diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20861.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20861.json index e5e8bb60412..2a29e6e2a38 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20861.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20861.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20861", "sourceIdentifier": "security@vmware.com", "published": "2023-03-23T21:15:19.737", - "lastModified": "2024-11-21T07:41:42.780", + "lastModified": "2025-02-25T16:15:33.623", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20968.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20968.json index 14bb1b730af..ac552d50870 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20968.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20968.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20968", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:10.643", - "lastModified": "2024-11-21T07:41:55.277", + "lastModified": "2025-02-25T16:15:34.150", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20969.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20969.json index e262a1d20f6..5f73e641846 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20969.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20969.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20969", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:10.687", - "lastModified": "2024-11-21T07:41:55.387", + "lastModified": "2025-02-25T16:15:34.367", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20970.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20970.json index 4482939cea3..ba46a535cdf 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20970.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20970.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20970", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:10.793", - "lastModified": "2024-11-21T07:41:55.497", + "lastModified": "2025-02-25T16:15:34.523", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20971.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20971.json index e8d657a0271..fdbca6be217 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20971.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20971.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20971", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:10.913", - "lastModified": "2024-11-21T07:41:55.593", + "lastModified": "2025-02-25T16:15:34.683", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20972.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20972.json index 5667dcba6cb..076b6669f21 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20972.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20972.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20972", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:11.040", - "lastModified": "2024-11-21T07:41:55.707", + "lastModified": "2025-02-25T16:15:34.883", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-119" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20973.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20973.json index d7cb7b55ee0..e5ef4fc0a7c 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20973.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20973.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20973", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:11.157", - "lastModified": "2024-11-21T07:41:55.820", + "lastModified": "2025-02-25T16:15:35.037", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20974.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20974.json index abf77fb3dcd..fb7dc893c38 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20974.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20974.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20974", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:11.283", - "lastModified": "2024-11-21T07:41:55.927", + "lastModified": "2025-02-25T16:15:35.193", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20975.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20975.json index 17883236ee3..10ea5e8fd84 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20975.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20975.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20975", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:11.330", - "lastModified": "2024-11-21T07:41:56.030", + "lastModified": "2025-02-25T16:15:35.350", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20977.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20977.json index 37928842d31..24d269fb364 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20977.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20977.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20977", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:11.417", - "lastModified": "2024-11-21T07:41:56.280", + "lastModified": "2025-02-25T16:15:35.503", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20995.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20995.json index 2f64fe32d16..fe1a615c40f 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20995.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20995.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20995", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:12.227", - "lastModified": "2024-11-21T07:41:58.143", + "lastModified": "2025-02-25T15:15:12.877", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21022.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21022.json index f9e71ce7601..b3c19c0b70c 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21022.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21022.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21022", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.360", - "lastModified": "2024-11-21T07:42:01.107", + "lastModified": "2025-02-25T16:15:35.653", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21024.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21024.json index be81dcab703..eeb18b9469b 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21024.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21024.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21024", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.393", - "lastModified": "2024-11-21T07:42:01.237", + "lastModified": "2025-02-25T16:15:35.813", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-693" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21025.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21025.json index 6117f7c28fe..26f85c54058 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21025.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21025.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21025", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.430", - "lastModified": "2024-11-21T07:42:01.357", + "lastModified": "2025-02-25T16:15:35.967", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21026.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21026.json index 3ad233b1aee..4d177c942ff 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21026.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21026.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21026", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.467", - "lastModified": "2024-11-21T07:42:01.470", + "lastModified": "2025-02-25T16:15:36.127", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21027.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21027.json index 43d1aec0bbf..bc8a9e1b8f2 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21027.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21027.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21027", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.507", - "lastModified": "2024-11-21T07:42:01.593", + "lastModified": "2025-02-25T16:15:36.280", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21028.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21028.json index f7f16a02978..34c11b7ec1e 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21028.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21028.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21028", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.543", - "lastModified": "2024-11-21T07:42:01.710", + "lastModified": "2025-02-25T15:15:13.020", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21029.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21029.json index c784b72837f..17df4872444 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21029.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21029.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21029", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.583", - "lastModified": "2024-11-21T07:42:01.830", + "lastModified": "2025-02-25T15:15:13.227", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-862" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21030.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21030.json index 6e635b108ec..cee9ac74c09 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21030.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21030.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21030", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.620", - "lastModified": "2024-11-21T07:42:01.950", + "lastModified": "2025-02-25T15:15:13.593", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-415" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21031.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21031.json index 487b0cc1ae1..b3fabf4a5df 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21031.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21031.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21031", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.657", - "lastModified": "2024-11-21T07:42:02.060", + "lastModified": "2025-02-25T15:15:13.787", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.0, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-362" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21032.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21032.json index cf45e11dffb..dd89ee94140 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21032.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21032.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21032", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.690", - "lastModified": "2024-11-21T07:42:02.163", + "lastModified": "2025-02-25T15:15:14.000", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21033.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21033.json index 000ccf77e17..8b8b1b2c621 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21033.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21033.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21033", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.723", - "lastModified": "2024-11-21T07:42:02.270", + "lastModified": "2025-02-25T15:15:14.183", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-400" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21035.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21035.json index 6c62c304707..d6f69046df8 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21035.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21035.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21035", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.797", - "lastModified": "2024-11-21T07:42:02.493", + "lastModified": "2025-02-25T15:15:14.387", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-863" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21036.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21036.json index 7a865b40daf..79fbe824820 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21036.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21036.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21036", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.827", - "lastModified": "2024-11-21T07:42:02.600", + "lastModified": "2025-02-25T15:15:14.563", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21038.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21038.json index a0e579d9e66..7a1429fd0c4 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21038.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21038.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21038", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.863", - "lastModified": "2024-11-21T07:42:02.717", + "lastModified": "2025-02-25T15:15:14.767", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21039.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21039.json index aefcb12feb1..233e203935f 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21039.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21039.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21039", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.903", - "lastModified": "2024-11-21T07:42:02.840", + "lastModified": "2025-02-25T15:15:14.977", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21040.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21040.json index fee7c75b620..bd212c5da09 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21040.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21040.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21040", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.940", - "lastModified": "2024-11-21T07:42:02.957", + "lastModified": "2025-02-25T15:15:15.170", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21041.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21041.json index d65e48f3877..9a48a78bff2 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21041.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21041.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21041", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:13.987", - "lastModified": "2024-11-21T07:42:03.070", + "lastModified": "2025-02-25T15:15:15.330", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21043.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21043.json index a4217115779..7bb4995761e 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21043.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21043.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21043", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:14.057", - "lastModified": "2024-11-21T07:42:03.320", + "lastModified": "2025-02-25T15:15:15.503", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25574.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25574.json new file mode 100644 index 00000000000..23220801fe9 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25574.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-25574", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-02-25T15:15:16.227", + "lastModified": "2025-02-25T15:15:16.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/jupyterhub/ltiauthenticator/blob/main/CHANGELOG.md#140---2023-03-01", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-mcgx-2gcr-p3hp", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34192.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34192.json index b2e09d1b4af..57e19e6f88b 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34192.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34192.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34192", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-06T16:15:10.047", - "lastModified": "2024-11-21T08:06:44.597", + "lastModified": "2025-02-25T16:15:37.070", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11955.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11955.json new file mode 100644 index 00000000000..e08df9f4009 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11955.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-11955", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-25T16:15:37.303", + "lastModified": "2025-02-25T16:15:37.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.18", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.451775", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12424.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12424.json new file mode 100644 index 00000000000..9f8c5ab5951 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12424.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-12424", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-25T15:15:21.273", + "lastModified": "2025-02-25T15:15:21.273", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-24592. Reason: This candidate is a reservation duplicate of CVE-2025-24592. Notes: All CVE users should reference CVE-2025-24592 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12877.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12877.json index 0f91f74a261..137c618a23d 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12877.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12877.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12877", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-11T08:15:26.127", - "lastModified": "2025-01-11T08:15:26.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:53:19.030", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.19.2", + "matchCriteriaId": "FA789624-B2FF-479C-AB1F-9AC21DBA013F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3212723/give/tags/3.19.3/src/Helpers/Utils.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2143edf-5423-4e79-8638-a5b98490d292?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13318.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13318.json index 33b4f2092ec..aee98c65e94 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13318.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13318.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13318", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-10T12:15:24.257", - "lastModified": "2025-01-10T12:15:24.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:49:28.007", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,23 +42,57 @@ "weaknesses": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-463" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartdatasoft:essential_wp_real_estate:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.3", + "matchCriteriaId": "C4B9EA2F-3947-4A7D-BA14-11B17B6BD4BB" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/essential-wp-real-estate/trunk/src/Common/Ajax/Ajax.php#L724", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a1a9e22-d174-43fc-aab6-f6968067a290?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json index 59902ea3085..c299a749938 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25928.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25928", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-23T12:15:46.467", - "lastModified": "2024-11-21T09:01:35.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:38:49.633", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sitepact:contact_form_7_extension_for_klaviyo:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.0", + "matchCriteriaId": "6B069F7C-0AB9-41B4-8ACD-2D9B013C7A9C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29130.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29130.json index 547ddc54ec1..a038a8cae04 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29130.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29130.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29130", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:08.460", - "lastModified": "2024-11-21T09:07:37.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:30:29.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpplugin:paypal_\\&_stripe_add-on:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1", + "matchCriteriaId": "7B61A2FA-8E6E-4009-9EB0-55749E850F60" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29134.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29134.json index ee1d790cb70..135e2b186f7 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29134.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29134.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29134", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:08.690", - "lastModified": "2024-11-21T09:07:37.813", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:24:13.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themefic:tourfic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.11.9", + "matchCriteriaId": "0E972D83-3ED9-4186-8DBA-8985B28FA70D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29135.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29135.json index be28d858bf2..d753479c3be 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29135.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29135.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29135", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:08.900", - "lastModified": "2024-11-21T09:07:37.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:24:28.333", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themefic:tourfic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.11.16", + "matchCriteriaId": "5687760B-63ED-45FA-94E6-27CDE4A34DFB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29136.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29136.json index e15de6cf7ff..d1f379e5244 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29136.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29136.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29136", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:09.093", - "lastModified": "2024-11-21T09:07:38.090", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:22:52.013", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themefic:tourfic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.11.19", + "matchCriteriaId": "DDCEE1BD-F21F-4433-A561-A7E3C4B91D9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34034.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34034.json new file mode 100644 index 00000000000..3bb5694351d --- /dev/null +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34034.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-34034", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-25T15:15:21.513", + "lastModified": "2025-02-25T15:15:21.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/fklement/3a43dbb9fb361dddd8db7703080ade0f", + "source": "cve@mitre.org" + }, + { + "url": "https://gitlab.eurecom.fr/mosaic5g/flexric/-/tags/v2.0.0", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34035.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34035.json new file mode 100644 index 00000000000..f51f648c4a0 --- /dev/null +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34035.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-34035", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-25T15:15:21.630", + "lastModified": "2025-02-25T15:15:21.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/fklement/3a43dbb9fb361dddd8db7703080ade0f", + "source": "cve@mitre.org" + }, + { + "url": "https://jira.o-ran-sc.org/browse/RIC-1056", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34036.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34036.json new file mode 100644 index 00000000000..0fcbe1e97a7 --- /dev/null +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34036.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-34036", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-25T15:15:21.740", + "lastModified": "2025-02-25T15:15:21.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/fklement/3a43dbb9fb361dddd8db7703080ade0f", + "source": "cve@mitre.org" + }, + { + "url": "https://jira.o-ran-sc.org/browse/RIC-1057", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53544.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53544.json index 6fcd2151eb6..6d5d744e383 100644 --- a/CVE-2024/CVE-2024-535xx/CVE-2024-53544.json +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53544.json @@ -2,16 +2,55 @@ "id": "CVE-2024-53544", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-24T23:15:10.663", - "lastModified": "2025-02-24T23:15:10.663", + "lastModified": "2025-02-25T15:15:21.900", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x a v8.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del m\u00e9todo getCookieNames en el endpoint smarttimeplus/MySQLConnection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://secure77.de/smart-time-plus-rce-cve-2024-53543/", diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54444.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54444.json new file mode 100644 index 00000000000..fe0876c173e --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54444.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-54444", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:22.053", + "lastModified": "2025-02-25T15:15:22.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/elementor/vulnerability/wordpress-elementor-plugin-3-25-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56525.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56525.json index 465372f67a5..bc053852a9c 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56525.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56525.json @@ -2,16 +2,55 @@ "id": "CVE-2024-56525", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-24T23:15:10.793", - "lastModified": "2025-02-24T23:15:10.793", + "lastModified": "2025-02-25T15:15:22.190", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin." + }, + { + "lang": "es", + "value": " En Public Knowledge Project (PKP) OJS, OMP y OPS anteriores a 3.3.0.21 y 3.4.x anteriores a 3.4.0.8, un ataque XXE por parte del rol de editor de la revista puede crear un nuevo rol como superadministrador en el contexto de la revista e insertar un complemento de puerta trasera, cargando un documento XML manipulado como un complemento XML de usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://openjournaltheme.com/user-xml-fatal-vulnerabilities-for-ojs-omp-ops-3-3-0-21-cve-2024-56525/", diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21179.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21179.json index 6664b651d2e..69738788f33 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21179.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21179.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21179", "sourceIdentifier": "secure@microsoft.com", "published": "2025-02-11T18:15:29.343", - "lastModified": "2025-02-11T18:15:29.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:56:10.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,6 +42,16 @@ "weaknesses": [ { "source": "secure@microsoft.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, + { + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -51,10 +61,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "9FD60A47-7402-461D-84C4-61E77764DF16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "B73CB8E1-D854-4A3C-AF7A-25CCC5B9BE7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21179", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21181.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21181.json index 129175aa4e6..321bafe3309 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21181.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21181.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21181", "sourceIdentifier": "secure@microsoft.com", "published": "2025-02-11T18:15:29.553", - "lastModified": "2025-02-11T18:15:29.553", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:58:10.650", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,166 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-400" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20915", + "matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20915", + "matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.7785", + "matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.7785", + "matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.6893", + "matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.6893", + "matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.5487", + "matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.5487", + "matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.4890", + "matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.4890", + "matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.3194", + "matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.7785", + "matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6893", + "matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.3207", + "matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.25398.1425", + "matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.26100.3194", + "matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21181", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21182.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21182.json index 78707684927..114d77c91b0 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21182.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21182.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21182", "sourceIdentifier": "secure@microsoft.com", "published": "2025-02-11T18:15:29.797", - "lastModified": "2025-02-11T18:15:29.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:59:25.820", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,57 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-415" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "9FD60A47-7402-461D-84C4-61E77764DF16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "B73CB8E1-D854-4A3C-AF7A-25CCC5B9BE7C" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21182", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21183.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21183.json index ccbb7e66126..99f47201e95 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21183.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21183.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21183", "sourceIdentifier": "secure@microsoft.com", "published": "2025-02-11T18:15:29.993", - "lastModified": "2025-02-11T18:15:29.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T17:00:06.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,57 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-415" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "9FD60A47-7402-461D-84C4-61E77764DF16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.26100.3107", + "matchCriteriaId": "B73CB8E1-D854-4A3C-AF7A-25CCC5B9BE7C" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21183", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21626.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21626.json new file mode 100644 index 00000000000..d4ac64f34a8 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21626.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-21626", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-02-25T16:15:37.663", + "lastModified": "2025-02-25T16:15:37.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.18", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5vvr-pxwf-3w77", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21627.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21627.json new file mode 100644 index 00000000000..bf8a5ae352b --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21627.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-21627", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-02-25T16:15:37.863", + "lastModified": "2025-02-25T16:15:37.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-227xx/CVE-2025-22787.json b/CVE-2025/CVE-2025-227xx/CVE-2025-22787.json index f801573b43d..735556fcf3f 100644 --- a/CVE-2025/CVE-2025-227xx/CVE-2025-22787.json +++ b/CVE-2025/CVE-2025-227xx/CVE-2025-22787.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22787", "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-15T16:15:41.603", - "lastModified": "2025-01-15T16:15:41.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T15:41:08.223", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bplugins:button_block:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.6", + "matchCriteriaId": "88BCC4D2-C30C-4119-A151-501CE0F40D80" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/button-block/vulnerability/wordpress-button-block-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22815.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22815.json index 4896c81acdb..9b97e98ceee 100644 --- a/CVE-2025/CVE-2025-228xx/CVE-2025-22815.json +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22815.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22815", "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-09T16:16:31.543", - "lastModified": "2025-01-09T16:16:31.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:55:23.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bplugins:button_block:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.7", + "matchCriteriaId": "FEA24328-8D3B-4BAB-95BF-85A26D676C82" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/button-block/vulnerability/wordpress-button-block-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22974.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22974.json index 4d9a5a913a5..6c4c3bc9e58 100644 --- a/CVE-2025/CVE-2025-229xx/CVE-2025-22974.json +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22974.json @@ -2,16 +2,55 @@ "id": "CVE-2025-22974", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-24T23:15:11.033", - "lastModified": "2025-02-24T23:15:11.033", + "lastModified": "2025-02-25T15:15:23.097", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en SeaCMS v.13.2 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro DoTranExecSql en el componente phome.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/202110420106/CVE/blob/master/seacms/CVE-2025-22974.md", diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23024.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23024.json new file mode 100644 index 00000000000..d9a8893ee42 --- /dev/null +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23024.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-23024", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-02-25T16:15:38.053", + "lastModified": "2025-02-25T16:15:38.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.18", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-885x-hvp2-85q8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23110.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23110.json index 5f6d053f3de..fb9dabef944 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23110.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23110.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23110", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-10T22:15:27.550", - "lastModified": "2025-01-10T22:15:27.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:46:57.373", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,12 +69,42 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vanderbilt:redcap:14.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "9A7B89E2-F504-45AE-8AB3-D1E31B2DD5EF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_VVVVVV/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23111.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23111.json index 77d3b20d958..0daa5bca2f9 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23111.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23111.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23111", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-10T22:15:27.723", - "lastModified": "2025-01-10T22:15:27.723", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:16:50.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,12 +69,42 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vanderbilt:redcap:14.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "9A7B89E2-F504-45AE-8AB3-D1E31B2DD5EF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_YYYY/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23112.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23112.json index 6dc779d9346..368fd4a618a 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23112.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23112.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23112", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-10T22:15:27.863", - "lastModified": "2025-01-10T22:15:27.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:14:20.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,12 +69,42 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vanderbilt:redcap:14.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "9A7B89E2-F504-45AE-8AB3-D1E31B2DD5EF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_ZZZZ/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json index fb49a486c9a..cf278e1ef47 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23113", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-10T22:15:28.023", - "lastModified": "2025-01-10T23:15:08.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-25T16:11:55.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,12 +69,42 @@ "value": "CWE-352" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vanderbilt:redcap:14.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "9A7B89E2-F504-45AE-8AB3-D1E31B2DD5EF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_XXX/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26594.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26594.json new file mode 100644 index 00000000000..c6948f59848 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26594.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26594", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:38.227", + "lastModified": "2025-02-25T16:15:38.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26594", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345248", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26595.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26595.json new file mode 100644 index 00000000000..b5d85634328 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26595.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26595", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:38.390", + "lastModified": "2025-02-25T16:15:38.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26595", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345257", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json new file mode 100644 index 00000000000..10b6240d3b2 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26596", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:38.603", + "lastModified": "2025-02-25T16:15:38.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26596", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345256", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26597.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26597.json new file mode 100644 index 00000000000..237063d7eb4 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26597.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26597", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:38.797", + "lastModified": "2025-02-25T16:15:38.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26597", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345255", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26598.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26598.json new file mode 100644 index 00000000000..e3416832d12 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26598.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26598", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:38.977", + "lastModified": "2025-02-25T16:15:38.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26598", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26599.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26599.json new file mode 100644 index 00000000000..30522974546 --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26599.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26599", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:39.163", + "lastModified": "2025-02-25T16:15:39.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26599", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345253", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26600.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26600.json new file mode 100644 index 00000000000..4a8ae242256 --- /dev/null +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26600.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26600", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:39.350", + "lastModified": "2025-02-25T16:15:39.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26600", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26601.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26601.json new file mode 100644 index 00000000000..0b3a0d11ba9 --- /dev/null +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26601.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-26601", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-02-25T16:15:39.537", + "lastModified": "2025-02-25T16:15:39.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-26601", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26751.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26751.json new file mode 100644 index 00000000000..c4e3ad578ba --- /dev/null +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26751.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26751", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:23.457", + "lastModified": "2025-02-25T15:15:23.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination allows Reflected XSS. This issue affects Alphabetic Pagination: from n/a through 3.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/alphabetic-pagination/vulnerability/wordpress-alphabetic-pagination-plugin-3-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26752.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26752.json new file mode 100644 index 00000000000..b4fe570e434 --- /dev/null +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26752.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26752", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:23.597", + "lastModified": "2025-02-25T15:15:23.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-videowhisper-live-streaming-integration-plugin-6-2-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26753.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26753.json new file mode 100644 index 00000000000..b7cd71c9a12 --- /dev/null +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26753.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26753", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:23.750", + "lastModified": "2025-02-25T15:15:23.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-videowhisper-live-streaming-integration-plugin-6-2-arbitrary-file-download-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26868.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26868.json new file mode 100644 index 00000000000..8c1c668ed87 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26868.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26868", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:23.903", + "lastModified": "2025-02-25T15:15:23.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow allows Reflected XSS. This issue affects Fast Flow: from n/a through 1.2.16." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fast-flow-dashboard/vulnerability/wordpress-fast-flow-plugin-1-2-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26871.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26871.json new file mode 100644 index 00000000000..ae655bb41fc --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26871.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26871", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.040", + "lastModified": "2025-02-25T15:15:24.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-8-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26876.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26876.json new file mode 100644 index 00000000000..782992e01c3 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26876.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-26876", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.180", + "lastModified": "2025-02-25T15:15:24.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/search-with-typesense/vulnerability/wordpress-search-with-typesense-plugin-2-0-8-path-traversal-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json new file mode 100644 index 00000000000..0d0e6027406 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-26877", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.380", + "lastModified": "2025-02-25T15:15:24.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/front-end-only-users/vulnerability/wordpress-front-end-users-plugin-3-2-30-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26878.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26878.json new file mode 100644 index 00000000000..3d244b91472 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26878.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26878", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.560", + "lastModified": "2025-02-25T15:15:24.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products allows DOM-Based XSS. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.8.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/autoship-cloud/vulnerability/wordpress-autoship-cloud-for-woocommerce-subscription-products-plugin-2-8-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26881.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26881.json new file mode 100644 index 00000000000..fb8dcf3462b --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26881.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26881", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.690", + "lastModified": "2025-02-25T15:15:24.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Sticky Content allows Stored XSS. This issue affects Sticky Content: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sticky-menu-block/vulnerability/wordpress-sticky-content-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26882.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26882.json new file mode 100644 index 00000000000..a4188ccbed9 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26882.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26882", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.837", + "lastModified": "2025-02-25T15:15:24.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder allows Stored XSS. This issue affects Popup Builder: from n/a through 1.1.33." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-notify-lite/vulnerability/wordpress-popup-builder-plugin-1-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26884.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26884.json new file mode 100644 index 00000000000..e67838cc56c --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26884.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26884", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:24.977", + "lastModified": "2025-02-25T15:15:24.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 10.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/greenshift-animation-and-page-builder-blocks/vulnerability/wordpress-greenshift-plugin-10-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26887.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26887.json new file mode 100644 index 00000000000..dca3d493048 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26887.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26887", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.117", + "lastModified": "2025-02-25T15:15:25.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.21.35." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/elisqlreports/vulnerability/wordpress-ez-sql-reports-shortcode-widget-and-db-backup-plugin-5-21-35-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26891.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26891.json new file mode 100644 index 00000000000..effba73d4c5 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26891.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26891", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.253", + "lastModified": "2025-02-25T15:15:25.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana allows Stored XSS. This issue affects Ibtana: from n/a through 1.2.4.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ibtana-visual-editor/vulnerability/wordpress-ibtana-wordpress-website-builder-plugin-1-2-4-9-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26893.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26893.json new file mode 100644 index 00000000000..ad780c97082 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26893.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26893", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.390", + "lastModified": "2025-02-25T15:15:25.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Potphode Easy Charts allows DOM-Based XSS. This issue affects Easy Charts: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-charts/vulnerability/wordpress-easy-charts-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26896.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26896.json new file mode 100644 index 00000000000..491f7b1e55a --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26896.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26896", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.527", + "lastModified": "2025-02-25T15:15:25.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vpiwigo PiwigoPress allows Stored XSS. This issue affects PiwigoPress: from n/a through 2.33." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/piwigopress/vulnerability/wordpress-piwigopress-plugin-2-33-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26897.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26897.json new file mode 100644 index 00000000000..467227eded3 --- /dev/null +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26897.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26897", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.690", + "lastModified": "2025-02-25T15:15:25.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baden List Related Attachments allows DOM-Based XSS. This issue affects List Related Attachments: from n/a through 2.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/list-related-attachments-widget/vulnerability/wordpress-list-related-attachments-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26900.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26900.json new file mode 100644 index 00000000000..f4bd56d767f --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26900.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26900", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.853", + "lastModified": "2025-02-25T15:15:25.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in flexmls Flexmls\u00ae IDX allows Object Injection. This issue affects Flexmls\u00ae IDX: from n/a through 3.14.27." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flexmls-idx/vulnerability/wordpress-flexmls-idx-plugin-plugin-3-14-27-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26904.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26904.json new file mode 100644 index 00000000000..91c84686985 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26904.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26904", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:25.990", + "lastModified": "2025-02-25T15:15:25.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gal_op WP Responsive Auto Fit Text allows DOM-Based XSS. This issue affects WP Responsive Auto Fit Text: from n/a through 0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-responsive-slab-text/vulnerability/wordpress-wp-responsive-auto-fit-text-plugin-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26905.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26905.json new file mode 100644 index 00000000000..70b4e5f9fbf --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26905.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26905", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.127", + "lastModified": "2025-02-25T15:15:26.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik allows PHP Local File Inclusion. This issue affects Estatik: from n/a through 4.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/estatik/vulnerability/wordpress-estatik-plugin-4-1-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26907.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26907.json new file mode 100644 index 00000000000..dd3050f1a17 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26907.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26907", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.263", + "lastModified": "2025-02-25T15:15:26.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Mortgage Calculator Estatik allows Stored XSS. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/estatik-mortgage-calculator/vulnerability/wordpress-estatik-mortgage-calculator-plugin-2-0-12-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26911.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26911.json new file mode 100644 index 00000000000..cd4d849848f --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26911.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26911", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.393", + "lastModified": "2025-02-25T15:15:26.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/system-dashboard/vulnerability/wordpress-system-dashboard-plugin-2-8-18-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26912.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26912.json new file mode 100644 index 00000000000..306e55306d3 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26912.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26912", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.530", + "lastModified": "2025-02-25T15:15:26.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-elementor-addons/vulnerability/wordpress-easy-elementor-addons-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26913.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26913.json new file mode 100644 index 00000000000..b6d83dc2495 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26913.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26913", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.663", + "lastModified": "2025-02-25T15:15:26.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress allows DOM-Based XSS. This issue affects AR For WordPress: from n/a through 7.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ar-for-wordpress/vulnerability/wordpress-ar-for-wordpress-plugin-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26915.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26915.json new file mode 100644 index 00000000000..13b65fd9f80 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26915.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26915", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.793", + "lastModified": "2025-02-25T15:15:26.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26926.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26926.json new file mode 100644 index 00000000000..5a3e580321e --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26926.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26926", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:26.930", + "lastModified": "2025-02-25T15:15:26.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in NotFound Booknetic. This issue affects Booknetic: from n/a through 4.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/booknetic/vulnerability/wordpress-booknetic-plugin-4-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26928.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26928.json new file mode 100644 index 00000000000..56115aefc70 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26928.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26928", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.067", + "lastModified": "2025-02-25T15:15:27.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Limit for WooCommerce: from n/a through 3.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-order-limit-lite/vulnerability/wordpress-order-limit-for-woocommerce-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26931.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26931.json new file mode 100644 index 00000000000..ad7d5d9d0de --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26931.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26931", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.200", + "lastModified": "2025-02-25T15:15:27.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting allows Stored XSS. This issue affects Tribulant Gallery Voting: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gallery-voting/vulnerability/wordpress-tribulant-gallery-voting-plugin-1-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26932.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26932.json new file mode 100644 index 00000000000..5a844dd92a9 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26932.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26932", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.337", + "lastModified": "2025-02-25T15:15:27.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/chatbot/vulnerability/wordpress-wpbot-plugin-6-3-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26935.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26935.json new file mode 100644 index 00000000000..e91c00bf9ef --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26935.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26935", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.470", + "lastModified": "2025-02-25T15:15:27.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26937.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26937.json new file mode 100644 index 00000000000..688a25c9d35 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26937.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26937", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.607", + "lastModified": "2025-02-25T15:15:27.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block allows Stored XSS. This issue affects Icon List Block: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/icon-list-block/vulnerability/wordpress-icon-list-block-plugin-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26938.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26938.json new file mode 100644 index 00000000000..4ed42792b44 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26938.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26938", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.747", + "lastModified": "2025-02-25T15:15:27.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Countdown Timer allows Stored XSS. This issue affects Countdown Timer: from n/a through 1.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/countdown-time/vulnerability/wordpress-countdown-timer-block-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26939.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26939.json new file mode 100644 index 00000000000..448aaa09af8 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26939.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26939", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:27.883", + "lastModified": "2025-02-25T15:15:27.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Counters Block allows Stored XSS. This issue affects Counters Block: from n/a through 1.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/counters-block/vulnerability/wordpress-counters-block-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26943.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26943.json new file mode 100644 index 00000000000..78faa64cc8d --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26943.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26943", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.030", + "lastModified": "2025-02-25T15:15:28.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in J\u00fcrgen M\u00fcller Easy Quotes allows Blind SQL Injection. This issue affects Easy Quotes: from n/a through 1.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-quotes/vulnerability/wordpress-easy-quotes-plugin-1-2-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26945.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26945.json new file mode 100644 index 00000000000..5ed16c786a9 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26945.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26945", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.177", + "lastModified": "2025-02-25T15:15:28.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Info Cards \u2013 Gutenberg block for creating Beautiful Cards allows Stored XSS. This issue affects Info Cards \u2013 Gutenberg block for creating Beautiful Cards: from n/a through 1.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/info-cards/vulnerability/wordpress-info-cards-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26946.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26946.json new file mode 100644 index 00000000000..f1eddb21949 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26946.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26946", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.320", + "lastModified": "2025-02-25T15:15:28.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Yelp Review Slider allows Blind SQL Injection. This issue affects WP Yelp Review Slider: from n/a through 8.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-yelp-review-slider/vulnerability/wordpress-wp-yelp-review-slider-plugin-8-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26947.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26947.json new file mode 100644 index 00000000000..a5b6d2ddfae --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26947.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26947", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.457", + "lastModified": "2025-02-25T15:15:28.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Services Section block allows Stored XSS. This issue affects Services Section block: from n/a through 1.3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/services-section/vulnerability/wordpress-services-section-block-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26948.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26948.json new file mode 100644 index 00000000000..c4a170a2820 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26948.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26948", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.597", + "lastModified": "2025-02-25T15:15:28.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pie-register-premium/vulnerability/wordpress-pie-register-premium-plugin-3-8-3-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26949.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26949.json new file mode 100644 index 00000000000..cea599838b4 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26949.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26949", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.733", + "lastModified": "2025-02-25T15:15:28.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Team Section Block allows Stored XSS. This issue affects Team Section Block: from n/a through 1.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/team-section/vulnerability/wordpress-team-section-block-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26952.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26952.json new file mode 100644 index 00000000000..48928a44308 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26952.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26952", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:28.870", + "lastModified": "2025-02-25T15:15:28.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Business Card Block allows Stored XSS. This issue affects Business Card Block: from n/a through 1.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/business-card-block/vulnerability/wordpress-business-card-block-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26957.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26957.json new file mode 100644 index 00000000000..de073378d22 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26957.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26957", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.010", + "lastModified": "2025-02-25T15:15:29.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons allows PHP Local File Inclusion. This issue affects Affiliate Coupons: from n/a through 1.7.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/affiliate-coupons/vulnerability/wordpress-affiliate-coupons-plugin-1-7-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26960.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26960.json new file mode 100644 index 00000000000..d86d24d22ee --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26960.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26960", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.150", + "lastModified": "2025-02-25T15:15:29.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in enituretechnology Small Package Quotes \u2013 Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes \u2013 Unishippers Edition: from n/a through 2.4.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-unishippers-edition/vulnerability/wordpress-small-package-quotes-unishippers-edition-plugin-2-4-9-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26962.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26962.json new file mode 100644 index 00000000000..130832606af --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26962.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26962", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.290", + "lastModified": "2025-02-25T15:15:29.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-lite/vulnerability/wordpress-contact-form-plugin-plugin-1-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26963.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26963.json new file mode 100644 index 00000000000..b79454d0356 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26963.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26963", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.420", + "lastModified": "2025-02-25T15:15:29.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/clickwhale/vulnerability/wordpress-clickwhale-plugin-2-4-3-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26964.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26964.json new file mode 100644 index 00000000000..2ae4a8fb73a --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26964.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26964", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.557", + "lastModified": "2025-02-25T15:15:29.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-plugin-4-0-20-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26965.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26965.json new file mode 100644 index 00000000000..d0f17be1d95 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26965.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26965", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.703", + "lastModified": "2025-02-25T15:15:29.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Amelia: from n/a through 1.2.16." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ameliabooking/vulnerability/wordpress-amelia-plugin-1-2-16-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26966.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26966.json new file mode 100644 index 00000000000..9f1f1286f36 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26966.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26966", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:29.870", + "lastModified": "2025-02-25T15:15:29.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-unauthenticated-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26971.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26971.json new file mode 100644 index 00000000000..14ed76c8063 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26971.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26971", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.017", + "lastModified": "2025-02-25T15:15:30.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-6-5-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26974.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26974.json new file mode 100644 index 00000000000..20ee20a37dd --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26974.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26974", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.153", + "lastModified": "2025-02-25T15:15:30.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-5-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26975.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26975.json new file mode 100644 index 00000000000..913f5fff7fb --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26975.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26975", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.300", + "lastModified": "2025-02-25T15:15:30.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/strong-testimonials/vulnerability/wordpress-strong-testimonials-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26977.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26977.json new file mode 100644 index 00000000000..41636c6bd88 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26977.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26977", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.443", + "lastModified": "2025-02-25T15:15:30.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 3.8, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-plugin-6-4-2-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26979.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26979.json new file mode 100644 index 00000000000..f0402e25684 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26979.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26979", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.587", + "lastModified": "2025-02-25T15:15:30.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.9.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-9-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26980.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26980.json new file mode 100644 index 00000000000..4e778a6796c --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26980.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26980", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.730", + "lastModified": "2025-02-25T15:15:30.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management allows Stored XSS. This issue affects Wired Impact Volunteer Management: from n/a through 2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wired-impact-volunteer-management/vulnerability/wordpress-wired-impact-volunteer-management-plugin-2-5-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26981.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26981.json new file mode 100644 index 00000000000..ed986320c8a --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26981.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26981", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:30.873", + "lastModified": "2025-02-25T15:15:30.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in accessiBe Web Accessibility By accessiBe allows Reflected XSS. This issue affects Web Accessibility By accessiBe: from n/a through 2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/accessibe/vulnerability/wordpress-web-accessibility-by-accessibe-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26983.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26983.json new file mode 100644 index 00000000000..58509db8659 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26983.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26983", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.043", + "lastModified": "2025-02-25T15:15:31.043", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.4.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/recipe-card-blocks-by-wpzoom/vulnerability/wordpress-recipe-card-blocks-for-gutenberg-elementor-plugin-3-4-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26985.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26985.json new file mode 100644 index 00000000000..038b521809a --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26985.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26985", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.183", + "lastModified": "2025-02-25T15:15:31.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support allows PHP Local File Inclusion. This issue affects Majestic Support: from n/a through 1.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/majestic-support/vulnerability/wordpress-majestic-support-plugin-1-0-6-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26987.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26987.json new file mode 100644 index 00000000000..8a0a8b5db5c --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26987.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26987", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.313", + "lastModified": "2025-02-25T15:15:31.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/acf-frontend-form-element/vulnerability/wordpress-frontend-admin-by-dynamiapps-plugin-3-25-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26991.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26991.json new file mode 100644 index 00000000000..1f73f386be2 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26991.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26991", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.460", + "lastModified": "2025-02-25T15:15:31.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wppizza/vulnerability/wordpress-wppizza-plugin-3-19-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26993.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26993.json new file mode 100644 index 00000000000..1d56d7b72b5 --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26993.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26993", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.590", + "lastModified": "2025-02-25T15:15:31.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/atarim-visual-collaboration/vulnerability/wordpress-visual-website-collaboration-atarim-plugin-4-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26995.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26995.json new file mode 100644 index 00000000000..e64a8014d7e --- /dev/null +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26995.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26995", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.720", + "lastModified": "2025-02-25T15:15:31.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/market-exporter/vulnerability/wordpress-market-exporter-plugin-2-0-21-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27000.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27000.json new file mode 100644 index 00000000000..0e71a2ea08b --- /dev/null +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27000.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27000", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-02-25T15:15:31.853", + "lastModified": "2025-02-25T15:15:31.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-photo-feed/vulnerability/wordpress-simple-photo-feed-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 930d9f425ad..544e7e3556d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-25T15:00:54.714631+00:00 +2025-02-25T17:01:44.477397+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-25T14:57:23.810000+00:00 +2025-02-25T17:00:06.170000+00:00 ``` ### Last Data Feed Release @@ -33,32 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -282258 +282336 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `78` -- [CVE-2024-51539](CVE-2024/CVE-2024-515xx/CVE-2024-51539.json) (`2025-02-25T14:15:31.153`) -- [CVE-2025-1262](CVE-2025/CVE-2025-12xx/CVE-2025-1262.json) (`2025-02-25T13:15:10.077`) +- [CVE-2025-26947](CVE-2025/CVE-2025-269xx/CVE-2025-26947.json) (`2025-02-25T15:15:28.457`) +- [CVE-2025-26948](CVE-2025/CVE-2025-269xx/CVE-2025-26948.json) (`2025-02-25T15:15:28.597`) +- [CVE-2025-26949](CVE-2025/CVE-2025-269xx/CVE-2025-26949.json) (`2025-02-25T15:15:28.733`) +- [CVE-2025-26952](CVE-2025/CVE-2025-269xx/CVE-2025-26952.json) (`2025-02-25T15:15:28.870`) +- [CVE-2025-26957](CVE-2025/CVE-2025-269xx/CVE-2025-26957.json) (`2025-02-25T15:15:29.010`) +- [CVE-2025-26960](CVE-2025/CVE-2025-269xx/CVE-2025-26960.json) (`2025-02-25T15:15:29.150`) +- [CVE-2025-26962](CVE-2025/CVE-2025-269xx/CVE-2025-26962.json) (`2025-02-25T15:15:29.290`) +- [CVE-2025-26963](CVE-2025/CVE-2025-269xx/CVE-2025-26963.json) (`2025-02-25T15:15:29.420`) +- [CVE-2025-26964](CVE-2025/CVE-2025-269xx/CVE-2025-26964.json) (`2025-02-25T15:15:29.557`) +- [CVE-2025-26965](CVE-2025/CVE-2025-269xx/CVE-2025-26965.json) (`2025-02-25T15:15:29.703`) +- [CVE-2025-26966](CVE-2025/CVE-2025-269xx/CVE-2025-26966.json) (`2025-02-25T15:15:29.870`) +- [CVE-2025-26971](CVE-2025/CVE-2025-269xx/CVE-2025-26971.json) (`2025-02-25T15:15:30.017`) +- [CVE-2025-26974](CVE-2025/CVE-2025-269xx/CVE-2025-26974.json) (`2025-02-25T15:15:30.153`) +- [CVE-2025-26975](CVE-2025/CVE-2025-269xx/CVE-2025-26975.json) (`2025-02-25T15:15:30.300`) +- [CVE-2025-26977](CVE-2025/CVE-2025-269xx/CVE-2025-26977.json) (`2025-02-25T15:15:30.443`) +- [CVE-2025-26979](CVE-2025/CVE-2025-269xx/CVE-2025-26979.json) (`2025-02-25T15:15:30.587`) +- [CVE-2025-26980](CVE-2025/CVE-2025-269xx/CVE-2025-26980.json) (`2025-02-25T15:15:30.730`) +- [CVE-2025-26981](CVE-2025/CVE-2025-269xx/CVE-2025-26981.json) (`2025-02-25T15:15:30.873`) +- [CVE-2025-26983](CVE-2025/CVE-2025-269xx/CVE-2025-26983.json) (`2025-02-25T15:15:31.043`) +- [CVE-2025-26985](CVE-2025/CVE-2025-269xx/CVE-2025-26985.json) (`2025-02-25T15:15:31.183`) +- [CVE-2025-26987](CVE-2025/CVE-2025-269xx/CVE-2025-26987.json) (`2025-02-25T15:15:31.313`) +- [CVE-2025-26991](CVE-2025/CVE-2025-269xx/CVE-2025-26991.json) (`2025-02-25T15:15:31.460`) +- [CVE-2025-26993](CVE-2025/CVE-2025-269xx/CVE-2025-26993.json) (`2025-02-25T15:15:31.590`) +- [CVE-2025-26995](CVE-2025/CVE-2025-269xx/CVE-2025-26995.json) (`2025-02-25T15:15:31.720`) +- [CVE-2025-27000](CVE-2025/CVE-2025-270xx/CVE-2025-27000.json) (`2025-02-25T15:15:31.853`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` +Recently modified CVEs: `50` -- [CVE-2024-10545](CVE-2024/CVE-2024-105xx/CVE-2024-10545.json) (`2025-02-25T14:15:30.517`) -- [CVE-2024-2613](CVE-2024/CVE-2024-26xx/CVE-2024-2613.json) (`2025-02-25T14:51:09.587`) -- [CVE-2024-2614](CVE-2024/CVE-2024-26xx/CVE-2024-2614.json) (`2025-02-25T14:47:29.487`) -- [CVE-2024-2615](CVE-2024/CVE-2024-26xx/CVE-2024-2615.json) (`2025-02-25T14:48:08.963`) -- [CVE-2024-2616](CVE-2024/CVE-2024-26xx/CVE-2024-2616.json) (`2025-02-25T14:46:02.957`) -- [CVE-2024-29138](CVE-2024/CVE-2024-291xx/CVE-2024-29138.json) (`2025-02-25T14:57:23.810`) -- [CVE-2025-1646](CVE-2025/CVE-2025-16xx/CVE-2025-1646.json) (`2025-02-25T14:15:31.320`) -- [CVE-2025-1676](CVE-2025/CVE-2025-16xx/CVE-2025-1676.json) (`2025-02-25T14:15:31.447`) -- [CVE-2025-22145](CVE-2025/CVE-2025-221xx/CVE-2025-22145.json) (`2025-02-25T13:15:10.927`) -- [CVE-2025-23085](CVE-2025/CVE-2025-230xx/CVE-2025-23085.json) (`2025-02-25T13:15:11.103`) -- [CVE-2025-27145](CVE-2025/CVE-2025-271xx/CVE-2025-27145.json) (`2025-02-25T14:15:31.567`) +- [CVE-2023-21039](CVE-2023/CVE-2023-210xx/CVE-2023-21039.json) (`2025-02-25T15:15:14.977`) +- [CVE-2023-21040](CVE-2023/CVE-2023-210xx/CVE-2023-21040.json) (`2025-02-25T15:15:15.170`) +- [CVE-2023-21041](CVE-2023/CVE-2023-210xx/CVE-2023-21041.json) (`2025-02-25T15:15:15.330`) +- [CVE-2023-21043](CVE-2023/CVE-2023-210xx/CVE-2023-21043.json) (`2025-02-25T15:15:15.503`) +- [CVE-2023-34192](CVE-2023/CVE-2023-341xx/CVE-2023-34192.json) (`2025-02-25T16:15:37.070`) +- [CVE-2024-12877](CVE-2024/CVE-2024-128xx/CVE-2024-12877.json) (`2025-02-25T15:53:19.030`) +- [CVE-2024-13318](CVE-2024/CVE-2024-133xx/CVE-2024-13318.json) (`2025-02-25T16:49:28.007`) +- [CVE-2024-25928](CVE-2024/CVE-2024-259xx/CVE-2024-25928.json) (`2025-02-25T15:38:49.633`) +- [CVE-2024-29130](CVE-2024/CVE-2024-291xx/CVE-2024-29130.json) (`2025-02-25T15:30:29.553`) +- [CVE-2024-29134](CVE-2024/CVE-2024-291xx/CVE-2024-29134.json) (`2025-02-25T15:24:13.637`) +- [CVE-2024-29135](CVE-2024/CVE-2024-291xx/CVE-2024-29135.json) (`2025-02-25T15:24:28.333`) +- [CVE-2024-29136](CVE-2024/CVE-2024-291xx/CVE-2024-29136.json) (`2025-02-25T15:22:52.013`) +- [CVE-2024-53544](CVE-2024/CVE-2024-535xx/CVE-2024-53544.json) (`2025-02-25T15:15:21.900`) +- [CVE-2024-56525](CVE-2024/CVE-2024-565xx/CVE-2024-56525.json) (`2025-02-25T15:15:22.190`) +- [CVE-2025-21179](CVE-2025/CVE-2025-211xx/CVE-2025-21179.json) (`2025-02-25T16:56:10.590`) +- [CVE-2025-21181](CVE-2025/CVE-2025-211xx/CVE-2025-21181.json) (`2025-02-25T16:58:10.650`) +- [CVE-2025-21182](CVE-2025/CVE-2025-211xx/CVE-2025-21182.json) (`2025-02-25T16:59:25.820`) +- [CVE-2025-21183](CVE-2025/CVE-2025-211xx/CVE-2025-21183.json) (`2025-02-25T17:00:06.170`) +- [CVE-2025-22787](CVE-2025/CVE-2025-227xx/CVE-2025-22787.json) (`2025-02-25T15:41:08.223`) +- [CVE-2025-22815](CVE-2025/CVE-2025-228xx/CVE-2025-22815.json) (`2025-02-25T16:55:23.470`) +- [CVE-2025-22974](CVE-2025/CVE-2025-229xx/CVE-2025-22974.json) (`2025-02-25T15:15:23.097`) +- [CVE-2025-23110](CVE-2025/CVE-2025-231xx/CVE-2025-23110.json) (`2025-02-25T16:46:57.373`) +- [CVE-2025-23111](CVE-2025/CVE-2025-231xx/CVE-2025-23111.json) (`2025-02-25T16:16:50.967`) +- [CVE-2025-23112](CVE-2025/CVE-2025-231xx/CVE-2025-23112.json) (`2025-02-25T16:14:20.857`) +- [CVE-2025-23113](CVE-2025/CVE-2025-231xx/CVE-2025-23113.json) (`2025-02-25T16:11:55.610`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f3f69fc02b2..e6029566097 100644 --- a/_state.csv +++ b/_state.csv @@ -215749,7 +215749,7 @@ CVE-2023-20858,0,0,427e18ddecdd57cabdcf7a2c3f0765b4fc6b3ef29cd70d30a73313181e344 CVE-2023-20859,0,0,a149fcc9e6b397e6867e61052fc9e57bb8ebda4b9da8d77d31122383a87a762f,2024-11-21T07:41:42.577000 CVE-2023-2086,0,0,4bd07e7f4519a004987d08259ec919f33db41e8bd2e5bac80d42e3053bac0b12,2024-11-21T07:57:54.533000 CVE-2023-20860,0,0,e8d2a59645f7449f59bb40d19268fed5b8d21cd4e1efb29476536e7744afe206,2025-02-19T19:15:12.527000 -CVE-2023-20861,0,0,9efefd5312d74c220ece6ad38776e5d7083c0d03cf14c94c23ce1e59970af873,2024-11-21T07:41:42.780000 +CVE-2023-20861,0,1,4324e58506c66d543f05c14575ea13ccc6fda75da2ffcbc0d39b6e5939116d68,2025-02-25T16:15:33.623000 CVE-2023-20862,0,0,537bc0c1e87c96f541cb1c75163b059f68b9ec4ce6b422161a44daff12a3d254,2025-02-05T16:15:33.953000 CVE-2023-20863,0,0,9c58029defd2bb7cfd8b85b564c8dcc0f14c0b32e9f43140e2d7eff8dfde20ce,2025-02-07T17:15:23.947000 CVE-2023-20864,0,0,411ea13ebcced10931dae6ddf97a7384674dee08f3f2ba606d4ad810c1cd32de,2025-02-05T16:15:34.130000 @@ -215860,17 +215860,17 @@ CVE-2023-20964,0,0,20d110ce5a795edd4537cff4242b6cda72e3f3ea463028e325e7f2f4229fb CVE-2023-20965,0,0,01461091bfeef6ac48916b9486af09adaa9c310c2f4a484792c231c2f1824588,2024-11-21T07:41:54.873000 CVE-2023-20966,0,0,80937ab2ecea9dad01376008c3ee5054c94650f43ab1a65179f879558cc56f53,2024-11-21T07:41:55.057000 CVE-2023-20967,0,0,792950a12425c08aad9b78af985ac491bf2d8949320d5d1a17888ef9569a1b24,2025-02-05T19:15:12.153000 -CVE-2023-20968,0,0,4c7ddc0640a7d3cca2b011e9e0b2b53465ecaa4681e4a8011026f32ca8614063,2024-11-21T07:41:55.277000 -CVE-2023-20969,0,0,61bed76d0869e7e919b82ef91c712d1d23f2120a549bb5e8a1624c0bf701a1d1,2024-11-21T07:41:55.387000 +CVE-2023-20968,0,1,8e37060f10bf4b2c8dbce5e4d2763b07bed36b40315e91807572789fdf98f3e3,2025-02-25T16:15:34.150000 +CVE-2023-20969,0,1,b212d3b73a8d2cbae263dd0a129496e4b616a5ef1d33aeda7d50af74029a7c3c,2025-02-25T16:15:34.367000 CVE-2023-2097,0,0,34065b0ad99224a8cc0d53120e653a33caf0dc2c791b0f161b51cc247fb16498,2024-11-21T07:57:55.907000 -CVE-2023-20970,0,0,6f76164dc66c47179755b22d1d1b1f26f88a4415ee4d209363d44203f012f5e6,2024-11-21T07:41:55.497000 -CVE-2023-20971,0,0,b0ef7e1245060a2e48def6980982232fbebcd8dc3e797752401eee3e03eb1e09,2024-11-21T07:41:55.593000 -CVE-2023-20972,0,0,0f23488bccb1b1c6568994181e04ed695b16b62ab825b70854a93972ca700391,2024-11-21T07:41:55.707000 -CVE-2023-20973,0,0,882d7d851e3ffafa98018dd0a2baa1ac6fd1fc1c75855863eff65aae3b1ac5a5,2024-11-21T07:41:55.820000 -CVE-2023-20974,0,0,7eb7b8bcf15f4bec3b2f609900633f004408fb97da63663b9bc71fc7f18729ab,2024-11-21T07:41:55.927000 -CVE-2023-20975,0,0,f5268c567ecad27c0389b19fd718d7fd8821ccacae14be64677ad28054176e49,2024-11-21T07:41:56.030000 +CVE-2023-20970,0,1,cbc9cc52ae7613bd0099eb7cb20c6fc8c979e4ed4790aa011fdc0a2a5c081525,2025-02-25T16:15:34.523000 +CVE-2023-20971,0,1,bc0ce95c443ace04395d129d6c130e4b7e49f7903bfed66d9b6b5e4840546b80,2025-02-25T16:15:34.683000 +CVE-2023-20972,0,1,56b0027aa75a62c5b78d8eec85fcbbc430f06347b79353f7c5e8bbdf14ee65b1,2025-02-25T16:15:34.883000 +CVE-2023-20973,0,1,615a5ee1e24c94dcc63eaad585b96f0a7d7d61cd688e28f07ec583c19fa207ad,2025-02-25T16:15:35.037000 +CVE-2023-20974,0,1,dbcdedc51331b4acfd848f5d395459dc173f2b4761dcdaab428010ba4c97091a,2025-02-25T16:15:35.193000 +CVE-2023-20975,0,1,c13ab7adceac90f6f99034c55d0a8c2d8ceb85e0049cb25b4a30cbc71259e76f,2025-02-25T16:15:35.350000 CVE-2023-20976,0,0,3c29dabe7b613ff095f82515ff189f2e93ce9f788918d713b91560bcc5e9d7fa,2024-11-21T07:41:56.140000 -CVE-2023-20977,0,0,b68dc28d1330fb3d159076f7375e9e94c991a8ba5effa9f57cadd8ce041ad51c,2024-11-21T07:41:56.280000 +CVE-2023-20977,0,1,c27250e0d7ce88d1be73cc9acbce79ee549c98d5f05d7aa66354a67f25ccd05b,2025-02-25T16:15:35.503000 CVE-2023-20979,0,0,28b06b97cfdde8473f44871490eb8e37ce106905b1e03b6cc60b96af78539622,2024-11-21T07:41:56.380000 CVE-2023-2098,0,0,224dec9acc5428a60824dca524176e6a2d44bcea77d68bf3312ebbe235957237,2024-11-21T07:57:56.037000 CVE-2023-20980,0,0,ffdbda84d6994d801ac51550ca193beb012a62022016a537ddce15705ed0733f,2024-11-21T07:41:56.480000 @@ -215889,7 +215889,7 @@ CVE-2023-20991,0,0,7b399efa0d5baac366511d6b2a9df9db6a5170b61e311b04002474674af0f CVE-2023-20992,0,0,f6334e0723e45ac0382bd828de5feda2554549a49b7295f6005ed167f3df1d83,2024-11-21T07:41:57.810000 CVE-2023-20993,0,0,a98f2a79f28bd236c2bde2a4292a84e5b417581fc30a3739ef7594478b75d827,2025-02-24T15:15:11.343000 CVE-2023-20994,0,0,dfa8aae430a68b8416c6f7b6784c4af02777a783e28811e344f6423db3f72d51,2024-11-21T07:41:58.020000 -CVE-2023-20995,0,0,ff5f724ba335f15f8b1ca32fa772420325307b8d934009306cc51c94a441c762,2024-11-21T07:41:58.143000 +CVE-2023-20995,0,1,9e7c7c9cc7cf9b9572794bcc40b356cb0dbb9517602d41f102e5d987bdf4fdce,2025-02-25T15:15:12.877000 CVE-2023-20996,0,0,2282912a58e812d461a844245cf38bc9abf6f733abd9777917f3b4cf0650cd12,2024-11-21T07:41:58.250000 CVE-2023-20997,0,0,54f03499f28824d33b18fcc38643a75060ec9632bb0fc3560977b15e7a38298c,2024-11-21T07:41:58.353000 CVE-2023-20998,0,0,a69d16e206ef81c0488f1577c6cea9b6f8111bd9d23fb4378027edd091209649,2024-11-21T07:41:58.457000 @@ -215919,28 +215919,28 @@ CVE-2023-21019,0,0,f47020d35392fde71ac070ea65b490b0c01efb4610768ed35c4e7350d211d CVE-2023-2102,0,0,1f30776bd7546109d3fea589110ed243a709b5e1f7f74a918b4d566f83ca9c4d,2025-02-06T16:15:36.037000 CVE-2023-21020,0,0,d98d21ca140e17a8a5cd6b7ad75c664051a69a331f05c79e40733315f1fcab2c,2025-02-24T15:15:11.720000 CVE-2023-21021,0,0,d55dab5bb1ffd1ff4d3fe3d1856e21c43ecda1745938d739327dc3ccc73c46ac,2024-11-21T07:42:00.983000 -CVE-2023-21022,0,0,b2c4db6e8f7e7007a62213bbe182c6f5082d5aed93d43b9c0a7e30c698b58e1a,2024-11-21T07:42:01.107000 -CVE-2023-21024,0,0,2614300626e1dc31abc7c30b47c9b48f4b20e07744d102811be293c270d1d1d5,2024-11-21T07:42:01.237000 -CVE-2023-21025,0,0,1363d38f9ffa99c5ccd34dcf5e2a6548528298ed7cbdf5be17257d0b9eb37641,2024-11-21T07:42:01.357000 -CVE-2023-21026,0,0,a921a4cf972c5f39c453f72a2dca5c6adfcbb90e53ca9099847dfd8d95ad42bd,2024-11-21T07:42:01.470000 -CVE-2023-21027,0,0,8e06f01b70cd008ccb44db4595bd019903b739bbf2c2c9c495acb8e7fe041a39,2024-11-21T07:42:01.593000 -CVE-2023-21028,0,0,c46d7b607b0f42a0f9729b3d098979ced5f8220168b205ed5f1ec66f233850e9,2024-11-21T07:42:01.710000 -CVE-2023-21029,0,0,2d8edfc76d656d75d990b07465754b760b6f3f77ed2ccb507227656b11bb59e4,2024-11-21T07:42:01.830000 +CVE-2023-21022,0,1,bdf32cad26d076e79fa149deccc5779a7c62b8e90522d0a9b26378485b3c6e3f,2025-02-25T16:15:35.653000 +CVE-2023-21024,0,1,5f6622f04aeb20e2a4923206803c0929c444a33a58f234eca75396f9cc11656e,2025-02-25T16:15:35.813000 +CVE-2023-21025,0,1,25fefebc9e08f304ea876c8c374b9ab6bd3ebd125dc4ec28bc9ff1f5ad20555b,2025-02-25T16:15:35.967000 +CVE-2023-21026,0,1,d4966e7d22cbb9012f6eae91f0ac5ddae12f8eaf9fef579774ad2f15bd3722d7,2025-02-25T16:15:36.127000 +CVE-2023-21027,0,1,2234e2a251122ef6c0563149615caf9badc182a5c55a780709b534fcc8c20752,2025-02-25T16:15:36.280000 +CVE-2023-21028,0,1,279118ebcb93550e9c068c6eed2019f6c035421b3855adc436c4a996e6338835,2025-02-25T15:15:13.020000 +CVE-2023-21029,0,1,185cd94932d5b0f8bdc3f9ecd156b92542411785a5875fbef6aa0075a2748798,2025-02-25T15:15:13.227000 CVE-2023-2103,0,0,5189d60c18361c2e29170e6531cded54fbd619a072ede97f7096612034b8d32f,2025-02-06T16:15:36.240000 -CVE-2023-21030,0,0,86e24573edc30fe60431c68abbb4e2884146762695fcc68c3f1647b77e9de8a1,2024-11-21T07:42:01.950000 -CVE-2023-21031,0,0,2fce8cbe442969116d4da7a5e9c47b70ede5acb6f63d7b57dabf548c1bc4c954,2024-11-21T07:42:02.060000 -CVE-2023-21032,0,0,4e80f7f9715865602476e09be1f6ab28e10cbedaf3504e6bc8d5c064ac8ed35f,2024-11-21T07:42:02.163000 -CVE-2023-21033,0,0,317e189822b5a1acb90791cc32b4815465db302fad3f46a2bf4987e9456820a5,2024-11-21T07:42:02.270000 +CVE-2023-21030,0,1,45e4ae568236ced7773d4b3e4878f9c601f87791bac35361a9181381bc9a9f23,2025-02-25T15:15:13.593000 +CVE-2023-21031,0,1,6aab7acfbd56c48d65c373238f8ce332976003516fdee4208eb120a207294872,2025-02-25T15:15:13.787000 +CVE-2023-21032,0,1,888caf3a49aa1bffab9579deb501153ab54e7fbd8fee9564bc07c42f470cb165,2025-02-25T15:15:14 +CVE-2023-21033,0,1,4b4037c549e57749afdbf4d1f463cb5161b6b67981436f01d3d25f2694e96347,2025-02-25T15:15:14.183000 CVE-2023-21034,0,0,420bee6e223dea3992c6e11ddabd7a38e61b2a0a273ef84b683172d4ab511885,2024-11-21T07:42:02.387000 -CVE-2023-21035,0,0,b8f842a49c4edb250cd2333a62427bd1d6c991d301ca7b5042151e8932340d06,2024-11-21T07:42:02.493000 -CVE-2023-21036,0,0,efde2b177ad711c19c800041835e0ab96880be9d141d21e8bef2effc7548da17,2024-11-21T07:42:02.600000 -CVE-2023-21038,0,0,7e3cf42a8edf41b2b65238e6fd20503c0ce9f47765551e47733f3dc93e46b822,2024-11-21T07:42:02.717000 -CVE-2023-21039,0,0,1185ca4076368669e65c3efaf3cedb3010383303ea0e6c0f60a4831e18482bd2,2024-11-21T07:42:02.840000 +CVE-2023-21035,0,1,b8eb527bd6dcf5cd0e4481789d7b4135c9df76d8e73fe88efd932e4767688570,2025-02-25T15:15:14.387000 +CVE-2023-21036,0,1,ea99e44d59541686f6a6c1c6f9a939696094c4fa78bd0a9ad0df8c99a19aa2ab,2025-02-25T15:15:14.563000 +CVE-2023-21038,0,1,f8a9c16663366ff9a352d4a3871fb7e86c77825558f589f3dbb095ac3e0eb10c,2025-02-25T15:15:14.767000 +CVE-2023-21039,0,1,43ab04faa41dbe72f0c7c5f01f65a8aeaa2234e2b3664b0a3e8dc939cfecdf8e,2025-02-25T15:15:14.977000 CVE-2023-2104,0,0,71ee214903651f12d0d4ab0c8f6fef0fec91965d67af19318c07c2f1f0bd5987,2025-02-06T16:15:36.440000 -CVE-2023-21040,0,0,c774c5983f36a821f7c5e24674b2f104bfce612ef836674ee849ac3705d7a4ab,2024-11-21T07:42:02.957000 -CVE-2023-21041,0,0,6a99a6b0541876b22115214a822814538877e83cbef9875bd54521daf0d2d9cb,2024-11-21T07:42:03.070000 +CVE-2023-21040,0,1,570e012afa3d29160f10936f19dad0f34b61c98004d2445f4e5f63166b75cd68,2025-02-25T15:15:15.170000 +CVE-2023-21041,0,1,49d304ce792bc015c34ff69b901dd61bbfc3e31a7ac9ba36c292f9525bbb981f,2025-02-25T15:15:15.330000 CVE-2023-21042,0,0,92ab35321b2fd324542efae6d2f60a172590991a879dc4bde56d7ee1e48c0b18,2025-02-19T22:15:11.810000 -CVE-2023-21043,0,0,4cf28ca85bcbd27b9227b2573af8a0495fc89cd1fdcf1c2734276d761401f69f,2024-11-21T07:42:03.320000 +CVE-2023-21043,0,1,7d4e9140c1245e0aa8054f18d06e1a5822b70a73b5ed93d7a122e577bc5a1975,2025-02-25T15:15:15.503000 CVE-2023-21044,0,0,d546efe130a0e8b835c1a714bf68d2df24c0e09247ccbe869006e82495f3584f,2025-02-24T20:15:32.190000 CVE-2023-21045,0,0,c7c3c273f0be1c563af52eae3c5ca603c13c6789a4270f0a2032e21fcdad0ce1,2025-02-24T20:15:32.380000 CVE-2023-21046,0,0,157a9520e5ae8a81ac1e742275b614c5004e15922aec14a449810537f3053229,2024-11-21T07:42:03.653000 @@ -219788,6 +219788,7 @@ CVE-2023-25570,0,0,5432113db98a78b3bd01e4f74076d423cfb565dc3c8d8be1dc98c57d2028d CVE-2023-25571,0,0,c0b4524852a4123974baf4d357124744bd6f4370882ea52d160900aac3b5c17d,2024-11-21T07:49:45.157000 CVE-2023-25572,0,0,e00faef832ae77a1114b116216c479c2f87e878c6d35eafc325bd0cc4ce8ace1,2024-11-21T07:49:45.277000 CVE-2023-25573,0,0,c3ceffd4e6967cfc8ea5818a5fee5d69c66fd77ec5c66566f0d09f43bdfcb14c,2024-11-21T07:49:45.403000 +CVE-2023-25574,1,1,20d5f7585bfb31ddf8140b5837598b94a20a0968f479e50634913da6052cb0b0,2025-02-25T15:15:16.227000 CVE-2023-25575,0,0,88b0cea2da5769a3ef813d1e5b75b740f0903f50e9a3ae832ef3d857fd31d365,2024-11-21T07:49:45.510000 CVE-2023-25576,0,0,e282a98fc93bda7675e377de5e2c35e07f5620b0b8fb7c5313271754443fd918,2024-11-21T07:49:45.623000 CVE-2023-25577,0,0,503342547285d7e218aec70e67285df5f2857db6b7a04965ff6008aef10b01c5,2024-11-21T07:49:45.740000 @@ -226734,7 +226735,7 @@ CVE-2023-34187,0,0,e39c35f0acec0e3289c801cedde27704e32b7fc40943aee9626533ee9c30b CVE-2023-34188,0,0,7be73ea83cc4ddbb5dc0108971f2be63ace20410512b5554871f577f0f232511,2024-12-02T15:15:08.200000 CVE-2023-34189,0,0,d6ad5f296df91f0114d60cd15059ae984d1803b57558b7a9cf6db063968348f1,2025-02-13T17:16:34.990000 CVE-2023-3419,0,0,df7622509fc0fb525cb2b82180f57ee07af06f367b6c89769e8b9596f2dc8ee2,2024-08-19T12:59:59.177000 -CVE-2023-34192,0,0,81d33be492803ba5519b4022af695af536770a782aaa2b95e41b7a29f333874b,2024-11-21T08:06:44.597000 +CVE-2023-34192,0,1,f7be2fa7ae75b92333d711d297dbbd6ed5e9cfc87ef1f8d28b766820c30de13d,2025-02-25T16:15:37.070000 CVE-2023-34193,0,0,14e3f411d4a04e2c3cad259bb032e95a5c614ee3e39b67e63aaa5e15e2e15102,2024-11-21T08:06:44.767000 CVE-2023-34194,0,0,b7871e681e01ec42198e77eda731a4939d1c785c4b2346293df4e2f9dcc0ede3,2024-11-21T08:06:44.923000 CVE-2023-34195,0,0,1ba4f9585565b817e14ad2c1e757fdd42c04587c2c99d95ce7977396ce5dfaa6,2024-11-21T08:06:45.087000 @@ -244010,7 +244011,7 @@ CVE-2024-10541,0,0,17e645860588c5290ea1de09ebbe30e3ee704356357c444bb1176f1b7d6de CVE-2024-10542,0,0,b3e07484251514e52f0e88e2f4715863b15a20a77b62be04e1c46b181791456c,2024-11-26T06:15:07.683000 CVE-2024-10543,0,0,90ed84dfbad8ca67e321375858c5c3c79d5c97a1d4224d37fe3ff44d9ef23ac7,2024-11-08T21:19:02.700000 CVE-2024-10544,0,0,1bdfbd43adcd8874b1d0e0fced36513ba83ecb83c2ae7fcf0e84ae50dc2443f2,2024-11-01T12:57:03.417000 -CVE-2024-10545,0,1,ba306e7eb6b9538c61a3d3a54cffa817ecdea66632ad4eb21917d5daa14b6d10,2025-02-25T14:15:30.517000 +CVE-2024-10545,0,0,ba306e7eb6b9538c61a3d3a54cffa817ecdea66632ad4eb21917d5daa14b6d10,2025-02-25T14:15:30.517000 CVE-2024-10546,0,0,da273d2725c5edbc48bbe9ef599b463228a9d7ad08d3340d718ab8aaecc71e73,2024-11-21T08:48:43.797000 CVE-2024-10547,0,0,b023c976bb6d488185fa01d9371074d053ec54a35f2b498daa31d6bb098844a6,2024-11-12T13:56:24.513000 CVE-2024-10548,0,0,2eeddee777f021917813f3bb86cf6b8c0bc71575777a9f2edfb7d21af2614d3b,2025-02-05T16:49:13.003000 @@ -245321,6 +245322,7 @@ CVE-2024-1195,0,0,3368bf518c27a729a23598a4bc9bc8456794ebbc8ed421e1b9fb54311a27af CVE-2024-11950,0,0,df36014500ed7b6f7946ef04cfd4a777d6bd62d2ab461c18fe6d382ea2d08354,2024-12-12T01:40:21.820000 CVE-2024-11952,0,0,8be0c69e3107fa6f3273f59b11ff511450df70a157d0236a300dd71a0356b941,2024-12-04T09:15:04.637000 CVE-2024-11954,0,0,a30cb1d79b0f3e333460b46308549f4fa85d70c67931a2168463e14a7bf43d80,2025-01-28T15:15:11.130000 +CVE-2024-11955,1,1,6a482132ea4e9e37692d78b582445202681c47877d212ce8b65642112f5506b8,2025-02-25T16:15:37.303000 CVE-2024-11956,0,0,f8e819a3db9036bedd0e3db75c59a9cd497519181ff8a74198641702e6839ae6,2025-01-28T14:15:29.803000 CVE-2024-11959,0,0,8e4c044a79a34553dacc3bbf68fddd2b6e5f24a72d4b7a0c2b06bf8643853e87,2024-12-04T16:52:55.150000 CVE-2024-1196,0,0,4b0eccfc085f9fcf5d1d563f67df6edef95e40ef1d03548e58cd26db6bec54a2,2024-11-21T08:50:00.883000 @@ -245740,6 +245742,7 @@ CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247 CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000 CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d55292dc,2024-12-14T06:15:19.357000 CVE-2024-12423,0,0,df2227f1fff48af0129a6b0a667fb7c3072c1a1dd75c0e4da9043c67a4fe7811,2025-01-15T10:15:07.630000 +CVE-2024-12424,1,1,f012365fc62da2fd3696c6b797cf671e0678d4f7985e72e9bb552e76b87629fa,2025-02-25T15:15:21.273000 CVE-2024-12425,0,0,d885296390121d087e04ef42b8491b76f893200d98a386f95c4a72f26f9f2359,2025-01-07T12:15:24.183000 CVE-2024-12426,0,0,172dd3632cc915a80121d55ee02d9001ce95b069ca8a1e5b844628b1eeffffb6,2025-01-07T13:15:07.210000 CVE-2024-12427,0,0,c3d2fde21ffd56245e0a5e38d5a0eb85ea15179958d8f15e37e4a4284db0f45c,2025-01-16T10:15:07.243000 @@ -246110,7 +246113,7 @@ CVE-2024-12867,0,0,732c7583e9efa2618fe2f4098930414e7eb5e8b8eea2432950087191a298a CVE-2024-1287,0,0,86cfcf8ed68830eef8991c1cc47e2012e7e4c97ca8a27598ab8fa2741ba6d8b0,2024-11-21T08:50:14.227000 CVE-2024-12872,0,0,ef2adea83c4dcced92604feb28ab9bdd7144986700cdccc2c5054cc997ad5b7c,2025-01-31T17:15:12.103000 CVE-2024-12875,0,0,87b0956586183e5c613030d4ef29fd959e1646cc803bd99da499c5b331518d7b,2025-02-07T17:09:37.010000 -CVE-2024-12877,0,0,a9e389a679e420f1b0a9a06268a68a8b0a86295a1a7eef4bfea3f46105e61e67,2025-01-11T08:15:26.127000 +CVE-2024-12877,0,1,1888c35ba77d5a377e4b45354716e40dd6bfa1aa3f5f5b568834841a45c1fee2,2025-02-25T15:53:19.030000 CVE-2024-12879,0,0,a421a5e4db3a04db3d207087595051348d7d155e9057f63ac7b875e4bac6c451,2025-01-24T18:07:31.260000 CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884fd8,2024-11-21T08:50:14.440000 CVE-2024-12881,0,0,ca1a79d9bb91f6e4db066c4e6e2534703ac042b68f8ca082fdad0b99821d0028,2024-12-24T10:15:06.240000 @@ -246525,7 +246528,7 @@ CVE-2024-13314,0,0,9961922c20617444ea3f3735c0cbf11c9ac00da8255fa1024905b98c477e4 CVE-2024-13315,0,0,4230d16584ac54504af61ee61aeb80a96b9eb3fae8091facc2f2a8a9c284a210,2025-02-21T15:44:49.533000 CVE-2024-13316,0,0,25d5ed6e5d616a5feaaead62ba45936d1b7cd3d51545edb9bef6427ff89c1be6,2025-02-21T15:28:43.690000 CVE-2024-13317,0,0,bf6e98353834aadd569c32731a32e07929f7d2ec68ca0c813c445806410cf741,2025-01-18T07:15:08.290000 -CVE-2024-13318,0,0,e578de8b4719417613441e3d599820c7f899466a7f87935725f122dcda9b3d95,2025-01-10T12:15:24.257000 +CVE-2024-13318,0,1,234665f0f68f8330142422de1967c3be9edc8bd894792fcd281141ced7359a2a,2025-02-25T16:49:28.007000 CVE-2024-13319,0,0,7991c2dfb6aefea7f96696a61d541e78c477eeff53b34652065a2f9dce798e51,2025-01-24T21:06:34.310000 CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000 CVE-2024-13323,0,0,efd40c86d011875eb32911cd9900428905ab90bbe91720def3e774b362e547ea,2025-01-14T06:15:15.480000 @@ -252096,7 +252099,7 @@ CVE-2024-25924,0,0,993ad673b187b284ff850e2a446115899f5fcdc0fca26fa60bc104a6c1f99 CVE-2024-25925,0,0,5b65ff06c07a682d21a3bc12f978f0842bde923d3e23c46a8bec75e6c6c601f4,2024-11-21T09:01:35.123000 CVE-2024-25926,0,0,8d9ea57a814de81413189f910814888f6f8299699929c5609d522a505ee9a11d,2024-11-21T09:01:35.257000 CVE-2024-25927,0,0,8a41c2999ba39b28b9941ef34197a0a11af8d4674af1c96e0f1d73c91816aad1,2024-11-21T09:01:35.380000 -CVE-2024-25928,0,0,1a67bcf2ef6fe420ba267e12835a282a0f599cf9a6372a88b3a2d7eba8c5e241,2024-11-21T09:01:35.503000 +CVE-2024-25928,0,1,4ea2214e9a3506917617edb767aedb0b23c86a2fdc749a97772db530f9ceec1b,2025-02-25T15:38:49.633000 CVE-2024-25929,0,0,a345c209e6ba592f3cf75f81619de24a58894a576bbf017e35677fd43e3029ae,2024-11-21T09:01:35.637000 CVE-2024-2593,0,0,f2c3aaff93814841c841cb17b61fd4128828a2f8efd9272fbb0bae22c31d38fa,2024-11-21T09:10:05.037000 CVE-2024-25930,0,0,1f97e9549c770fc331309e56c669203fc8ccf622dc1e38a527e25ad5df31e145,2025-01-08T17:11:38.167000 @@ -252303,7 +252306,7 @@ CVE-2024-26126,0,0,0704f19f338f2bb0acb508b253d0a2da44d884d4f86de92b6da40568e6480 CVE-2024-26127,0,0,a7e023b5ba5da3ad7af563324822a120bd0bfe59d4cb07ca927224a3bef75883,2024-11-21T09:01:59.407000 CVE-2024-26128,0,0,6ec59e3a008feca6738de761b3be3df5c35466eb2f92117550b0e2c3bfd06b31,2024-12-20T19:30:47.733000 CVE-2024-26129,0,0,f3bebf0a876bf9290099b17bc3b0dcddcfeb88c750973d938b315f43b9df0e21,2025-01-17T15:44:18.993000 -CVE-2024-2613,0,1,663d05e8d554c1c224b0fc59e8d32c0a1a5e8e3e937342e1df2dc42f759f27c0,2025-02-25T14:51:09.587000 +CVE-2024-2613,0,0,663d05e8d554c1c224b0fc59e8d32c0a1a5e8e3e937342e1df2dc42f759f27c0,2025-02-25T14:51:09.587000 CVE-2024-26130,0,0,d2289bd646eda44f581e47154baf5cf63bfced80dc9fc24f10e157885b4c4048,2025-02-05T22:09:20.427000 CVE-2024-26131,0,0,7d5cd7ce213f5d8bf166cfea3cf2f5d16b81306c41d06f9a6ba344404308eadd,2025-02-14T17:25:08.840000 CVE-2024-26132,0,0,0bcb164dd65c041d33f7ce76187d052cc24ee4faa12b76af777a7afad30ea542,2025-02-14T17:25:32.967000 @@ -252313,7 +252316,7 @@ CVE-2024-26135,0,0,779dc441638c260d7cf5f634019d9991826fae60fddcfb8bc24dadacfd049 CVE-2024-26136,0,0,9c888c645072aafb7cd917648561d2d05fd41cabed8908bff41842826f798e74,2025-02-05T22:35:04.903000 CVE-2024-26138,0,0,ad1e2f5a757d5236547f9e70c18c2f29052289168edb71d6bdded4c04438dc6e,2025-02-05T22:08:58.287000 CVE-2024-26139,0,0,ffc8a35c7d6ef55a8d6cab5ce0546eacb4822ef0570208b878cfcfdc9f776772,2024-11-21T09:02:00.783000 -CVE-2024-2614,0,1,b6764fa6d28b8d488d5f36a14664b8cef3a66f8933f85e0b41ee4f2b5b2e6bea,2025-02-25T14:47:29.487000 +CVE-2024-2614,0,0,b6764fa6d28b8d488d5f36a14664b8cef3a66f8933f85e0b41ee4f2b5b2e6bea,2025-02-25T14:47:29.487000 CVE-2024-26140,0,0,b5e7f99e5a4d8213a1409f3c950c4fb9af81d65c17390d14f8c63986dc314927,2025-02-05T22:34:32.020000 CVE-2024-26141,0,0,546915a82db51496e3bc4d15d7dd1152723e7428381fe360bbf0eb7789f80fc9,2025-02-14T15:33:08.527000 CVE-2024-26142,0,0,3de120422cdfd093d613bb27c2fd503cd0126a171bbba136aeee06608c3fb782,2025-02-14T16:22:23.763000 @@ -252324,7 +252327,7 @@ CVE-2024-26146,0,0,8c8da0c848478ff35a028ee4cdb7f6e2af51c189105102491e1a9fd5041ce CVE-2024-26147,0,0,b1698ff9ded5764b7b1e4894dc0839ae17e3f87e890d24e083b22b38e1acfb2e,2025-01-09T14:40:25.983000 CVE-2024-26148,0,0,5f6743f4560852e58cd041a0c7e0bf20e4e23b0f7b34c3e896f2e7330f07dfcb,2025-02-05T22:02:41.717000 CVE-2024-26149,0,0,509040b71e933c4c83efda97eedbb5927f70f30be145577cb1eb2d0c4d223bbf,2025-01-16T19:31:59.750000 -CVE-2024-2615,0,1,2cd40c48d6f52e19cfee6b906d22dbac97b599d012848b65bcfcbfd35eea8982,2025-02-25T14:48:08.963000 +CVE-2024-2615,0,0,2cd40c48d6f52e19cfee6b906d22dbac97b599d012848b65bcfcbfd35eea8982,2025-02-25T14:48:08.963000 CVE-2024-26150,0,0,3c027b3dee8ccf173f15ccc32760a71bec2eaf8137bdb8bf8fb759eee0e06b3a,2025-02-05T21:36:57.573000 CVE-2024-26151,0,0,cfbbb470c12a3d8e817116a4e5c512629d9aca997e589958ff6079b041237c57,2025-02-05T21:52:15.070000 CVE-2024-26152,0,0,c1b3b9b6a63c6ba2d9481dc8565506d49f6cb6abb36d9955ad66959a79ac1105,2024-11-21T09:02:02.457000 @@ -252335,7 +252338,7 @@ CVE-2024-26156,0,0,b2e73e5c20158f8ebc99b3fc7c4b09aada1ebdf8b60718d310eea20b6097e CVE-2024-26157,0,0,da225d923eea7b248284dcb657d52956891e8dea02ea3c4a1edebcba809133a7,2025-01-17T17:15:11.697000 CVE-2024-26158,0,0,09fc1d75121ad09ea3a275f9cccd32b38ff46d4cb1778bb89e6ac29161fd0e25,2024-12-06T15:40:50.143000 CVE-2024-26159,0,0,1b48fef43c59f3ec54fb486cca3f3676b117339286d3339609cb0579c3d1ce4c,2024-12-05T03:06:07.380000 -CVE-2024-2616,0,1,8ee102ede83bbe0e402b8a4c6548f6390267bd1d0359b8d1a6c391580f7905cf,2025-02-25T14:46:02.957000 +CVE-2024-2616,0,0,8ee102ede83bbe0e402b8a4c6548f6390267bd1d0359b8d1a6c391580f7905cf,2025-02-25T14:46:02.957000 CVE-2024-26160,0,0,2bac9e2f92e69a7ccf234b4144bc3814e23923b231ebd2292e83d569bbec326c,2024-12-27T17:52:38.267000 CVE-2024-26161,0,0,96d5b9e1a5955f2c073c7a8189e9dd9a7f3c7ef8b93c6983c436713e224abd04,2024-12-05T03:13:28.823000 CVE-2024-26162,0,0,a7bb551f7da1b0319dc37a60d88886e465e635a90384da6dd6c8cee8c848460a,2024-12-05T23:02:38.947000 @@ -254695,14 +254698,14 @@ CVE-2024-29127,0,0,b848b675a56090d592e7bbc8858153b852882c1c55a2d73958d70f78a168c CVE-2024-29128,0,0,1fee5bcbd86fe4f86cd9e7c8c9606be3b908374a57b43b2ff18f0f4d640f254b,2024-11-21T09:07:37.043000 CVE-2024-29129,0,0,739d5267e1c2b9428a1b775a27df9111be59167050bf55f589baea8cc5ec0a64,2024-11-21T09:07:37.160000 CVE-2024-2913,0,0,bdee00fa9056fa8a0ad1417004d7f8c2e104929c730aae671329cfb89a446ed2,2024-11-21T09:10:49.413000 -CVE-2024-29130,0,0,78ef57c5071ad31af120491100441316733fa37898d33074aaff5efbf2ed9e6f,2024-11-21T09:07:37.283000 +CVE-2024-29130,0,1,12a31ca0a96887a182d62012a0630532795ce4eca880f64a223c900ec53ddce5,2025-02-25T15:30:29.553000 CVE-2024-29131,0,0,28ee16e576eabc9b66e181fe80ceff8acb3e0cebe1c6cecfe18c73336a525c17,2025-02-13T18:17:49.693000 CVE-2024-29133,0,0,8727eb4d3cb21196b696991efadfa4fc9b803ec381b635dc3cfaef607b2878bd,2025-02-13T18:17:49.867000 -CVE-2024-29134,0,0,eb7a7708e9c822b1fe886ad1674960072ad013556df73166dc0971b51032c3cb,2024-11-21T09:07:37.813000 -CVE-2024-29135,0,0,921888755133b2498a0c55fc86f73f3a15f968d9f25cb8ccfae65d2c7868f67d,2024-11-21T09:07:37.963000 -CVE-2024-29136,0,0,87d38c3442bbc6c266627281a0e90b99a564ccbae77356d4293750747793395b,2024-11-21T09:07:38.090000 +CVE-2024-29134,0,1,210851cb532f3f4b0af4fbeeea65f193bb9da0cbdd18526bf51d0cf83fda332c,2025-02-25T15:24:13.637000 +CVE-2024-29135,0,1,5491be98c8e8c8ef239fd08f0f182398578e8b9225746f421c67df3e19a296a9,2025-02-25T15:24:28.333000 +CVE-2024-29136,0,1,7b2c0e75a9f16b9ecda81f323b485b3e64fcf9072b0417ae856ac646169757df,2025-02-25T15:22:52.013000 CVE-2024-29137,0,0,705e99c79c5ee05c78b73674dc7d23863a47b415fa80685518183fea7079b4d7,2025-02-13T17:11:12.910000 -CVE-2024-29138,0,1,3a7c9a954ad92f1acc313ec09405ae26a3fb2569cbe730ed1164cee805eef305,2025-02-25T14:57:23.810000 +CVE-2024-29138,0,0,3a7c9a954ad92f1acc313ec09405ae26a3fb2569cbe730ed1164cee805eef305,2025-02-25T14:57:23.810000 CVE-2024-29139,0,0,0b1c9fa8e8e177715e1f425b932083291a353c3a9ba40dd93654262d9036a783,2024-11-21T09:07:38.470000 CVE-2024-2914,0,0,2b323e4921d0b73067f1b7b8d7ce45f20970a89b0a18dd0e06549df9d3919f17,2024-11-21T09:10:49.543000 CVE-2024-29140,0,0,522839ee776b9f18416c378e491ffdf7c5a22b0d9aac2ee2e250558feacaa098,2024-11-21T09:07:38.593000 @@ -258366,6 +258369,9 @@ CVE-2024-34030,0,0,0f42953a89d194a36318ed8d4be50bf3efbe42245c9b26de406722e8c8b04 CVE-2024-34031,0,0,965adb0dd9870fa0b70e6becb0de24e260a730e143f6cdb53f9f644c7ba714ea,2025-01-30T14:30:40.657000 CVE-2024-34032,0,0,cf001237ea53caa629b039a4334f22486fffbbd4d7a0f05ad3f6e68b3e09e5da,2025-01-30T14:31:00.057000 CVE-2024-34033,0,0,cfe0d057081e1aeef658525f7464f9137fd5e9e218807cc56ad4ed4afd0c6cc4,2025-01-30T14:32:24.690000 +CVE-2024-34034,1,1,fbfc531d1af4c9325850e38934243e3f1d3d466384ea86e12c45fb7ff3632ae3,2025-02-25T15:15:21.513000 +CVE-2024-34035,1,1,de175fb23ce5aa0ce9c61ae94705487c7722a5b50e623abf0cd11f250863224b,2025-02-25T15:15:21.630000 +CVE-2024-34036,1,1,c586f40709d500bfddd792290ea155b665eb0931e4ae4a8776d4acb040fd74de,2025-02-25T15:15:21.740000 CVE-2024-3404,0,0,6fea713d49223c11c4a6ed8171c383bae0a065dce7cd39ac6527df87319a6bb9,2024-11-21T09:29:31.663000 CVE-2024-34043,0,0,53d43ce8307f8de15478a2599f8c8bc215f7ec8b04c173f3e969cef0b4ee49c1,2024-11-21T09:17:57.623000 CVE-2024-34044,0,0,f53b421c4d735b77bf8a81755242f7d2e02484d8eb0a14198eaff9e938f44722,2024-11-21T09:17:57.840000 @@ -271361,7 +271367,7 @@ CVE-2024-5153,0,0,5201b5401d401becd44a1317581445bf8929de090e1718378b23c7f68f95a1 CVE-2024-51530,0,0,7cd040cc53d7ba42e6f6d453f4d18993a534b39a2754ee99e99110d754af3ffe,2024-11-07T19:56:10.187000 CVE-2024-51532,0,0,2d809e858826663dfe9250848bf54d1d67a303ccaea30e096202fdbcd858496e,2025-01-29T21:06:51.663000 CVE-2024-51534,0,0,119c8ca4d836cf97fc773cbb645e954f693ae364266f1264b856ae256ade04e3,2025-02-07T19:58:25.567000 -CVE-2024-51539,1,1,55a329207791ebd931761b792929dd38a6def210775b9da3fe410a696e0427b6,2025-02-25T14:15:31.153000 +CVE-2024-51539,0,0,55a329207791ebd931761b792929dd38a6def210775b9da3fe410a696e0427b6,2025-02-25T14:15:31.153000 CVE-2024-5154,0,0,2b204ac4cfe5700aeb8fd234238f6495b194bb11d4ab3c09549ae293c9be6a35,2024-12-11T04:15:04.990000 CVE-2024-51540,0,0,96d82dbba2ebe404a1a2ea6174b3264f3b486447b0ab540d34ad70a82a5fc066,2025-01-21T21:30:52.310000 CVE-2024-51541,0,0,142a418f59528ceed12160c8666a0df4712069c8f2391d18e7017db83feff322,2024-12-05T13:15:07.303000 @@ -272793,7 +272799,7 @@ CVE-2024-53537,0,0,998d51e6807baacce6b9daafc17e8fac4083f8aca4268561cf6e0645830b6 CVE-2024-5354,0,0,e179ff0fdd33289a32ca4c68c73a51c0aa8ddee9c94944cd1d4fd7185f36a76c,2024-11-21T09:47:28.997000 CVE-2024-53542,0,0,979de5ac0ee8ab3d3ceb0d99ade6cf88535af9aa8960b448b7a5aec4766f3aaa,2025-02-24T23:15:09.410000 CVE-2024-53543,0,0,2ed10669bbb7ccca57c3f53096b08fec178d3070c1b9eeaa08ab25cf15a19e31,2025-02-24T23:15:10.540000 -CVE-2024-53544,0,0,5940a53d90185103a5ea7f7b05f0da10fa7d8c5017f54752e9bf5bab40310fc0,2025-02-24T23:15:10.663000 +CVE-2024-53544,0,1,05df7d7776a55d3efbd84508db02d101a5062d3106553e4b61925519a7e9b120,2025-02-25T15:15:21.900000 CVE-2024-5355,0,0,5ae56d862872a5268a44df2d0e26a54aa307acbf5ff2835727472c989e377b6d,2024-11-21T09:47:29.130000 CVE-2024-53552,0,0,4cbf8fbe1c1d8b81113efcd1116951d33bdd9cbf11887cfd2671d9f28438541a,2024-12-11T16:15:14.373000 CVE-2024-53553,0,0,f76cd837b8044f3ae7bee9c286ff4b43a72406724cd6dd80c83638da1316919f,2025-02-03T21:15:13.667000 @@ -273507,6 +273513,7 @@ CVE-2024-54440,0,0,9b88f7d99cecca6e6d64d74e7bc4b9afd66c4a9b5857582e450bf8ac5f697 CVE-2024-54441,0,0,4998045381787fcc4b3ba91881da0472af2407cb6b3b4e86c69cbecd8e8e1ec5,2024-12-16T15:15:23.130000 CVE-2024-54442,0,0,4654114cbbe36af251b0a17ca273aa4c42991899ac7df3d541352dc363b8b95d,2024-12-16T15:15:23.273000 CVE-2024-54443,0,0,a19735fa20af88aa6b80d25f5f3fba13bc36980cd33611fe0939754004239647,2024-12-16T15:15:23.420000 +CVE-2024-54444,1,1,08a9d494d912032aadc9130aa5d8b1d7482607dc27dd9a16afa9761902d221b3,2025-02-25T15:15:22.053000 CVE-2024-5445,0,0,c40580d53f9b682d94099117e69022274091b9acdf334d268d23808d911785d3,2025-01-07T20:15:30.600000 CVE-2024-54450,0,0,3b0637c895cf32b1c321f76a19a44544a10628e30551ed123328bb004ad742a1,2024-12-28T19:15:07.103000 CVE-2024-54451,0,0,62bfea464680a36276017f91bb5ae11f8712be2380f4e61a47de9850848009b7,2024-12-28T19:15:07.340000 @@ -274422,7 +274429,7 @@ CVE-2024-5652,0,0,1dda3b28a95a3027cca32754d8e2a9cb8bd181dca86e7b0a455abcf575817a CVE-2024-56520,0,0,ff4fb3d2adb6c71c503d044fa0b3b3389f24638650ec092efa0e72e1ef66ddd5,2025-01-02T20:16:07.280000 CVE-2024-56521,0,0,5825673c82589e84af39abc3cdc30eb7e41a3356451a7b175ec0e6d80e41cea5,2025-02-18T22:15:13.147000 CVE-2024-56522,0,0,c0719b044dbc0fcdc0d4eaed012a8c95725e84ecda329fba60f601478e6101fc,2024-12-30T16:15:11.920000 -CVE-2024-56525,0,0,634fc4eeebe898fc445ad7e3808bd6b236092bf133af0f2522984508e8009a41,2025-02-24T23:15:10.793000 +CVE-2024-56525,0,1,cb2f8bb40dcb26619c97bfc9f5af1ff74739537d08c46c64368f7b062f5bfcc2,2025-02-25T15:15:22.190000 CVE-2024-56527,0,0,5e8b0b74f38f7ebb35ac054d85b65473e6189ebf6dac534e9c9a780daa1047f5,2025-02-18T22:15:13.270000 CVE-2024-56529,0,0,b5e6c43b0e693d516ac7d8945d0f1e377badc88e38b14416efa9236d9ce55101,2025-02-18T19:15:19.587000 CVE-2024-5653,0,0,6a43b27cee3d2293652e8e6e2ccb4fc0236822263be85c5365c247a4f0b2a7b5,2024-11-21T09:48:05.873000 @@ -279641,7 +279648,7 @@ CVE-2025-1243,0,0,cc81de32b5d05e39147da539415b77f22c0d2f7ae5860780f62e8e275e3c2c CVE-2025-1244,0,0,4873e23ffda0d795b5208f2bbb0bbb9ab8821cf32651b326d7afc0c6c00e584c,2025-02-19T19:15:15.437000 CVE-2025-1247,0,0,e0153bae3362c83882a00e373f05f61681964ee52d16af66c9ce73b6be435d9c,2025-02-13T14:16:18.400000 CVE-2025-1258,0,0,e60d49e74992453b0cd2d8b93f0bc7a60901e2447adb1d6d0cde7627e3bb44f5,2025-02-20T18:15:26.217000 -CVE-2025-1262,1,1,08f99db194238254f28713e2d46d598cdff03dede7f449d79e504f7931daff4e,2025-02-25T13:15:10.077000 +CVE-2025-1262,0,0,08f99db194238254f28713e2d46d598cdff03dede7f449d79e504f7931daff4e,2025-02-25T13:15:10.077000 CVE-2025-1265,0,0,8b96eb635d74048f7915847b63097d4febc56f3fd9332428d5a4385c9760ce44,2025-02-20T20:15:46.537000 CVE-2025-1269,0,0,3d8990f3f321bb84afc5ce31cc37206b4dfeae7b9639d4320eceb6f39d26cfbc,2025-02-18T14:15:28.513000 CVE-2025-1270,0,0,a0fba4bca59afda304bf8335640266a3acf6a1624640bee675db51d94e9fc436,2025-02-13T13:15:09.273000 @@ -279773,12 +279780,12 @@ CVE-2025-1642,0,0,eb1ad85c96cb940c08a5097dfefa119ff4b08ca6e6f0f41907372556779e3a CVE-2025-1643,0,0,0826f7bcb7f1228229f5784ef58304115e16bc976b45b1d92545793ce6bb0cca,2025-02-25T01:15:09.783000 CVE-2025-1644,0,0,c089c614bad147aba27db7e276630bda628e1050898eb7eafd3da256285acd5e,2025-02-25T02:15:14.863000 CVE-2025-1645,0,0,f84c25d5345ae177afb924fbcfe7e77498beaa89bb1760e6fea90a27526a406a,2025-02-25T02:15:16.123000 -CVE-2025-1646,0,1,5710e0e746a724f69e8cc150a43d0c87decff43af6a1a7566fd6006b723baac7,2025-02-25T14:15:31.320000 +CVE-2025-1646,0,0,5710e0e746a724f69e8cc150a43d0c87decff43af6a1a7566fd6006b723baac7,2025-02-25T14:15:31.320000 CVE-2025-1648,0,0,6db06465f3608d618d59c46dfe09a4c9e804542633ca64697fa4ad7c69d44afc,2025-02-25T07:15:18.670000 CVE-2025-1673,0,0,65913cd1f473636c65413fc4e623a1696f83129720ac5b6275f0e5547e39942d,2025-02-25T07:15:18.837000 CVE-2025-1674,0,0,aea9658bbbdcb44450b6b18ac1c08e616d00c82d64dc8139e95057e3b44f7a8f,2025-02-25T08:15:29.887000 CVE-2025-1675,0,0,919ba4e5330550da1b3bdc08ee6fe479b5b6b92bc2456a105e1c616b57e9b557,2025-02-25T08:15:30.020000 -CVE-2025-1676,0,1,73eee89d98e983375dedac852336dab7a9ecc8ee838aaa1b83c8304d12c3e6af,2025-02-25T14:15:31.447000 +CVE-2025-1676,0,0,73eee89d98e983375dedac852336dab7a9ecc8ee838aaa1b83c8304d12c3e6af,2025-02-25T14:15:31.447000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000 @@ -279915,10 +279922,10 @@ CVE-2025-21173,0,0,ad7a0687adbbd12bea1660d0b0ef666d021874e57d663931aea070a6cab14 CVE-2025-21176,0,0,f683215bf84a27939b829b2fd8bdbd57fb03840af68a0aef95b986216dd896c8,2025-02-05T19:12:24.030000 CVE-2025-21177,0,0,4f903499a658859fcb10826be90a0ea63b63f075823c3150567dddccfd65ed77,2025-02-11T22:19:45.057000 CVE-2025-21178,0,0,dc867944694dd46d8ab835f7a6d78675b67e7454fecfc2784b90a7c98def1ac5,2025-01-27T18:42:39.560000 -CVE-2025-21179,0,0,98130596ecb887b2f43457342b97cdfaeaa31d5a819985f7b57e172826db13bc,2025-02-11T18:15:29.343000 -CVE-2025-21181,0,0,31d266ae82a6b21d1e39f8852327b06350fa729bca4acb9f9fafc188340fb33f,2025-02-11T18:15:29.553000 -CVE-2025-21182,0,0,62e2964b5e368fa2c0f803888a254a159c3d03d891739e70c7d556ed13d704e3,2025-02-11T18:15:29.797000 -CVE-2025-21183,0,0,7c48b36496bdb7b131316cd62b6463a8e8493401202fe4a5eba5e47afa7048c9,2025-02-11T18:15:29.993000 +CVE-2025-21179,0,1,56c99027ad0d41d9c697e46ad29c10aa7c65635cadb6d982db31f0458c99ddfa,2025-02-25T16:56:10.590000 +CVE-2025-21181,0,1,71cd8e17f304081f3c6b0247ebefaddfaa4c353fcd560fa012fa60a9c60bf6bd,2025-02-25T16:58:10.650000 +CVE-2025-21182,0,1,cc183a741d3d0b62fc82a334158a2ca4fdae6dba068e1b2b22a750e1789b8393,2025-02-25T16:59:25.820000 +CVE-2025-21183,0,1,97c60133d935bc6f85808e271daf514b07d577c1754cf44ed14ffde224dc4835,2025-02-25T17:00:06.170000 CVE-2025-21184,0,0,176160e0714d2f36cd4fbe06ebd53804dcc2c0a32ceb6ff9aa34164d56b4a8be,2025-02-11T18:15:30.180000 CVE-2025-21185,0,0,382559bc0e85e942334285c772283cee8d0ca5a4b02a81c52925c66dc4c27526,2025-02-07T21:06:14.873000 CVE-2025-21186,0,0,8a8ba48b87441215f1c43ede85a3e2813061bed74393786f63526fd639d8d046,2025-01-27T18:42:32.637000 @@ -280244,6 +280251,8 @@ CVE-2025-21620,0,0,aefab78f4e8b7a931e7536d08b17991e6afef83a4bc3ab5d14fb2e61be094 CVE-2025-21622,0,0,f9b304c8cae09855d048ff95696b50613640a9fdc9c30a5aadd5c3b3ce64c9b7,2025-01-07T18:15:21.703000 CVE-2025-21623,0,0,11a3a4b165ac7ea35d006622a2c31920fdd49ec8509c7c0bc152edfb3b703f1b,2025-01-07T17:15:32.313000 CVE-2025-21624,0,0,67d81661ccc165bcb7a2d55cd4301b8865debac4b78d0af97080ff58ad5f038c,2025-01-07T17:15:32.417000 +CVE-2025-21626,1,1,f292f6b3de6d356e88f933a1987bd762865afc27dc6a33a2153592a1570c5a98,2025-02-25T16:15:37.663000 +CVE-2025-21627,1,1,cba323c729a9c19e59aa33d260a0177933841bf7cce0a3463fc0356f50b17e5e,2025-02-25T16:15:37.863000 CVE-2025-21628,0,0,0075ad45f4e081e6b1d4b87e45ccf38954b3b032c76d5db5fcb797ed5fc6213f,2025-01-09T18:15:30.070000 CVE-2025-21629,0,0,5bd27bb9a82cb5a5f09a5986e4163e86befaea4298f9b54578a62350a29978a7,2025-01-15T13:15:15.220000 CVE-2025-21630,0,0,b687cde38a98e756a80e569a98743dbd03093e3308ce5058c13044fa43b51e41,2025-01-17T09:15:08 @@ -280336,7 +280345,7 @@ CVE-2025-22141,0,0,a527922fbc8add89576398e2e4e44f71f48d8da972b31e27b0c4985f7420a CVE-2025-22142,0,0,9e6e684860776a4400bf033058ace20f67dc7378d6ea8dd6ca385d13fd05520d,2025-01-13T21:15:14.640000 CVE-2025-22143,0,0,6b7e33c252542cb53bf2c78766629ade420188ee741461c3af123b44d86cd908,2025-02-13T18:57:56.393000 CVE-2025-22144,0,0,3f61829a0e73448014132f2edce6a94383842f3cf739a2152ba691301c580738,2025-01-13T21:15:14.737000 -CVE-2025-22145,0,1,0c4510db6a33395356472ac1626c6f3bfd23efc41e8d8b4109f4a91fbcc0c837,2025-02-25T13:15:10.927000 +CVE-2025-22145,0,0,0c4510db6a33395356472ac1626c6f3bfd23efc41e8d8b4109f4a91fbcc0c837,2025-02-25T13:15:10.927000 CVE-2025-22146,0,0,7d604299ba6a6dd89be2e2cf3b7b21ee971048df32dafde437c080eff11e6e7f,2025-01-15T20:15:30.557000 CVE-2025-22149,0,0,a38f1d25924ff640550a2206f96377b56b7eb734e7bb1771523eee3ff2dd77f7,2025-01-09T18:15:30.233000 CVE-2025-22150,0,0,5450e471d951fbd68d5df8eea6eabd0a1b7d976d2312ac6c1b261f61f3305a7e,2025-01-21T18:15:14.887000 @@ -280692,7 +280701,7 @@ CVE-2025-22782,0,0,4d4a57c4ca0b47080b236548a74a5ed3bac54edcb8336bdf840fd3b341ca7 CVE-2025-22784,0,0,92af1dcbc21436bcacbb4f07d9a62f95575ba7fc084cf7ac65c2b20d13664c0a,2025-01-15T16:15:41.127000 CVE-2025-22785,0,0,aa4353d5806fe5723076a35c33b8891ff3a61998eca5d33194fb5785a62e2d25,2025-01-15T16:15:41.290000 CVE-2025-22786,0,0,bbe34793af48ca2408914a3f7c7ee4c16a9abc2b55fa750872644376b8835093,2025-01-15T16:15:41.440000 -CVE-2025-22787,0,0,61c6ac678e37e56bdf009616d68873da6951821ed07437bc8836d50664142439,2025-01-15T16:15:41.603000 +CVE-2025-22787,0,1,123539ec0f563d41af7ca03da6e6f99109a8200bc75541fbc478fac310c97242,2025-02-25T15:41:08.223000 CVE-2025-22788,0,0,af55bbe385e5ad19db90f54f67dcad4a6458802599e6dbb5e4a7878a0103b5e0,2025-01-15T16:15:41.750000 CVE-2025-22793,0,0,1e0903441186396148f438dd4c5bf609b6c2892614e2b8eb44fcfefd5125737c,2025-01-15T16:15:41.897000 CVE-2025-22794,0,0,29518117e4a1792c4e052772321e6d0937ed1ba46c8e343f64999407bc634a6a,2025-02-18T19:15:26.560000 @@ -280715,7 +280724,7 @@ CVE-2025-22811,0,0,6b71547c8adb860372eb698d7cfbe94656d55c21afee419e63b97d5ceb180 CVE-2025-22812,0,0,7eb3929399cc1fbb26f1acb4a6b3defb11b6a681947f65ece8ba3a4769554dd0,2025-01-09T16:16:31.047000 CVE-2025-22813,0,0,0949c9095843318912b500add4a3ad813cad20561750d29229375728994d8694,2025-01-09T16:16:31.200000 CVE-2025-22814,0,0,7dcd068dd774394c72f5e46658445be9e10072ed44490ac7c32e7b13630b83b3,2025-01-09T16:16:31.370000 -CVE-2025-22815,0,0,11cce4ccbc93f659e0bd9524cb88fecbd4a761b1cff50dbd82f141375bfffcc2,2025-01-09T16:16:31.543000 +CVE-2025-22815,0,1,427a47ccf7bab8f3a211fbc605d291cf16b3dae87022e7a139ad2415f6a23a2d,2025-02-25T16:55:23.470000 CVE-2025-22817,0,0,954c74c28c9ae42ccc9c3d99fac64ba05760f79804930893f4d8010e8621b083,2025-01-09T16:16:31.693000 CVE-2025-22818,0,0,df699b9ee8f7ac13eddd7a376e3176900d794c4cb9e61c7068ce95105f69c9ee,2025-01-09T16:16:31.850000 CVE-2025-22819,0,0,69c84d2b50a6b5a6c8f29ca3dda1d44a7a2b2e01b78e86c194b0307af2945f38,2025-01-09T16:16:32 @@ -280761,7 +280770,7 @@ CVE-2025-22963,0,0,12477de813cda7364e5796cbdb911aad8e18d4387dfeeba96b71ade7cc11b CVE-2025-22964,0,0,6f4095b29312f46a36413a75c5449d4448cc7574209011a37c7cdb11e5f0802a,2025-02-03T19:15:14.207000 CVE-2025-22968,0,0,d3d48189e9b72af1c9aeb72931ff25b490499842dd9dca10fe5551a85839cd34,2025-02-18T22:15:18.143000 CVE-2025-22973,0,0,b448437ac24e0d115300ac0a18a33b0f031d26cd6428b09fcc05bcdedc10d677,2025-02-21T18:15:32.480000 -CVE-2025-22974,0,0,8fcb6efe31d178a3db96729e4a369a23148b5cef60ab1f0b278bdcdfefb295d4,2025-02-24T23:15:11.033000 +CVE-2025-22974,0,1,40a0d595b144d503f4e0ae2eed3191339e192da9b86b5187580ff3d1a5f71742,2025-02-25T15:15:23.097000 CVE-2025-22976,0,0,34e44a1193299f2815c5773a405812b482572222a2b2eca4f8d55245112e8b61,2025-02-03T19:15:14.397000 CVE-2025-22978,0,0,c26d3b35b5f5b247c22bc9e725ddb59da99594ad5fac650f59f0b0b41ffbe946,2025-02-18T19:15:26.930000 CVE-2025-22980,0,0,90bf7bf36cc737404c9d40dc6715966f270a478ee523b3c5a983294878d28120,2025-01-28T22:15:16.890000 @@ -280785,6 +280794,7 @@ CVE-2025-23019,0,0,d086114380d5b72aae48f2dd063fe423ce3274d7a5a6c9dc170a5da44914e CVE-2025-23020,0,0,25923bb14a1c6995cb5e401bf55760ebf3529321cd6b5a181b1b763453c28634,2025-02-20T03:15:12.630000 CVE-2025-23022,0,0,bb805305ea96825569d9891ea5d8911d64b95f766e73f0709e01ab6077884661,2025-01-16T21:12:15.537000 CVE-2025-23023,0,0,8d62189672cb787e5081908c4fe2e78759d3475dd1f1ecf661879211c3f1488e,2025-02-04T21:15:28.083000 +CVE-2025-23024,1,1,18d62facc2a76d7c40d7a3d665dea6f53df0c2451be12c0fe480f205598d455d,2025-02-25T16:15:38.053000 CVE-2025-23025,0,0,a430643fad54c298ac56c82186034eeeea39626036838a2f98e7e7672f4b6ffd,2025-01-14T18:16:05.650000 CVE-2025-23026,0,0,b268119f7916ba3a282a082a7a4e3bccaa70c542061d608ad26e1251c19332fd,2025-01-13T21:15:15.897000 CVE-2025-23027,0,0,21e7f0bf367301f9d9767775ff2fd1e8d057729c5ff745babdc630ff49bcccd7,2025-01-13T20:15:30.150000 @@ -280826,7 +280836,7 @@ CVE-2025-23081,0,0,88335d5d07bd744f2fedc19f5e2fa983c6c0a68ed633dfc146bea9e424067 CVE-2025-23082,0,0,04a4f0f7ff5458b7d3b3235d7001e50f9111979d3e99a4d703024d8cba8b9a7c,2025-01-14T16:15:36.200000 CVE-2025-23083,0,0,6a501c0dcff9af34582fe35c519636d37da8f27378c2381b47781c6cb71c5067,2025-02-06T15:15:17.597000 CVE-2025-23084,0,0,66590369971d77e93d3e89e756431c61a64701ffca1861b58e6771ed8d358e6e,2025-01-28T16:15:40.827000 -CVE-2025-23085,0,1,889840804db6ae2520e814bb23e4a445ed73b7383c73820abba13ffae74db43d,2025-02-25T13:15:11.103000 +CVE-2025-23085,0,0,889840804db6ae2520e814bb23e4a445ed73b7383c73820abba13ffae74db43d,2025-02-25T13:15:11.103000 CVE-2025-23086,0,0,4888f5c9ad449f11aff3bd2005f3629d6cccf17b7858fa974396434a1fb1f4d8,2025-02-18T21:15:28.100000 CVE-2025-23087,0,0,d2dfad6178ffd77613c0f9b5845bbb16e26962f52773db9d0e6ebd817b0d46a0,2025-02-10T23:15:15.717000 CVE-2025-23088,0,0,845d9312418bf4c13a6587b45a3978c9579f09ecb2202802a6894efed1c83ca0,2025-02-10T23:15:15.853000 @@ -280837,10 +280847,10 @@ CVE-2025-23093,0,0,7320826aecf4e98ab5895586ea1e6e8575244a0f095c3e1b8e12bb0d362e3 CVE-2025-23094,0,0,7cea7e6e51afc006925b4e48de2308fe64516f9177080ff30f9a60f654ae9082,2025-02-11T22:15:30.597000 CVE-2025-23108,0,0,0867ae52bf9537919e00df206497183b5abf45a3a43e56579f476cc3d26e8d6c,2025-01-13T18:15:22.680000 CVE-2025-23109,0,0,4d519c5c41161d21ebd8f814ea3659acc2224a598528dd7d3e4c7b87a5ad8cc0,2025-01-13T18:15:22.903000 -CVE-2025-23110,0,0,b9e32d20d7e6cf23b28c590dc2ad7f239b5186f27517cd303db97f7275b077fa,2025-01-10T22:15:27.550000 -CVE-2025-23111,0,0,d3dc6414a9d0db9ed3cb07471714e79beac7db7fd4adde1f55f9ce769eca585e,2025-01-10T22:15:27.723000 -CVE-2025-23112,0,0,15db9896b5b2ea6c9a640fa45af2c0a8239e079375c847ac6ebc4eb1f4c0822a,2025-01-10T22:15:27.863000 -CVE-2025-23113,0,0,1f4b2afdfc961e6cff47003c2a8a61938611b1820102bae5e7ebdff42c0ff218,2025-01-10T23:15:08.810000 +CVE-2025-23110,0,1,1f29652a619b8421219adac1a2002e9dc55acad71b98814d2bc2dba042d7f047,2025-02-25T16:46:57.373000 +CVE-2025-23111,0,1,bee2b37690105f94a2919f948d33470ba27eac7a0501ea5db580d8c336b4a360,2025-02-25T16:16:50.967000 +CVE-2025-23112,0,1,5295af5f2d972260409bf6e8ddb1e42cd398e210c99c068cbfdfd18c1a2f69a7,2025-02-25T16:14:20.857000 +CVE-2025-23113,0,1,e6cccd37793f33004af385d66a450da8db2860bda0bd7d1ee76256a1a29e87d5,2025-02-25T16:11:55.610000 CVE-2025-23114,0,0,76dcd1ec6e101307de60d1efade8dc8b1885e30638a84718a1a37bbecd49b630,2025-02-05T02:15:28.610000 CVE-2025-23124,0,0,4a6299a78e71ef66b973ec2da68c573755c2e809b823d245784536d2b11ad68d,2025-01-11T15:15:08.930000 CVE-2025-23125,0,0,2e6f0fce9ee8e787d649705f4cf1025930f6b72d6ac2efc70c4c1837b8d7d15b,2025-01-11T15:15:09.023000 @@ -282123,6 +282133,14 @@ CVE-2025-26577,0,0,1471b9d6e9fec6c623a663e5500ad54800d22aa03d3125ea0ff8be8b0728f CVE-2025-26578,0,0,1ba1d37a5d1af1d2f76239a6f2ed820c7ad94689f9ccc172f7eecaa56fe90e3f,2025-02-13T14:16:23.990000 CVE-2025-26580,0,0,c808557e22a6d83e87ce5992c6ff2cdddda2d2aa66f5a321875aca0441d9569c,2025-02-13T14:16:24.250000 CVE-2025-26582,0,0,00823840b86fea4d98d4ba8da828de8ef859573fc8d1e89f9ae001b9d6f9a267,2025-02-13T14:16:24.407000 +CVE-2025-26594,1,1,b06cc91b83d0acae3a413b33a5887e2dca7c0ddbb35aa9497a8bd13ed47ff14e,2025-02-25T16:15:38.227000 +CVE-2025-26595,1,1,08b82f05aa2e24712da59baa585f9d21ed6c2cea9a0f98eb8b6f779c7e75f5a1,2025-02-25T16:15:38.390000 +CVE-2025-26596,1,1,9fc6247173cc30117562dbf1ec105045f021beabcda99247c2a003ec49b5cde2,2025-02-25T16:15:38.603000 +CVE-2025-26597,1,1,cfc58510e84a988bd1b1113583f43d3faa9d4e214304d5824222abd2298a79b8,2025-02-25T16:15:38.797000 +CVE-2025-26598,1,1,c397eb1ffc1a321233e07e524845f6d5565efb6855fbe22e61666868aa350672,2025-02-25T16:15:38.977000 +CVE-2025-26599,1,1,6ad0698b7b01d650daebc66d66f4fae96588faf1c127c5e68d7fdd268af43e17,2025-02-25T16:15:39.163000 +CVE-2025-26600,1,1,db90c16c567a06a15deec845a43d466bc6c8b01873f9c9964805e0052c32a086,2025-02-25T16:15:39.350000 +CVE-2025-26601,1,1,c47459d49a54c86b2087b01903b49c6ce8dfa2dc807e4061c0627b72dfeb7ec1,2025-02-25T16:15:39.537000 CVE-2025-26603,0,0,98d3250593609f9c86edf4134058a63ec04230372680cf78b7b24b6820ee8eb9,2025-02-18T19:15:29.387000 CVE-2025-26604,0,0,21ae053a765aca2e97aa573ccbf14889cfc80448b77b1b7bb3257d333e4e5218,2025-02-18T20:15:33.003000 CVE-2025-26605,0,0,887f32f157eeac58ad8bafc72dfb207493771e8001fa3b09a3fdc5d7653d8731,2025-02-18T22:15:19.387000 @@ -282145,6 +282163,9 @@ CVE-2025-26623,0,0,76c198664d5028187227de3b29ac8db7e0c1dc44e3a8ff433a4ccad52ae08 CVE-2025-26624,0,0,0032c9e0a335a3e4d41712965753468a301071af91365e2d5a3287105e6cd595,2025-02-18T23:15:10.810000 CVE-2025-26700,0,0,7838e370af5b60d8c19726fd509ea0fb299d99686659f9037f2fcd14eb7d3c6a,2025-02-17T03:15:09.750000 CVE-2025-26750,0,0,2a3b9db13d9cd9c23552d1acf8bba46a50acb1724584ded2752728f67ebbd57a,2025-02-22T16:15:31.210000 +CVE-2025-26751,1,1,edb27a91b657732502693638e51fc67fcbb8add7ffaf5abfd4f3ef688da982b1,2025-02-25T15:15:23.457000 +CVE-2025-26752,1,1,970655b190de048fca71c703548df5ff2aac19c5caaf09d70ab64d605c1ef92b,2025-02-25T15:15:23.597000 +CVE-2025-26753,1,1,2a8621877ffa21c192015c24fb174f02cbfab1ec51953a8beef4af30d559ca21,2025-02-25T15:15:23.750000 CVE-2025-26754,0,0,c6936733f960c041e2d01cc063aa11dd1741ca2c92a3c690faf622b8ee29177f,2025-02-17T12:15:28.267000 CVE-2025-26755,0,0,d72b7fc64f3dfb4916a3573544b9dd8890e509f1e9b7f0fa7fb8dbdb0c916a48,2025-02-16T23:15:10.627000 CVE-2025-26756,0,0,42d04b5d3d066a5165b76b4a05636a3c0666943b80a7eece51bcf45901a52bd7,2025-02-22T16:15:31.350000 @@ -282177,8 +282198,65 @@ CVE-2025-26794,0,0,fe65001567301b62f9f70becffce46b16ab4f6e8292d604a049482502e1fc CVE-2025-26803,0,0,7a255b740667bada4fca34455e40a59365b611b064e171d9a400283919805118,2025-02-24T16:15:15.020000 CVE-2025-26819,0,0,0ede991b4b81e17fa4f92afd2308026e6f3d0368afffc246b266200c177a850a,2025-02-15T00:15:28.510000 CVE-2025-26856,0,0,c84a7c72a0341166a47640053a8e7f11274d1f45c4694e798eb68fbe3bfe8515,2025-02-20T06:15:21.673000 +CVE-2025-26868,1,1,218e7fc6a30a6b07c24574fdbf6952c638047b8611418ef84c92a176c36e7ffc,2025-02-25T15:15:23.903000 +CVE-2025-26871,1,1,c6e380fbba9a7e0e5070c6cbce969fda3512839462c386946a3045cde75b0fd9,2025-02-25T15:15:24.040000 +CVE-2025-26876,1,1,0c0ff5289c9ca5cad9b6899673c17cb460cd8cce93610afb429bfea1efbcdd34,2025-02-25T15:15:24.180000 +CVE-2025-26877,1,1,b8bc5a8555e264690bacbd29018b51469a322d482e4edbc23f1152b36e6b6ecf,2025-02-25T15:15:24.380000 +CVE-2025-26878,1,1,274c8e2289aa2d9e0e9eeef7aa3b1b643ef2c6fddcfc3543100e32e96da300ab,2025-02-25T15:15:24.560000 +CVE-2025-26881,1,1,43eafbbaefe756d9680e6710415c3a9bc7fb866552f063d1b795054ae2ef3c2c,2025-02-25T15:15:24.690000 +CVE-2025-26882,1,1,da31030660d9c31d6c95867601bb4a1e1326b8a10da4ef50b5c9c28aeea3d7f9,2025-02-25T15:15:24.837000 CVE-2025-26883,0,0,032931e2986e6fd47c419f54aa0f28ff932d2110f4669f25e27ede4c11fedef6,2025-02-24T15:15:14.007000 +CVE-2025-26884,1,1,ef6a75e5c40d767e2db43a513403b8e7a2c56fd917d4431197e2d489675e181d,2025-02-25T15:15:24.977000 +CVE-2025-26887,1,1,5f03a397621d0f82fb32c01b933df902aea8292f395121bdc1bcdc78124ce80b,2025-02-25T15:15:25.117000 +CVE-2025-26891,1,1,329d8647709e369a69c1e1b7053856361fcdeda7106178321d3f962af8c27ba2,2025-02-25T15:15:25.253000 +CVE-2025-26893,1,1,01d5bd9f4b9dac1660c3fa960b5d4713e932164620f35e4412806cf8e6376711,2025-02-25T15:15:25.390000 +CVE-2025-26896,1,1,695d1ba93b771c2ceb97f546a6dd34ff0eb555b1167b4a889763c23399d69558,2025-02-25T15:15:25.527000 +CVE-2025-26897,1,1,e68fb0b702c5e521bfbf08832288a510d35ccfabf243f3a76b21096f1bee3f19,2025-02-25T15:15:25.690000 +CVE-2025-26900,1,1,4720d71ab37badeeb87280148bffa7b36a54a010f3e8e3e515481e2357eb65f9,2025-02-25T15:15:25.853000 +CVE-2025-26904,1,1,e30ff5f15d94d63eea35eae7a5a2615f0dddbf6e273f71f92b3552864ee261ba,2025-02-25T15:15:25.990000 +CVE-2025-26905,1,1,203bca9d44346d441bd2521be89488ceae479bec0cf7f064cf270218b7fd6560,2025-02-25T15:15:26.127000 +CVE-2025-26907,1,1,55c9e31471fc76359c93604a79dca0a4c96b46bceedf6502252b0c06f6019b39,2025-02-25T15:15:26.263000 +CVE-2025-26911,1,1,7ee77a7ec74c8a9d61c1458a78b51a8abdec40a11b59d49f2975a7ff7fddb61d,2025-02-25T15:15:26.393000 +CVE-2025-26912,1,1,ad22609fd9032156574209ff16fd9db9b488e7e5472493b11595563db580f46a,2025-02-25T15:15:26.530000 +CVE-2025-26913,1,1,87dc7ff4bfbfd50369927841e18e8f04705a501d67e2356cb8e03ad91119d7e4,2025-02-25T15:15:26.663000 +CVE-2025-26915,1,1,a04899900f181377e6a95e938a68033eb5af29fa133192d9338babfe6f9e3fdc,2025-02-25T15:15:26.793000 +CVE-2025-26926,1,1,e0b2ed68075c39ca88de0f8c085ee1d4468ef46959ebcc7b5f62d0eeb480b959,2025-02-25T15:15:26.930000 +CVE-2025-26928,1,1,4f2b8baf8731abb08be327e0840ecf27ba8918ee5856607f52e7dc31562f669f,2025-02-25T15:15:27.067000 +CVE-2025-26931,1,1,dfe9cf504dc8e7d5205e625dd2310adb538fc7f1d9aebdc368436b3359327eab,2025-02-25T15:15:27.200000 +CVE-2025-26932,1,1,e435029410a3204a612ba8f557109d74185c024c43f44d4a6c0866e764ca3380,2025-02-25T15:15:27.337000 +CVE-2025-26935,1,1,21d4dad3121b4afc1d03c8998020680c4a84980e054b80307163187cc9a6dfe7,2025-02-25T15:15:27.470000 +CVE-2025-26937,1,1,cba9df40d9bf783d4bef57e4dc91bf7cae048150a03315146627098859b0a973,2025-02-25T15:15:27.607000 +CVE-2025-26938,1,1,a42b4c5ce56977f2c0d5c5b1d11a81a32ab6bccfb614bee215176a56990ff7ef,2025-02-25T15:15:27.747000 +CVE-2025-26939,1,1,c6a6161736ac70a9d79c62ff965af5ca6a118e51f57c629789fb085de0dc8e12,2025-02-25T15:15:27.883000 +CVE-2025-26943,1,1,8e5ed1967a057125ea2c02d127299a19af570960f4fcf065695e48672acffc52,2025-02-25T15:15:28.030000 +CVE-2025-26945,1,1,41637e91af1963f1310b429c791b80fa27b48fbc81ab1f3c4818e31f147ca4f2,2025-02-25T15:15:28.177000 +CVE-2025-26946,1,1,058ee8700d725e7c85f06d60e860086b3f7468c787177b134fc0e3068a2ccd2e,2025-02-25T15:15:28.320000 +CVE-2025-26947,1,1,9f95d916e98fd1795fc482a62a514cd1a64521043c2cf1b5de49c397403765df,2025-02-25T15:15:28.457000 +CVE-2025-26948,1,1,ecd0e054bd108b6d8cea70c32089dcc154d1991a20b9f92624396b54b6d94b8a,2025-02-25T15:15:28.597000 +CVE-2025-26949,1,1,bf1bf81768d984834c2e987e3b0f648e32509e1ec4d35d07acd31a005558f5b1,2025-02-25T15:15:28.733000 +CVE-2025-26952,1,1,5b438c03724eda2ae37c090847fa21675502ea35670399165ed96c6414ed315e,2025-02-25T15:15:28.870000 +CVE-2025-26957,1,1,92d19c947c571f9ba4e3dfe864004a49567d6e106f5cce55750ad70bd1785e4b,2025-02-25T15:15:29.010000 +CVE-2025-26960,1,1,7cd4fb0389d12f748a8212ba05dc3e78613c9c8da65e016b6c1af5f6c1ecafba,2025-02-25T15:15:29.150000 +CVE-2025-26962,1,1,62a39c3d024fa18266687c9da36c836b03c7824d3134dde63882239733e63a29,2025-02-25T15:15:29.290000 +CVE-2025-26963,1,1,07035a320c21b6e71d01834d2bb9c3883e8be7f96d741a3f3ec9094f943d93db,2025-02-25T15:15:29.420000 +CVE-2025-26964,1,1,e8228877ef1dc54ad0c8dca9e56edad3178e8d95383d36377945c48b3909da0a,2025-02-25T15:15:29.557000 +CVE-2025-26965,1,1,e57b91c956359483af8756721acac3ea5f8c5463d1807af881f958312e3e29d4,2025-02-25T15:15:29.703000 +CVE-2025-26966,1,1,9de31d2f62f3c4c2fbccde950e9df21e8571c7aeaffd0ec38f282e67e94e821a,2025-02-25T15:15:29.870000 +CVE-2025-26971,1,1,a7f63d24c442bb87f8e406fa4a3cb6e1d299660b730e4e6b0a10eda6ebd29947,2025-02-25T15:15:30.017000 CVE-2025-26973,0,0,610ca521f6df23787468cbd6d7246985670b9cbd38aeda403a910446401c6120,2025-02-22T16:15:32.347000 +CVE-2025-26974,1,1,b3ac041826881ef752728c9c6ec64b10e6e11c96efb84c83543471698154eab3,2025-02-25T15:15:30.153000 +CVE-2025-26975,1,1,d4c864c23b2597dc21e1c29f95f8304e440c70810aa043b39e52c86c8aafabf8,2025-02-25T15:15:30.300000 +CVE-2025-26977,1,1,ea2710ca724bb476618b03c648f7d453c27b1d1845b566c4d67d63376bffca78,2025-02-25T15:15:30.443000 +CVE-2025-26979,1,1,66c096249431ca3d99231ed232ba9ee30d1cf1dec6b2f142065c16b147732237,2025-02-25T15:15:30.587000 +CVE-2025-26980,1,1,b5e9d6897915f706de2a9c74cb053661c8f72fcaf2d5013bc68ef4037309eabd,2025-02-25T15:15:30.730000 +CVE-2025-26981,1,1,d3f1e50adb8683761014a42261f69cf8350935fe275e96531759aadec7b07e0e,2025-02-25T15:15:30.873000 +CVE-2025-26983,1,1,f542a65cddf1570ef96254f9e7f1b46456ccfa99bdbb2e42676c102966781239,2025-02-25T15:15:31.043000 +CVE-2025-26985,1,1,de16cf03c56736ee8f36ce313f3b53c75a2757d9c8e906bd65ac59ef20fe8ed9,2025-02-25T15:15:31.183000 +CVE-2025-26987,1,1,0ce3e0b1ceabf72b106024215d365c7ba8be09463dd4213a745189fe3b6a5c6d,2025-02-25T15:15:31.313000 +CVE-2025-26991,1,1,de31a1e5ead0a1570b8a0ee8597baa5e9639bace8b6677b09c3ab746a0e741a9,2025-02-25T15:15:31.460000 +CVE-2025-26993,1,1,97b3b3898170304753b14ade10ed7b5c7f11cbd3bf6dcec239ab8998b84bb6d9,2025-02-25T15:15:31.590000 +CVE-2025-26995,1,1,47a89bd56716aecb4e782f84398b19f7861338161bc4984efff24b4e3526b661,2025-02-25T15:15:31.720000 +CVE-2025-27000,1,1,3e130e597951e39a437c9b88cdc3c49e80429ca02775e75850f181fc2467b6e8,2025-02-25T15:15:31.853000 CVE-2025-27012,0,0,7363d114ae429e53b3d9610c9cb193ed78cd11421be4a33a19fcf6bd0f11da65,2025-02-22T16:15:32.497000 CVE-2025-27013,0,0,5da49234db7e8d732a635aee7726c50524766c42564dc53ab30d5668c258b6b4,2025-02-18T20:15:33.880000 CVE-2025-27016,0,0,5734e0571ba6c0e2c4f7b9ec5f3fbe3b4fb52f565f2d154b09a195684451638c,2025-02-18T20:15:34.013000 @@ -282204,7 +282282,7 @@ CVE-2025-27140,0,0,2964053422621195e160e6550b952cf184c5edc007d9580344eb7b008bf03 CVE-2025-27141,0,0,19a3c923af6f6f4189d4be91702969bf59100e645a0e1d60c810d2a5f034238b,2025-02-24T22:15:23.077000 CVE-2025-27143,0,0,f6196a31f6bc594bd6a78f99bac329907739405671eed3f73a517d781727c862,2025-02-24T23:15:11.160000 CVE-2025-27144,0,0,1943a5ebc9fa4ebdac773d12aa5884bfb6e27a53701e1ad9e8e73a5ce013ecba,2025-02-24T23:15:11.427000 -CVE-2025-27145,0,1,38c5004ff48d2670f12fb99a3982f3e02a12208e5ab880775c9f41ae19934057,2025-02-25T14:15:31.567000 +CVE-2025-27145,0,0,38c5004ff48d2670f12fb99a3982f3e02a12208e5ab880775c9f41ae19934057,2025-02-25T14:15:31.567000 CVE-2025-27218,0,0,efa55c2dc9300fcbe5554c514f0fd9c100e33cfb72ff20b2eedb0bf35dee5b0b,2025-02-20T21:15:26.510000 CVE-2025-27265,0,0,f92ef224928c265ed828ba40cf1c61290404ad79163953c8c2df56f81d7b8ab6,2025-02-24T15:15:14.310000 CVE-2025-27266,0,0,7b4f333de7657eb474765345c5822ee79cdee853af3b515f2a266de5b5a75147,2025-02-24T15:15:14.443000