Auto-Update: 2025-06-18T10:00:22.564295+00:00

CVE-2022/CVE-2022-14xx/CVE-2022-1471.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-1471",
   "sourceIdentifier": "cve-coordination@google.com",
   "published": "2022-12-01T11:15:10.553",
-  "lastModified": "2025-02-13T17:15:35.627",
+  "lastModified": "2025-06-18T09:15:47.243",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -116,6 +116,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html",
+      "source": "cve-coordination@google.com"
+    },
     {
       "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
       "source": "cve-coordination@google.com",
@@ -136,6 +140,10 @@
       "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc",
       "source": "cve-coordination@google.com"
     },
+    {
+      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c",
+      "source": "cve-coordination@google.com"
+    },
     {
       "url": "https://security.netapp.com/advisory/ntap-20230818-0015/",
       "source": "cve-coordination@google.com"

CVE-2025/CVE-2025-15xx/CVE-2025-1562.json

@@ -0,0 +1,76 @@
+{
+  "id": "CVE-2025-1562",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-18T08:15:28.987",
+  "lastModified": "2025-06-18T08:15:28.987",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/api/plugin_status/class-bwfan-api-install-and-activate-plugin.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/class-bwfan-db.php#L153",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/admin/class-bwfan-admin.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/abstracts/class-bwfan-api-base.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/class-bwfan-api-loader.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-59xx/CVE-2025-5981.json

@@ -0,0 +1,82 @@
+{
+  "id": "CVE-2025-5981",
+  "sourceIdentifier": "cve-coordination@google.com",
+  "published": "2025-06-18T09:15:47.660",
+  "lastModified": "2025-06-18T09:15:47.660",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve-coordination@google.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.7,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "HIGH",
+          "subIntegrityImpact": "LOW",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@google.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-427"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59",
+      "source": "cve-coordination@google.com"
+    },
+    {
+      "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8",
+      "source": "cve-coordination@google.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-06-18T08:00:19.429631+00:00
+2025-06-18T10:00:22.564295+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-06-18T06:15:28.397000+00:00
+2025-06-18T09:15:47.660000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-298258
+298260
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-- [CVE-2025-4955](CVE-2025/CVE-2025-49xx/CVE-2025-4955.json) (`2025-06-18T06:15:28.397`)
+- [CVE-2025-1562](CVE-2025/CVE-2025-15xx/CVE-2025-1562.json) (`2025-06-18T08:15:28.987`)
+- [CVE-2025-5981](CVE-2025/CVE-2025-59xx/CVE-2025-5981.json) (`2025-06-18T09:15:47.660`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2022-1471](CVE-2022/CVE-2022-14xx/CVE-2022-1471.json) (`2025-06-18T09:15:47.243`)
 
 
 ## Download and Usage

_state.csv

@@ -189355,7 +189355,7 @@ CVE-2022-1467,0,0,4244fa85c07ce188281e2e68274dd3b1bddab19e609dae2da2a3f3e391a8c6
 CVE-2022-1468,0,0,bc78f55881e01a6f023eb4f4498c5c9bb9f5e7012eb94752fc063ff4f1a2c8ec,2024-11-21T06:40:46.943000
 CVE-2022-1469,0,0,7ffd0498f3a2f922b0a02ebb6229d13a6432911e6e35206695c7945f0a722e6f,2024-11-21T06:40:47.090000
 CVE-2022-1470,0,0,5642de4bd55e594f5d5abdf5e790ace17eef364ea96e290fe8852a1dc073b82b,2024-11-21T06:40:47.200000
-CVE-2022-1471,0,0,4b4d510bf4f68ae2ddf057d32e8bb808db4e78574a4a26fa59d0294cff7a9a25,2025-02-13T17:15:35.627000
+CVE-2022-1471,0,1,07739a2dcf41438b07c0afd9039ff02073b4078d37371735ea774aea38fda7e4,2025-06-18T09:15:47.243000
 CVE-2022-1472,0,0,edb7e07a336c37fb964f0f209addd02630616647aaef0a97f2f250f838db2840,2024-11-21T06:40:47.477000
 CVE-2022-1473,0,0,651f93b93ece2974f85deec109efd4323f7342c6df9846e3248acb59b12b31d0,2025-05-05T17:17:34.867000
 CVE-2022-1474,0,0,b5586935a38e326f7385281cad87b285bdb53d4974e14a2e5d208fb1689388fa,2024-11-21T06:40:47.740000
@@ -283670,6 +283670,7 @@ CVE-2025-1558,0,0,c78589d5810333dd5b267c981b16d0ba3ae44b98790279ca9bbe06e61569b3
 CVE-2025-1559,0,0,709a243835f3c6ce0779a28711cc25be41f0a8c4f301b124730fe9903567f95d,2025-03-13T02:15:12.917000
 CVE-2025-1560,0,0,5806fdd5d9f8e8a09704d33fd8caadc121e4fbb048f372fad8d43065a1e4a103,2025-03-06T16:15:42.753000
 CVE-2025-1561,0,0,33a657fb8a4122eef68e03cf0206d7dfa8ce683bdf001162cf57406315521345,2025-05-26T02:14:52.170000
+CVE-2025-1562,1,1,2f1a546af7a9e680b6e9e17b545c2838e9905defeb3d99dd716116f7fa0d1e2e,2025-06-18T08:15:28.987000
 CVE-2025-1564,0,0,9d62e5431da133f133499b29bcb96aa13e41c1b673396891299a0b15aab9c828,2025-03-01T08:15:34.007000
 CVE-2025-1565,0,0,35456b68df2d2d86ef4d0fb4554495a75d56271b6d28363288295dec6a61577e,2025-04-29T13:52:28.490000
 CVE-2025-1566,0,0,b62614d5a9b64c7c70aa72ecefcdd1eced14936f4f2bd9f2f3dab198c8a80ced,2025-05-06T01:15:50.030000
@@ -297315,7 +297316,7 @@ CVE-2025-4951,0,0,8d2965f90ffa46a261e1b06cd533aeb358abbd5115dc1f57a5b34acf12ab58
 CVE-2025-49510,0,0,3bb8122e36ad249db39449b81c1d9bb5005e0826a2addc079025211cebc0dc64,2025-06-12T16:06:39.330000
 CVE-2025-49511,0,0,5857ce4f5934ac8d4eab419d1a69fa9027dcf280ff9a1fb08e4e3e1a5703ab2f,2025-06-12T16:06:39.330000
 CVE-2025-4954,0,0,1ec01516c4567931b4ffc24e86d8b1eee9006bb52ce75acce1cd554027fb1f48,2025-06-12T16:06:39.330000
-CVE-2025-4955,1,1,962cee29f822d69a2f21c0606639ab24445601b1ed0ade1b93280fab766be82f,2025-06-18T06:15:28.397000
+CVE-2025-4955,0,0,962cee29f822d69a2f21c0606639ab24445601b1ed0ade1b93280fab766be82f,2025-06-18T06:15:28.397000
 CVE-2025-49575,0,0,5239212f6088f8e9f5d72981748315013281ee63030d12ad53f604f56fb5ce0a,2025-06-16T12:32:18.840000
 CVE-2025-49576,0,0,d91dc4671dcd271f2349061a8890351137f780e1115b96e716a0a31c8aba01ac,2025-06-16T12:32:18.840000
 CVE-2025-49577,0,0,28aa0b942534a5a538c80dbb8b7460e9323fd7179a5e937d1ba2f1eb56bd16ad,2025-06-16T12:32:18.840000
@@ -298134,6 +298135,7 @@ CVE-2025-5977,0,0,f1be6f85f13503775c495ea6cc25e73f56acbe00f921f8b9bd047e78e8e954
 CVE-2025-5978,0,0,0dead1a357778d240f3ef63e07a94108270bf41eaba57dcb5df97505742c3c80,2025-06-12T16:06:29.520000
 CVE-2025-5979,0,0,62f87aab912999e1a8c01e4f2d3083fff610fe2dfce4896415cd0de1f9a17fa5,2025-06-16T15:00:09.443000
 CVE-2025-5980,0,0,8af030447f54b16e451333aa706668a1da67e0c666b6c363521b0e8683bf238c,2025-06-16T14:52:30.557000
+CVE-2025-5981,1,1,e4c58eb43ea09829bebd1a1cdae851d0a5fba24a5d716fd4703c47abbdf8bb60,2025-06-18T09:15:47.660000
 CVE-2025-5982,0,0,d9487128b71b64381d82a652f7a1122df97e22510aec0c066c9d874bcd0cf999,2025-06-16T12:32:18.840000
 CVE-2025-5984,0,0,9c065cc4f1bf71f29d217205fa1a3017b01589309492c87e21e29320e0443497,2025-06-17T20:34:36.177000
 CVE-2025-5985,0,0,6bc7c20833bbb87d89e08ff2c433a1431f6002ad9972fe39c1f3aa9dac9d18ca,2025-06-17T20:34:19.473000