Auto-Update: 2025-02-14T11:00:57.396231+00:00

2025-07-11 16:13:34 +00:00 · 2025-02-14 11:04:25 +00:00 · 2025-02-14 11:04:25 +00:00 · 6143e29c4c
commit 6143e29c4c
parent 3f72c90a48
5 changed files with 232 additions and 19 deletions
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13735.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13735.json
@ -0,0 +1,68 @@
 {
  "id": "CVE-2024-13735",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-02-14T10:15:09.207",
  "lastModified": "2025-02-14T10:15:09.207",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://docs.hurrytimer.com/getting-started/creating-a-one-time-campaign",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3239755/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://wordpress.org/plugins/hurrytimer/#developers",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5b247a7-50f4-4d35-b24a-2c788ba0b051?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-525xx/CVE-2024-52577.json
+++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52577.json
@ -0,0 +1,78 @@
 {
  "id": "CVE-2024-52577",
  "sourceIdentifier": "security@apache.org",
  "published": "2025-02-14T10:15:09.557",
  "lastModified": "2025-02-14T10:15:09.557",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "security@apache.org",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 9.5,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH",
          "vulnerableSystemAvailability": "HIGH",
          "subsequentSystemConfidentiality": "HIGH",
          "subsequentSystemIntegrity": "HIGH",
          "subsequentSystemAvailability": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh",
      "source": "security@apache.org"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-267xx/CVE-2025-26791.json
+++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26791.json
@ -0,0 +1,68 @@
 {
  "id": "CVE-2025-26791",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2025-02-14T09:15:08.067",
  "lastModified": "2025-02-14T09:15:08.067",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
          "baseScore": 4.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@mitre.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://ensy.zip/posts/dompurify-323-bypass/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://nsysean.github.io/posts/dompurify-323-bypass/",
      "source": "cve@mitre.org"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2025-02-14T09:00:37.747043+00:00
+2025-02-14T11:00:57.396231+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2025-02-14T08:15:31.357000+00:00
+2025-02-14T10:15:09.557000+00:00
 ```
 ### Last Data Feed Release
@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-281330
+281333
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `6`
+Recently added CVEs: `3`
- [CVE-2024-57969](CVE-2024/CVE-2024-579xx/CVE-2024-57969.json) (`2025-02-14T07:15:32.340`)
+- [CVE-2024-13735](CVE-2024/CVE-2024-137xx/CVE-2024-13735.json) (`2025-02-14T10:15:09.207`)
- [CVE-2024-9601](CVE-2024/CVE-2024-96xx/CVE-2024-9601.json) (`2025-02-14T07:15:32.570`)
+- [CVE-2024-52577](CVE-2024/CVE-2024-525xx/CVE-2024-52577.json) (`2025-02-14T10:15:09.557`)
- [CVE-2025-1298](CVE-2025/CVE-2025-12xx/CVE-2025-1298.json) (`2025-02-14T08:15:30.877`)
+- [CVE-2025-26791](CVE-2025/CVE-2025-267xx/CVE-2025-26791.json) (`2025-02-14T09:15:08.067`)
 - [CVE-2025-22630](CVE-2025/CVE-2025-226xx/CVE-2025-22630.json) (`2025-02-14T07:15:32.750`)
 - [CVE-2025-26788](CVE-2025/CVE-2025-267xx/CVE-2025-26788.json) (`2025-02-14T08:15:31.183`)
 - [CVE-2025-26789](CVE-2025/CVE-2025-267xx/CVE-2025-26789.json) (`2025-02-14T08:15:31.357`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 - [CVE-2024-11078](CVE-2024/CVE-2024-110xx/CVE-2024-11078.json) (`2025-02-14T07:15:31.900`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244414,7 +244414,7 @@ CVE-2024-11074,0,0,9ddd701162e98311d74e0a8bfa122cb1361e573e5cdd3c644d4ea5411ff07
 CVE-2024-11075,0,0,1453691218eaa30381e9b896380b7d3816e51e01355ecf6bb51d349da772dacc,2024-11-19T21:57:32.967000
 CVE-2024-11076,0,0,82524b74886a82ba09f33edf13fd9a8f5f86e092e9bbf909a4e53028c97856fb,2024-11-14T19:14:26.717000
 CVE-2024-11077,0,0,a548949903d5d799c3512cf90a23f879ee8299884e96a824994982a4f1a0ff5f,2024-11-14T18:57:17.743000
-CVE-2024-11078,0,1,0920bb7e0657f830205c7e5026e87a05aa8532129d29ae669124476468117fcd,2025-02-14T07:15:31.900000
+CVE-2024-11078,0,0,0920bb7e0657f830205c7e5026e87a05aa8532129d29ae669124476468117fcd,2025-02-14T07:15:31.900000
 CVE-2024-11079,0,0,4429678b1338007ef95bc9554c7c9cf15512d4d01927364e7ca6363e4b71338b,2024-12-18T04:15:06.310000
 CVE-2024-1108,0,0,41de46f3dcaf9533283bc7e75a781616c5054e3d3c6e5f547b16c496a7c97db1,2025-01-28T02:43:57.227000
 CVE-2024-11081,0,0,868ddada0bf262c198b91d0f6dc5cc082627c1fafb1bc6c0669f2cc02fb00c28,2024-11-20T18:15:22.340000
@ -246671,6 +246671,7 @@ CVE-2024-13723,0,0,600a5c5526201e2ff99f92af892f4feb671cccfa846ec078e384c904fd421
 CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000
 CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb99ad,2025-01-31T20:22:33.503000
 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000
 CVE-2024-13735,1,1,5831f6a512bd98ee3e9e0b41a189da9a28ce9d6efc5226591d1a0439e0759ef9,2025-02-14T10:15:09.207000
 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000
 CVE-2024-13749,0,0,fa49a56d794b918ee6fa35ef50df2653d252668435c8dac71b45b6f7e2100eab,2025-02-12T04:15:09.793000
@ -271904,6 +271905,7 @@ CVE-2024-52571,0,0,77a9159855cd62fa01f047f9112fd0953f87a29ce60ac61f24d8893b5a240
 CVE-2024-52572,0,0,6376707757e7137e4ed57cb6aa915c75f77a0c9d8f5dcf819a13dd807d60e570,2024-12-10T14:30:46.097000
 CVE-2024-52573,0,0,9b0b6e6543aa62aa5974779f944f035fd69c656fc6d7016b22eedb4bc991f5cb,2024-12-10T14:30:46.227000
 CVE-2024-52574,0,0,d8df409b977762d84a83d9a80a80d32c1ddc712a3a86833baf305ddb75a990a9,2024-12-10T14:30:46.367000
 CVE-2024-52577,1,1,33fca88357fa2aabcdfe2b713b797245700ab3a028f90fd81cbca4052b90d80b,2025-02-14T10:15:09.557000
 CVE-2024-52579,0,0,d378de938891f71e4fc556c9415102b9e08c8e29cf41254f78470db78534fb63,2024-12-18T20:15:23.383000
 CVE-2024-5258,0,0,53374e7ddf7cf7e465eb57d73b1205feee2ef084995ee89434e5eccc31b66e53,2024-12-13T17:09:56.883000
 CVE-2024-52581,0,0,eebf748bb1f77ebde863c93ef3f2148c2ec8f59bbc22dcc86790ce8d59decaaf,2024-11-25T14:15:07.077000
@ -274941,7 +274943,7 @@ CVE-2024-57965,0,0,1ec783f88325ed02c1810413dbff411d8a59c49db780f7d0fa48c58005555
 CVE-2024-57966,0,0,61d2b5fd5d958d136f7dd40b4676334560812ee79ee948ded13f78b89db9e1c9,2025-02-09T05:15:32.883000
 CVE-2024-57967,0,0,8fee44e6eb84e9ffdf47037f396d369451745de427e458c886fbbf4f38d70d65,2025-02-03T18:15:37.853000
 CVE-2024-57968,0,0,df2d26687f6eb03cc4ebdae430a2d63e09872c2f76ae608d0c55e2648f4f6e40,2025-02-06T18:15:32.287000
-CVE-2024-57969,1,1,b371badd84f84271fd7c4769fff6f836cd92998659f71f251308fa31806e425a,2025-02-14T07:15:32.340000
+CVE-2024-57969,0,0,b371badd84f84271fd7c4769fff6f836cd92998659f71f251308fa31806e425a,2025-02-14T07:15:32.340000
 CVE-2024-5798,0,0,1cf6b5fddcb53bc6e432a6a3428f56651407d96c3d029c184944ae69fb8dd23b,2024-11-21T09:48:21.013000
 CVE-2024-5799,0,0,23def4a6c23961b05e747f80024dd1bb17c6a1bb6930d36587790a1981c0653f,2024-09-26T20:39:09.127000
 CVE-2024-5800,0,0,0f1ba4e6921bceda8aa9f69d4954ff1ca271a0069f260f484c22f7b777658fee,2024-08-12T13:41:36.517000
@ -278256,7 +278258,7 @@ CVE-2024-9595,0,0,affe800d4ccb9fbe30c63eaf437475e7b4f1b8f6ed06b3135e5296a266d83c
 CVE-2024-9596,0,0,97d2b24b69eeab4b46fc850bb8355e0549024bcd45410c14a3bd69da526dabde,2024-10-16T17:00:19.787000
 CVE-2024-9598,0,0,5c0fa148e22055423c63f1a7155091692b712567127d27765647509813b47724,2024-10-25T12:56:07.750000
 CVE-2024-9600,0,0,ea15b50099d09f31b8281c72f2e9f7d888450824868eb6eb5785430b8539a997,2024-11-21T18:15:15.853000
-CVE-2024-9601,1,1,81b6958d2d5ea875a80fc76ae37785ac7d2772cfdcb27aaa31ffe9273b852d61,2025-02-14T07:15:32.570000
+CVE-2024-9601,0,0,81b6958d2d5ea875a80fc76ae37785ac7d2772cfdcb27aaa31ffe9273b852d61,2025-02-14T07:15:32.570000
 CVE-2024-9602,0,0,97e94b3551b8a143150ba66a2e724dafe158b773cf8b0069e0eeb8d400c5b732,2025-01-02T16:48:01.163000
 CVE-2024-9603,0,0,50669f21073ac14122f480035b4c1b46d69ab6d3ffcc460bb7bd86545f71cc92,2025-01-02T16:48:21.323000
 CVE-2024-9607,0,0,54c7fa609071a2960fe8514c7e09434070f7928dbf6bf2601a0c6b5966a0c0f2,2024-11-05T17:40:57.777000
@ -279217,7 +279219,7 @@ CVE-2025-1247,0,0,c04092dcf345103badb80fdd95e22fac8a6844256bbf5405f306402957fc9e
 CVE-2025-1270,0,0,236281c7e2f02c32874e4e3709dfb4e8e9ebb69fe161a8786e8aa1222fe115b8,2025-02-13T13:15:09.273000
 CVE-2025-1271,0,0,5d817e390688ef07b23033305a3d61b54ec7909b543740a3f3f14f0970450461,2025-02-13T13:15:09.433000
 CVE-2025-1283,0,0,e0bfe5d939a3d4bf1cd2099051e27f05a10fae661af34307090edba35da62446,2025-02-13T22:15:11.413000
-CVE-2025-1298,1,1,c241b07b63fa1a12db4bf2cbddc777a3c460534a51a196b1be44ba87a34980ab,2025-02-14T08:15:30.877000
+CVE-2025-1298,0,0,c241b07b63fa1a12db4bf2cbddc777a3c460534a51a196b1be44ba87a34980ab,2025-02-14T08:15:30.877000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20029,0,0,58d0a26aacf6cc700c9707f22937d4a9fd06e9e8ac5a17ed011c7efb874a7f40,2025-02-05T18:15:29.573000
@ -279993,7 +279995,7 @@ CVE-2025-22618,0,0,c19d0c974c1e5e33f6d26b1c1e9e7666054e0a20c6f455c24ab32d4bd2226
 CVE-2025-22619,0,0,94078c2e9a44454365aeb387ac2d1c51351bb08f1b9ba4f80444a5076273dcd6,2025-02-13T19:44:19.580000
 CVE-2025-22620,0,0,428c7806e74732326369c718351571848c196156b9eb9eb7ffe99ba9002a1b52,2025-01-20T16:15:28.017000
 CVE-2025-22621,0,0,6ff4aa50f3e07d892cb8ed858e238d42c832836da0723e6a77be4111c28ff27e,2025-01-15T17:15:20.810000
-CVE-2025-22630,1,1,79b3801f8ae7e0fc2c6a6c47d25a128abd9fd0016caa673d59d6e5ab1ad69955,2025-02-14T07:15:32.750000
+CVE-2025-22630,0,0,79b3801f8ae7e0fc2c6a6c47d25a128abd9fd0016caa673d59d6e5ab1ad69955,2025-02-14T07:15:32.750000
 CVE-2025-22641,0,0,6bee2e22f4c2218c32261d50c3b76051122c36d8b22f1fe821f826f72b0d1ffb,2025-02-04T15:15:19.923000
 CVE-2025-22642,0,0,d0279d5449b2366770bc36c2393099b2add7493668b07ac0032c83f0b12bbe59,2025-02-04T15:15:20.120000
 CVE-2025-22643,0,0,fd67cfd00b1e33d83319275ceba21fc740b30ef0e3446cfe07e423c7f8efc474,2025-02-04T15:15:20.350000
@ -281327,5 +281329,6 @@ CVE-2025-26577,0,0,cc2f8c1ac7aa0d1b35a1f7b5d360e0b2d07e13834785542e837aebe416cbf
 CVE-2025-26578,0,0,cd72ae9257326f25b0cb5e50eefc8b87bc4caefa625d6784329a0c22f9290202,2025-02-13T14:16:23.990000
 CVE-2025-26580,0,0,916e7b90eb27b1f7f000689c1c2c0d448ca25a3cef16eef15cec717bb455efdc,2025-02-13T14:16:24.250000
 CVE-2025-26582,0,0,6e8fe3f3ea1ebd2d8730cc1aef1506305d1a9b31eb701ca7bcc9103287dcd909,2025-02-13T14:16:24.407000
-CVE-2025-26788,1,1,64332a85fdb9912d1b73ed075990a903c9543c33a30078e66d3be5a1bd8bc2eb,2025-02-14T08:15:31.183000
+CVE-2025-26788,0,0,64332a85fdb9912d1b73ed075990a903c9543c33a30078e66d3be5a1bd8bc2eb,2025-02-14T08:15:31.183000
-CVE-2025-26789,1,1,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c39a,2025-02-14T08:15:31.357000
+CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c39a,2025-02-14T08:15:31.357000
 CVE-2025-26791,1,1,28eb1d0afcd61972f13b97caf0726f6e93e2cf3d6750a8c270a87f23b2ff53ae,2025-02-14T09:15:08.067000