From 2e8193377f4a57412257ebf5049b677f0b098e99 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 25 Jan 2025 09:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-01-25T09:00:20.267915+00:00 --- CVE-2024/CVE-2024-105xx/CVE-2024-10552.json | 68 ++++++++++++++++++ CVE-2024/CVE-2024-118xx/CVE-2024-11825.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-120xx/CVE-2024-12076.json | 80 +++++++++++++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12113.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12512.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12529.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12600.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12816.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12817.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12826.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12885.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-133xx/CVE-2024-13368.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-133xx/CVE-2024-13370.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-134xx/CVE-2024-13441.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-134xx/CVE-2024-13458.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-134xx/CVE-2024-13467.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13548.json | 64 +++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13550.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13551.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13586.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-135xx/CVE-2024-13599.json | 64 +++++++++++++++++ README.md | 32 +++++++-- _state.csv | 27 ++++++- 23 files changed, 1361 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-105xx/CVE-2024-10552.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11825.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12076.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12113.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12512.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12529.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12600.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12816.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12817.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12826.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12885.json create mode 100644 CVE-2024/CVE-2024-133xx/CVE-2024-13368.json create mode 100644 CVE-2024/CVE-2024-133xx/CVE-2024-13370.json create mode 100644 CVE-2024/CVE-2024-134xx/CVE-2024-13441.json create mode 100644 CVE-2024/CVE-2024-134xx/CVE-2024-13458.json create mode 100644 CVE-2024/CVE-2024-134xx/CVE-2024-13467.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13548.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13550.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13551.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13586.json create mode 100644 CVE-2024/CVE-2024-135xx/CVE-2024-13599.json diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json new file mode 100644 index 00000000000..ca8528e3334 --- /dev/null +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-10552", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T07:15:07.380", + "lastModified": "2025-01-25T07:15:07.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018api_key\u2019 and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/flexmls-idx/trunk/views/admin-intro-api.php#L22", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/flexmls-idx/trunk/views/admin-intro-api.php#L30", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226484/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0624108b-cd60-4278-802d-d4853f73ec6a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json new file mode 100644 index 00000000000..6b6815f98db --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11825", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:07.190", + "lastModified": "2025-01-25T08:15:07.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018zone\u2019 parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/broadstreet/tags/1.50.1/Broadstreet/Utility.php#L199", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/broadstreet/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json new file mode 100644 index 00000000000..c8321a5777d --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2024-12076", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:07.470", + "lastModified": "2025-01-25T08:15:07.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridHtml.php#L1169", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridHtml.php#L1185", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridHtml.php#L465", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/trunk/lib/BridHtml.php#L489", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226143/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/brid-video-easy-publish/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/192b8ab0-f80e-4c0e-9cc0-df567d5791a8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json new file mode 100644 index 00000000000..8f09a8c2a0c --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12113", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:07.640", + "lastModified": "2025-01-25T08:15:07.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/youzify/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/977e407c-0650-454f-98bd-b39bb8c8c61f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json new file mode 100644 index 00000000000..31729f2291a --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12512", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:07.810", + "lastModified": "2025-01-25T08:15:07.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/ask-me-anything-anonymously/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f204d39-8a4a-4008-adc6-3ba72531f5a2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json new file mode 100644 index 00000000000..401f1b29459 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12529", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:07.973", + "lastModified": "2025-01-25T08:15:07.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/brodos-net-onlineshop/tags/2.0.1/class.onlineshop-init.php#L113", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a672c6-e911-46bb-a55b-c5788eedca3e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json new file mode 100644 index 00000000000..07373a3d26d --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12600", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T07:15:07.807", + "lastModified": "2025-01-25T07:15:07.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-custom-product-tabs-lite/trunk/woocommerce-custom-product-tabs-lite.php#L372", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226839/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33c16b47-3202-4f26-bf45-98172b8cac45?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json new file mode 100644 index 00000000000..c52e87d8178 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12816", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.137", + "lastModified": "2025-01-25T08:15:08.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/notice-board-by-towkir/trunk/towkir-notice-board.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/notice-board-by-towkir/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/069b2f3e-da9d-476c-a9fa-1b7d445a704b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json new file mode 100644 index 00000000000..1d31da0998c --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12817", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.300", + "lastModified": "2025-01-25T08:15:08.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/etsy-importer/trunk/includes/shortcodes.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/etsy-importer/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9d77b08-3a4a-441b-8725-fd93744de73c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json new file mode 100644 index 00000000000..911c24841a7 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12826", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.463", + "lastModified": "2025-01-25T08:15:08.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/personalize-woocommerce-cart-page/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f65ee908-004f-4526-aeca-41b36522bb30?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json new file mode 100644 index 00000000000..f53f5889b4b --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12885", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.633", + "lastModified": "2025-01-25T08:15:08.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/connections/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25e0c269-55c2-49f0-96bb-ae2696e2cea8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json new file mode 100644 index 00000000000..ed2255f949d --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13368", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.830", + "lastModified": "2025-01-25T08:15:08.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.2/includes/admin/core/functions/youzify-general-functions.php#L961", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2abd5b-3067-4dcd-a650-b543fa03437b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json new file mode 100644 index 00000000000..c149e59e511 --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13370", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:08.990", + "lastModified": "2025-01-25T08:15:08.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.2/includes/admin/class-youzify-admin.php?desc=1#L1348", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f234d676-86ac-47ab-b8b3-b0459cbb4538?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json new file mode 100644 index 00000000000..a6163df3eb3 --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13441", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:09.160", + "lastModified": "2025-01-25T08:15:09.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bilingual-linker/tags/2.4/bilingual-linker.php#L291", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daeda8d7-1bff-4258-9953-b4303f1778d0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json new file mode 100644 index 00000000000..bda03968464 --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13458", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:09.337", + "lastModified": "2025-01-25T08:15:09.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/notice-faq/trunk/noticefaq.php#L49", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/713f5bf5-f282-436e-8e8c-18543458bea1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json new file mode 100644 index 00000000000..db57852d03f --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13467", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:09.520", + "lastModified": "2025-01-25T08:15:09.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-contact-form7-email-spam-blocker/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b70a1344-2b55-40c9-a314-80d581e0b019?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json new file mode 100644 index 00000000000..8d6b90a676e --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13548", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:09.687", + "lastModified": "2025-01-25T08:15:09.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/power-ups-for-elementor/trunk/modules/magic-buttons-for-elementor/magic_buttons_shortcodes.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/power-ups-for-elementor/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7ab552-1ec5-4479-84b9-3e44f6c0354d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json new file mode 100644 index 00000000000..844f0607470 --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13550", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:09.847", + "lastModified": "2025-01-25T08:15:09.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/abc-notation/tags/6.1.3/abc-notation.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e53a2b7a-7005-451a-88f2-c23d420b4aad?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json new file mode 100644 index 00000000000..f2c2bcad91d --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13551", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:10.007", + "lastModified": "2025-01-25T08:15:10.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/abc-notation/tags/6.1.3/abc-notation.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e10930fd-fae0-4554-acf3-da81a124f79d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json new file mode 100644 index 00000000000..980837acf2e --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13586", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:10.173", + "lastModified": "2025-01-25T08:15:10.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/masy-gallery/trunk/inc/masygal-justified-shortcode.php#L33", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b865df96-335c-4856-a5e5-e728fb0645d3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json new file mode 100644 index 00000000000..05ae5a64743 --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13599", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T08:15:10.357", + "lastModified": "2025-01-25T08:15:10.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3226650/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/learnpress/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67709117-8912-4c09-afcb-0c07345d00e0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f2951c845e0..eb7307392e0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-25T07:00:19.378680+00:00 +2025-01-25T09:00:20.267915+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-25T06:15:28.740000+00:00 +2025-01-25T08:15:10.357000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278935 +278956 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `21` -- [CVE-2024-13721](CVE-2024/CVE-2024-137xx/CVE-2024-13721.json) (`2025-01-25T06:15:27.860`) -- [CVE-2025-0411](CVE-2025/CVE-2025-04xx/CVE-2025-0411.json) (`2025-01-25T05:15:09.533`) -- [CVE-2025-0682](CVE-2025/CVE-2025-06xx/CVE-2025-0682.json) (`2025-01-25T06:15:28.740`) +- [CVE-2024-10552](CVE-2024/CVE-2024-105xx/CVE-2024-10552.json) (`2025-01-25T07:15:07.380`) +- [CVE-2024-11825](CVE-2024/CVE-2024-118xx/CVE-2024-11825.json) (`2025-01-25T08:15:07.190`) +- [CVE-2024-12076](CVE-2024/CVE-2024-120xx/CVE-2024-12076.json) (`2025-01-25T08:15:07.470`) +- [CVE-2024-12113](CVE-2024/CVE-2024-121xx/CVE-2024-12113.json) (`2025-01-25T08:15:07.640`) +- [CVE-2024-12512](CVE-2024/CVE-2024-125xx/CVE-2024-12512.json) (`2025-01-25T08:15:07.810`) +- [CVE-2024-12529](CVE-2024/CVE-2024-125xx/CVE-2024-12529.json) (`2025-01-25T08:15:07.973`) +- [CVE-2024-12600](CVE-2024/CVE-2024-126xx/CVE-2024-12600.json) (`2025-01-25T07:15:07.807`) +- [CVE-2024-12816](CVE-2024/CVE-2024-128xx/CVE-2024-12816.json) (`2025-01-25T08:15:08.137`) +- [CVE-2024-12817](CVE-2024/CVE-2024-128xx/CVE-2024-12817.json) (`2025-01-25T08:15:08.300`) +- [CVE-2024-12826](CVE-2024/CVE-2024-128xx/CVE-2024-12826.json) (`2025-01-25T08:15:08.463`) +- [CVE-2024-12885](CVE-2024/CVE-2024-128xx/CVE-2024-12885.json) (`2025-01-25T08:15:08.633`) +- [CVE-2024-13368](CVE-2024/CVE-2024-133xx/CVE-2024-13368.json) (`2025-01-25T08:15:08.830`) +- [CVE-2024-13370](CVE-2024/CVE-2024-133xx/CVE-2024-13370.json) (`2025-01-25T08:15:08.990`) +- [CVE-2024-13441](CVE-2024/CVE-2024-134xx/CVE-2024-13441.json) (`2025-01-25T08:15:09.160`) +- [CVE-2024-13458](CVE-2024/CVE-2024-134xx/CVE-2024-13458.json) (`2025-01-25T08:15:09.337`) +- [CVE-2024-13467](CVE-2024/CVE-2024-134xx/CVE-2024-13467.json) (`2025-01-25T08:15:09.520`) +- [CVE-2024-13548](CVE-2024/CVE-2024-135xx/CVE-2024-13548.json) (`2025-01-25T08:15:09.687`) +- [CVE-2024-13550](CVE-2024/CVE-2024-135xx/CVE-2024-13550.json) (`2025-01-25T08:15:09.847`) +- [CVE-2024-13551](CVE-2024/CVE-2024-135xx/CVE-2024-13551.json) (`2025-01-25T08:15:10.007`) +- [CVE-2024-13586](CVE-2024/CVE-2024-135xx/CVE-2024-13586.json) (`2025-01-25T08:15:10.173`) +- [CVE-2024-13599](CVE-2024/CVE-2024-135xx/CVE-2024-13599.json) (`2025-01-25T08:15:10.357`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index beb742d0be1..15620fa4795 100644 --- a/_state.csv +++ b/_state.csv @@ -243792,6 +243792,7 @@ CVE-2024-10547,0,0,b023c976bb6d488185fa01d9371074d053ec54a35f2b498daa31d6bb09884 CVE-2024-10548,0,0,d80016b29abad8bd27936b04a650ff578dcf8ce0205682a3966273a8920973c9,2024-12-19T02:15:22.420000 CVE-2024-1055,0,0,399a6bc3324e5a5ab60feee10ef9f668300825e29ef0f6a3f63048abb22d1f67,2024-11-21T08:49:41.683000 CVE-2024-10551,0,0,399c3b50116ab12fecb385939dfbc291c08c34ee1143fded03cc056aa8d168fc,2024-12-06T16:15:20.160000 +CVE-2024-10552,1,1,bf23a2a3c571890876bb390462355c62a710dc4785469d2eaf423de6e9bcaf6d,2025-01-25T07:15:07.380000 CVE-2024-10555,0,0,c0c41d706222adae224343df415ec56327197387e8b3f526c30bed44f76590a1,2024-12-20T17:15:07.037000 CVE-2024-10556,0,0,718a43e4ad6bf4f3f07d592398a4916e1e5afe3b7fda2ab7a1b90e0c73118264,2024-11-01T20:51:35.617000 CVE-2024-10557,0,0,e65f5d89b91c24f295e5cbd0f813e2ad8ed04df13cf96a919800b770566f37fc,2024-11-01T20:48:56.980000 @@ -244919,6 +244920,7 @@ CVE-2024-11819,0,0,4ad555b58c0b6ae087a0e197e14f318c0818cf9ebf662c2c2b44a9340719c CVE-2024-1182,0,0,3f29301d892b117e83ef161f22ec91ec635f3f594205a460782ee4e3d4d8572d,2024-11-21T08:49:58.813000 CVE-2024-11820,0,0,851b7a45884f50f3792038cee6a0dd94b1414d7c7c3cad4aa15d26efb61c7827,2024-12-03T14:54:20.297000 CVE-2024-11823,0,0,c06b322c55c56e39da841e24dcfc245d4bbf700dd82f0350363e4100fb063133,2024-12-06T09:15:07.463000 +CVE-2024-11825,1,1,96c5070e436ca13c0f485f1de873107f18b277abea2e3dfbe2f45da01b02ac60,2025-01-25T08:15:07.190000 CVE-2024-11826,0,0,fdc4af07f6e7b5ee0b73f4d7d8a1219ddc213ce8e610dc5dd959d6ea49e4b678,2025-01-07T12:15:23.200000 CVE-2024-11827,0,0,56fd4585b95b5b001b477bafaf482165d34a68f8e4c23484879244ef8898da04,2024-12-13T12:15:19.050000 CVE-2024-11828,0,0,2182fcc94d5c2924b387611eabcc64629aff0d6ea201e85bc92b19a7228cc503,2024-12-12T21:07:04.270000 @@ -245125,6 +245127,7 @@ CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af0 CVE-2024-12071,0,0,4892a0257a8e38f22462c3c3c3105d7a454d8d7732fd022887412193b58ae3a5,2025-01-18T04:15:06.690000 CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000 CVE-2024-12073,0,0,d6db2f0c4889187ac33654deef83fc5d0350b2e32b900f5fdab17885bff03ab5,2025-01-07T06:15:15.367000 +CVE-2024-12076,1,1,09cc9c71a44db3ecb04699f23f6f75f22247a34f91ecdd6573179d59116b1771,2025-01-25T08:15:07.470000 CVE-2024-12077,0,0,fc51d2e5a9f19fe3fbf82780f8b1560f161bbef921778ce0625a7b0a0068014e,2025-01-07T08:15:24.927000 CVE-2024-12078,0,0,4088dd1c2c05d60a24f1a819a01c0cfa96a5dfe52b030b67a32f35d955ab328d,2025-01-23T17:15:13.020000 CVE-2024-12079,0,0,090e0137195ed25d8f3ba550604f0f5a6c991519a47d173d4220d34b145688d5,2025-01-23T17:15:13.187000 @@ -245157,6 +245160,7 @@ CVE-2024-12108,0,0,a851d0a44f06acd627e09429b72e15713bd7cb0608174f612b61d76d8c8e9 CVE-2024-12110,0,0,f266935beaa447960f1dea8d3421db64eefadfd0613c53fd8d2543de02327a47,2024-12-06T09:15:08.270000 CVE-2024-12111,0,0,94cbde89c1eb7b342ad5b2e1b90e676e3d9dc7b09262fa3ba8de5cb41e47a11b,2024-12-19T20:15:06.950000 CVE-2024-12112,0,0,675887d484c30a489c839813de06f4a2c0e83ee331233fc3bb15be475c6237ea,2025-01-08T04:15:06.683000 +CVE-2024-12113,1,1,a2a66f266036b7ea71880d2ff08289422a7a6df6ed51b0e1c2083cd935b5c212,2025-01-25T08:15:07.640000 CVE-2024-12115,0,0,e6944683813361fa4999b92dbfb5849d2d0c20bc3f6186b671317bdf2839435d,2024-12-07T02:15:18.653000 CVE-2024-12116,0,0,4a2ceff80336184e35d0f53deaa453232f189dd136149b8e8e0cd03d307eb4c7,2025-01-11T08:15:24.867000 CVE-2024-12117,0,0,5c2bbc39fb5b6d6401c07a64822b77288aeec30fc2cbad0cd60835722d462264,2025-01-24T19:05:36.597000 @@ -245479,6 +245483,7 @@ CVE-2024-12507,0,0,f098eff6e3ef53742e66474a6ac17418c00af6d9e6800445130b20da01af7 CVE-2024-12508,0,0,21bc7864dfec1ec4afdc6f630d41f80e3589bc17435e07461da258099a6c3dd8,2025-01-17T07:15:26.387000 CVE-2024-12509,0,0,8448cb7b981b452e7bee8263b7d56776b70a911630dc0596718dc3941caa2300,2024-12-20T07:15:12.177000 CVE-2024-1251,0,0,8c0214d9f05a1f50e84514dc27e8bafe56d249b59ef6b0b677b5e947e572faed,2024-11-21T08:50:09.497000 +CVE-2024-12512,1,1,7b160c9f605bf674c25e0782855150c91cb4d28255aabb2f09c3639fc2ea9980,2025-01-25T08:15:07.810000 CVE-2024-12513,0,0,6393dedffea01c8a6ef2142d1a8a9d6ba57b27f731b145d36f16e844db01eb62,2024-12-18T03:15:26.427000 CVE-2024-12514,0,0,f43a5430cb383b14a2cf8b8af6c6293e976c61736ad57e2dfa43a4cdef30e051,2025-01-09T11:15:14.137000 CVE-2024-12515,0,0,8c631cd3a275f3c01ae86ddf0d5593ffa408e3783d26380f8b46d3a793192bb4,2025-01-09T11:15:14.343000 @@ -245493,6 +245498,7 @@ CVE-2024-12523,0,0,185a41d328f0e130d8ed17ada12f64a855433449910369cbbb025fff8ce0f CVE-2024-12526,0,0,b192d6e45212a3c6d09a8a6cd2198d071bb3ba4da94a4e2bf151be7ad2c18324,2024-12-12T05:15:13.577000 CVE-2024-12527,0,0,a734fa6fae374e1f78bf0ed5836acb2d88c39ac4a4907ac1228b4122e65ad067,2025-01-11T08:15:25.913000 CVE-2024-12528,0,0,f4af9cf65ffcc6bdde0559258762f791c056b91239412bbfffbf03d13aedbfde,2025-01-07T04:15:08.543000 +CVE-2024-12529,1,1,d0259d36870c9d314337030abc809b764107aa328d6abc6553538a7914a36e0a,2025-01-25T08:15:07.973000 CVE-2024-1253,0,0,a598e10fa6d530af6148de164d99995412d597f7142ead42d62b85e905a98949,2024-11-21T08:50:09.843000 CVE-2024-12532,0,0,199fed046db6fc1b5b34521e2b9548b73238ea6ea9f77361d16a8dbec2a817f0,2025-01-07T12:15:24.363000 CVE-2024-12535,0,0,783cbd5e17eda49b126d7013b7661e75fb62741f3c668d86577a16b9b9c20d52,2025-01-07T06:15:17.220000 @@ -245544,6 +245550,7 @@ CVE-2024-12595,0,0,d10767ce84f7e81d5a6ad487503289a59f4d01b86cd7eb0b224ee74e49237 CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9a09,2024-12-18T04:15:08.253000 CVE-2024-12598,0,0,2c0e6e211745cf2c8a775604eda102619f7e15adec08efbb58ccc8f252ed3240,2025-01-17T07:15:26.577000 CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f8244,2024-11-21T08:50:10.880000 +CVE-2024-12600,1,1,9ae2c1f09d56242a564110b6134d03475cef8233ebc3976185bf3a6aed8690b9,2025-01-25T07:15:07.807000 CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000 CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000 CVE-2024-12605,0,0,a0f2993b097a4c99b97e822aef9d508fcc987f27fa00acaa2c8fa4c5ee5e87b3,2025-01-09T15:15:14.150000 @@ -245672,9 +245679,12 @@ CVE-2024-12803,0,0,fa686f442d34c33906cbd5c392b50db73035372cd413cc4367e49ae08edbe CVE-2024-12805,0,0,e53ccf7e5ed7d4029905e02b94c08493035711f3a6fbf1927b3a1f3594c5dd3c,2025-01-17T03:15:07.167000 CVE-2024-12806,0,0,d3ad8b949669d01946d03cf78ae2e87493233ba523f3d23e253ed03518cfb676,2025-01-17T03:15:07.337000 CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000 +CVE-2024-12816,1,1,79eb2dd90c9c17b3c2a7f3ee70302afe651f99aae7099dfbb75f3ebb64366af3,2025-01-25T08:15:08.137000 +CVE-2024-12817,1,1,32f9e7e0f8e1095319b7a827501ce7d109efcd2bf6309a60da88244f6164d371,2025-01-25T08:15:08.300000 CVE-2024-12818,0,0,84584f689c6c77a45a4884a21e812302b20927c35cf898200120c33746d2aaa2,2025-01-15T10:15:07.803000 CVE-2024-12819,0,0,d67b85742967f9e166e23a2e5c4440d086b3b3988f6b73108d4bee255219b06d,2025-01-09T11:15:15.657000 CVE-2024-1282,0,0,e6b07825f0f3597687613e3a6164d0e157f6f527c33c61eb8d90ec07193bdec2,2024-11-21T08:50:13.520000 +CVE-2024-12826,1,1,c720c0675605f102a13449f7c719465cad74869404c1c6afa4c9516f512ea0ef,2025-01-25T08:15:08.463000 CVE-2024-12828,0,0,a29f7d175d08af9e9a3e3b2d9a239843d4c47c7b84f9529c7b9ddf19ae5c7fea,2024-12-30T17:15:07.717000 CVE-2024-12829,0,0,b6def8373fb939ecec35d929ec57c311d0480519af7a0919a5038b5b832e9ed5,2025-01-03T17:46:48.507000 CVE-2024-1283,0,0,b1c9571efecc70819ed9018aef1b79e079809dddea59c76e732d84247ac1db52,2024-11-21T08:50:13.640000 @@ -245716,6 +245726,7 @@ CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884f CVE-2024-12881,0,0,ca1a79d9bb91f6e4db066c4e6e2534703ac042b68f8ca082fdad0b99821d0028,2024-12-24T10:15:06.240000 CVE-2024-12883,0,0,0dccbc52a4dfe90cc951e45cce63bd7a8971973694371765a4b4ec10fba99d5e,2025-01-10T21:24:53.957000 CVE-2024-12884,0,0,84f6ccf9547558d2ccbf089a75f30ed942eee26e5d55c753fc058246bc66e8e0,2025-01-10T21:22:48.413000 +CVE-2024-12885,1,1,2f0d46f70b9c82f1b5abeb0a3b4c8c3c01266a38d2d532fda8e3db621da5ac7e,2025-01-25T08:15:08.633000 CVE-2024-1289,0,0,f8c8a55f2a440d9e8129941363295ecfe343266b0f62bd6ed92e6812c890397f,2025-01-09T17:41:10.137000 CVE-2024-12890,0,0,610f0274b7ac3cad611dadc6fdaf386b425b77c844fa5525b1ada89ec1adcd36,2024-12-25T03:15:19.153000 CVE-2024-12891,0,0,cced707e3b2e51a766f709eaf2966827636b579e141e7587a71bc5464135ca83,2024-12-25T03:15:19.417000 @@ -246093,7 +246104,9 @@ CVE-2024-13360,0,0,42c7ef7264873842b1b321dcb1d9eb02287e4b9dd082710569d0b72683473 CVE-2024-13361,0,0,796ae81aa903e35e91be1aa59cd637cc5eee53bc205bb2f1ae10309102da0980,2025-01-24T18:55:22.577000 CVE-2024-13366,0,0,4b12bd5212b118d30ff048db445e6d1c00e6cad223533401dbdc6a341b0a882c,2025-01-17T07:15:26.947000 CVE-2024-13367,0,0,28bc518effbeac20d5854322c01ceb858440caae6a5bae49591369a0a18ef4cb,2025-01-17T07:15:27.123000 +CVE-2024-13368,1,1,0cebd01114688a38654235872525dd94dee4e6b9d8c0c778f5ec6dd70bab5851,2025-01-25T08:15:08.830000 CVE-2024-1337,0,0,ecd9569d803b0ad7e93765437336dbe54b6bca900bd0d8d6a4265ae95a2bd0fa,2024-11-21T08:50:21.857000 +CVE-2024-13370,1,1,4534ec8ffe42544d561bfc608813f027b638b469843d2bcdc0a7c27144b929ed,2025-01-25T08:15:08.990000 CVE-2024-13375,0,0,c87e38b9c0de54c689e8a67a37a12ee2fddbf06e66e4541022feb46d13a56b8a,2025-01-18T09:15:07.120000 CVE-2024-13377,0,0,a25050bd2bbff023d447f5d602b24decf0d9fe3f99412e4f96b0e55aac73332f,2025-01-17T10:15:07.240000 CVE-2024-13378,0,0,7ea1d4cbb0f87859cae348c2da93d49f3902e773337fd492c684caf29392972d,2025-01-17T10:15:07.457000 @@ -246123,11 +246136,14 @@ CVE-2024-13432,0,0,7d75f67ac18cf32d5dc44570eb7cf156c877d943529d3637d5b0bb399b86a CVE-2024-13433,0,0,b744d44080e2e33c41984f231e71d8cc1252181c511f568444c5c86671c3eb05,2025-01-18T07:15:09.160000 CVE-2024-13434,0,0,292fbae0324c9bc0e0a4304860c64d8e4dabea0f0444b12419bd12eebd083320,2025-01-17T05:15:09.290000 CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000 +CVE-2024-13441,1,1,fcbc25f5751a8050f060dcd2c18cd1291e5127285eb7a2657f8c91cc0f5ac5c4,2025-01-25T08:15:09.160000 CVE-2024-13444,0,0,2a82e7dc36beac803abf8c10509e1ae610559c76a3585d9c1850f27a1808797c,2025-01-21T11:15:09.450000 CVE-2024-13447,0,0,4e4ee51c076699c7672245e5729c9870c182faecf6e2bd018441c71df98cbb9d,2025-01-24T20:53:40.380000 CVE-2024-1345,0,0,7c212e7b361746cfecf33f6e4ed924489ff6a3a938083dd73fe4da2b7b4649da,2024-11-21T08:50:22.667000 CVE-2024-13454,0,0,64bcb798150e96f58a909578ab30d46cff0e023968dc2b1dcc5267d8fae6c946,2025-01-21T20:15:30.793000 +CVE-2024-13458,1,1,a0d55037d220aaf8fdb1343c6a981e032ff9c796368506b8230ae875396a583f,2025-01-25T08:15:09.337000 CVE-2024-1346,0,0,67674c75c08ebc67974102102d05a3921f8c61d1fe386fe7de33f2c37b3bc24d,2024-11-21T08:50:22.793000 +CVE-2024-13467,1,1,bcd6474463b1a69c9a46d9b4d6f6f02b302b85f9777a4b31585c7467fbf3f38a,2025-01-25T08:15:09.520000 CVE-2024-1347,0,0,b12a4cbf8e4f285872bf9a248874204d9208208e515ae74de2299237bb6626ad,2024-12-11T19:24:26.643000 CVE-2024-1348,0,0,1859f4ea1d00e7386fbff1ae86e38e3076d8135556fc20b2256d2f026d728722,2024-11-21T08:50:23.040000 CVE-2024-1349,0,0,8b85fafe827f099aa626e71779ca220a8bf1ec034e9ea4e44b28a687cd219e20,2024-12-31T17:15:36.763000 @@ -246150,17 +246166,22 @@ CVE-2024-13536,0,0,2c346b2df91a5dc057c237d35edbe756ff5236144feccf10098be940a9698 CVE-2024-1354,0,0,5af9747793c0c7f9d624ad8210334d43a11a7e2ffd1bfd24e0f893306f01668b,2024-11-21T08:50:23.843000 CVE-2024-13542,0,0,c45a986aa867dcb8c5f485f5d0834964d3d14a785680faca172769f60f73e69e,2025-01-24T11:15:09.377000 CVE-2024-13545,0,0,f5bd0b2863cf0d152606cfd8d60f42594047593ffc3fcb8972c1bca106c2bb9c,2025-01-24T09:15:22.797000 +CVE-2024-13548,1,1,773be214153e433c157dbff720cc5880d3eb87828ad3760ba7d8d4da982d58c8,2025-01-25T08:15:09.687000 CVE-2024-1355,0,0,6172baf85be4d7a27bbb49e6e2c61129e709fa636052c76496ed45a61202985b,2024-11-21T08:50:23.993000 +CVE-2024-13550,1,1,f9981f1deb805f2a60af3da03768fa1b757685b2867a3f144ba6c75ef5863a95,2025-01-25T08:15:09.847000 +CVE-2024-13551,1,1,c0f32b47678190b67b060d76bcd33ea48dd01585e717a7e931b6ea219ab115cf,2025-01-25T08:15:10.007000 CVE-2024-1356,0,0,6cb6186c899ef9742e559deecf7de4862ea2bb78bef5eed0c472ae9df79196b1,2024-11-21T08:50:24.133000 CVE-2024-1357,0,0,25eaf5b978f8da82b4d3e5ed8aa890834adc21c061c9c9c169613a72fe6996b1,2024-11-21T08:50:24.283000 CVE-2024-13572,0,0,810ff57abb3e74e570a0f4342646c85283702b45afe741301e2f9c7354adbef4,2025-01-24T11:15:09.520000 CVE-2024-1358,0,0,c4ea31b36cfcd7f75873d740d9e38ca70692f76dad02370c8ddbe488b8025229,2025-01-17T19:52:41.687000 CVE-2024-13583,0,0,0b9f6e50f40d8666926a0b56850821d9e08e6198a49b3d6cb41e84991c2caf40,2025-01-24T10:15:07.770000 CVE-2024-13584,0,0,ee87f1c36c9c93255b87e8f2b16900d4e175847a31f3c291ef2046e604a7f364,2025-01-24T18:20:40.760000 +CVE-2024-13586,1,1,2faa231a7c9836b7e566ce2e030f73d76076f41a486cba4a9ae8da27b2987da5,2025-01-25T08:15:10.173000 CVE-2024-1359,0,0,8114a50ae134a93430da828655ce595d1020af44415effc85b05f4f190881d3c,2024-11-21T08:50:24.543000 CVE-2024-13590,0,0,aa6f52a963149ee514cd80b7b2a6b7948bff891700d00f428940ffd85b0107d7,2025-01-24T18:09:26.147000 CVE-2024-13593,0,0,9e6eeaf6317d0d53a5777da60336a0df45a0567c61ee5316375bb6592e2f9ab4,2025-01-23T10:15:07.737000 CVE-2024-13594,0,0,b89d92c59d6589291d5b3e44e449a8d8620a2bd20dcfac4fc41ec59549c64cba,2025-01-24T11:15:09.667000 +CVE-2024-13599,1,1,8416ac4ba24e0470447a5d54bcb4a58d565d7b0165c1a9d0f1a855bfbf0c1c7d,2025-01-25T08:15:10.357000 CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000 @@ -246179,7 +246200,7 @@ CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa4 CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000 CVE-2024-1371,0,0,700f360c37065b466d7daf295c0b566055365a6732e2b4756cd7fe3bd3dfd8e6,2024-11-21T08:50:26.150000 CVE-2024-1372,0,0,ba2b445471fec156b955b505675756eb0a79c6540c94f30d84a8242b3e912ff8,2024-11-21T08:50:26.277000 -CVE-2024-13721,1,1,1ec94cb9c62b02c9472486b901c3addbef65df476872a8f8db6b902dfdcff790,2025-01-25T06:15:27.860000 +CVE-2024-13721,0,0,1ec94cb9c62b02c9472486b901c3addbef65df476872a8f8db6b902dfdcff790,2025-01-25T06:15:27.860000 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000 @@ -277567,7 +277588,7 @@ CVE-2025-0407,0,0,8d1bea41d96dceb0e8000e5eb9f589c13396bad4054ce09f0d87bbcc36005a CVE-2025-0408,0,0,2729cf9415a38755adad695073dad161acc79ef38638b787879efcd1f5040e8e,2025-01-13T14:15:10.073000 CVE-2025-0409,0,0,9622ef176974a666883ccef87aa9961f8329f556e68cbb6ca3f25010c47796f0,2025-01-13T18:15:21.430000 CVE-2025-0410,0,0,77fcc9d20cbc72a10bd98fd8a0d76eb1f68bad51f3fb695c8bb4e738dc713659,2025-01-13T18:15:21.730000 -CVE-2025-0411,1,1,506084f290a8ea5ea4a0efc27b50984e7338b12946697eca474a50bc0a957a87,2025-01-25T05:15:09.533000 +CVE-2025-0411,0,0,506084f290a8ea5ea4a0efc27b50984e7338b12946697eca474a50bc0a957a87,2025-01-25T05:15:09.533000 CVE-2025-0412,0,0,c39a3dcab0c6d49c3211d3247bc68e95a0d8b1c80f2a5bafe11ee5bd72adb69a,2025-01-13T04:15:06.477000 CVE-2025-0428,0,0,53ca33b8751cace74b1767e06da6e1ef57d9382b6c96eab72106c311721ef6db,2025-01-24T20:56:49.767000 CVE-2025-0429,0,0,78859fcdeaa45b49773faf4a287c5acdb235628b0cbfb95e3aa51c974c22a44b,2025-01-24T20:51:18.657000 @@ -277673,7 +277694,7 @@ CVE-2025-0638,0,0,ac9cca0d245198ff4674963eab0600993bc0b56692f14b75cf07327388ff27 CVE-2025-0648,0,0,f9d79465ad3803b75ff57d725f789e40aa0e726161afba05440d8db3881a4794,2025-01-23T11:15:11.030000 CVE-2025-0650,0,0,c255caf8716f9fc68172a701cd0571e8e2d98976a4a7a688b3c43cb943fe86cc,2025-01-23T18:15:33.110000 CVE-2025-0651,0,0,8c67aa0f80c9f1e30412c542495f9f971e1fa118a8f80db65a60da0b955bdf05,2025-01-22T18:15:20.363000 -CVE-2025-0682,1,1,92fd5473746c4976c6352d82859f2d6dd42876faa3743bd2fa1f5cfd951d9a04,2025-01-25T06:15:28.740000 +CVE-2025-0682,0,0,92fd5473746c4976c6352d82859f2d6dd42876faa3743bd2fa1f5cfd951d9a04,2025-01-25T06:15:28.740000 CVE-2025-0693,0,0,2dbd0ee2fa3f9bda7df2c547c0b425cdbbb9ef75c33ee753ae3804f02fa74725,2025-01-23T22:15:15.397000 CVE-2025-0697,0,0,2b300d6fe20cc05389e1f1da76da10c584853d80e73da80ea6280f5fc93d0276,2025-01-24T15:15:12.130000 CVE-2025-0698,0,0,41b2c00dd6b2e11497e6ad0d5935ff7e418c7e8ce23cb7590bf86289758b8bd6,2025-01-24T16:15:37.717000