Auto-Update: 2025-06-19T12:00:19.928988+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-19 12:03:59 +00:00 · 2025-06-19 12:03:59 +00:00 · 4c048c01e0
commit 4c048c01e0
parent 78376728a4
8 changed files with 276 additions and 6 deletions
--- a/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json
+++ b/CVE-2005/CVE-2005-23xx/CVE-2005-2347.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2005-2347",
+  "sourceIdentifier": "security@debian.org",
+  "published": "2025-06-19T11:15:23.593",
+  "lastModified": "2025-06-19T11:15:23.593",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json
+++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-31698",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2025-06-19T10:15:20.980",
+  "lastModified": "2025-06-19T10:15:20.980",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.\n\nUsers can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.\u00a0\nThis issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json
+++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json
@ -0,0 +1,41 @@
+{
+  "id": "CVE-2025-32896",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2025-06-19T11:15:24.190",
+  "lastModified": "2025-06-19T11:15:24.190",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "# Summary\n\nUnauthorized users can perform Arbitrary File Read and Deserialization\nattack by submit job using restful api-v1.\n\n# Details\nUnauthorized users can access `/hazelcast/rest/maps/submit-job` to submit\njob.\nAn attacker can set extra params in mysql url to perform Arbitrary File\nRead and Deserialization attack.\n\nThis issue affects Apache SeaTunnel: <=2.3.10\n\n# Fixed\n\nUsers are recommended to upgrade to version 2.3.11, and enable restful api-v2 & open https two-way authentication , which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/apache/seatunnel/pull/9010",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/qvh3zyt1jr25rgvw955rb8qjrnbxfro9",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2025/04/12/1",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json
+++ b/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-49763",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2025-06-19T10:15:21.887",
+  "lastModified": "2025-06-19T10:15:21.887",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.\n\nUsers can use a new setting for the plugin (--max-inclusion-depth) to limit it.\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6,  which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-50xx/CVE-2025-5071.json
+++ b/CVE-2025/CVE-2025-50xx/CVE-2025-5071.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-5071",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-19T10:15:22.027",
+  "lastModified": "2025-06-19T10:15:22.027",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-52xx/CVE-2025-5234.json
+++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5234.json
@ -0,0 +1,72 @@
+{
+  "id": "CVE-2025-5234",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-19T10:15:22.250",
+  "lastModified": "2025-06-19T10:15:22.250",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018elementId\u2019 parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/gutenverse-news/tags/1.0.4/include/class/block/class-grab.php#L71",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3313123/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3313123/gutenverse-news/trunk/include/class/block/class-grab.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/gutenverse-news/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b1f60a-3a13-4679-af3e-d6f95fd83cea?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-06-19T10:00:19.707536+00:00
+2025-06-19T12:00:19.928988+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-06-19T09:15:21.290000+00:00
+2025-06-19T11:15:24.190000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-298695
+298701
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `6`

- [CVE-2016-3399](CVE-2016/CVE-2016-33xx/CVE-2016-3399.json) (`2025-06-19T09:15:21.290`)
+- [CVE-2005-2347](CVE-2005/CVE-2005-23xx/CVE-2005-2347.json) (`2025-06-19T11:15:23.593`)
+- [CVE-2025-31698](CVE-2025/CVE-2025-316xx/CVE-2025-31698.json) (`2025-06-19T10:15:20.980`)
+- [CVE-2025-32896](CVE-2025/CVE-2025-328xx/CVE-2025-32896.json) (`2025-06-19T11:15:24.190`)
+- [CVE-2025-49763](CVE-2025/CVE-2025-497xx/CVE-2025-49763.json) (`2025-06-19T10:15:21.887`)
+- [CVE-2025-5071](CVE-2025/CVE-2025-50xx/CVE-2025-5071.json) (`2025-06-19T10:15:22.027`)
+- [CVE-2025-5234](CVE-2025/CVE-2025-52xx/CVE-2025-5234.json) (`2025-06-19T10:15:22.250`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -13306,6 +13306,7 @@ CVE-2005-2343,0,0,73dc310170d13be4424d8eeb6ee614606550bd1d800d9a0663c8d07d79d636
 CVE-2005-2344,0,0,44282ae6f9064db58ec58cacb1251f93da1dabf092076eaeb8a2ab9b660b925c,2025-04-03T01:03:51.193000
 CVE-2005-2345,0,0,b27e6d6807328b3c6387b96a0da8e6930e932914582b2901d83a88205c700e40,2023-11-07T01:57:36.063000
 CVE-2005-2346,0,0,918fe655ea03014a25e47ac451e26cd34bb7a5c22e08d76bac29db32d54b3994,2025-04-03T01:03:51.193000
+CVE-2005-2347,1,1,01669b599b63be3fc28ca223e163cc52b2ddd2615dedfdfb1467c49a51ca06ee,2025-06-19T11:15:23.593000
 CVE-2005-2348,0,0,501378e87d24dedfae8c0b4b68c8bf601a525c697b9afd5e277b4ddef737a1da,2023-11-07T01:57:36.280000
 CVE-2005-2349,0,0,171e3e2b71b6ef978485fd23602db9f356073938b1facf216771d9bda2300587,2024-11-20T23:59:21.517000
 CVE-2005-2350,0,0,6e00337b7c49c4fabd19eeb4fe846f77b817b69e4d1d708abef5545b3113d97f,2024-11-20T23:59:21.627000
@ -86693,7 +86694,7 @@ CVE-2016-3394,0,0,7e99c4ea2e0a86e9886d5868f29d9ce69260ede59677ae2733a74b59d4067f
 CVE-2016-3395,0,0,45519b5d321d74661c9d0f78c5e1c8bfd350d0fdf5da9fb776b47cb63b1f2f96,2023-11-07T02:32:18.990000
 CVE-2016-3396,0,0,56be8faf29b2f6f2a5102c8ca4b074c019a5d37be3812ea9f7c46315290f06c0,2025-04-12T10:46:40.837000
 CVE-2016-3397,0,0,88e8bc645668ee9dc0175edcc8bca744f474ffdb22697e220c24145c9e50b22d,2023-11-07T02:32:19.393000
-CVE-2016-3399,1,1,a9f564bf1a617c58f23492f0d2672ac34a6d1b5d40144bf8735436c356355edd,2025-06-19T09:15:21.290000
+CVE-2016-3399,0,0,a9f564bf1a617c58f23492f0d2672ac34a6d1b5d40144bf8735436c356355edd,2025-06-19T09:15:21.290000
 CVE-2016-3400,0,0,c0517d70596cdf1628af3979f4fb8e45c5f5873c364abffdf05e1a617e946072,2025-04-20T01:37:25.860000
 CVE-2016-3401,0,0,787d5b69ea311db7e8ffcf2c937fdbdac14d2940779fc586f0947e2fccc86c71,2025-04-20T01:37:25.860000
 CVE-2016-3402,0,0,85b07381c9294bcf8e706cb23918b2a6d954cb0470fa3e328ae77ca4e7e6aea0,2025-04-20T01:37:25.860000
@ -292369,6 +292370,7 @@ CVE-2025-31694,0,0,ca7b6a12f88250e41157726afe1e54fba9ef36ba52e8894f4db4aa7871bd1
 CVE-2025-31695,0,0,044b0f435e7672f738ea051c11db83a00ebaff63dbdb68e706b7dcc13acb90b6,2025-04-29T16:15:34.097000
 CVE-2025-31696,0,0,7181c70430e7f11f94551e571b933443a77c74627eab2d3af9d5a2722d8bbb8e,2025-04-29T16:15:34.243000
 CVE-2025-31697,0,0,d2f6e5dae8beddd7adbc933b42660d8199d000a2c4970c75b74c3c6a7e4fd487,2025-04-29T16:15:34.633000
+CVE-2025-31698,1,1,f718ce4b428d85a20357121dcf37ee9eeb16674413188ebde70d08c4880a8c67,2025-06-19T10:15:20.980000
 CVE-2025-3170,0,0,afb2bda5dd4e3285c33c62d49a05a12fd30d05e815744685a436b70b7583067d,2025-04-08T20:52:02.413000
 CVE-2025-3171,0,0,facd85de14a5feadcffd67276b1dd3aaa07eb8c0a878fc188d12f11d57d8217c,2025-04-08T20:43:42.857000
 CVE-2025-31710,0,0,66b943a0cc10a097358c13445d1f5df7386c2942496f3871e72b75f2365fb784,2025-06-10T15:15:23.847000
@ -293387,6 +293389,7 @@ CVE-2025-32888,0,0,851f5838ac3b9022b83107af55b659a3aafc0e2822e0c3d7c62be76cdae08
 CVE-2025-32889,0,0,c5001261168b52d1fcafa5e758115761d50fb6c85872f50dce10dea30446578f,2025-05-02T13:52:51.693000
 CVE-2025-3289,0,0,2dce3ef8eb88e8d6d3c6bdcdd7b6d448658ce48e819de5faca8e16dde3fc5df6,2025-04-08T18:13:53.347000
 CVE-2025-32890,0,0,14fe3680ce0a694763f118a1c4280330bb31bbe10888a63507689bf1688fafee,2025-05-02T13:52:51.693000
+CVE-2025-32896,1,1,123bfaa38d77f885beca14c3b532a15df50c8b0d4512516bf991c8228fea2dd7,2025-06-19T11:15:24.190000
 CVE-2025-32906,0,0,ed269622d928bd2aa475c3656dbb221e908c6bab45b25018cc828ee7bd119edc,2025-06-17T12:15:24.950000
 CVE-2025-32907,0,0,213f7e42abba53cbe091599b6e08ac02e165cca9f4b70fa3a4b5acdea9942c00,2025-05-29T07:15:24.333000
 CVE-2025-32908,0,0,d04d5cbb3961125d5a394946a9211c5953b759f1c35584196afe4caf2db9d0fd,2025-05-13T21:16:14.597000
@ -297770,6 +297773,7 @@ CVE-2025-4971,0,0,ec01b010a198b670732c969d73dfa53bbd76f2e075f866245cc573c6149820
 CVE-2025-49710,0,0,fdef6b70e5300806b4a42e9567df3fa6452819f84b853bd1194cd77188110e32,2025-06-16T16:40:48.453000
 CVE-2025-4973,0,0,a09baa9620620eb012f5ddd6b5ca6dd7efd75fb0c8b55678f3f3e6206d444643,2025-06-12T16:06:20.180000
 CVE-2025-4975,0,0,e6592341c2d044f9e5e990b69dac44d61e569344ba65d2de38b936ca41ba415e,2025-05-23T15:54:42.643000
+CVE-2025-49763,1,1,f2ccd03af066720719d6adaf3d9ebe904f6737d1d40001bdb18c48fb16111c52,2025-06-19T10:15:21.887000
 CVE-2025-4977,0,0,935be558c641a049de0d5b17bd3afe70e433fc81aba4e94570f5c7e91d239ae4,2025-06-12T16:22:28.493000
 CVE-2025-4978,0,0,d687371ad5129a9bb5f335e51aa4bb2d4a1326e0f7b71156d03d5b7e69122f96,2025-06-12T16:22:12.217000
 CVE-2025-49785,0,0,fd0fa622bbf29f7044dd85605545512ef46620979dc70d00d503421325e1d0a3,2025-06-11T03:15:22.123000
@ -297897,6 +297901,7 @@ CVE-2025-5065,0,0,8fc53b66fe42da4959811ef54b22b91af2bd35c9f4f954731cade0848a818f
 CVE-2025-5066,0,0,c2e1df9fe6cae5990ac135a3976d91b02429d110b23d2797a3b2dababf03dd2d,2025-05-29T15:50:51.310000
 CVE-2025-5067,0,0,cf2723dbc4b2f797991ebafc1c2cb069497cee2d74a6a84ebec9dcde1e0dd29e,2025-05-29T15:50:43.240000
 CVE-2025-5068,0,0,743f6f8e9f7972849bbf135b58a69c40f5a6f921a1bb6da952423dea4534ee5a,2025-06-05T14:11:10.430000
+CVE-2025-5071,1,1,3b2deef9236f3c759cda3ca3d7c218b19b13648226fc3eecf9f17094b26eaf9e,2025-06-19T10:15:22.027000
 CVE-2025-5073,0,0,a1230535d583b5f466b5fe2615cca31afcba55333f600b324f190ec047a41d18,2025-06-05T20:13:49.707000
 CVE-2025-5074,0,0,b32e6a163eb96eec8f69e51ca7a85c7da766b8b9d224e7b4f2f300a52a5b9bc3,2025-06-05T20:14:07.020000
 CVE-2025-5075,0,0,e2d063c837a04b124fb91d6969390128004202435ff9c54fbec941e95c405ada,2025-05-23T15:55:02.040000
@ -298030,6 +298035,7 @@ CVE-2025-5230,0,0,9fadea541076e74f479fb5b5289a700110bb92230bc9a76add28f6c782b2ab
 CVE-2025-5231,0,0,933bca2cb9baedec07e689266f247371c054ab08b67bfc89de515eda8b6db129,2025-06-10T15:11:56.957000
 CVE-2025-5232,0,0,1b45026e75247a7322427bb058f27ed5717a2e44e9ed2a15532ca07a8f6c71a6,2025-06-10T15:12:09.197000
 CVE-2025-5233,0,0,6ecf1c2c649b0793b0fa703353d52d82c83e36cf0edf8150a0b10fa91cf5098a,2025-06-16T12:32:18.840000
+CVE-2025-5234,1,1,a5f38e2a75e738bb7b3ede233cac90ad6712ee44816591b20f46ec0889585028,2025-06-19T10:15:22.250000
 CVE-2025-5235,0,0,9f99135aac66ddf72cbc0dbdd83c4db7648e86e689f203314291273a812d09e8,2025-06-04T18:29:21.090000
 CVE-2025-5236,0,0,21b3f9a42248749cfd7dac46ffac19b1b1d972c6879013b8f47a703a60b1c09a,2025-06-04T18:30:22.220000
 CVE-2025-5237,0,0,9b708dfb250572e0ef36b1ce4d11e9c0580aaf815c8ffd6bf6c2ee5f802ff777,2025-06-18T13:46:52.973000