From 4c048c01e088693db4a635121272f62fdf076f0b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 19 Jun 2025 12:03:59 +0000 Subject: [PATCH] Auto-Update: 2025-06-19T12:00:19.928988+00:00 --- CVE-2005/CVE-2005-23xx/CVE-2005-2347.json | 16 +++++ CVE-2025/CVE-2025-316xx/CVE-2025-31698.json | 33 ++++++++++ CVE-2025/CVE-2025-328xx/CVE-2025-32896.json | 41 ++++++++++++ CVE-2025/CVE-2025-497xx/CVE-2025-49763.json | 33 ++++++++++ CVE-2025/CVE-2025-50xx/CVE-2025-5071.json | 64 ++++++++++++++++++ CVE-2025/CVE-2025-52xx/CVE-2025-5234.json | 72 +++++++++++++++++++++ README.md | 15 +++-- _state.csv | 8 ++- 8 files changed, 276 insertions(+), 6 deletions(-) create mode 100644 CVE-2005/CVE-2005-23xx/CVE-2005-2347.json create mode 100644 CVE-2025/CVE-2025-316xx/CVE-2025-31698.json create mode 100644 CVE-2025/CVE-2025-328xx/CVE-2025-32896.json create mode 100644 CVE-2025/CVE-2025-497xx/CVE-2025-49763.json create mode 100644 CVE-2025/CVE-2025-50xx/CVE-2025-5071.json create mode 100644 CVE-2025/CVE-2025-52xx/CVE-2025-5234.json diff --git a/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json b/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json new file mode 100644 index 00000000000..3a82ff8b5af --- /dev/null +++ b/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2005-2347", + "sourceIdentifier": "security@debian.org", + "published": "2025-06-19T11:15:23.593", + "lastModified": "2025-06-19T11:15:23.593", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json new file mode 100644 index 00000000000..881286dce4f --- /dev/null +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-31698", + "sourceIdentifier": "security@apache.org", + "published": "2025-06-19T10:15:20.980", + "lastModified": "2025-06-19T10:15:20.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.\n\nUsers can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.\u00a0\nThis issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json new file mode 100644 index 00000000000..738f3cd98b2 --- /dev/null +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-32896", + "sourceIdentifier": "security@apache.org", + "published": "2025-06-19T11:15:24.190", + "lastModified": "2025-06-19T11:15:24.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "# Summary\n\nUnauthorized users can perform Arbitrary File Read and Deserialization\nattack by submit job using restful api-v1.\n\n# Details\nUnauthorized users can access `/hazelcast/rest/maps/submit-job` to submit\njob.\nAn attacker can set extra params in mysql url to perform Arbitrary File\nRead and Deserialization attack.\n\nThis issue affects Apache SeaTunnel: <=2.3.10\n\n# Fixed\n\nUsers are recommended to upgrade to version 2.3.11, and enable restful api-v2 & open https two-way authentication , which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/seatunnel/pull/9010", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/qvh3zyt1jr25rgvw955rb8qjrnbxfro9", + "source": "security@apache.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/04/12/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json b/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json new file mode 100644 index 00000000000..fb75953f93c --- /dev/null +++ b/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-49763", + "sourceIdentifier": "security@apache.org", + "published": "2025-06-19T10:15:21.887", + "lastModified": "2025-06-19T10:15:21.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.\n\nUsers can use a new setting for the plugin (--max-inclusion-depth) to limit it.\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-50xx/CVE-2025-5071.json b/CVE-2025/CVE-2025-50xx/CVE-2025-5071.json new file mode 100644 index 00000000000..68771b5f303 --- /dev/null +++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5071.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5071", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-19T10:15:22.027", + "lastModified": "2025-06-19T10:15:22.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-52xx/CVE-2025-5234.json b/CVE-2025/CVE-2025-52xx/CVE-2025-5234.json new file mode 100644 index 00000000000..8d459586bce --- /dev/null +++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5234.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-5234", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-19T10:15:22.250", + "lastModified": "2025-06-19T10:15:22.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018elementId\u2019 parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gutenverse-news/tags/1.0.4/include/class/block/class-grab.php#L71", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3313123/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3313123/gutenverse-news/trunk/include/class/block/class-grab.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/gutenverse-news/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b1f60a-3a13-4679-af3e-d6f95fd83cea?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a19290f3799..0fe6f4f7d3f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-19T10:00:19.707536+00:00 +2025-06-19T12:00:19.928988+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-19T09:15:21.290000+00:00 +2025-06-19T11:15:24.190000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298695 +298701 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `6` -- [CVE-2016-3399](CVE-2016/CVE-2016-33xx/CVE-2016-3399.json) (`2025-06-19T09:15:21.290`) +- [CVE-2005-2347](CVE-2005/CVE-2005-23xx/CVE-2005-2347.json) (`2025-06-19T11:15:23.593`) +- [CVE-2025-31698](CVE-2025/CVE-2025-316xx/CVE-2025-31698.json) (`2025-06-19T10:15:20.980`) +- [CVE-2025-32896](CVE-2025/CVE-2025-328xx/CVE-2025-32896.json) (`2025-06-19T11:15:24.190`) +- [CVE-2025-49763](CVE-2025/CVE-2025-497xx/CVE-2025-49763.json) (`2025-06-19T10:15:21.887`) +- [CVE-2025-5071](CVE-2025/CVE-2025-50xx/CVE-2025-5071.json) (`2025-06-19T10:15:22.027`) +- [CVE-2025-5234](CVE-2025/CVE-2025-52xx/CVE-2025-5234.json) (`2025-06-19T10:15:22.250`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 2158530bc69..d823fec51d2 100644 --- a/_state.csv +++ b/_state.csv @@ -13306,6 +13306,7 @@ CVE-2005-2343,0,0,73dc310170d13be4424d8eeb6ee614606550bd1d800d9a0663c8d07d79d636 CVE-2005-2344,0,0,44282ae6f9064db58ec58cacb1251f93da1dabf092076eaeb8a2ab9b660b925c,2025-04-03T01:03:51.193000 CVE-2005-2345,0,0,b27e6d6807328b3c6387b96a0da8e6930e932914582b2901d83a88205c700e40,2023-11-07T01:57:36.063000 CVE-2005-2346,0,0,918fe655ea03014a25e47ac451e26cd34bb7a5c22e08d76bac29db32d54b3994,2025-04-03T01:03:51.193000 +CVE-2005-2347,1,1,01669b599b63be3fc28ca223e163cc52b2ddd2615dedfdfb1467c49a51ca06ee,2025-06-19T11:15:23.593000 CVE-2005-2348,0,0,501378e87d24dedfae8c0b4b68c8bf601a525c697b9afd5e277b4ddef737a1da,2023-11-07T01:57:36.280000 CVE-2005-2349,0,0,171e3e2b71b6ef978485fd23602db9f356073938b1facf216771d9bda2300587,2024-11-20T23:59:21.517000 CVE-2005-2350,0,0,6e00337b7c49c4fabd19eeb4fe846f77b817b69e4d1d708abef5545b3113d97f,2024-11-20T23:59:21.627000 @@ -86693,7 +86694,7 @@ CVE-2016-3394,0,0,7e99c4ea2e0a86e9886d5868f29d9ce69260ede59677ae2733a74b59d4067f CVE-2016-3395,0,0,45519b5d321d74661c9d0f78c5e1c8bfd350d0fdf5da9fb776b47cb63b1f2f96,2023-11-07T02:32:18.990000 CVE-2016-3396,0,0,56be8faf29b2f6f2a5102c8ca4b074c019a5d37be3812ea9f7c46315290f06c0,2025-04-12T10:46:40.837000 CVE-2016-3397,0,0,88e8bc645668ee9dc0175edcc8bca744f474ffdb22697e220c24145c9e50b22d,2023-11-07T02:32:19.393000 -CVE-2016-3399,1,1,a9f564bf1a617c58f23492f0d2672ac34a6d1b5d40144bf8735436c356355edd,2025-06-19T09:15:21.290000 +CVE-2016-3399,0,0,a9f564bf1a617c58f23492f0d2672ac34a6d1b5d40144bf8735436c356355edd,2025-06-19T09:15:21.290000 CVE-2016-3400,0,0,c0517d70596cdf1628af3979f4fb8e45c5f5873c364abffdf05e1a617e946072,2025-04-20T01:37:25.860000 CVE-2016-3401,0,0,787d5b69ea311db7e8ffcf2c937fdbdac14d2940779fc586f0947e2fccc86c71,2025-04-20T01:37:25.860000 CVE-2016-3402,0,0,85b07381c9294bcf8e706cb23918b2a6d954cb0470fa3e328ae77ca4e7e6aea0,2025-04-20T01:37:25.860000 @@ -292369,6 +292370,7 @@ CVE-2025-31694,0,0,ca7b6a12f88250e41157726afe1e54fba9ef36ba52e8894f4db4aa7871bd1 CVE-2025-31695,0,0,044b0f435e7672f738ea051c11db83a00ebaff63dbdb68e706b7dcc13acb90b6,2025-04-29T16:15:34.097000 CVE-2025-31696,0,0,7181c70430e7f11f94551e571b933443a77c74627eab2d3af9d5a2722d8bbb8e,2025-04-29T16:15:34.243000 CVE-2025-31697,0,0,d2f6e5dae8beddd7adbc933b42660d8199d000a2c4970c75b74c3c6a7e4fd487,2025-04-29T16:15:34.633000 +CVE-2025-31698,1,1,f718ce4b428d85a20357121dcf37ee9eeb16674413188ebde70d08c4880a8c67,2025-06-19T10:15:20.980000 CVE-2025-3170,0,0,afb2bda5dd4e3285c33c62d49a05a12fd30d05e815744685a436b70b7583067d,2025-04-08T20:52:02.413000 CVE-2025-3171,0,0,facd85de14a5feadcffd67276b1dd3aaa07eb8c0a878fc188d12f11d57d8217c,2025-04-08T20:43:42.857000 CVE-2025-31710,0,0,66b943a0cc10a097358c13445d1f5df7386c2942496f3871e72b75f2365fb784,2025-06-10T15:15:23.847000 @@ -293387,6 +293389,7 @@ CVE-2025-32888,0,0,851f5838ac3b9022b83107af55b659a3aafc0e2822e0c3d7c62be76cdae08 CVE-2025-32889,0,0,c5001261168b52d1fcafa5e758115761d50fb6c85872f50dce10dea30446578f,2025-05-02T13:52:51.693000 CVE-2025-3289,0,0,2dce3ef8eb88e8d6d3c6bdcdd7b6d448658ce48e819de5faca8e16dde3fc5df6,2025-04-08T18:13:53.347000 CVE-2025-32890,0,0,14fe3680ce0a694763f118a1c4280330bb31bbe10888a63507689bf1688fafee,2025-05-02T13:52:51.693000 +CVE-2025-32896,1,1,123bfaa38d77f885beca14c3b532a15df50c8b0d4512516bf991c8228fea2dd7,2025-06-19T11:15:24.190000 CVE-2025-32906,0,0,ed269622d928bd2aa475c3656dbb221e908c6bab45b25018cc828ee7bd119edc,2025-06-17T12:15:24.950000 CVE-2025-32907,0,0,213f7e42abba53cbe091599b6e08ac02e165cca9f4b70fa3a4b5acdea9942c00,2025-05-29T07:15:24.333000 CVE-2025-32908,0,0,d04d5cbb3961125d5a394946a9211c5953b759f1c35584196afe4caf2db9d0fd,2025-05-13T21:16:14.597000 @@ -297770,6 +297773,7 @@ CVE-2025-4971,0,0,ec01b010a198b670732c969d73dfa53bbd76f2e075f866245cc573c6149820 CVE-2025-49710,0,0,fdef6b70e5300806b4a42e9567df3fa6452819f84b853bd1194cd77188110e32,2025-06-16T16:40:48.453000 CVE-2025-4973,0,0,a09baa9620620eb012f5ddd6b5ca6dd7efd75fb0c8b55678f3f3e6206d444643,2025-06-12T16:06:20.180000 CVE-2025-4975,0,0,e6592341c2d044f9e5e990b69dac44d61e569344ba65d2de38b936ca41ba415e,2025-05-23T15:54:42.643000 +CVE-2025-49763,1,1,f2ccd03af066720719d6adaf3d9ebe904f6737d1d40001bdb18c48fb16111c52,2025-06-19T10:15:21.887000 CVE-2025-4977,0,0,935be558c641a049de0d5b17bd3afe70e433fc81aba4e94570f5c7e91d239ae4,2025-06-12T16:22:28.493000 CVE-2025-4978,0,0,d687371ad5129a9bb5f335e51aa4bb2d4a1326e0f7b71156d03d5b7e69122f96,2025-06-12T16:22:12.217000 CVE-2025-49785,0,0,fd0fa622bbf29f7044dd85605545512ef46620979dc70d00d503421325e1d0a3,2025-06-11T03:15:22.123000 @@ -297897,6 +297901,7 @@ CVE-2025-5065,0,0,8fc53b66fe42da4959811ef54b22b91af2bd35c9f4f954731cade0848a818f CVE-2025-5066,0,0,c2e1df9fe6cae5990ac135a3976d91b02429d110b23d2797a3b2dababf03dd2d,2025-05-29T15:50:51.310000 CVE-2025-5067,0,0,cf2723dbc4b2f797991ebafc1c2cb069497cee2d74a6a84ebec9dcde1e0dd29e,2025-05-29T15:50:43.240000 CVE-2025-5068,0,0,743f6f8e9f7972849bbf135b58a69c40f5a6f921a1bb6da952423dea4534ee5a,2025-06-05T14:11:10.430000 +CVE-2025-5071,1,1,3b2deef9236f3c759cda3ca3d7c218b19b13648226fc3eecf9f17094b26eaf9e,2025-06-19T10:15:22.027000 CVE-2025-5073,0,0,a1230535d583b5f466b5fe2615cca31afcba55333f600b324f190ec047a41d18,2025-06-05T20:13:49.707000 CVE-2025-5074,0,0,b32e6a163eb96eec8f69e51ca7a85c7da766b8b9d224e7b4f2f300a52a5b9bc3,2025-06-05T20:14:07.020000 CVE-2025-5075,0,0,e2d063c837a04b124fb91d6969390128004202435ff9c54fbec941e95c405ada,2025-05-23T15:55:02.040000 @@ -298030,6 +298035,7 @@ CVE-2025-5230,0,0,9fadea541076e74f479fb5b5289a700110bb92230bc9a76add28f6c782b2ab CVE-2025-5231,0,0,933bca2cb9baedec07e689266f247371c054ab08b67bfc89de515eda8b6db129,2025-06-10T15:11:56.957000 CVE-2025-5232,0,0,1b45026e75247a7322427bb058f27ed5717a2e44e9ed2a15532ca07a8f6c71a6,2025-06-10T15:12:09.197000 CVE-2025-5233,0,0,6ecf1c2c649b0793b0fa703353d52d82c83e36cf0edf8150a0b10fa91cf5098a,2025-06-16T12:32:18.840000 +CVE-2025-5234,1,1,a5f38e2a75e738bb7b3ede233cac90ad6712ee44816591b20f46ec0889585028,2025-06-19T10:15:22.250000 CVE-2025-5235,0,0,9f99135aac66ddf72cbc0dbdd83c4db7648e86e689f203314291273a812d09e8,2025-06-04T18:29:21.090000 CVE-2025-5236,0,0,21b3f9a42248749cfd7dac46ffac19b1b1d972c6879013b8f47a703a60b1c09a,2025-06-04T18:30:22.220000 CVE-2025-5237,0,0,9b708dfb250572e0ef36b1ce4d11e9c0580aaf815c8ffd6bf6c2ee5f802ff777,2025-06-18T13:46:52.973000