fea --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11606.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-11606", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:14.427", + "lastModified": "2025-01-07T06:15:14.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11690.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11690.json new file mode 100644 index 00000000000..f0d6a0abb92 --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11690.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11690", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:13.677", + "lastModified": "2025-01-07T05:15:13.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/live-stock-prices-for-wordpress/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/210e9d94-ae2a-4dd9-a151-0bafbac68d18?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11749.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11749.json new file mode 100644 index 00000000000..c11073f4115 --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11749.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11749", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:14.713", + "lastModified": "2025-01-07T06:15:14.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216285%40appizy-app-embed&new=3216285%40appizy-app-embed&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/111a0507-aa51-4e4e-a582-9007041c811b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11756.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11756.json new file mode 100644 index 00000000000..d0aa726f9be --- /dev/null +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11756.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11756", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:14.943", + "lastModified": "2025-01-07T06:15:14.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/sweepwidget/trunk/sweepwidget.php#L936", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ec6957-28c0-4441-8801-80b226569df9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11810.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11810.json new file mode 100644 index 00000000000..a4c1a67dd81 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11810.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11810", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:13.883", + "lastModified": "2025-01-07T05:15:13.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/paygreen-payment-gateway/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5438f82-2428-44ba-a7c8-e34d80804063?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11887.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11887.json new file mode 100644 index 00000000000..3883fd86832 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11887.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11887", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:15.147", + "lastModified": "2025-01-07T06:15:15.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/geo-targetly-geo-content/trunk/geotargetly-geo-content.php#L157", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/geo-targetly-geo-content/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c52cdb58-c97a-43a6-a3ff-be084ceee085?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12049.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12049.json new file mode 100644 index 00000000000..73f52c4bf68 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12049.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-12049", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:14.147", + "lastModified": "2025-01-07T05:15:14.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/edit-international.php#L71", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/edit.php#L43", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/morkvaup-plugin-invoices-page.php#L29", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/woo-ukrposhta/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e549e4c-9f2e-40a4-9b07-7edb34bc0c9f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12073.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12073.json new file mode 100644 index 00000000000..509c986f260 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12073.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12073", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:15.367", + "lastModified": "2025-01-07T06:15:15.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_url_value' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/meteor-slides/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be913494-f4a7-4718-ac2b-da4baf2b0a21?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12124.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12124.json new file mode 100644 index 00000000000..b663b81a112 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12124.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12124", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:14.340", + "lastModified": "2025-01-07T05:15:14.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_id\u2019 parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/role-includer/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12126.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12126.json new file mode 100644 index 00000000000..31f8dafaa70 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12126.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12126", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:14.533", + "lastModified": "2025-01-07T05:15:14.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018google_error\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/seo-keywords/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/325c2350-174b-4117-bacd-ae28bf3b16bc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12140.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12140.json new file mode 100644 index 00000000000..d3fa83a43e0 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12140.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12140", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:14.730", + "lastModified": "2025-01-07T05:15:14.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/accordion.php#L958", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/tab.php#L905", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12153.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12153.json new file mode 100644 index 00000000000..c8e02f4fcea --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12153.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12153", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:14.927", + "lastModified": "2025-01-07T05:15:14.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gdy-modular-content/trunk/includes/elements.php#L16", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f854737-e87b-4c50-a9fb-d3b129f9d9fc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12157.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12157.json new file mode 100644 index 00000000000..8e6c1235d5d --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12157.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12157", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:15.133", + "lastModified": "2025-01-07T05:15:15.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/ultimate-popup-creator/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e63ce97-40af-493d-9376-231a99d9bd58?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12158.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12158.json new file mode 100644 index 00000000000..4b8333aef30 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12158.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12158", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:15.323", + "lastModified": "2025-01-07T05:15:15.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/ultimate-popup-creator/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93a698df-fd68-4fbc-946e-a9b5a7f93b71?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12159.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12159.json new file mode 100644 index 00000000000..ebc5a2625a9 --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12159.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12159", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:15.527", + "lastModified": "2025-01-07T05:15:15.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12170.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12170.json new file mode 100644 index 00000000000..b4e7bd9430c --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12170.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12170", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:15.713", + "lastModified": "2025-01-07T05:15:15.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/viewmedica/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58209530-9e68-4d2c-a723-e6a164db7f46?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12176.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12176.json new file mode 100644 index 00000000000..113df72b9ca --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12176.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12176", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:15.900", + "lastModified": "2025-01-07T05:15:15.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wordlift/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6bdde6-f381-4ccb-8984-519cf9aca0b1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12207.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12207.json new file mode 100644 index 00000000000..17a21b833fe --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12207.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12207", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:16.080", + "lastModified": "2025-01-07T05:15:16.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/toggles-shortcode-and-widget/trunk/include/otw_components/otw_shortcode/shortcodes/otw_shortcode_content_toggle.class.php#L246", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/755c8863-33c2-47aa-880a-0ef8b2d594a3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12208.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12208.json new file mode 100644 index 00000000000..9829d945ca1 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12208.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12208", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:16.270", + "lastModified": "2025-01-07T05:15:16.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-backitup/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12214.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12214.json new file mode 100644 index 00000000000..77e0d244d35 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12214.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12214", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:16.470", + "lastModified": "2025-01-07T05:15:16.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018videolink\u2019 parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/woocommerce-hss-extension-for-streaming-video/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d633f71-3b2b-4fe3-80f1-4c2dcc86313c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12252.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12252.json new file mode 100644 index 00000000000..7767fc33692 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12252.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12252", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:16.660", + "lastModified": "2025-01-07T05:15:16.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/seo-beginner-auto-post/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12256.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12256.json new file mode 100644 index 00000000000..6e59837d1e2 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12256.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12256", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:16.857", + "lastModified": "2025-01-07T05:15:16.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/simple-video-management-system/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaa6b7c-bf38-44b5-9d83-2918cbedc683?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12261.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12261.json new file mode 100644 index 00000000000..fe023374adf --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12261.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12261", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:15.593", + "lastModified": "2025-01-07T06:15:15.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/smartemailing/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7332c21a-3501-4066-b7b7-34914a228d8f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12264.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12264.json new file mode 100644 index 00000000000..996f733b450 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12264.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12264", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:17.047", + "lastModified": "2025-01-07T05:15:17.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/payu-india/tags/3.8.3/includes/class-payu-shipping-tax-api-calculation.php#L187", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12288.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12288.json new file mode 100644 index 00000000000..801a25be06b --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12288.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12288", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:17.243", + "lastModified": "2025-01-07T05:15:17.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/simple-add-pages-or-posts/tags/2.0.0/form.php#L243", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/simple-add-pages-or-posts/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/506f101c-ffec-415d-92dc-99cb7384af95?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12290.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12290.json new file mode 100644 index 00000000000..ad0061a9ab3 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12290", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:17.440", + "lastModified": "2025-01-07T05:15:17.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018set_type\u2019 parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/infility-global/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12291.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12291.json new file mode 100644 index 00000000000..070d3b38456 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12291.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12291", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:17.633", + "lastModified": "2025-01-07T05:15:17.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/viewmedica/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/646ba700-28d5-455f-88de-2864ef8f202c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12313.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12313.json new file mode 100644 index 00000000000..857d1d5759a --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12313.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-12313", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:17.853", + "lastModified": "2025-01-07T05:15:17.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L219", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L237", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L256", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L275", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/638e8e67-38b3-4fc4-bd77-8f268030a93a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12322.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12322.json new file mode 100644 index 00000000000..1eae7c69ae0 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12322.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-12322", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:18.063", + "lastModified": "2025-01-07T05:15:18.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L28", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L4", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L48", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L5", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e996f71a-f0b9-4e10-873e-a0299a099dce?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12324.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12324.json new file mode 100644 index 00000000000..5e9277e1b0a --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12324.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12324", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:18.267", + "lastModified": "2025-01-07T05:15:18.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/unilevel-mlm-plan/trunk/includes/admin/settings/view/ump-epins-list.php#L81", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe71e2b9-ddd7-4d6d-97e5-5fad41f8f35c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12327.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12327.json new file mode 100644 index 00000000000..bd3e7dc6481 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12327.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12327", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:18.470", + "lastModified": "2025-01-07T05:15:18.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/lazyload-background-images/trunk/admin/plugin-functions.php#L152", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/lazyload-background-images/trunk/admin/plugin-functions.php#L153", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d57fa9f3-b1c0-4601-96d9-178d0dba1332?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12332.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12332.json new file mode 100644 index 00000000000..c46d7e209eb --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12332.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12332", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:18.687", + "lastModified": "2025-01-07T05:15:18.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L72", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L73", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12383.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12383.json new file mode 100644 index 00000000000..9b3cca08085 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12383.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12383", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:15.790", + "lastModified": "2025-01-07T06:15:15.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insufficient input sanitization and output escaping of the 'product_points' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L7", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L92", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L96", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b061fbf2-4bb3-4ccc-ba90-1e947365435e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12384.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12384.json new file mode 100644 index 00000000000..210ef42853b --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12384.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12384", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:15.983", + "lastModified": "2025-01-07T06:15:15.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page\u2019 parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/payout/payout-report.php#L121", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/payout/payout-report.php#L44", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/register-first-user.php#L82", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf6b2ea-5a6a-481b-9431-650c895f54ef?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12435.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12435.json new file mode 100644 index 00000000000..bd6c00f3622 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12435.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12435", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:18.887", + "lastModified": "2025-01-07T05:15:18.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s_feature\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L392", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L397", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f74c419a-56de-4190-925d-876d32f712e1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12438.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12438.json new file mode 100644 index 00000000000..3edc4544d4a --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12438.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2024-12438", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:16.183", + "lastModified": "2025-01-07T06:15:16.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date\u2019 and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L613", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L614", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L629", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L632", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L655", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L658", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3909f6-fd2f-44e7-83b5-51c8cda4b20f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12439.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12439.json new file mode 100644 index 00000000000..d15d74da106 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12439.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12439", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:16.430", + "lastModified": "2025-01-07T06:15:16.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/marketplace-items/trunk/marketplace-items.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/marketplace-items/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/602ae805-a6a6-48bd-bd2a-00fafadfdce4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12440.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12440.json new file mode 100644 index 00000000000..6f1d5ce1e09 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12440.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12440", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:16.630", + "lastModified": "2025-01-07T06:15:16.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/candifly/trunk/candifly.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/candifly/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf173ccd-23bc-49ec-92e0-032feae0fa4a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12445.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12445.json new file mode 100644 index 00000000000..16eb700c4d8 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12445.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12445", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:19.083", + "lastModified": "2025-01-07T05:15:19.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/rightmessage/trunk/includes/class-rightmessage.php#L45", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/rightmessage", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efbbb33d-28ed-47f4-a8dd-2fc7564d9df2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12453.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12453.json new file mode 100644 index 00000000000..fa231bae6ef --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12453.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12453", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:19.260", + "lastModified": "2025-01-07T05:15:19.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/uptodown-apk-download-widget/trunk/uptodown_wp_widget.php#L47", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/uptodown-apk-download-widget", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78c2d5fc-240a-4fed-92ae-b9f84de3e119?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12457.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12457.json new file mode 100644 index 00000000000..0f22b436662 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12457.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12457", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:19.453", + "lastModified": "2025-01-07T05:15:19.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/chat-viber/tags/1.7.2/inc/class-custom-buttons-templates.php#L51", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7834c0be-3051-4d97-928e-cf5295c93463?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12462.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12462.json new file mode 100644 index 00000000000..e4be61eb9c8 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12462.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12462", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:19.640", + "lastModified": "2025-01-07T05:15:19.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yogo-booking/trunk/src/shortcodes.php#L13", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/yogo-booking", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/151b0aa9-c5c9-48ab-8b73-22ee42666824?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12464.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12464.json new file mode 100644 index 00000000000..b3176a0aa08 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12464.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12464", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:16.823", + "lastModified": "2025-01-07T06:15:16.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/chatroll-live-chat/tags/2.5.0/chatroll.php#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87fdadcd-b776-471a-9756-708e384de4f0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12470.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12470.json new file mode 100644 index 00000000000..101133e0517 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12470.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12470", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:19.823", + "lastModified": "2025-01-07T05:15:19.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/sakolawp-lite/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12471.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12471.json new file mode 100644 index 00000000000..9dc9609256b --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12471.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12471", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:17.027", + "lastModified": "2025-01-07T06:15:17.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/post-saint/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc17284e-65ea-4e67-aba9-3475f0174657?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12535.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12535.json new file mode 100644 index 00000000000..502a2d48cbe --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12535.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12535", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:17.220", + "lastModified": "2025-01-07T06:15:17.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/host-php-info/trunk/info.php#L2", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12633.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12633.json new file mode 100644 index 00000000000..e1699f65e23 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12633.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12633", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:17.417", + "lastModified": "2025-01-07T06:15:17.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The JoomSport \u2013 for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3209054/joomsport-sports-league-results-management", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4503e2c-0d0d-45de-a597-baace44a98a7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12849.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12849.json new file mode 100644 index 00000000000..7b3f2a7d9d2 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12849.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12849", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:17.607", + "lastModified": "2025-01-07T06:15:17.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/error-log-viewer-wp/tags/1.0.1.3/error-log-viewer-wp.php#L295", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/error-log-viewer-wp/tags/1.0.1.3/error-log-viewer-wp.php#L479", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215563%40error-log-viewer-wp&new=3215563%40error-log-viewer-wp&sfp_email=&sfph_mail=#file10", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57888e36-3a61-4452-b4ea-9db9e422dc2d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7696.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7696.json new file mode 100644 index 00000000000..cd30785fc58 --- /dev/null +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7696.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7696", + "sourceIdentifier": "product-security@axis.com", + "published": "2025-01-07T06:15:17.827", + "lastModified": "2025-01-07T06:15:17.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. \nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@axis.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@axis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-117" + } + ] + } + ], + "references": [ + { + "url": "https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf", + "source": "product-security@axis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8855.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8855.json new file mode 100644 index 00000000000..0838f1d3cb4 --- /dev/null +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8855.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-8855", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:17.977", + "lastModified": "2025-01-07T06:15:17.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8857.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8857.json new file mode 100644 index 00000000000..b2ea8e6d420 --- /dev/null +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8857.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-8857", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:18.100", + "lastModified": "2025-01-07T06:15:18.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/08ca6daa-09f4-4604-ac9e-15a1b33d599d/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9208.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9208.json new file mode 100644 index 00000000000..c2404d3ab42 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9208.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9208", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T05:15:20.790", + "lastModified": "2025-01-07T05:15:20.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/enable-accessibility/tags/1.4.1/includes/accessibility-attachments-alt.php#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da125e31-4747-46b7-8a46-a234388035c0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9638.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9638.json new file mode 100644 index 00000000000..918effc8e4f --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9638.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-9638", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-07T06:15:18.217", + "lastModified": "2025-01-07T06:15:18.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/119d5249-48e4-429e-8a1d-ad112e0c966d/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9697.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9697.json new file mode 100644 index 00000000000..167d8043579 --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9697.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9697", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:18.330", + "lastModified": "2025-01-07T06:15:18.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L39", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L5501", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L5531", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/168dd2d4-bffb-4187-afc7-02fef8cb51a7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9702.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9702.json new file mode 100644 index 00000000000..b167f453954 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9702.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9702", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-07T06:15:18.597", + "lastModified": "2025-01-07T06:15:18.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/social-rocket/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4d948e-359e-4514-9c8f-dbd8198ef4fe?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9272dfbefc1..d9e16400be1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-07T05:00:19.408614+00:00 +2025-01-07T07:00:21.236145+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-07T04:15:09.783000+00:00 +2025-01-07T06:15:18.597000+00:00 ``` ### Last Data Feed Release @@ -33,31 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275873 +275946 ``` ### CVEs added in the last Commit -Recently added CVEs: `18` +Recently added CVEs: `73` -- [CVE-2024-11437](CVE-2024/CVE-2024-114xx/CVE-2024-11437.json) (`2025-01-07T04:15:06.150`) -- [CVE-2024-11777](CVE-2024/CVE-2024-117xx/CVE-2024-11777.json) (`2025-01-07T04:15:07.200`) -- [CVE-2024-11899](CVE-2024/CVE-2024-118xx/CVE-2024-11899.json) (`2025-01-07T04:15:07.350`) -- [CVE-2024-11934](CVE-2024/CVE-2024-119xx/CVE-2024-11934.json) (`2025-01-07T04:15:07.520`) -- [CVE-2024-12022](CVE-2024/CVE-2024-120xx/CVE-2024-12022.json) (`2025-01-07T04:15:07.677`) -- [CVE-2024-12098](CVE-2024/CVE-2024-120xx/CVE-2024-12098.json) (`2025-01-07T04:15:07.837`) -- [CVE-2024-12402](CVE-2024/CVE-2024-124xx/CVE-2024-12402.json) (`2025-01-07T04:15:07.990`) -- [CVE-2024-12416](CVE-2024/CVE-2024-124xx/CVE-2024-12416.json) (`2025-01-07T04:15:08.143`) -- [CVE-2024-12419](CVE-2024/CVE-2024-124xx/CVE-2024-12419.json) (`2025-01-07T04:15:08.337`) -- [CVE-2024-12528](CVE-2024/CVE-2024-125xx/CVE-2024-12528.json) (`2025-01-07T04:15:08.543`) -- [CVE-2024-12538](CVE-2024/CVE-2024-125xx/CVE-2024-12538.json) (`2025-01-07T04:15:08.720`) -- [CVE-2024-12540](CVE-2024/CVE-2024-125xx/CVE-2024-12540.json) (`2025-01-07T04:15:08.917`) -- [CVE-2024-12541](CVE-2024/CVE-2024-125xx/CVE-2024-12541.json) (`2025-01-07T04:15:09.083`) -- [CVE-2024-12557](CVE-2024/CVE-2024-125xx/CVE-2024-12557.json) (`2025-01-07T04:15:09.260`) -- [CVE-2024-12559](CVE-2024/CVE-2024-125xx/CVE-2024-12559.json) (`2025-01-07T04:15:09.433`) -- [CVE-2024-12590](CVE-2024/CVE-2024-125xx/CVE-2024-12590.json) (`2025-01-07T04:15:09.607`) -- [CVE-2024-12592](CVE-2024/CVE-2024-125xx/CVE-2024-12592.json) (`2025-01-07T04:15:09.783`) -- [CVE-2025-22395](CVE-2025/CVE-2025-223xx/CVE-2025-22395.json) (`2025-01-07T03:15:06.047`) +- [CVE-2024-12327](CVE-2024/CVE-2024-123xx/CVE-2024-12327.json) (`2025-01-07T05:15:18.470`) +- [CVE-2024-12332](CVE-2024/CVE-2024-123xx/CVE-2024-12332.json) (`2025-01-07T05:15:18.687`) +- [CVE-2024-12383](CVE-2024/CVE-2024-123xx/CVE-2024-12383.json) (`2025-01-07T06:15:15.790`) +- [CVE-2024-12384](CVE-2024/CVE-2024-123xx/CVE-2024-12384.json) (`2025-01-07T06:15:15.983`) +- [CVE-2024-12435](CVE-2024/CVE-2024-124xx/CVE-2024-12435.json) (`2025-01-07T05:15:18.887`) +- [CVE-2024-12438](CVE-2024/CVE-2024-124xx/CVE-2024-12438.json) (`2025-01-07T06:15:16.183`) +- [CVE-2024-12439](CVE-2024/CVE-2024-124xx/CVE-2024-12439.json) (`2025-01-07T06:15:16.430`) +- [CVE-2024-12440](CVE-2024/CVE-2024-124xx/CVE-2024-12440.json) (`2025-01-07T06:15:16.630`) +- [CVE-2024-12445](CVE-2024/CVE-2024-124xx/CVE-2024-12445.json) (`2025-01-07T05:15:19.083`) +- [CVE-2024-12453](CVE-2024/CVE-2024-124xx/CVE-2024-12453.json) (`2025-01-07T05:15:19.260`) +- [CVE-2024-12457](CVE-2024/CVE-2024-124xx/CVE-2024-12457.json) (`2025-01-07T05:15:19.453`) +- [CVE-2024-12462](CVE-2024/CVE-2024-124xx/CVE-2024-12462.json) (`2025-01-07T05:15:19.640`) +- [CVE-2024-12464](CVE-2024/CVE-2024-124xx/CVE-2024-12464.json) (`2025-01-07T06:15:16.823`) +- [CVE-2024-12470](CVE-2024/CVE-2024-124xx/CVE-2024-12470.json) (`2025-01-07T05:15:19.823`) +- [CVE-2024-12471](CVE-2024/CVE-2024-124xx/CVE-2024-12471.json) (`2025-01-07T06:15:17.027`) +- [CVE-2024-12535](CVE-2024/CVE-2024-125xx/CVE-2024-12535.json) (`2025-01-07T06:15:17.220`) +- [CVE-2024-12633](CVE-2024/CVE-2024-126xx/CVE-2024-12633.json) (`2025-01-07T06:15:17.417`) +- [CVE-2024-12849](CVE-2024/CVE-2024-128xx/CVE-2024-12849.json) (`2025-01-07T06:15:17.607`) +- [CVE-2024-7696](CVE-2024/CVE-2024-76xx/CVE-2024-7696.json) (`2025-01-07T06:15:17.827`) +- [CVE-2024-8855](CVE-2024/CVE-2024-88xx/CVE-2024-8855.json) (`2025-01-07T06:15:17.977`) +- [CVE-2024-8857](CVE-2024/CVE-2024-88xx/CVE-2024-8857.json) (`2025-01-07T06:15:18.100`) +- [CVE-2024-9208](CVE-2024/CVE-2024-92xx/CVE-2024-9208.json) (`2025-01-07T05:15:20.790`) +- [CVE-2024-9638](CVE-2024/CVE-2024-96xx/CVE-2024-9638.json) (`2025-01-07T06:15:18.217`) +- [CVE-2024-9697](CVE-2024/CVE-2024-96xx/CVE-2024-9697.json) (`2025-01-07T06:15:18.330`) +- [CVE-2024-9702](CVE-2024/CVE-2024-97xx/CVE-2024-9702.json) (`2025-01-07T06:15:18.597`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 9f734fd4c11..5ae82408870 100644 --- a/_state.csv +++ b/_state.csv @@ -243252,6 +243252,7 @@ CVE-2024-10099,0,0,ff238a91e24fcb0a85fcb34f700c80404c8e345e8e0c333898778e0f4a6cf CVE-2024-1010,0,0,b760c6839f8ba4fc102d84ec8eb422be6a7986ee41491a18032e2ca8b34ccde5,2024-11-21T08:49:35.243000 CVE-2024-10100,0,0,e257ac7ecea7ed9deddddca60657be7d2649829f289e846b06e9d10c365d346b,2024-11-04T19:15:05.297000 CVE-2024-10101,0,0,fec1f0c88678ca99198bb58f95f12b144e2edf82230ea1a8688c401204e642f7,2024-12-20T21:15:06.440000 +CVE-2024-10102,1,1,e633bb19adeec60256d843d80f8603ddd720609a36b1d493798b4b97a59dd6a5,2025-01-07T06:15:13.730000 CVE-2024-10103,0,0,e854e5edfcf43e70adfea03c62a4fcbb787ffe431d5323bec06ca7656746d9ef,2024-11-19T21:57:32.967000 CVE-2024-10104,0,0,edcf9a609eefa3129230f441c58905f876237c83c0092e5bc98e317fac05c0fd,2024-11-15T19:35:04.683000 CVE-2024-10108,0,0,57e3bdf5c93deb8dbbc7ad9bd9f5c8802e9586c3214ce14e9acc02b653026e84,2024-11-01T12:57:03.417000 @@ -243612,6 +243613,7 @@ CVE-2024-10523,0,0,7cc4719be638488b8b84233b435754a6a5dcc357f333b40290bb3e99a0f90 CVE-2024-10524,0,0,c2da650c8fb959e3655afb050ea98d59c38083a2db2a6841d4636c9a53404b99,2024-11-21T08:48:42.313000 CVE-2024-10525,0,0,550cf84729b31fb0a9e5663c63d50687239e5a204169e8c50724c4cdf639431a,2024-11-01T12:57:03.417000 CVE-2024-10526,0,0,6f7e328f774c00887292c6a9b6f09466273e7b5111063f43f180124280a00fc6,2024-11-08T19:01:03.880000 +CVE-2024-10527,1,1,2ac72a7f22b2d63c7ccf4054363b685d4c86d8a1de32c24784406b994a4aa3ee,2025-01-07T05:15:09.497000 CVE-2024-10528,0,0,e18f91787a7b7b21f226c7e02b70dcb124a943b826e8ab41e00995ddf212c285,2024-11-21T13:57:24.187000 CVE-2024-10529,0,0,09425f1304014f480214fdc78529d3afec9b9229f4210dd5066c18fb4e21651d,2024-11-18T14:59:15.043000 CVE-2024-1053,0,0,edba6f19243ea494247333ce0355ab208593a904d055289e97a636713af04970,2024-11-21T08:49:41.450000 @@ -243621,6 +243623,7 @@ CVE-2024-10532,0,0,f3826ce705d2650c9f0c8c72a6418942413100eab375a8315e8ccfd6195f3 CVE-2024-10533,0,0,723801c2a6b49d5fb26e61442e0ba52d6cb0cf007527bfd8af0f264000609c75,2024-11-18T17:11:17.393000 CVE-2024-10534,0,0,73693b37c20d14c201bbf833a0b376a95955ad7bec222e3a454bcf2d9cff25a0,2024-11-19T19:08:44.727000 CVE-2024-10535,0,0,496e3e4073abe2adad8b54d5ee745431f58893a256de2e44bb2f056357efc2c8,2024-11-08T21:19:27.540000 +CVE-2024-10536,1,1,b7f90b63ed51a255637dd678ef409199eb3c89c4bd4b1acaeb7689e7f1b8f159,2025-01-07T06:15:13.920000 CVE-2024-10537,0,0,245f407c71543e9ed1f1e8091a091327bb8b8bb7a6ad44fab60dad856af50407,2024-11-23T04:15:07.663000 CVE-2024-10538,0,0,61014a490bb67ac6333227cbe080cbc3323afad1485db0781083c911c48fb77e,2024-11-14T13:27:00.400000 CVE-2024-1054,0,0,94b651608db3d30d3daebf6e295a99b6cb748f5b340c93c3e226c28c09fa8fa8,2024-11-21T08:49:41.570000 @@ -243639,6 +243642,7 @@ CVE-2024-10557,0,0,e65f5d89b91c24f295e5cbd0f813e2ad8ed04df13cf96a919800b770566f3 CVE-2024-10559,0,0,16e3eab9e781d1e16f0d045b8d1d79bfb09e11f3fa816a22b4936c2b8431f9e3,2024-11-01T20:43:41.070000 CVE-2024-1056,0,0,af182e17efd4af1cb9d6458d1d7d67974a36b702d2e517ba61380bf6c671d68a,2024-09-19T22:06:32.340000 CVE-2024-10561,0,0,2bfd240be58df048fbf99413f7d4286366df5405b43b9b75120456be9297f833,2024-11-01T20:42:12.303000 +CVE-2024-10562,1,1,d7c95a3831dfff851e9ee43d43dd6c5ce77c641b46f6a2531ccb0389cbb9078c,2025-01-07T06:15:14.120000 CVE-2024-10567,0,0,a04d3f3d999e2b2d50068629e658949590c474642a1d298fb74a13508e02b197,2024-12-04T09:15:04.177000 CVE-2024-10568,0,0,29a6369be6bdec3fac3a49600567225eff324bd19cbe3ade1e99b53075e8cfa9,2024-12-12T16:15:11.250000 CVE-2024-1057,0,0,82d074eff87805c0c8af6f292d67be991df4f6c4e8e298eece318c63dbd97000,2024-11-21T08:49:41.890000 @@ -244231,6 +244235,7 @@ CVE-2024-11281,0,0,90e2bd5c8205361ece3136c81be65d202c124421a44b94b51cee816a97580 CVE-2024-11287,0,0,2b855907be08ce91eab121bf5a3c8cc1d79ede49cf458848842325e314d36b25,2024-12-21T07:15:08.053000 CVE-2024-11289,0,0,1d2443a1a9242c04e29818ad13875ac1c58e80e7866f1501dec4b2d1a8559f61,2024-12-06T10:15:05.450000 CVE-2024-1129,0,0,cbf5818dce2e4cd60590d30546d905436cb36b8ec16eeb56ee9382ffddfc0bc3,2024-11-21T08:49:51.773000 +CVE-2024-11290,1,1,e7ad334eff31d82a070c36355409378c2a340aba72b63bc5936a92701d2b3571,2025-01-07T05:15:11.117000 CVE-2024-11291,0,0,537e55bae46f427a177aa5b81903c72ee380b93be35511ba50b6e055b27fd914,2024-12-18T12:15:08.710000 CVE-2024-11292,0,0,44d76ae9b7e309446be6c076fee918f16faf12f6eba1bd4aed88a2108eee73db,2024-12-06T09:15:05.993000 CVE-2024-11293,0,0,963e5cd86fd8964150efb764dabf7f60f1898cb3eb1113839b414494aefc5068,2024-12-04T08:15:06.343000 @@ -244271,6 +244276,8 @@ CVE-2024-11332,0,0,36669df4e93715465b64ec1799e55f470058053e193a811269619d8d50b4e CVE-2024-11333,0,0,00c71a7929b275d875b9539b6f0a2f4cc66b516eced93f3c2cfad9bb181a4a5b,2024-11-28T09:15:04.170000 CVE-2024-11334,0,0,f7fc893b8a37cca506fd20fe68edd8509ed855f99666ff9db346702f3632cf66,2024-11-26T17:33:49.477000 CVE-2024-11336,0,0,f6d676d5a427fada73f852223dfd1f8d78278266b2c8c37478ab18b05a16f6ad,2024-12-06T09:15:06.323000 +CVE-2024-11337,1,1,d6c57a7b2a87a73b03ef11ff0046f61e713fa6cfa164ff233529c7c3a7cb7a83,2025-01-07T05:15:11.320000 +CVE-2024-11338,1,1,ec8204656cc22ec13151c9e49136d87eb07f40b422d082cfeec81e80190914f2,2025-01-07T05:15:11.520000 CVE-2024-11339,0,0,79f980d1c213f37a017402750a78ab5a89012c4a7d884549e17aee2fe1c2fbb1,2024-12-06T09:15:06.497000 CVE-2024-1134,0,0,3b9e316f9f09adef1cfd4f6b3383505dbc9180172570e63197eb1d9f1f72ee08,2024-11-21T08:49:52.330000 CVE-2024-11341,0,0,fe8cd85d684fa85647e91e6c807d0d3948596661a708a57f08c30a79715842f3,2024-12-05T10:31:39.520000 @@ -244290,19 +244297,26 @@ CVE-2024-1136,0,0,f1cac8b5fbb038c0eb6351f127c8e971963556b8c2146fbf8d7dfc6a2c8abb CVE-2024-11360,0,0,659b24fc81e4938ca0374fdfc531183f0da8359af24c60f66cd39ca705cc7b8c,2024-11-26T17:36:08.113000 CVE-2024-11361,0,0,a258bcb3f99fb669d7603f67eec83a19db748f78307acdbf1ea168f7db1a2de0,2024-11-23T05:15:06.673000 CVE-2024-11362,0,0,600c443b489e86c090d64bcffdb5d5e1bea467b36951abaa22635fe3a3274b4a,2024-11-23T04:15:08.617000 +CVE-2024-11363,1,1,bfb0dfdef7c6d3b282356c80e7d6779e97ec88abc92f394a4b4005dd8db6fff7,2025-01-07T05:15:11.713000 CVE-2024-11364,0,0,0396ae45ab0b0575c4ca72d73e097c290e7be2140385b973fdc69f4be12bf72f,2024-12-19T21:15:07.427000 CVE-2024-11365,0,0,0e66126dac632663f20d3d9475ab7eeeaaf1783cab23902c99ae23613a9ecef6,2024-11-26T17:43:23.240000 CVE-2024-11366,0,0,eac89358fd6d61e1ab632fc5133430774b50e5a3fa0dd5cf3b695ea3fcce5bce,2024-11-28T09:15:04.313000 CVE-2024-11367,0,0,eea02b3c7a7e23b6b50200379882a96782686712f1c754d90239651a5f9c3034,2024-12-07T10:15:05.453000 CVE-2024-11368,0,0,bf7c67e11e8f973c6ac3bae21678c3dfeb626f80e34696e9e29adffce5777903,2024-12-06T09:15:06.810000 +CVE-2024-11369,1,1,cc028b0b8654e597f7a1137244a46d41015f40f300b7c16ffb6a086d7c1bc1ba,2025-01-07T06:15:14.233000 CVE-2024-1137,0,0,9367f9a1347684403f58a1a7490fd736dd1a246a1ba5d989931872114e882ed8,2024-11-21T08:49:52.723000 CVE-2024-11370,0,0,dd87b64b129f6809c8edd7b234994b231659964606722e4f84f6ae489936a5a5,2024-11-26T17:53:22.707000 CVE-2024-11371,0,0,940d4acb1660319dcaf9e79be7b51b02d713b6710d41c4a41d256d4b90485073,2024-12-16T15:53:39.657000 CVE-2024-11374,0,0,a5a1e58c0241313798d5870304d6ab4fd613b7c8d39f72ddd8edd6b514e2a94b,2024-12-07T10:15:05.643000 +CVE-2024-11375,1,1,e93fe4d3fb55901ffef81f61cf6ce0920f198810a19e9d79d72540eb82944d98,2025-01-07T05:15:11.907000 +CVE-2024-11377,1,1,c378228a7068075a7054247c60c32355d91968a7950f45c90e033cea36544b34,2025-01-07T05:15:12.083000 +CVE-2024-11378,1,1,18095b8d5c21fe9a8c8cff6f50477871c4e9fef3253129a500baad5debeb9de5,2025-01-07T05:15:12.270000 CVE-2024-11379,0,0,9fd00eb3fec3062cfc458a7971d09425d25dcca0c806b20326864d85b70adea6,2024-12-06T05:15:05.813000 CVE-2024-1138,0,0,786863f5efe71d0a9eaa305ef044215c6743ec975f6d66476179ca38c53c9996,2024-11-21T08:49:52.860000 CVE-2024-11380,0,0,52c94407ad753b2016f621791a7f1633d66f164c5a8dac9de6950cc921a3f13d,2024-12-07T12:15:17.897000 CVE-2024-11381,0,0,a7d4461ea9ceab9b31844e38e2e81774bc12f8098e9baabb5b46b5f6a98e8fc8,2024-11-22T06:15:19.643000 +CVE-2024-11382,1,1,df85d7e3403a61740b0f7988e30b29460f9aa19d1c808298873a699eef4bb356,2025-01-07T05:15:12.457000 +CVE-2024-11383,1,1,0bd752b29e1d721279f3a057a12cad20bb26b751fe22cdc457a198866064150b,2025-01-07T05:15:12.650000 CVE-2024-11384,0,0,bd09d80eb823d8832deb7b6d31dd08e4639583550e7acd4a531e328e5f289803,2024-12-12T05:15:07.527000 CVE-2024-11385,0,0,b8c574c75cf2cea00a757d377dc474503f06328c73f6861f0cd8dff47b3ce271,2024-11-26T18:04:49.077000 CVE-2024-11387,0,0,cc2575267c0624c2d772e7a1294628b14be17e17456ccbcf14c82a61dc7cfdd8,2024-11-23T05:15:06.833000 @@ -244348,9 +244362,10 @@ CVE-2024-11430,0,0,b0bcffc10889655fe8c165f80a3f8fb6f3146129ea2141fee920ee16fca85 CVE-2024-11431,0,0,feb39bbdcc42acee380b1ac31c5228441eddfd07fcd54b90d4e5cb1d376f9671,2024-11-28T09:15:04.470000 CVE-2024-11432,0,0,23ac14594d755e6c7a831370f44441d1aa2fbce3d7125bf0c721d30eaec68d84,2024-11-21T13:57:24.187000 CVE-2024-11433,0,0,d7d2b17ecf1f1820c7a169038fcd2102a16fa9aa18d9b8e0d8b10a268cadf048,2024-12-12T04:15:05.990000 +CVE-2024-11434,1,1,a4e08407abbf2939073244c3877ebd9c63018f78cc8086c2579f03e753ee837f,2025-01-07T05:15:12.873000 CVE-2024-11435,0,0,1380b27cd2035f7566d8c3a22d2255debbb483bdbc16e31011480f4da4fce733,2024-11-21T13:57:24.187000 CVE-2024-11436,0,0,d9ba482fa12f5a77f1e6d71752538b4ac13c80723176e1f973fa002876475cf9,2024-12-07T02:15:17.980000 -CVE-2024-11437,1,1,3b0251b583011184b79fa07b5e9f572dc3fbc9ec947d6b93edcf5e5a1fd4c171,2025-01-07T04:15:06.150000 +CVE-2024-11437,0,0,3b0251b583011184b79fa07b5e9f572dc3fbc9ec947d6b93edcf5e5a1fd4c171,2025-01-07T04:15:06.150000 CVE-2024-11438,0,0,f8be712e8ca0c6e2e4ec7ab8e5edf4587d3042f01694165651aa92a3bd58aa58,2024-11-21T13:57:24.187000 CVE-2024-11439,0,0,14a4773754279132bb32a6fa7230c5939b3fc3419bb20a864a23b6dac394549c,2024-12-18T03:15:24.583000 CVE-2024-1144,0,0,abce3af1982b67316bbd44c97fc519435f8a2ffe156205161918695ae799390d,2024-11-21T08:49:53.953000 @@ -244358,6 +244373,7 @@ CVE-2024-11440,0,0,f7fa3eb74eeaf205f9272a5dd5c90b4e40423e1f48cb0e4f0c2b5ed6bd678 CVE-2024-11442,0,0,3be9d0f63b7eda8d31b9090ec24b06639190cf0bc4f30335348dc6f41a62dbe4,2024-12-12T04:15:06.157000 CVE-2024-11443,0,0,b1e1426998d283f5f97b1a941caf6cbb78096874880f807e7ae5caada1ad2ae1,2024-12-12T04:15:06.327000 CVE-2024-11444,0,0,18f08a8b9d89a6b1657bb8fc8be414487944593dc8b5fd0eb0cfac993932f20a,2024-12-06T09:15:06.977000 +CVE-2024-11445,1,1,b7699ebb298dc958148576bbd05af7dee25f44254cb4a80a299d911c54c1606e,2025-01-07T05:15:13.077000 CVE-2024-11446,0,0,9324a77eacac49b9db503ff17f0de8de50ddb46f09871e23b3695c4980427c7d,2024-11-23T07:15:04.820000 CVE-2024-11447,0,0,bd53c50380b55196efb74cff3fad5c24687f184135cfde8b6a52ffe6934cf7cf,2024-11-21T13:57:24.187000 CVE-2024-1145,0,0,71ba2561916ff383446b1b9365376abadae467a3a4b7425691a59ca4e4176804,2024-11-21T08:49:54.097000 @@ -244376,6 +244392,7 @@ CVE-2024-11461,0,0,e598452d44c671acacd0d9bb3b2f7ceb59d795e3e0bc7e2684d3f27a73f6a CVE-2024-11462,0,0,aafe3276077f02d24fea97371a1b232043adea60a1125c651c2eb01e801d85ea,2024-12-14T05:15:06.560000 CVE-2024-11463,0,0,ad17f3fab6bfb40a789d68c4383c6c0e1f14efa77f86cc521d310c195559f395,2024-11-23T04:15:08.893000 CVE-2024-11464,0,0,5828db9c008addcaa10da0b57e51f0230f10838dab3e51e60f8d2fcb9d133719,2024-12-07T12:15:19.567000 +CVE-2024-11465,1,1,a7833ead3ce05afbec7f42c6ab0288abc60f4b5def9fdb7cc868ee53cc9a959b,2025-01-07T05:15:13.287000 CVE-2024-11466,0,0,36ba29a0e83960f183cdc1bb8910604befb538a9ed8bdd074a88ef8b7f706e46,2024-12-04T08:15:06.523000 CVE-2024-1147,0,0,7c585dad4e071b38d649d847ff37c79a25a5d07f7a32720dda50f90a08541bc4,2024-11-21T08:49:54.360000 CVE-2024-11477,0,0,3e8ae99590c1aecc53c52bff36b8f44bed9b32563a126fb58a5303ed844daede,2024-12-11T19:23:36.800000 @@ -244397,6 +244414,7 @@ CVE-2024-11492,0,0,7c533f23fa1db5a769500a8b417234e977cff0ed0689b5e9b1d4408fa39bc CVE-2024-11493,0,0,d49eb92c8c562ba2101f389cdd764449ac518734f087aed95f5fe12a18b9ad3a,2024-11-22T18:07:31.973000 CVE-2024-11494,0,0,120185b1f5452b090fd317862ca91721f9197720b68abdbed625f37e80933fbd,2024-11-22T00:16:41.223000 CVE-2024-11495,0,0,9c4e4a6f33e735c288ef4e55e53a3e0727ff8f6642201545ed0c9f418349e2e2,2024-11-21T13:57:24.187000 +CVE-2024-11496,1,1,671b48e7ae89f914c749666b0ef4666f0000e18a3aaa7a05669aeee7d89ddf7e,2025-01-07T05:15:13.480000 CVE-2024-11498,0,0,7272009b792fcdecf70fc17a50bede0518cbaf4c2694bef021eda391707cdede,2024-11-25T14:15:06.607000 CVE-2024-1150,0,0,1edff0fc21d5f22172836448fdcc7da772ab8a792f462f53ba0bc1c0fbae9271,2024-11-21T08:49:54.780000 CVE-2024-11501,0,0,6aa155b5e971a466b4f7473002330671c6add4e056433a95089c7dc638a9cf0a,2024-12-07T12:15:19.783000 @@ -244499,6 +244517,7 @@ CVE-2024-11599,0,0,a26c993827526d1af73bfe90f868b9bfb9a722b6b2267b567215827aef919 CVE-2024-1160,0,0,12b04de1fea0a3119efc89b33ba5d2f3d172880f1becfa13297009e56b4efb45,2024-11-21T08:49:55.987000 CVE-2024-11601,0,0,51a555e6d26623f2054da12f000d146e4e1662608f2c3f75f4d4bafe7cada303,2024-11-22T06:15:19.830000 CVE-2024-11605,0,0,60d00021c065e6f38e758db8986f6f41c042a104c692f051aa09c9422ba7d5c1,2024-12-27T19:15:07.253000 +CVE-2024-11606,1,1,8acdf1f93f94dec6f06145e6dbcc04add41c7af3a7c8e9a88142b21b37b1486c,2025-01-07T06:15:14.427000 CVE-2024-11607,0,0,64db1cb50de786964ba95a2d2de30c3c373b3627734b2fcf18c662efd5d3b19e,2024-12-27T15:15:09.637000 CVE-2024-11608,0,0,8ddbc230a8730b76ffe6955779ba3c4d90ea8f23edd3f564c2db516009c0d0dc,2024-12-09T18:15:22.580000 CVE-2024-1161,0,0,68cc61ca71a85d6059ad02181ec1fb4a89655dbd3db8900d271e7a26ec14fb67,2024-11-21T08:49:56.127000 @@ -244568,6 +244587,7 @@ CVE-2024-11687,0,0,5e77fbcd46b583a4f084d8bcc3492702fbc8999eee40cfff605d5263f17d5 CVE-2024-11688,0,0,8d8a43b07b745617ea451bc11d9802776a561f6818ffe3d6e83d98ef6a879a1d,2024-12-21T10:15:06.733000 CVE-2024-11689,0,0,083793777007e12786b393e59e70bbd36f5df589b4b26e2949eb5844a08ab45f,2024-12-12T04:15:06.657000 CVE-2024-1169,0,0,7d005e1e32dcb786dc145e0dc1f4f8a0f524691319a7051d5e1a67ddcb23a460,2024-11-21T08:49:57.153000 +CVE-2024-11690,1,1,64d108b29567f27e54fa807da12df37326bc2cd355da96d7ac4d20d7fa8e41b1,2025-01-07T05:15:13.677000 CVE-2024-11691,0,0,36fe8b3d1feccd057ef27ddd17979a52004da0a9606d16fdfdb44bd6d5656bc4,2025-01-06T18:15:18.373000 CVE-2024-11692,0,0,9269d1047de5ccf3bbe848f7300e55c4147a58cfd139cb6b7f723bc7b81e3d4c,2024-11-27T16:15:12.530000 CVE-2024-11693,0,0,e0fdce984dc3054eba0934c78141d5d7d4f14af64b3544f5156b2322b39ad19d,2024-11-27T16:15:12.753000 @@ -244621,12 +244641,14 @@ CVE-2024-11744,0,0,d39b5f592014fd4a2278c647fc2411f75d3865150415b86b86bc4d90ea41f CVE-2024-11745,0,0,96069305de6ef8812783ef245e2f61d86d985db42c36cad22c8d389adbd7e8c1,2024-12-03T15:25:28.847000 CVE-2024-11747,0,0,3759ff4fc6bacdbc93b41c30e49e712686d53794386a1c516e9d37a83c4db995,2024-12-04T03:15:04.933000 CVE-2024-11748,0,0,e7645e460b472de84c1c6d90ad8d3f118aede3a0d553d462a4edccc0cf16cb19,2024-12-18T03:15:25.943000 +CVE-2024-11749,1,1,a34162dc3441bb7233fb0884b31b8ff8fbbb03f89d39bb90fd94d6fefe6b50b2,2025-01-07T06:15:14.713000 CVE-2024-1175,0,0,f997875411f4ee3836569f05e6ded063f5984d7986ed98f909a5423e1a302ce0,2024-11-21T08:49:58 CVE-2024-11750,0,0,7ad8eba5e612b45089b0006a10c8f5004dc37025f0797564ad303213ba0cd10f,2024-12-12T05:15:09.577000 CVE-2024-11751,0,0,cbc44290cddf15ae35c92a8e4b75351046563158eb1fedf91f48e5c8b200a32b,2024-12-14T05:15:06.923000 CVE-2024-11752,0,0,c48a168f2b3a172a5086d93afa4f6d610d49141a00f07210bee49dcaa523a5b5,2024-12-14T06:15:19.210000 CVE-2024-11754,0,0,115157a8a0f024c3ba84de7edd359cbde1e25041eace45096f12b0e339d7e447,2024-12-13T09:15:05.630000 CVE-2024-11755,0,0,c883abaefa6170cee64d3b62a0d846726e75234488258495594582792094520e,2024-12-14T05:15:07.100000 +CVE-2024-11756,1,1,61a3f10bbfe20c57d2a9ef3bbe71f843c6e92a6387f10cd46d5720b2e61f0cf5,2025-01-07T06:15:14.943000 CVE-2024-11757,0,0,1bc7aae07622ccc6a4b7076dd363e7b8ecfc55de5a0f36b46f6f6ac7ac916966,2024-12-12T06:15:21.367000 CVE-2024-11759,0,0,721c2f6fdff65f13ac54d162c1b8bb0f862a88123dec2155aa18c28dd98f712d,2024-12-14T05:15:07.287000 CVE-2024-1176,0,0,ade3cc69c20caab05c727481cc0ec5f568a186d8a0d855f0f768d9d6ccfee82f,2024-11-21T08:49:58.123000 @@ -244645,7 +244667,7 @@ CVE-2024-11773,0,0,8f508701342909bb3125bf0e1fc423b8efe31d0b55b4e2a3bdbbc0d7a1ff1 CVE-2024-11774,0,0,2f351d61aa038a49c773ab74e882e8cd2203f9cf3f3df13c0faa462f8ee3a46b,2024-12-20T07:15:10.393000 CVE-2024-11775,0,0,0be2b5775aa12c2634dedea0534264de5c8544551afcfc7760cb6a86958e9dd8,2024-12-20T07:15:10.597000 CVE-2024-11776,0,0,db96a767ae984aa946e97339afd57034a67d2d93961a6fe48dad1a311ebfe8b3,2024-12-20T03:15:06.420000 -CVE-2024-11777,1,1,3f98ebf065259973e17593034b9da476d62f4f3a8b02a7ab11c065a411f92301,2025-01-07T04:15:07.200000 +CVE-2024-11777,0,0,3f98ebf065259973e17593034b9da476d62f4f3a8b02a7ab11c065a411f92301,2025-01-07T04:15:07.200000 CVE-2024-11779,0,0,66ab9533cf27509ff85b54c7dc6f857efc44402b9c1a2b7fc4f1c1fbd8a0b4e7,2024-12-05T10:31:39.980000 CVE-2024-1178,0,0,455b49ccf992fe53bd03a32d9f022f083f7714cf103a3dd0d2ba2a085047974c,2024-11-21T08:49:58.357000 CVE-2024-11781,0,0,c0e6be58a4f2f20ed752d41934ec31e6ef434c9b40a727cf73a45e49f6a0c1d4,2024-12-12T06:15:21.940000 @@ -244680,6 +244702,7 @@ CVE-2024-11807,0,0,5b0564826b05464c314eefc84d6d7fdc2dbd57c9a7cdeff75f8e6a6bda0d8 CVE-2024-11808,0,0,75f519afc7bb5c87c20928e7143a36463cbcdb95ed65cf999a2b84cb633366dd,2024-12-21T09:15:06.037000 CVE-2024-11809,0,0,1f74a5fd4084e6ffe9713972c542683f1719819d3bb81586e87aada1d25da361,2024-12-13T05:15:07.127000 CVE-2024-1181,0,0,75e84367823a14869b96be5d2a44185a42194134ed6d728c2cc873c3b47fce46,2024-11-21T08:49:58.703000 +CVE-2024-11810,1,1,775a4e17b3ca89ee87e40ba7b3f55729ab9fad21bf924c3b2c39e4cfdaa24581,2025-01-07T05:15:13.883000 CVE-2024-11811,0,0,de10a3ae4822973dd993404053b9029fe9aac56c38d9c3c2b8c2699bef5d0ac0,2024-12-20T23:15:05.590000 CVE-2024-11812,0,0,df32cc25c5bb5c5dcc725bf487d9704dded6625df8d19e9336934b5d64e1e261,2024-12-20T07:15:11.373000 CVE-2024-11813,0,0,47a3a35561cd3c4cfbe2425cc2aa9f8596afbe4dae47aa0811b6748805370891,2024-12-04T03:15:05.227000 @@ -244739,6 +244762,7 @@ CVE-2024-11882,0,0,c14c2af9493e334fe3da2508e7ca83b6d319f8d382e00a76baaf2e7e94429 CVE-2024-11883,0,0,3efb818468ee15a4b72e48a1c8061e4502ee7a82e825630c64edf1ae726709d5,2024-12-14T05:15:09.440000 CVE-2024-11884,0,0,cc9f4dc6cbe1c2166ce740e309ba0401705b8efb2b8ab841325213a1f1dfb2c1,2024-12-14T05:15:09.640000 CVE-2024-11885,0,0,04f2670653faa6c8c44289cb974ffa09eb74041d205c6bf3342ab059c2818d96,2024-12-24T06:15:32.093000 +CVE-2024-11887,1,1,8b88650a2741ab60c92c9d798a57f51f935fc2d2aabb3493ceafeb16c58ef1d6,2025-01-07T06:15:15.147000 CVE-2024-11888,0,0,8a06477d55991ecfcdfbbbe13cfc5cc7673a7932d3eb8f15153aab2ef7344e32,2024-12-14T05:15:09.837000 CVE-2024-11889,0,0,c40f4924de6b0709ad2ac4ea75e730ab583fde8e75b7967e6c96aa9146701117,2024-12-14T05:15:10.030000 CVE-2024-1189,0,0,3e2c1a3fc9f24eb6eaedd5adba4b6f521645b93b8971a5e9477fe83a4ee5ef97,2024-11-21T08:49:59.850000 @@ -244748,7 +244772,7 @@ CVE-2024-11894,0,0,9e31b28fa56a41e12b82fdf98576d9a13777f5eed7b6c3fc1f71a85af109e CVE-2024-11896,0,0,34f349ccc91bcf6d6c27bb81a454efc17924954cfa878d33ee370546a785a3f4,2024-12-24T09:15:05.663000 CVE-2024-11897,0,0,63c2369fafd5da048dd57864988be95602290ce10df0f51d423ab54c866c15e0,2024-12-04T03:15:05.380000 CVE-2024-11898,0,0,e843212abf00805a20f8b4b65b36c01f75cc2096cf65f2d0e7899f11eb517a82,2024-12-03T08:15:06.857000 -CVE-2024-11899,1,1,2d9622bde30df58f2b333ce412c343551a1059bea7bd567b64028a464b5ac3e7,2025-01-07T04:15:07.350000 +CVE-2024-11899,0,0,2d9622bde30df58f2b333ce412c343551a1059bea7bd567b64028a464b5ac3e7,2025-01-07T04:15:07.350000 CVE-2024-1190,0,0,234a49a5e7705658abf0b6e88d111180ae34b962c9b1fcba39bd09bd939fee39,2024-11-21T08:49:59.993000 CVE-2024-11900,0,0,907cc46cf6ec9c4d3d9c16ef3063c98e3f05e3d3fbaf96bdac5c807705a3d6e6,2024-12-17T00:15:04.917000 CVE-2024-11901,0,0,b4f47b708bd6950d29700a0fa25685f0a500c1152f87b15c0f3253f7e0b084c7,2024-12-12T04:15:06.817000 @@ -244771,7 +244795,7 @@ CVE-2024-11928,0,0,4eb81c3b991253e17b093831750d2f60d8030675796e16e7e29cc29429037 CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000 CVE-2024-11930,0,0,3d6f16686fbf2f10ff523adfd2c8cbb605e12592056b32937532511e03efa5aa,2025-01-04T09:15:05.880000 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 -CVE-2024-11934,1,1,df49356b7407c6592fac7ee78248ff2dfb17d24355b0e22b8f9a7697c9ad6729,2025-01-07T04:15:07.520000 +CVE-2024-11934,0,0,df49356b7407c6592fac7ee78248ff2dfb17d24355b0e22b8f9a7697c9ad6729,2025-01-07T04:15:07.520000 CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000 CVE-2024-11938,0,0,6867b7d1c50742be481431f973c83467fcdb9442488abece06649b31c7a1e61f,2024-12-21T07:15:08.453000 CVE-2024-1194,0,0,2ad6fa2abb4bb109947132f87b19e7c09219cf51535c19102f3cbbfcba6ba405,2024-11-21T08:50:00.573000 @@ -244840,7 +244864,7 @@ CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000 CVE-2024-12018,0,0,593c05ac2f3dac4339301164983c309f8de674e944577becd0f305b7e0d23ef0,2024-12-12T06:15:22.737000 CVE-2024-1202,0,0,a098cbd545693e5d361995e28174ffa246c4ae019a07a45a38ebe2abdfe163e3,2024-11-21T08:50:01.790000 -CVE-2024-12022,1,1,08c553a81c76cd8c361877e5f844a3ca91d6fad54d361a7829130df17ee98a64,2025-01-07T04:15:07.677000 +CVE-2024-12022,0,0,08c553a81c76cd8c361877e5f844a3ca91d6fad54d361a7829130df17ee98a64,2025-01-07T04:15:07.677000 CVE-2024-12024,0,0,653613587e608bd6caaf8de2305d76e365d1bc24ca72c717531373600ef68f49,2024-12-17T10:15:05.643000 CVE-2024-12025,0,0,48a6a81843ce463d9a84b144c8201ecb34a901e35178968cb10c7b2b1d7242fe,2024-12-18T04:15:07.347000 CVE-2024-12026,0,0,cbdee4f4d341b218f2a9910c9db7c968e1470cd32e93684865d3bd2934d626d1,2024-12-07T02:15:18.520000 @@ -244854,6 +244878,7 @@ CVE-2024-1204,0,0,52c83c0f4289636bc1afd18cb37875b782729e90167239cc1a53f532e5633e CVE-2024-12040,0,0,82ff661fdb988bbdc555297e0b0d4a5a42a6c3fde3cb51373bdf40b4e4dd0633,2024-12-12T06:15:22.947000 CVE-2024-12042,0,0,b4111492e93c9126d488ebee36a5b9ed9603a0917a66407440ec106154a8d6d8,2024-12-13T09:15:07.370000 CVE-2024-12047,0,0,b519fe3aa5ce2a0ef1dc7a25def83e3d7d75fdf22001ebe45f82c1494b6008ec,2025-01-04T08:15:06.157000 +CVE-2024-12049,1,1,1681f5b0744998dc98b0ac8383ab3f305ba3143c966050706a7a972316fca8e2,2025-01-07T05:15:14.147000 CVE-2024-1205,0,0,7a555763b4ee56426377ab020ddc9dc79c7bd15b9be6f5edc39ecd5779b4ad33,2024-11-21T08:50:02.210000 CVE-2024-12053,0,0,bc2b289301180bd6933809c4de004e58bcafd2b88fa0501ccb1750c43496ee92,2025-01-02T17:47:20.023000 CVE-2024-12056,0,0,d7fbaa89c201679c30b80d6484a6860abf01d1ecc41424a8e0b08b504062cb8c,2024-12-04T15:15:09.700000 @@ -244867,6 +244892,7 @@ CVE-2024-12064,0,0,5bbffd5016c2c66c65f1cad07469a2c9304ddde32e6765225186e453c653a CVE-2024-12066,0,0,b8b74ff74daf8006195a72a7866cbbcaf66d537ba02c482e9dfaf1c6e82963a9,2024-12-21T07:15:08.907000 CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af06c,2024-11-21T08:50:02.457000 CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000 +CVE-2024-12073,1,1,475cbc36cb5ae8f88984192a7bf4a297e0f4afe77d63eaa7029ef51bd04b08b1,2025-01-07T06:15:15.367000 CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669a9,2024-11-21T08:50:02.590000 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000 CVE-2024-12089,0,0,e4693d0f49f7bcd8f49a3c46cbf99b45117c9aeb9696a4344a79bacac3eaba78,2024-12-16T15:15:06.250000 @@ -244876,7 +244902,7 @@ CVE-2024-12091,0,0,35c9100407a2a2f03cc09233dbdc35208e548ffdd088d484bb9b374c740b5 CVE-2024-12092,0,0,6cedbb52bdc4fd872b35781acb98ac9a9b54d520c5d29f314ba42350997260f9,2024-12-16T15:15:06.677000 CVE-2024-12094,0,0,918109c0341953bed354c9dc0c1e3bf994d002b139d0d147a6756e1d0b4180c2,2024-12-05T13:15:05.923000 CVE-2024-12096,0,0,a0b37dcc639d983cbff8481184c987ae3b7851e6c867f94b52bee5fdf38bc784,2024-12-24T17:15:07.497000 -CVE-2024-12098,1,1,b63726c5152f425567a10a211b5f28fbcff6e537525be9d0cac5349c5e9b327f,2025-01-07T04:15:07.837000 +CVE-2024-12098,0,0,b63726c5152f425567a10a211b5f28fbcff6e537525be9d0cac5349c5e9b327f,2025-01-07T04:15:07.837000 CVE-2024-12099,0,0,82c97da21165b875b9d77b9a11ed031ee03fad8a14b90d2e80c74afeac6e262d,2024-12-04T04:15:04.287000 CVE-2024-1210,0,0,f5a9389cac94cbfcfa3f0d961d1ea27115bf7afa331ce2988db15dbaf2efdf76,2024-11-21T08:50:02.867000 CVE-2024-12100,0,0,5d9bee140d619efc5bcb5724e98abb1747cc29824dfdae10a66de74940256d24,2024-12-24T06:15:32.830000 @@ -244892,6 +244918,8 @@ CVE-2024-12115,0,0,e6944683813361fa4999b92dbfb5849d2d0c20bc3f6186b671317bdf28394 CVE-2024-1212,0,0,c6c0d98b39fe69ac963e13ef16e93aec1a62abd1466de44e7788f638a4921cfa,2024-11-21T08:50:03.010000 CVE-2024-12121,0,0,03702b315699ac0a86731f33a73d0aefd1ecc16bf8d72dc7730c1bb362033b62,2024-12-19T02:15:22.610000 CVE-2024-12123,0,0,3314f70340307f7968d2c224d2753ec462f128bd5dd04a8f7d840d35f281e69e,2024-12-04T04:15:04.430000 +CVE-2024-12124,1,1,0fd98c73daa8d1ce9959268c0475817b20b4d7ca8ce2793643bde29f6970a1fc,2025-01-07T05:15:14.340000 +CVE-2024-12126,1,1,b0f00c4bf0b4302d6115af0d6af3b97db152c00b497d912443ec3c39ea9a8c54,2025-01-07T05:15:14.533000 CVE-2024-12127,0,0,5a71954d556e5e4eca59c6ef18b25e4cca9d5062e24f45d25c54cd9cd408718b,2024-12-17T10:15:05.830000 CVE-2024-12128,0,0,c4db33033b659bed09aac37afde730f735bf98fa121412b3aa3432fe49f39a39,2024-12-07T10:15:05.843000 CVE-2024-1213,0,0,71ef51029e532fbd05d5ffce04ca88ce9c1183a8c328c139d7f9dd3d163c9edb,2024-11-21T08:50:03.180000 @@ -244899,13 +244927,18 @@ CVE-2024-12130,0,0,05811205e7cf6b9d5db685121cc1c0a1d80fffaab6e459b31891b300ff7df CVE-2024-12132,0,0,80a7c8d496b1886913eb9109e260df5ae2c0aa6f78d2c4d5ff0aee7f1f0cf7f0,2025-01-03T09:15:05.983000 CVE-2024-12138,0,0,8d975d6d21268c978bf38e4ecd10070b486d972f9cb2bde16883c51e239ae6fa,2024-12-04T14:15:19.413000 CVE-2024-1214,0,0,006edfeb44add0513d6df0049d407da5a783feee7b6e41af090a449d9f26b334,2024-11-21T08:50:03.383000 +CVE-2024-12140,1,1,84cf86e00b498546176b727137ac2a768edc827afd618f9d2c61ff836fb1f63c,2025-01-07T05:15:14.730000 CVE-2024-12147,0,0,0ebd2d9e73219a39fb6777c8b0dc3255058db7114ec6ee0c20c337fec7f9520f,2024-12-04T18:15:11.803000 CVE-2024-12148,0,0,2d82ecdcd1ae8b06b2bbc4387f4ec8d5588d3a1672ec54422fedc0a9fcb34bf5,2024-12-05T19:15:07.473000 CVE-2024-12149,0,0,6cea541fb8390eb73924fcce3986b6c54a0134049e02ebc343dd9227319eb6b2,2024-12-05T19:15:07.627000 CVE-2024-1215,0,0,4329416f300d2c475797311e08de13347ae9dc69f951944050207e3d4abf36b5,2024-11-21T08:50:03.560000 CVE-2024-12151,0,0,958cd3e076f1ea17ca0ad827def723dfad6dc87ee6b3f8172337cf6f1994be20,2024-12-05T19:15:07.773000 +CVE-2024-12153,1,1,22e2967fc47cf53b1f6950bbe994a9df52e94c829c300fca48f8d4054f6ee1bf,2025-01-07T05:15:14.927000 CVE-2024-12155,0,0,a9bad28298e0ff298ba13b998a693d2b1a968d7ec52abbb9a976f5fdc4810431,2024-12-06T09:15:08.417000 CVE-2024-12156,0,0,2e2ae1d329cdc90aba56d374ee329c37f84e6225dfe0fbd4afb09b6a3021715e,2024-12-12T05:15:11.163000 +CVE-2024-12157,1,1,a19dadfc4fb54967c2955b5bead8bafcc01853ab1ae25fb93fbec84bd54e4d60,2025-01-07T05:15:15.133000 +CVE-2024-12158,1,1,25ed1c3814406cad8f35b5c4879838e5e610bcc4431220e1731829bc6b113176,2025-01-07T05:15:15.323000 +CVE-2024-12159,1,1,64e61826ab5c5975d420658cde528c10f1d1f6efa904e496d8ad1f5937e1f6fc,2025-01-07T05:15:15.527000 CVE-2024-1216,0,0,2ac4284b62a708a705b7ab9ac6ff4ec2f3952b584d951b1f83e5c9b3524c781f,2024-03-21T02:51:38.760000 CVE-2024-12160,0,0,2c6191a6a825b29c030b8d3eb20fe09ec5c665c03e8080de9d738d6bc79c2538,2024-12-12T09:15:05.220000 CVE-2024-12162,0,0,74000f06bf15c8250a3d3772859e4a16bab71460bbdb53ca978f73d57f64b12c,2024-12-12T05:15:11.750000 @@ -244913,9 +244946,11 @@ CVE-2024-12165,0,0,565f6113f161726a36dcd8f87106f931ffa1dad23df770638714143fb4529 CVE-2024-12166,0,0,318717b4a3842e9291a2442fedeb1198ccbbca486552d6b1e9ef8aa65b1bfc3e,2024-12-07T02:15:18.923000 CVE-2024-12167,0,0,648fdeb771c33890685bfca6029b01ac44a17697a1725a67472f5321f6e1f66d,2024-12-07T02:15:19.057000 CVE-2024-1217,0,0,3de4593a5f9b417a5fbd6236f528d532a8a6dfb588724578487cd5ad8c5d1072,2024-11-21T08:50:03.817000 +CVE-2024-12170,1,1,7d6479dc0709ea7976092a5192eec7c92ddc670f347c515df955cd001fdcfaa2,2025-01-07T05:15:15.713000 CVE-2024-12172,0,0,71dcf4ad1517a839187dba7f34de208b20f0af666e791340d3555b8bf199e319,2024-12-12T06:15:23.587000 CVE-2024-12174,0,0,d557284551bec104067ec802c1680b85a8fd3b4f89f1ebaca3a04bd8bacf5eb2,2024-12-09T22:15:22.237000 CVE-2024-12175,0,0,20611cd6daa70118d224218791ec5441f3e7f7d13ba5742f58eed508c2484c9d,2024-12-19T21:15:07.530000 +CVE-2024-12176,1,1,f3a72da294d6ed072e2856bd39515dbd185e3dc49192b20d3a26e3837057e448,2025-01-07T05:15:15.900000 CVE-2024-12178,0,0,85097aaa964ca63d98736b6294a6f2c33aab0e7c117a2f19277506f724b552a8,2024-12-17T16:15:23.687000 CVE-2024-12179,0,0,a0a65d195e49bd7b826852d9b69fa37a100c8cceb44f5eceb7a4713ebca18c3a,2024-12-17T16:15:23.870000 CVE-2024-1218,0,0,ae65e02be37dbc9babfa45210656ff360cc199b16c8680945f92dd585fedfbc3,2024-11-21T08:50:04 @@ -244941,10 +244976,13 @@ CVE-2024-12199,0,0,c4a94d94cf3a0ec0f1a10765eb1371db0ca63357c63383a89961385697ea9 CVE-2024-1220,0,0,9554836c8027e0b7a98d02c469b0640f37340ff8518df5c7c53c1851829f880c,2024-11-21T08:50:04.733000 CVE-2024-12200,0,0,23413f89ab73dcfe4f53913520af84d44004f8074e56a4f24db9e34101f9d57a,2024-12-17T16:15:24.897000 CVE-2024-12201,0,0,24aea21415169e4ceff164eedb7fa32646ef24d523e6e014144846720c08c29c,2024-12-12T07:15:09.607000 +CVE-2024-12207,1,1,76c8fa95f11590dc49aa5b062e9bb5af48aaa9477d134f7c1609580bb8e1c8b2,2025-01-07T05:15:16.080000 +CVE-2024-12208,1,1,e03ecc3884be8ef44ef5a077ba53c4a05754ec74a94b603c1e749a21b3975365,2025-01-07T05:15:16.270000 CVE-2024-12209,0,0,965d45920161ad8379a478313464ecb572a2b8b8ed1bf056a1646168e0b8105f,2024-12-08T06:15:04.823000 CVE-2024-1221,0,0,c833d2d1840e5e81b3c325295532e3c4cac8ba514abb434d638a7c419bdc43e8,2024-11-21T08:50:04.920000 CVE-2024-12210,0,0,fcdbe73e10e5bb8e25626395e1c0b8dfb21d78601eb91a6e83c928772c0881ff,2024-12-24T06:15:32.973000 CVE-2024-12212,0,0,4068a90166bc858f8bfa4c7fe1dbc180f7e4e033930f31a1b74471c9abd7763b,2024-12-13T01:15:05.810000 +CVE-2024-12214,1,1,e5bb0332e0fe01f5cc924fbc7ed5aea720d65c55a0e9216597df8548b18bb334,2025-01-07T05:15:16.470000 CVE-2024-12219,0,0,30a275e193bbba91aa16bdcd2e01caf0ae8c253910825d417094094009d7c6a9,2024-12-17T08:15:05.010000 CVE-2024-1222,0,0,ff0f67607974451388d42ae6b90b2e9690717b801a6493a4e7aa508a94c6883e,2024-11-21T08:50:05.110000 CVE-2024-12220,0,0,5a9af5863bd9968393d1012c1c5f5fb4875db98205155149f405e76579a2b19e,2024-12-17T08:15:05.393000 @@ -244967,16 +245005,20 @@ CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a065 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000 CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000 CVE-2024-12250,0,0,e5f748db33ee246e1110b31eaf24b071ff8e9ad960657a91bc37454c3187e14e,2024-12-18T04:15:07.657000 +CVE-2024-12252,1,1,d2a36d6f8519946aa283013662310c3484c591468bc446e63c62515e57b10fb1,2025-01-07T05:15:16.660000 CVE-2024-12253,0,0,ddc85ae180bc30a65db67a43f7fe8d6c4299882333782166c00f6946fb3a98d4,2024-12-07T10:15:06.030000 CVE-2024-12254,0,0,6372ca23e9b475efcbc80401e5929ada552ac002068d1a3c23d690a8cfd8b99c,2025-01-06T18:15:18.713000 CVE-2024-12255,0,0,3e6ee7ef8ecf957b3c9750bb4e9452362942858fad7f6d35e3c4d339eaa5898b,2024-12-12T15:15:09.967000 +CVE-2024-12256,1,1,91c1dfa0d3f9166fdc561fc70b740d210ee69feddbaebc652f41556e6e501ed5,2025-01-07T05:15:16.857000 CVE-2024-12257,0,0,51052901a7cca4cc3e08f8db1db23715b8800d7e5a86753505efbff635c332e0,2024-12-07T02:15:19.187000 CVE-2024-12258,0,0,3eb19625a1330fc72081e9c0b05d899d6c52aedf5334c3f98a645064595ca085,2024-12-12T04:15:07.160000 CVE-2024-12259,0,0,e9a04546160f01ff787a627ab63ead177a9297f047c69a037836e7bcca93e425,2024-12-18T04:15:07.803000 CVE-2024-1226,0,0,b8e723228c95f73a75e74922943d4c7b5983bd824925379e4a1dadf0498e92dc,2024-11-21T08:50:05.893000 CVE-2024-12260,0,0,6279b3003f5c04cde3aca10d6cb551198f7d4f49319583b742575d1bffcdfccd,2024-12-12T04:15:07.330000 +CVE-2024-12261,1,1,34eef7a15fa985b49a3130adeab4cc38db0c9ba3b02933fa45bb90b598ada31a,2025-01-07T06:15:15.593000 CVE-2024-12262,0,0,fa3931ee556920568b7665df357fd87a96e303a16aae692eb53618f8bcee485f,2024-12-21T07:15:09.163000 CVE-2024-12263,0,0,183574df079ffbee27d57051711c108d812463b16a94004cdf52784fa08d4f65,2024-12-12T06:15:23.960000 +CVE-2024-12264,1,1,ac07b413924d52c19722b6b39f9a97f1b1b6f0599f1ea1cddba029abd74d6a9f,2025-01-07T05:15:17.047000 CVE-2024-12265,0,0,4ecaf6258b9c646985803002f662a35d37ddc850eb892429f8568423d5e8ff62,2024-12-12T06:15:24.143000 CVE-2024-12266,0,0,909ac121710013990590ae1f8a6d6364fd581e2e3e734e8055f1296c676eb281,2024-12-24T05:15:06.433000 CVE-2024-12268,0,0,57b1dbc34c4fad3378e18637f11a9af5fae95800fe2a5a30ffdcb7012568a613,2024-12-24T11:15:07.623000 @@ -244989,8 +245031,11 @@ CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44 CVE-2024-12283,0,0,27e00fa0bc574ce5113c52cfd02ee2100414eb1f36a7d99001797949356bf37d,2024-12-11T09:15:05.697000 CVE-2024-12286,0,0,a2cf97a2f897256d80732f72cb83c0245f2eb4e867cc795bfeda6550048be20a,2024-12-10T18:15:27.150000 CVE-2024-12287,0,0,3bd2321de0e3063fd87782574573766f363076382fc77605ade9039fc3997618,2024-12-18T07:15:07.040000 +CVE-2024-12288,1,1,2b34fc8eb4709b34f9e1bbef958cf604197d6b5c8258b4549867810433c5a64e,2025-01-07T05:15:17.243000 CVE-2024-12289,0,0,13ceaf41c63ab9df769c06a97eb1837bd3475cf420d82b37c196bad01ff19ec0,2024-12-12T23:15:10.500000 CVE-2024-1229,0,0,8ad8bfe76844e757ec6d08a1bad2f097b99b608e965943a6e4928e217dfee4df,2024-11-21T08:50:06.520000 +CVE-2024-12290,1,1,dd03ccb632ea5a012e06ec58307bf2deeeaadb86701f4e653ec52c31682a07e9,2025-01-07T05:15:17.440000 +CVE-2024-12291,1,1,d1cef006451deb4726152dc84511fb1b2859c23efc3b6f16d98831e1cfaa0314,2025-01-07T05:15:17.633000 CVE-2024-12292,0,0,9c2e3f4715c47523d2f1e1d813aca821c280ab211aff2eeed6650ad59c376aa9,2024-12-12T12:15:22.470000 CVE-2024-12293,0,0,2953fa4e59ad0d89a9c80037ec9c293444942d58e596c71e3b8975df1192ecb7,2024-12-17T09:15:05.347000 CVE-2024-12294,0,0,beb757b9be530a21bd62fb0889c97c31013e2208ab8db98bc3384b757caf5365,2024-12-11T11:15:06.623000 @@ -245004,13 +245049,18 @@ CVE-2024-12309,0,0,16d03882c6009566e79b9c8c2443055d4427c7f1e57279e0146963b711b56 CVE-2024-1231,0,0,b14e8b0a07bc5ec367647c5978c3a1256f30a8a16700580e77b0e0e8d9654fdc,2024-11-21T08:50:06.870000 CVE-2024-12311,0,0,815e3491f6c1f7b3abc4a4d287cec4a5fe89f53db46c7d87ecfb8135e71ecf12,2025-01-06T14:15:08.153000 CVE-2024-12312,0,0,81d22bd123230bacbdc2896ec02614f9266db15df91f1b6305d0718b6052467b,2024-12-12T07:15:10.090000 +CVE-2024-12313,1,1,f95ad1b7ee5c9c8b1e6156101adb575b7211cb88ceaf5c60bae6d522015943ba,2025-01-07T05:15:17.853000 CVE-2024-1232,0,0,0724dcbb02c95ade7614aaa3e49113b53bf4da94f0e9ec3c91efd2f39f26e0e2,2024-11-21T08:50:07.030000 +CVE-2024-12322,1,1,d1d1ba99e3248373db00660e43bd83c74463e7aba267c41381ae292bf15ed01a,2025-01-07T05:15:18.063000 CVE-2024-12323,0,0,06bea100acdfcead34fe4d931dfd21a64a280c25bd363945a1e09f063078f508,2024-12-10T15:15:07.300000 +CVE-2024-12324,1,1,b690feec26da2984b756e7477c2a892da17cdcb52876c2b06d7ebd8d5f2c678f,2025-01-07T05:15:18.267000 CVE-2024-12325,0,0,46c6dbf8ab48a9529900a473106f832e082cd9f7d718e64a5c9e5edd2c3d133d,2024-12-11T12:15:19.200000 CVE-2024-12326,0,0,6214bd8c3b6441929fb143e430a818a70c0eda117c1da1c1d4092fdb062e916b,2024-12-06T21:15:05.957000 +CVE-2024-12327,1,1,33b53efc3ce56f726d317632e9f42265ea308a0bd5237c993a51a1f8709d6c07,2025-01-07T05:15:18.470000 CVE-2024-12329,0,0,66dd2e3f2af8b0b1aca8274acaafc22644d93ff908c884984769d59605f22905,2024-12-12T07:15:10.607000 CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000 CVE-2024-12331,0,0,1854f15311a9fd512bedfae9559249a253ffa3b6afc48825c570d85f65b5b458,2024-12-19T12:15:05.330000 +CVE-2024-12332,1,1,9ade021f05f8b6e21164a241020abeabd975e39004cb00e9e2b83269848afc43,2025-01-07T05:15:18.687000 CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000 CVE-2024-12335,0,0,811e1f31fde162cfb07e19f2dc625fd9888bd35150e2bacee10a476425d11394,2024-12-25T07:15:11.980000 CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000 @@ -245047,13 +245097,15 @@ CVE-2024-12373,0,0,83b846beefe400aa9231cc84fd600de52fbf3fd7f422b967ec41c6b980048 CVE-2024-1238,0,0,61e2d99ce6e3dfa86afb8331abcc236f68b5fa34f245659f4f6216db5239b32e,2024-11-21T08:50:08.053000 CVE-2024-12381,0,0,68b33f6b694aa45ef73ff06945e737e58ccb7b1c7ea2cfeb4d826136c48b3d1f,2024-12-13T19:25:33.143000 CVE-2024-12382,0,0,f70294886a1865641a484753f3298929660ab1bd7002caff75777615f01f2e87,2024-12-13T19:24:25.137000 +CVE-2024-12383,1,1,cef6b512c28673e57747095580f46f3d1a23cd2ac5dd948f3ffe8185e568c272,2025-01-07T06:15:15.790000 +CVE-2024-12384,1,1,cd7118b6e6ac25f91cd1e0a0d2656f02763a1bb4ed18e9935c8cccb732d09818,2025-01-07T06:15:15.983000 CVE-2024-1239,0,0,a515a367dab4b48d00e7f390a15c0d107266b53b28358b9f5ebf3476b0a625f5,2024-11-21T08:50:08.180000 CVE-2024-12393,0,0,f3d3d4aeb55dacdbdda4d3e84dd9efd2b47893e24f5c1cd3a62a5960b9b718f2,2024-12-11T17:15:14.657000 CVE-2024-12395,0,0,75ff5ef98722c35fb11d383db877ddbb73a300c7cb334e918191d763e24090f0,2024-12-17T12:15:20.377000 CVE-2024-12397,0,0,661288be67552f431f0a0bf144bed2d313b12b592e50cdc78451d7c1272f6fb5,2024-12-12T09:15:05.570000 CVE-2024-1240,0,0,28733ede53b96385ee0de4a7c5187b3db0d925b1e4ab6e977522dc277dee75de,2024-11-19T19:04:53.913000 CVE-2024-12401,0,0,ba741c7b51198b95eba245807f65253a1c54ea777ddd918337cd97bd144396fe,2024-12-12T09:15:05.790000 -CVE-2024-12402,1,1,8e35cfc4cf7a344abb45fa7331224e766525626c55ea5686a3d8b4838a76c51f,2025-01-07T04:15:07.990000 +CVE-2024-12402,0,0,8e35cfc4cf7a344abb45fa7331224e766525626c55ea5686a3d8b4838a76c51f,2025-01-07T04:15:07.990000 CVE-2024-12405,0,0,631a04fc890c6ac2fbe1fd822df1e67f289f1ef7b029b11f0950a96d4993c03b,2024-12-24T06:15:33.123000 CVE-2024-12406,0,0,3a24bd925fcaee835bc0ee30f7ad38b16626ae1e5c8470fedd28227d3dd60123,2024-12-12T05:15:12.210000 CVE-2024-12408,0,0,c9a97800ebdc971055fe039c0934b7c899913355f0545cc6cb71b6253bd484f6,2024-12-21T10:15:08.067000 @@ -245061,32 +245113,43 @@ CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67e CVE-2024-12411,0,0,fca8eab422ceda64b215d958b150a7f03625a9aa9df8afa22fe2b27e73430e47,2024-12-14T05:15:10.437000 CVE-2024-12413,0,0,fdd057a05387c9ace72d4ba4316c6065bf29813d0f1c7f4a169e0a5a81de204b,2024-12-25T04:15:06.607000 CVE-2024-12414,0,0,ecf25a2c3f536085b4d44f95471b078e2b7cb6ad454e7c12c9e7d103ff4fa2bb,2024-12-13T09:15:08.070000 -CVE-2024-12416,1,1,435759be4e4ba56188ea7f6720fc32442a546d90f18b812fdb1df1c91242e1f0,2025-01-07T04:15:08.143000 +CVE-2024-12416,0,0,435759be4e4ba56188ea7f6720fc32442a546d90f18b812fdb1df1c91242e1f0,2025-01-07T04:15:08.143000 CVE-2024-12417,0,0,bd175c91ae947c344e10a61ee40da01cd87015ebf65316b1689d31a703a65c78,2024-12-13T09:15:08.353000 -CVE-2024-12419,1,1,1650645ff6c9400ef0ef895584325bbd55288f83ea55cd87214a983e3f37109a,2025-01-07T04:15:08.337000 +CVE-2024-12419,0,0,1650645ff6c9400ef0ef895584325bbd55288f83ea55cd87214a983e3f37109a,2025-01-07T04:15:08.337000 CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc1314073,2024-11-21T08:50:08.620000 CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247bfd,2024-12-13T09:15:08.627000 CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000 CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d55292dc,2024-12-14T06:15:19.357000 CVE-2024-12428,0,0,0dc42c82097510dcd67ba200f4a63250bd059d1ff61bcff7d39f7b5f34a5af10,2024-12-25T05:15:06.920000 CVE-2024-12432,0,0,3d67b932349f6253a91fa970f1501aba586896a462aba17731bbe90a2499433d,2024-12-18T04:15:07.947000 +CVE-2024-12435,1,1,0b924907debc21d874056d540a36b4cd28d4a499f8792c113a5d9122f40bd903,2025-01-07T05:15:18.887000 +CVE-2024-12438,1,1,c9ef02addc6910fa2706e6be2c335f22d8f54b28a122931dc35a45fba8c72f96,2025-01-07T06:15:16.183000 +CVE-2024-12439,1,1,55eb62afc9e2c987f37d9a895563de0caf2db1a105c514b897f15c77e7e1c9e2,2025-01-07T06:15:16.430000 +CVE-2024-12440,1,1,0736cca2507be95826bc828631fe95b2052cff97e97230bd61b7c954f9609103,2025-01-07T06:15:16.630000 CVE-2024-12441,0,0,60177bfa0d9dcd79729d5ab6a51352067dd3b55deb7861fd956eb7f2cdfb3058,2024-12-12T05:15:12.703000 CVE-2024-12443,0,0,f07c0805b285e00ba917c2d7fc7d6d01900a808064fd2463aaf6cc786dd6eda1,2024-12-16T23:15:06.097000 +CVE-2024-12445,1,1,9511fa1142d96631857d0b2e66eb9af0e099f14a7b2400b88b1643052a5ba957,2025-01-07T05:15:19.083000 CVE-2024-12446,0,0,b02d1d791b4cf7afeb09eb0c21565790a25f436f0af246a7f2fa3fcff09dc38c,2024-12-14T07:15:07.040000 CVE-2024-12447,0,0,5037bc53ba4fa77c34e124f2cad2eb5580f0278ba0adbdec7fe60ff9c399f942,2024-12-14T05:15:10.670000 CVE-2024-12448,0,0,4923580d5a5f99d530db30df1f25529a66e5faa8f94f1d2c65ae42b9f669a340,2024-12-14T05:15:10.873000 CVE-2024-12449,0,0,5fcc22f14406311e0fc83130f321673a9681bcd45ccd4b15a7e6df2428ef10f4,2024-12-18T04:15:08.103000 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000 +CVE-2024-12453,1,1,90bc8e9fa2cbca0591ac8c6d43563da6ce82cc131b5bb9f5968c2db02be70150,2025-01-07T05:15:19.260000 CVE-2024-12454,0,0,8d73661dfeacd698ba1638817b062fe681bc6bd2d9cfe150642a15e6ed3c799a,2024-12-18T10:15:08.117000 +CVE-2024-12457,1,1,db204227c2f84d575524d235110aa5b07f19e67d61178d0039868898bda6c1a2,2025-01-07T05:15:19.453000 CVE-2024-12458,0,0,2c85dc279316bc1b4e93538e44ceb8987e74dd6cb51bbc5d16cad08865fed65b,2024-12-14T05:15:11.060000 CVE-2024-12459,0,0,83621c8a2cdeade953c2057764b3830fb57d2e52944bed7c2b576b695b57b999,2024-12-14T06:15:19.487000 CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000 CVE-2024-12461,0,0,f7bab5c2b1e2764e06dde5d0575615b7d6c222c7cf9c0439423d8ffeaa327299,2024-12-12T04:15:07.820000 +CVE-2024-12462,1,1,822939e7a31cb5c516e488647a1655c7767f9105510a5811471dac40183f2d40,2025-01-07T05:15:19.640000 CVE-2024-12463,0,0,bf2ad951357546047d42b0aefb8a66347583691f5449e603983c94f9bac4eadf,2024-12-12T05:15:13.197000 +CVE-2024-12464,1,1,fe64471b11df1c8aea2831428c22f4efdf9f68fdc40ab12fb9fcffe071303852,2025-01-07T06:15:16.823000 CVE-2024-12465,0,0,71cf8d099f9bc4306dd9d21cf13805ebee4cfad62908f99a6e3f6ef7ca285117,2024-12-13T09:15:09.060000 CVE-2024-12468,0,0,20d3be8a82fb7f9b6094ff27e59754b2c2151696c1841d3d96ac080fb2a03b3f,2024-12-24T09:15:06.227000 CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab750,2024-12-17T10:15:05.997000 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000 +CVE-2024-12470,1,1,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000 +CVE-2024-12471,1,1,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000 CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000 CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000 CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000 @@ -245120,23 +245183,24 @@ CVE-2024-12518,0,0,e836e2bda2de8df1c322fb96b28c258a6308fb3f7a0cbb3b5a146ac83d3fa CVE-2024-1252,0,0,d03beb126367df5b21be601ec7e2ecf5f48cece91d0754af14f589827736f3cf,2024-11-21T08:50:09.700000 CVE-2024-12523,0,0,185a41d328f0e130d8ed17ada12f64a855433449910369cbbb025fff8ce0f4d8,2024-12-14T05:15:11.640000 CVE-2024-12526,0,0,b192d6e45212a3c6d09a8a6cd2198d071bb3ba4da94a4e2bf151be7ad2c18324,2024-12-12T05:15:13.577000 -CVE-2024-12528,1,1,b542d57e01c0c48ad9564b0890e0d12d29edb2156a8c53246e86bf7139add551,2025-01-07T04:15:08.543000 +CVE-2024-12528,0,0,b542d57e01c0c48ad9564b0890e0d12d29edb2156a8c53246e86bf7139add551,2025-01-07T04:15:08.543000 CVE-2024-1253,0,0,a598e10fa6d530af6148de164d99995412d597f7142ead42d62b85e905a98949,2024-11-21T08:50:09.843000 +CVE-2024-12535,1,1,b0034002c69bb854c515c85f47eb566bda639381994e791864e14498ccfc66d2,2025-01-07T06:15:17.220000 CVE-2024-12536,0,0,a925f1a48eff74b537962fd623796390384e9d276d37e7a9cb0d9ba10f9464b0,2024-12-13T17:14:44.007000 -CVE-2024-12538,1,1,b01ad61b9334acc7635ec3132a042fbc3171b4976dc799538cae1899a313c7bf,2025-01-07T04:15:08.720000 +CVE-2024-12538,0,0,b01ad61b9334acc7635ec3132a042fbc3171b4976dc799538cae1899a313c7bf,2025-01-07T04:15:08.720000 CVE-2024-12539,0,0,bf2bc8684b4967ec9692452689aaa296f660969c9ab0dd0ec9b638e64908ab0d,2024-12-17T21:15:07.183000 CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c91,2024-11-21T08:50:09.993000 -CVE-2024-12540,1,1,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000 -CVE-2024-12541,1,1,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000 +CVE-2024-12540,0,0,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000 +CVE-2024-12541,0,0,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000 CVE-2024-12545,0,0,5409af2cc867f9cbfaa0048cd65660c930731d490c0e60928807d15814cab2e6,2025-01-04T08:15:06.363000 CVE-2024-1255,0,0,5935182eb4eb024c7cf7e3cda464e0c74472c4e58bc0030bb090a2a8f708b72f,2024-11-21T08:50:10.150000 CVE-2024-12552,0,0,8443c6d0851e2c1de6fc0e2780c54c711d712f43dce29b5a9fc2e07cff55adf4,2024-12-13T23:15:05.553000 CVE-2024-12553,0,0,cd61f311646d40093b2eea8b09f233e945a3d877e60c1a1abbe43e2cfcd9ea6a,2024-12-13T23:15:06.310000 CVE-2024-12554,0,0,03325541f88792da1f6e44f52ff0851958b98ec9e3aa0b4c7708f85287495a8a,2024-12-18T10:15:08.493000 CVE-2024-12555,0,0,2e017ff0ee33b0c8a472113c693bd6d33089424aa43829233098413c47eb605b,2024-12-14T05:15:11.827000 -CVE-2024-12557,1,1,c9c6d6d60fa1e63d0c31dc33ceb551ab46ad22cb114705bc0dfb08def0caa40b,2025-01-07T04:15:09.260000 +CVE-2024-12557,0,0,c9c6d6d60fa1e63d0c31dc33ceb551ab46ad22cb114705bc0dfb08def0caa40b,2025-01-07T04:15:09.260000 CVE-2024-12558,0,0,ff1dd3178bf5e061322cf2e1a359f721c0d270a183cd44116b64f362a8103982,2024-12-21T10:15:08.600000 -CVE-2024-12559,1,1,f54cf3f9991327e38603b9f68b85ad1beb15e578526394c2a7bc1915ca2539bc,2025-01-07T04:15:09.433000 +CVE-2024-12559,0,0,f54cf3f9991327e38603b9f68b85ad1beb15e578526394c2a7bc1915ca2539bc,2025-01-07T04:15:09.433000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 CVE-2024-12560,0,0,d33290fc3e54f51dd78cb0afaf9a18e8538f72db9dd0f598ab5a68b55bfe89a1,2024-12-19T07:15:13.507000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 @@ -245154,9 +245218,9 @@ CVE-2024-12582,0,0,bbfe1aae814f308a85392c13709691d46da248e6458c80cb519b63fa483aa CVE-2024-12583,0,0,6c1f345fbc3f1cc53302e61a1dfbebbfcc1b6c1ee5d98cc4a9e3c7ebaa7ceed3,2025-01-04T09:15:06.090000 CVE-2024-12588,0,0,9ef4dd85f085f6ba612688cc14a2c49d05248e20e75bd2d7bdd4aff39b5ac0f2,2024-12-21T09:15:06.233000 CVE-2024-1259,0,0,1c6bb100fc9cba505c4d696801bfd3102c508e530bb2e36c86a6685675278bd7,2024-11-21T08:50:10.730000 -CVE-2024-12590,1,1,78caf08663857a2f888f89c4842ba777750ad04068c078583ff87671d3a13c4e,2025-01-07T04:15:09.607000 +CVE-2024-12590,0,0,78caf08663857a2f888f89c4842ba777750ad04068c078583ff87671d3a13c4e,2025-01-07T04:15:09.607000 CVE-2024-12591,0,0,ab3753b6008fbe3e6034e40f9f857196cd212596c7c67b4ab270eba30c140899,2024-12-21T10:15:09.177000 -CVE-2024-12592,1,1,f7078feab8fa5eead0a6efa9f90d4e3b58439abfb00aa0f348c4b0049b74503e,2025-01-07T04:15:09.783000 +CVE-2024-12592,0,0,f7078feab8fa5eead0a6efa9f90d4e3b58439abfb00aa0f348c4b0049b74503e,2025-01-07T04:15:09.783000 CVE-2024-12594,0,0,594b37b561926a174996b6f220ac2c193da316e698a771fbe44cfee2e4625e76,2024-12-24T06:15:33.297000 CVE-2024-12595,0,0,d10767ce84f7e81d5a6ad487503289a59f4d01b86cd7eb0b224ee74e49237f41,2025-01-06T21:15:14.003000 CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9a09,2024-12-18T04:15:08.253000 @@ -245171,6 +245235,7 @@ CVE-2024-12626,0,0,dc01f58442ef4eb4425488c755c4a1d0852a1ed618c4541c829e9e2584781 CVE-2024-12628,0,0,f48463b1ecdc4a2ff76d188b8ae44a2e0e32ef1e929dc806ea33e24839d1432f,2024-12-14T07:15:07.213000 CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000 +CVE-2024-12633,1,1,ac69292f6a12c945fd607e3ad86b3344f43286244c6390a44a1c51cf13345366,2025-01-07T06:15:17.417000 CVE-2024-12635,0,0,3c7aa75fcbe7aad344d7ab6a29830b91315b8c91a45f35c3746137d636be222e,2024-12-21T07:15:09.380000 CVE-2024-12636,0,0,42a82168ce07b7a4b358fd4a7a39c0f3a390399d55754f2ae0215aa2892ce194,2024-12-25T05:15:08.067000 CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000 @@ -245277,6 +245342,7 @@ CVE-2024-12843,0,0,e0d63d5eaa72fe482e9688112e3425396d4210ce7c52333ca08afb767873f CVE-2024-12844,0,0,5c87a9ff55812bd16a6653ca7a057210dd46c019a4746aa2ea360cfc1b225b08,2024-12-20T21:15:07.833000 CVE-2024-12845,0,0,6db3f79a15d2d76db842fd5e3307555a4b420c54dce4b03038fc42d43c0c515d,2024-12-20T22:15:24.727000 CVE-2024-12846,0,0,e4c252bde2ca9af2e00706946ce2eb14da53254be655d485961e368b0c87d8ac,2024-12-21T05:15:07.373000 +CVE-2024-12849,1,1,1ec1f74cc5622df60afc70cfedb69ebca5791587da5e6e97ed85991f051e26c4,2025-01-07T06:15:17.607000 CVE-2024-1285,0,0,f377c2065ba4ae04295fe1855da43b832210575f04c4c7725642d3c9965142c4,2024-11-21T08:50:13.903000 CVE-2024-12850,0,0,075205b205303999a6a29790d3e10f6b915eaaea804fbc90dec0f08e9b7ce1f4,2024-12-24T10:15:06.033000 CVE-2024-12856,0,0,9babd12091bd3794c40f556b84241a138bc1e45b107552b0272431ce40e98129,2024-12-27T18:15:23.677000 @@ -273931,6 +273997,7 @@ CVE-2024-7691,0,0,6dad0c769fb572b88a068528267f61949164dc392b80af6f168258a6b2c7f6 CVE-2024-7692,0,0,4b38ff30e017e91d8a002928077306fde8ee04d0be5e9045460020d6ccc3af22,2024-10-04T17:14:50.990000 CVE-2024-7693,0,0,dd3e43863a4776bf6aa9cee54c3310fd08dfe98f5bd8663ebc12432cb7153f16,2024-09-06T16:51:35.647000 CVE-2024-7694,0,0,3a2582a984429d8c89c3dd71bc863aef01ff80b7baff4f3e3f71f54998d90a46,2024-09-06T17:24:42.573000 +CVE-2024-7696,1,1,35e2703a3580e34793b0adb47636435a97e9bc261b606487fac86ca26d6b5071,2025-01-07T06:15:17.827000 CVE-2024-7697,0,0,122b8f72aeda3c5b2d61460f1dce24bd382a6f877b1c3f9efb3e322459b58ee0,2024-09-06T18:04:28.030000 CVE-2024-7698,0,0,28382cbcfd0fa7ea6a7d15c9ccdd01abba2e948df9ed5ab95948fe232327814d,2024-09-27T19:39:43.350000 CVE-2024-7699,0,0,69660c01a9078b1bb8b8ba16d42135a8912e2caf5b6ecd54d7bddf6785b1e596,2024-09-27T18:59:31.277000 @@ -274890,7 +274957,9 @@ CVE-2024-8849,0,0,0734151af4af8138bcdc00f593bbe5da7ce0eb57042fd20edab1406815b87a CVE-2024-8850,0,0,6a79107655be2c071c14b8c23b6123b1889673d27ef57475d913bb60daea2138,2024-09-25T18:49:53.397000 CVE-2024-8852,0,0,30058a9af3dd7a32997e52bc92060be7a6e41d470611028e31f3fcdaf7d3bfbb,2024-10-25T21:20:11.410000 CVE-2024-8853,0,0,8a2f5d1c05cc9b3a3da315856bc11b5532339e2e37b2d0099ab6a7be83232255,2024-09-25T17:49:25.653000 +CVE-2024-8855,1,1,1956de983d46a6371dc4df62437b92a6dda5a74fa8a190c1f8e671dfd2de38f5,2025-01-07T06:15:17.977000 CVE-2024-8856,0,0,9673197f029df18178a4a1f715fc7a70f5066ac5587142a3b689de66b2851e04,2024-11-21T16:15:27.633000 +CVE-2024-8857,1,1,c66b32372d1b3863f228a54c316a3ef7200e64698f2924a997c32bd7dfd3d8b0,2025-01-07T06:15:18.100000 CVE-2024-8858,0,0,ad81041fe495a196e9577347167ecfba5a083a17b0628925776a883bde8de8f7,2024-10-02T18:41:29.067000 CVE-2024-8861,0,0,b142f8cdfb1b389115184b8221537238e047c24179b6739e896f736e2c2081f9,2024-10-01T13:41:27.213000 CVE-2024-8862,0,0,1a8961f8693547b26bd383d0fe2e24176b66436d4aff5322938219edf5b87168,2024-09-20T15:47:10.697000 @@ -275162,6 +275231,7 @@ CVE-2024-9204,0,0,a5160d78b40684d13a0abe78f0110c3f251288d3f2bddb167ad6ebb658dbfb CVE-2024-9205,0,0,5ae9601368f3bcca980df59978014460b19f7164118a2dcd7e7fa2f27092d41f,2024-10-15T14:16:53.337000 CVE-2024-9206,0,0,be3e1f94144fc51753cd1bd12f56737ba31549963e7e6380e7b5eb5483568304,2024-10-22T15:27:08.847000 CVE-2024-9207,0,0,e5525b1e8a190b78c38e7b4cef54f1aa80674fbb3d5f5e4081838d7246c5a623,2024-10-10T12:56:30.817000 +CVE-2024-9208,1,1,8b3dbb760a0e82ad95960e955d1108019621b24f631ebc05a17db587462510fa,2025-01-07T05:15:20.790000 CVE-2024-9209,0,0,23750bdc4f9c650f82cd685942246dc8c2f4c461cac57cfd6b7d60cb94f7fe7c,2024-10-07T19:20:32.777000 CVE-2024-9210,0,0,c4e5f9d47e14247e63a2b18a451c4a1ff64faf127742a99345638ca5cbe6f226,2024-10-08T15:34:42.060000 CVE-2024-9211,0,0,9f3db3fbfc8b77df31c04200f6e0f4fd68502b04da49c90d6b1017cd48a111e9,2024-10-15T12:58:51.050000 @@ -275502,6 +275572,7 @@ CVE-2024-9633,0,0,464719aabf82d4c51da737aba0ef58dd3d7e243c61253713abe30460682816 CVE-2024-9634,0,0,7b5dabf15ae54de4daab48b64d2e27f430eb55d7ab2217a5e19376e8531d6f32,2024-10-16T16:38:14.557000 CVE-2024-9635,0,0,9f77fd7ccc96fa6d4c00f44465f9f4a309bfc7a2ae1c26c3627ef0449f3c9e02,2024-11-23T07:15:05.027000 CVE-2024-9637,0,0,0f4d16db68000f66da50bae84c41a0f228004e7436fcad95d0969905f72e932a,2024-10-28T13:58:09.230000 +CVE-2024-9638,1,1,ce33c4b600ed06e2e65e1d9a56a164be7402004966f3e2fcb3141277ce238c60,2025-01-07T06:15:18.217000 CVE-2024-9641,0,0,1af3f797b9845e72a30c1ec84ed9cc9350f350e1f0f00ee15b2f0dce5766f023,2024-12-12T18:15:28.297000 CVE-2024-9642,0,0,e785c942bfa480a7574dc49561aef989c60cf4146a0b8eb964f23c4e5169b91d,2024-10-28T13:58:09.230000 CVE-2024-9647,0,0,fcdcaf92364c0d2df50a52f6773b32a5c3346fda1bdd5380b00168c49162a8b6,2024-10-16T16:38:14.557000 @@ -275542,8 +275613,10 @@ CVE-2024-9692,0,0,c09412d3ade796bbe36fcbdc283e7a2ecfb61423341d9a573b10de9b4af8a9 CVE-2024-9693,0,0,96c2aa2e3e432eefa572dcd34b83d0c8393d8a6c0331136462b7a8bf8e88cb01,2024-11-26T01:57:19.427000 CVE-2024-9694,0,0,300f71d40bb815a23c3a0bc83a96e03beb3f23d9fc0b94128148bd02f8e753bb,2024-12-03T03:15:05.123000 CVE-2024-9696,0,0,a1a81fef8596ef3bd11bad2b6e9730354c1de3321eb96ce84006b7785432034a,2024-11-25T20:42:32.327000 +CVE-2024-9697,1,1,399cd7720335615817bca30ac608e0ddb27bbd480d1c83b425b8abf638174f48,2025-01-07T06:15:18.330000 CVE-2024-9698,0,0,4bf686193ae48864cd34920ebab8db56c7a750eaeae4b44accdb14ce30e1b3cc,2024-12-14T05:15:12.987000 CVE-2024-9700,0,0,e1d890043f9e82a1a371785886deff7f019dc3e23b5dc60dcf4df22bf1134a31,2024-11-25T19:57:41.387000 +CVE-2024-9702,1,1,95a99dd11fa5e921a92645d6f5e952b53257bf8f9fd0658cd67408dcd38bc530,2025-01-07T06:15:18.597000 CVE-2024-9703,0,0,f74b8eb4f5c30abc9348d860f43a1acf838112c918b3b24a8823031e5bd757fc,2024-10-22T15:25:27.887000 CVE-2024-9704,0,0,447028db9bd5f1d3bac8b55d44bb1a06edbf3c8e5b267ad90ca35dbb527f8371,2024-11-25T19:19:22.113000 CVE-2024-9705,0,0,d3e6e0cdfa50d1f44cfdccc6623bdd59d96e39c6b3b67c956a243ca7bda34dec,2024-12-06T09:15:08.577000 @@ -275871,4 +275944,4 @@ CVE-2025-22387,0,0,9dd5c36f62757a631fb5a2b118d56ec31778a4d5c7b66059ba094bd093cfa CVE-2025-22388,0,0,7b76724cf59a9c67f325da6bd673f3f15746ba083c4bc35be8117d11c0a0d8b4,2025-01-06T15:15:16.307000 CVE-2025-22389,0,0,50d6eaab20c8259cde700c821ce2570def076c6cb2eb277d3379fa3f59f6550e,2025-01-04T03:15:07.580000 CVE-2025-22390,0,0,36805a833480d9f50dee34ab32e5ed9b2707017fd5287eb5a8abd68b1059bfbf,2025-01-06T17:15:48.170000 -CVE-2025-22395,1,1,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000 +CVE-2025-22395,0,0,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000