Auto-Update: 2024-10-31T07:00:19.868673+00:00

CVE-2024/CVE-2024-103xx/CVE-2024-10392.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10392",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-31T06:15:04.400",
+  "lastModified": "2024-10-31T06:15:04.400",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-215xx/CVE-2024-21537.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-21537",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2024-10-31T05:15:04.733",
+  "lastModified": "2024-10-31T05:15:04.733",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "report@snyk.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/antonk52/lilconfig/commit/2c68a1ab8764fc74acc46771e1ad39ab07a9b0a7",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/antonk52/lilconfig/pull/48",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/antonk52/lilconfig/releases/tag/v3.1.1",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-JS-LILCONFIG-6263789",
+      "source": "report@snyk.io"
+    }
+  ]
+}

CVE-2024/CVE-2024-37xx/CVE-2024-3727.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-3727",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-05-14T15:42:07.060",
-  "lastModified": "2024-10-24T18:15:08.177",
+  "lastModified": "2024-10-31T05:15:05.160",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -124,6 +124,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:8260",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8425",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-3727",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-93xx/CVE-2024-9341.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-9341",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-10-01T19:15:09.500",
-  "lastModified": "2024-10-24T17:15:17.773",
+  "lastModified": "2024-10-31T05:15:05.683",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -72,6 +72,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:8263",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8428",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-9341",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-96xx/CVE-2024-9676.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-9676",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-10-15T16:15:06.933",
-  "lastModified": "2024-10-30T09:15:02.860",
+  "lastModified": "2024-10-31T05:15:05.860",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -56,6 +56,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:8418",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8428",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/errata/RHSA-2024:8437",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-97xx/CVE-2024-9700.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9700",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-31T06:15:05.350",
+  "lastModified": "2024-10-31T06:15:05.350",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes it possible for unauthenticated attackers to modify other user's quiz submissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/forminator/tags/1.35.1/library/modules/quizzes/front/front-action.php#L548",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3172942",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-10-31T05:00:18.937132+00:00
+2024-10-31T07:00:19.868673+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-10-31T04:15:05.643000+00:00
+2024-10-31T06:15:05.350000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,22 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-267710
+267713
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-9708](CVE-2024/CVE-2024-97xx/CVE-2024-9708.json) (`2024-10-31T03:15:02.737`)
+- [CVE-2024-10392](CVE-2024/CVE-2024-103xx/CVE-2024-10392.json) (`2024-10-31T06:15:04.400`)
+- [CVE-2024-21537](CVE-2024/CVE-2024-215xx/CVE-2024-21537.json) (`2024-10-31T05:15:04.733`)
+- [CVE-2024-9700](CVE-2024/CVE-2024-97xx/CVE-2024-9700.json) (`2024-10-31T06:15:05.350`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `2`
+Recently modified CVEs: `3`
 
-- [CVE-2023-37607](CVE-2023/CVE-2023-376xx/CVE-2023-37607.json) (`2024-10-31T04:15:05.490`)
-- [CVE-2023-37608](CVE-2023/CVE-2023-376xx/CVE-2023-37608.json) (`2024-10-31T04:15:05.643`)
+- [CVE-2024-3727](CVE-2024/CVE-2024-37xx/CVE-2024-3727.json) (`2024-10-31T05:15:05.160`)
+- [CVE-2024-9341](CVE-2024/CVE-2024-93xx/CVE-2024-9341.json) (`2024-10-31T05:15:05.683`)
+- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-10-31T05:15:05.860`)
 
 
 ## Download and Usage

_state.csv

@@ -228487,8 +228487,8 @@ CVE-2023-37600,0,0,efd25ab948f12515425b4c91e3805f297b78ccd685e0bd44acdbf2fba0a29
 CVE-2023-37601,0,0,0943614a2f4e45b2b144655c7a5e21d11bf362cb17f9c994c5b828155a2e9fcb,2023-07-31T16:59:07.327000
 CVE-2023-37602,0,0,da3eb64a287bc225a9dc8758362d065005c932e71a2db46982de44cea994fec1,2023-07-31T16:51:03.140000
 CVE-2023-37605,0,0,b07e62fc6b986c7739aaa8cf6b98f3e5f581ac25603d0f59a2ce8a5ccb7620eb,2024-03-15T18:18:53.123000
-CVE-2023-37607,0,1,98eae51a8f2e4774cd3910498f0a4792a6cf6509d386e37ccbafe63b2e3ed6d6,2024-10-31T04:15:05.490000
-CVE-2023-37608,0,1,066e4a521628a740013485e1aecf8704700c58c31cf59fd013e25148da64dc71,2024-10-31T04:15:05.643000
+CVE-2023-37607,0,0,98eae51a8f2e4774cd3910498f0a4792a6cf6509d386e37ccbafe63b2e3ed6d6,2024-10-31T04:15:05.490000
+CVE-2023-37608,0,0,066e4a521628a740013485e1aecf8704700c58c31cf59fd013e25148da64dc71,2024-10-31T04:15:05.643000
 CVE-2023-3761,0,0,2bc4fa7ff9f892495f39a57171652e4c506e7a7dcbcc00f075d3a8b11d913c0e,2024-05-17T02:27:46.320000
 CVE-2023-37611,0,0,86f5587e0338f873926a0d975658898fd5514230e72caade792cf20ccf1828a6,2024-02-13T01:15:07.807000
 CVE-2023-37613,0,0,3b902d314f6b9cfc683325266500cba2b70704f6d91b3753329d1e799931df9f,2023-07-31T18:46:07.920000
@@ -242563,6 +242563,7 @@ CVE-2024-10381,0,0,63addd0f8191b1c4cfb4d8f0e97d60f16153f091ecece1db9c0d0bcf5f835
 CVE-2024-10386,0,0,2f19951219ebf285623df88c007e35e2ba1a621ceccb3eda9a0f05f4aa7fff04,2024-10-28T13:58:09.230000
 CVE-2024-10387,0,0,12b5ab9fc09cd164a10e40d20079f8a9e53a7fb87af2edbf444782194d8bf238,2024-10-28T13:58:09.230000
 CVE-2024-1039,0,0,823ba846a6d7c1759f085b54cf23829cdbadd28135927175e007d2b5df85a6ad,2024-02-07T14:09:47.017000
+CVE-2024-10392,1,1,65e1eee6207079d9eea89d0cef1fa0def22f0de8aefb921b887acdf56d76f926,2024-10-31T06:15:04.400000
 CVE-2024-10399,0,0,3c13bf7b23d522cba49f5224e24deb0565a230127f5b18eab9623dc9093a9ec0,2024-10-30T06:15:14.763000
 CVE-2024-1040,0,0,b32f85342f197693d2db41df3bf264f5b00d802b0a5fb12822762c63c498621d,2024-02-07T17:11:40.623000
 CVE-2024-10402,0,0,2443718b847d5ad0a7e8e6883b9aca46725ab83d65a53ced89e927dfa1ec15f4,2024-10-28T13:58:09.230000
@@ -244859,6 +244860,7 @@ CVE-2024-21533,0,0,b6d94b5290ee8a666e06ea3154c21a82f3a037332835b4cbc04bf2409f97e
 CVE-2024-21534,0,0,3641068338a125cfc76dca395aebd37e2004a05bbcc966c1678ccbc5dcd0ba06,2024-10-20T12:15:02.757000
 CVE-2024-21535,0,0,2e7744380a1db7060122e5ae23002590579ae07efcc1f1beb06e6a3a8350e174,2024-10-17T20:36:29.213000
 CVE-2024-21536,0,0,ae629d9ab98963890f886285a55767a6d8dedbe865d46e575265103987fe6f1f,2024-10-21T17:10:22.857000
+CVE-2024-21537,1,1,6ce226501fa44fce47d1498f52eb45a80a7e035dfd875b934e78fc84a546bb25,2024-10-31T05:15:04.733000
 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000
 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000
 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000
@@ -256154,7 +256156,7 @@ CVE-2024-37265,0,0,15f68b41e4db6ae6ccda7f80b0a70abe19004015dbcf0d1246d37335388c5
 CVE-2024-37266,0,0,44943b1bec747c3c4ecddbc943aaff365210584d2dac21ff41065ed54e40dcb1,2024-08-29T18:59:40.057000
 CVE-2024-37267,0,0,0d692f1d5fdd2443078b17f2b54167a732ba33e5479382e14b7e2bd4b6ec49a8,2024-07-25T13:47:43.833000
 CVE-2024-37268,0,0,32108042cd6042edb5d9a980c4bc9e7e171800cf8a42366d53d95c0b76a50314,2024-08-29T18:56:01.267000
-CVE-2024-3727,0,0,b0e2ad58d0d2a68040573151b20db183d58ae1205fb7aacdf4a0e26b9877e66f,2024-10-24T18:15:08.177000
+CVE-2024-3727,0,1,b4ce865f62bafd3dc815d8549b0ea67d6c2ff3d32f651a7a8608e4dfd0460fa5,2024-10-31T05:15:05.160000
 CVE-2024-37270,0,0,09adf8729d6feae3191994dc6f2b286449a8e4d910f8c343a3a9496ea050a29f,2024-07-11T13:05:54.930000
 CVE-2024-37271,0,0,82adde283ff9dacc0f77be200c055ea2f2c58a80387c070880c7d1f2c1068d32,2024-07-25T13:46:39.273000
 CVE-2024-37273,0,0,2a85b1da0ca6e483bcfb6dea755537146c70a6967cba53f16b02bbb377a77813,2024-08-15T14:35:03.053000
@@ -267347,7 +267349,7 @@ CVE-2024-9327,0,0,9bb62fae114b1c29588ad2672d640859a17a9f3af7375a799fc34e218e9d39
 CVE-2024-9328,0,0,a5f7378f6f2f1cd502f7cde1b5f6090c2d79ebec3e3af2aa2eaafb1f04d0c325,2024-10-01T11:34:57.773000
 CVE-2024-9329,0,0,45383f73609cef2d97bbcc2a37f0da26902c147f00f71a92dd725b6696a1e709,2024-10-07T15:52:47.267000
 CVE-2024-9333,0,0,29d3d497691b594c7c49948d48e229bbe8c23108f2eef552b2f92cd89acf1f06,2024-10-04T13:50:43.727000
-CVE-2024-9341,0,0,f8a94021657a84b0a8a7f02fa8cec5f16786f04bfc5a818ab209c4ad8270f994,2024-10-24T17:15:17.773000
+CVE-2024-9341,0,1,71ec1ddef1dda88dc8d7d4b51e9bd66172a72935574dede25fd7d8f58226a2f3,2024-10-31T05:15:05.683000
 CVE-2024-9344,0,0,d870e129ed50c7683cdbbee07d60a73dcd8b852b9805e9d5932c8a41008c379e,2024-10-08T15:06:57.470000
 CVE-2024-9345,0,0,b08be38bdc65e7df784af6af5cf36510583fc49f8a0ab62bc24aed87f83f55d0,2024-10-08T16:10:17.567000
 CVE-2024-9346,0,0,62d32d35d45fd426e51a0ed8886468a70178025d3407ee17aee209be78f55958,2024-10-15T12:58:51.050000
@@ -267543,7 +267545,7 @@ CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b763
 CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000
 CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000
 CVE-2024-9675,0,0,4a8f6f9ea94a00e784bdc3345750a0a0f71d8d3965047777f0f7ffc8d94dfe4c,2024-10-30T23:15:14.133000
-CVE-2024-9676,0,0,388826e2f736cae6407dafbf37e070d02b7de19b7221232ae54333a7a67ea4ed,2024-10-30T09:15:02.860000
+CVE-2024-9676,0,1,24ed9ba905e617fe373fd7817b3453536089b8c2e8edbf0e6624a0d55077f74d,2024-10-31T05:15:05.860000
 CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000
 CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000
 CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000
@@ -267552,10 +267554,11 @@ CVE-2024-9686,0,0,04f98af9d8ec4af01a3d35842aedc3b86f9dda8a517693baa9ea958d531796
 CVE-2024-9687,0,0,ae8c4791dae243694c67044fa0088a221548cce6d43bc08144a537d590a79ff2,2024-10-17T21:11:14.197000
 CVE-2024-9692,0,0,6637a78c6a5a322d069f0f0384d674a49925fbfbbf719ba95a3af042d35fdc19,2024-10-25T12:56:07.750000
 CVE-2024-9696,0,0,78e7cb06b620e1544d9c6811ae0c44cf981cc195d0067b351c711666292c356e,2024-10-15T12:57:46.880000
+CVE-2024-9700,1,1,86d43e3258814c9b3221f4a7cef6a637c42eb7641d5049f13c88b2bc609e1e95,2024-10-31T06:15:05.350000
 CVE-2024-9703,0,0,dd5db55cccdddcc3b58f6b494a8ef777447f72688cd0a2c60dac8e42fee7b6a9,2024-10-22T15:25:27.887000
 CVE-2024-9704,0,0,44ebf677ae69495b92126e2eb8d9d17c07544c8235e40f4412f83b24b48e2f3a,2024-10-15T12:57:46.880000
 CVE-2024-9707,0,0,cde0816a76e7682ea9f7dc3a69f12238a4d95599cfec418d205198361a6879cf,2024-10-15T12:58:51.050000
-CVE-2024-9708,1,1,72aa52c75c8710790c61daf5c470f02558b14e6542fbc68dae657f839c85ee2e,2024-10-31T03:15:02.737000
+CVE-2024-9708,0,0,72aa52c75c8710790c61daf5c470f02558b14e6542fbc68dae657f839c85ee2e,2024-10-31T03:15:02.737000
 CVE-2024-9756,0,0,8173cad728731052b89b4b59f3b4da8665b01e9fe6a8b575d907d967b2da6473,2024-10-15T12:57:46.880000
 CVE-2024-9772,0,0,0d1b30d428fb6796ba367d377c6619e6bf9b25cc03796237a99e8a8d275b84f3,2024-10-28T13:58:09.230000
 CVE-2024-9776,0,0,82a616b68a2c5818c813f35d61772c622935aa1b119f178b9eaa21355bac63d9,2024-10-15T12:57:46.880000