admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-25T07:00:19.378680+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-25 07:03:46 +00:00
parent 475aee6968
commit 6de6b40bd6
5 changed files with 191 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-137xx/CVE-2024-13721.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13721",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-25T06:15:27.860",
"lastModified": "2025-01-25T06:15:27.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-85"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/plethora-tabs-accordions/trunk/plethoraplugins-tabs.php#L423",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9755e5d4-dbf6-4778-84d6-cc967e8afb48?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-04xx/CVE-2025-0411.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0411",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-01-25T05:15:09.533",
"lastModified": "2025-01-25T05:15:09.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/",
"source": "zdi-disclosures@trendmicro.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/24/6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

60
CVE-2025/CVE-2025-06xx/CVE-2025-0682.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0682",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-25T06:15:28.740",
"lastModified": "2025-01-25T06:15:28.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15a9718f-f877-4e33-8f7a-950791c4ca85?source=cve",
"source": "security@wordfence.com"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-25T05:00:19.644483+00:00
2025-01-25T07:00:19.378680+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-25T04:15:07.670000+00:00
2025-01-25T06:15:28.740000+00:00
```
### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
278932
278935
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
- [CVE-2024-13709](CVE-2024/CVE-2024-137xx/CVE-2024-13709.json) (`2025-01-25T04:15:07.670`)
- [CVE-2024-13721](CVE-2024/CVE-2024-137xx/CVE-2024-13721.json) (`2025-01-25T06:15:27.860`)
- [CVE-2025-0411](CVE-2025/CVE-2025-04xx/CVE-2025-0411.json) (`2025-01-25T05:15:09.533`)
- [CVE-2025-0682](CVE-2025/CVE-2025-06xx/CVE-2025-0682.json) (`2025-01-25T06:15:28.740`)
### CVEs modified in the last Commit

5
_state.csv
View File

@ -246176,9 +246176,10 @@ CVE-2024-13683,0,0,fb57f44e8b2d58d524faa1dd2ea3874f278594c1d56e7f409ae90b680d7e7
CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000
CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000
CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
CVE-2024-13709,1,1,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
CVE-2024-1371,0,0,700f360c37065b466d7daf295c0b566055365a6732e2b4756cd7fe3bd3dfd8e6,2024-11-21T08:50:26.150000
CVE-2024-1372,0,0,ba2b445471fec156b955b505675756eb0a79c6540c94f30d84a8242b3e912ff8,2024-11-21T08:50:26.277000
CVE-2024-13721,1,1,1ec94cb9c62b02c9472486b901c3addbef65df476872a8f8db6b902dfdcff790,2025-01-25T06:15:27.860000
CVE-2024-1373,0,0,fe1a60358155e50861f1a17ac7fa6b7d28a7605ff8e98d9097ab1950f180ef33,2024-03-11T10:15:49.383000
CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@ -277566,6 +277567,7 @@ CVE-2025-0407,0,0,8d1bea41d96dceb0e8000e5eb9f589c13396bad4054ce09f0d87bbcc36005a
CVE-2025-0408,0,0,2729cf9415a38755adad695073dad161acc79ef38638b787879efcd1f5040e8e,2025-01-13T14:15:10.073000
CVE-2025-0409,0,0,9622ef176974a666883ccef87aa9961f8329f556e68cbb6ca3f25010c47796f0,2025-01-13T18:15:21.430000
CVE-2025-0410,0,0,77fcc9d20cbc72a10bd98fd8a0d76eb1f68bad51f3fb695c8bb4e738dc713659,2025-01-13T18:15:21.730000
CVE-2025-0411,1,1,506084f290a8ea5ea4a0efc27b50984e7338b12946697eca474a50bc0a957a87,2025-01-25T05:15:09.533000
CVE-2025-0412,0,0,c39a3dcab0c6d49c3211d3247bc68e95a0d8b1c80f2a5bafe11ee5bd72adb69a,2025-01-13T04:15:06.477000
CVE-2025-0428,0,0,53ca33b8751cace74b1767e06da6e1ef57d9382b6c96eab72106c311721ef6db,2025-01-24T20:56:49.767000
CVE-2025-0429,0,0,78859fcdeaa45b49773faf4a287c5acdb235628b0cbfb95e3aa51c974c22a44b,2025-01-24T20:51:18.657000
@ -277671,6 +277673,7 @@ CVE-2025-0638,0,0,ac9cca0d245198ff4674963eab0600993bc0b56692f14b75cf07327388ff27
CVE-2025-0648,0,0,f9d79465ad3803b75ff57d725f789e40aa0e726161afba05440d8db3881a4794,2025-01-23T11:15:11.030000
CVE-2025-0650,0,0,c255caf8716f9fc68172a701cd0571e8e2d98976a4a7a688b3c43cb943fe86cc,2025-01-23T18:15:33.110000
CVE-2025-0651,0,0,8c67aa0f80c9f1e30412c542495f9f971e1fa118a8f80db65a60da0b955bdf05,2025-01-22T18:15:20.363000
CVE-2025-0682,1,1,92fd5473746c4976c6352d82859f2d6dd42876faa3743bd2fa1f5cfd951d9a04,2025-01-25T06:15:28.740000
CVE-2025-0693,0,0,2dbd0ee2fa3f9bda7df2c547c0b425cdbbb9ef75c33ee753ae3804f02fa74725,2025-01-23T22:15:15.397000
CVE-2025-0697,0,0,2b300d6fe20cc05389e1f1da76da10c584853d80e73da80ea6280f5fc93d0276,2025-01-24T15:15:12.130000
CVE-2025-0698,0,0,41b2c00dd6b2e11497e6ad0d5935ff7e418c7e8ce23cb7590bf86289758b8bd6,2025-01-24T16:15:37.717000

Can't render this file because it is too large.