Auto-Update: 2024-06-22T08:00:18.673482+00:00

2025-05-30 18:21:17 +00:00 · 2024-06-22 08:03:12 +00:00 · 2024-06-22 08:03:12 +00:00 · 6e4a9225ab
commit 6e4a9225ab
parent 1e5fe61795
5 changed files with 170 additions and 25 deletions
--- a/CVE-2024/CVE-2024-35xx/CVE-2024-3593.json
+++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3593.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3593",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-22T06:15:09.683",
+  "lastModified": "2024-06-22T06:15:09.683",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated attackers to delete and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/ubermenu-wordpress-mega-menu-plugin/154703",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/621ef583-bf99-4b81-ae9c-b4f1c86b86aa?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-49xx/CVE-2024-4940.json
+++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4940.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-4940",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-06-22T06:15:11.137",
+  "lastModified": "2024-06-22T06:15:11.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-55xx/CVE-2024-5596.json
+++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5596.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-5596",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-06-22T06:15:11.470",
+  "lastModified": "2024-06-22T06:15:11.470",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-22T06:00:18.948003+00:00
+2024-06-22T08:00:18.673482+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-22T05:15:11.837000+00:00
+2024-06-22T06:15:11.470000+00:00
 ```

 ### Last Data Feed Release
@ -33,29 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-254944
+254947
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `9`
+Recently added CVEs: `3`

- [CVE-2024-21514](CVE-2024/CVE-2024-215xx/CVE-2024-21514.json) (`2024-06-22T05:15:09.637`)
- [CVE-2024-21515](CVE-2024/CVE-2024-215xx/CVE-2024-21515.json) (`2024-06-22T05:15:10.730`)
- [CVE-2024-21516](CVE-2024/CVE-2024-215xx/CVE-2024-21516.json) (`2024-06-22T05:15:10.967`)
- [CVE-2024-21517](CVE-2024/CVE-2024-215xx/CVE-2024-21517.json) (`2024-06-22T05:15:11.173`)
- [CVE-2024-21518](CVE-2024/CVE-2024-215xx/CVE-2024-21518.json) (`2024-06-22T05:15:11.403`)
- [CVE-2024-21519](CVE-2024/CVE-2024-215xx/CVE-2024-21519.json) (`2024-06-22T05:15:11.620`)
- [CVE-2024-4874](CVE-2024/CVE-2024-48xx/CVE-2024-4874.json) (`2024-06-22T05:15:11.837`)
- [CVE-2024-5965](CVE-2024/CVE-2024-59xx/CVE-2024-5965.json) (`2024-06-22T04:15:12.460`)
- [CVE-2024-5966](CVE-2024/CVE-2024-59xx/CVE-2024-5966.json) (`2024-06-22T04:15:12.940`)
+- [CVE-2024-3593](CVE-2024/CVE-2024-35xx/CVE-2024-3593.json) (`2024-06-22T06:15:09.683`)
+- [CVE-2024-4940](CVE-2024/CVE-2024-49xx/CVE-2024-4940.json) (`2024-06-22T06:15:11.137`)
+- [CVE-2024-5596](CVE-2024/CVE-2024-55xx/CVE-2024-5596.json) (`2024-06-22T06:15:11.470`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-29973](CVE-2024/CVE-2024-299xx/CVE-2024-29973.json) (`2024-06-22T04:15:10.843`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243224,12 +243224,12 @@ CVE-2024-21509,0,0,b1840eaff4c2213087c96721aaf87fdc6158bea90de6f63bdc95977af5681
 CVE-2024-2151,0,0,43d1a22352e1e830bef22f2b8bd5a33b83725db15329384a70a3ee26b8a5da55,2024-05-17T02:38:04.663000
 CVE-2024-21511,0,0,d034a9f6c4dcc55a5c4fdcdd7e3a31e0606abc8a26dae5773e22f734aa49e036,2024-04-23T12:52:09.397000
 CVE-2024-21512,0,0,aa76b050e4c93f61d8197b2abb831a8245fb81d83da1143493979b801398852e,2024-06-06T13:15:31.390000
-CVE-2024-21514,1,1,eda90a60621e0f44ed39680a983efe1636a533ac39f703d4f7e15e9ea899ac40,2024-06-22T05:15:09.637000
-CVE-2024-21515,1,1,c231f80a1974a2ba4009fda65f5305b6ce586d7c49acc6406d93a1fb57f8010c,2024-06-22T05:15:10.730000
-CVE-2024-21516,1,1,1e219491fe86c0c0389748c76658c75362774fb08c98a9e6e10035a8b3295b61,2024-06-22T05:15:10.967000
-CVE-2024-21517,1,1,44addbee25eeb628a89b45abcf056e500672454316f2fba920ffb665f4eac087,2024-06-22T05:15:11.173000
-CVE-2024-21518,1,1,d176c05aeea1917b37c37a96a5403bad5a3dd404e893ec8849f30190746e0ac6,2024-06-22T05:15:11.403000
-CVE-2024-21519,1,1,2065325e10215ac437a91a40fa4cfdeec3b134efe7e89432621676cb2c28c3f1,2024-06-22T05:15:11.620000
+CVE-2024-21514,0,0,eda90a60621e0f44ed39680a983efe1636a533ac39f703d4f7e15e9ea899ac40,2024-06-22T05:15:09.637000
+CVE-2024-21515,0,0,c231f80a1974a2ba4009fda65f5305b6ce586d7c49acc6406d93a1fb57f8010c,2024-06-22T05:15:10.730000
+CVE-2024-21516,0,0,1e219491fe86c0c0389748c76658c75362774fb08c98a9e6e10035a8b3295b61,2024-06-22T05:15:10.967000
+CVE-2024-21517,0,0,44addbee25eeb628a89b45abcf056e500672454316f2fba920ffb665f4eac087,2024-06-22T05:15:11.173000
+CVE-2024-21518,0,0,d176c05aeea1917b37c37a96a5403bad5a3dd404e893ec8849f30190746e0ac6,2024-06-22T05:15:11.403000
+CVE-2024-21519,0,0,2065325e10215ac437a91a40fa4cfdeec3b134efe7e89432621676cb2c28c3f1,2024-06-22T05:15:11.620000
 CVE-2024-2152,0,0,3cc97618eb3606d7138054800fe4c9dd1b810706cf75a720e72d22a25acc79fd,2024-05-17T02:38:04.770000
 CVE-2024-2153,0,0,32d949763a8c44673b751742c2df9fc58704fdbb602a296b8827b8bcaaa1ed2f,2024-05-17T02:38:04.867000
 CVE-2024-2154,0,0,ad1f5443da5008cd83aa665fb0ec59294e0b766fedda6af927118b7949d4ad34,2024-05-17T02:38:04.970000
@ -248598,7 +248598,7 @@ CVE-2024-29968,0,0,76c6a6d6e702eab18ed6ce28244f46395278fc23ed27747337db2cb902c35
 CVE-2024-29969,0,0,f16f6487ea10360dec838824d2148298e2039f6602688dd9caf524b4969c6186,2024-04-19T13:10:25.637000
 CVE-2024-2997,0,0,3a578291c3b241bab600655a4ba011b593bae43f4bacaa35e28ecb654fca1f55,2024-05-17T02:38:41.790000
 CVE-2024-29972,0,0,6eb07d32580185ea51f927f67f2978b808addad4d830734cf44d0e61f642dd0c,2024-06-05T06:15:10.307000
-CVE-2024-29973,0,1,d0f90c3ab5e95ac1f139165bb8134f6568804d876006994671d32b6becba4e5f,2024-06-22T04:15:10.843000
+CVE-2024-29973,0,0,d0f90c3ab5e95ac1f139165bb8134f6568804d876006994671d32b6becba4e5f,2024-06-22T04:15:10.843000
 CVE-2024-29974,0,0,0fabd0ed87d1a17e2d57c3925a4a991d1b1c401d215c10f3d80cab083de41ead,2024-06-05T06:15:10.657000
 CVE-2024-29975,0,0,e1854e5ca81cfeff5d0c1bda31c43cb66e4ccc1d3b700107211d85fe54797d4b,2024-06-05T13:15:12.107000
 CVE-2024-29976,0,0,aa9b7d1c56e80d0e0ffe7df226c1631d31c277f5ba64c8e4cfa240d17240b4c7,2024-06-06T16:15:11.617000
@ -252319,6 +252319,7 @@ CVE-2024-35926,0,0,3d2ac2a243ca9048cff71d0540f9f97d2905350e3f238d4a33454ffd229ef
 CVE-2024-35927,0,0,2bcd735e32c2af1f7e79dd26901d4373a7c4ef8ed5e2d8dba0a02e14274fe96e,2024-06-16T13:15:52.210000
 CVE-2024-35928,0,0,a8dd6c98251d56ea2212a0301bd7693ba0fba47583ce10689329bb703f6a5832,2024-05-20T13:00:04.957000
 CVE-2024-35929,0,0,b0976c945734b786059cbe173ebcdddfdbb33c2a425bef7cc1a51cc621711858,2024-05-20T13:00:04.957000
+CVE-2024-3593,1,1,b61b4f58a8c00e15052840cee5d727e9d222d3ea8d331a7659ded68e3aee23ee,2024-06-22T06:15:09.683000
 CVE-2024-35930,0,0,2a97a1ff87590a7e1fe94b612cee91739241b0cbec5ac34e91077bb8527f1f84,2024-05-20T13:00:04.957000
 CVE-2024-35931,0,0,bbab3f0c9f0ef1064e0fe5e3a06458e22ca3658e43381297612e0f4a8c31dbf3,2024-05-20T13:00:04.957000
 CVE-2024-35932,0,0,a2b9c7df497b22693711ec0433b1152b0c1e4b5c96252607b0317c8f6571001a,2024-05-20T13:00:04.957000
@ -254209,7 +254210,7 @@ CVE-2024-4865,0,0,034a7c12f3d6f4bd5ac54ee1f34abd70a559c5b9a18ae852351f79db6d61b9
 CVE-2024-4870,0,0,789ccad79b53f3162faaa4d0c14e00ab550e7e413c46a4332529e5d35d1d0423,2024-06-04T16:57:41.053000
 CVE-2024-4871,0,0,089a89f3309c27433f20e3be4ef9a00379f9f19601c1c8029649846113aed43a,2024-05-14T19:17:55.627000
 CVE-2024-4873,0,0,6d8194e640b182e2a2eb107c362a6b36fc019fdb0666ba51ea48c7f29b4462a1,2024-06-20T12:44:01.637000
-CVE-2024-4874,1,1,f686ddee13d10c7fac51bda340776b3cecedfe2e7331ba8f185a6ea4effabf78,2024-06-22T05:15:11.837000
+CVE-2024-4874,0,0,f686ddee13d10c7fac51bda340776b3cecedfe2e7331ba8f185a6ea4effabf78,2024-06-22T05:15:11.837000
 CVE-2024-4875,0,0,aa35cb89fee530b58aa987ffc67ea97738c0ba567903bf01429a1a1259923db8,2024-05-21T12:37:59.687000
 CVE-2024-4876,0,0,02aac8d1be489833aa2e07f8be8ce083249ac7dc2fcc33fd144386b8d365fef2,2024-05-21T12:37:59.687000
 CVE-2024-4881,0,0,4f17be95dbf63ebb1e221e9270b941e4838c9b4d4b1f7c998cfbd25da7153e04,2024-06-07T14:56:05.647000
@ -254259,6 +254260,7 @@ CVE-2024-4932,0,0,2da4bffdf4d6e38ae009aae9065c7b2f8049c53fc8beaf73dfbb4354175c5b
 CVE-2024-4933,0,0,9fe90c4f8856bf6bdad48e78d639ea10366bef215c1d0d507cc52649860ab1b1,2024-06-04T19:20:54.643000
 CVE-2024-4936,0,0,a731ea39a2abdd8ed5ffb7274944b4c3b5578233bd6509536eab3c4454adaafe,2024-06-17T12:42:04.623000
 CVE-2024-4939,0,0,6859feec38f69c636602db339fa7ab03b302bd67a24dc957bb8f045d97aede0c,2024-06-11T17:08:33.350000
+CVE-2024-4940,1,1,30eb9b0ad79753b897a1f09595cee8f061bbad04f8c5901540cf6b52c77963f4,2024-06-22T06:15:11.137000
 CVE-2024-4941,0,0,04ed79d9b1e3032260e31cb6cd2ea8a25db6821440182f4cb50592b145bee1e2,2024-06-07T14:56:05.647000
 CVE-2024-4942,0,0,157240698edb46a5deca9943c90e89d5c268795c03f1dadbb4d2f6e28d77068b,2024-06-06T14:17:35.017000
 CVE-2024-4943,0,0,d9b88319a5992961df806c2aff168607709c5e19495e72269f7fd7790830e1d9,2024-05-21T12:37:59.687000
@ -254689,6 +254691,7 @@ CVE-2024-5587,0,0,9180b0762a5a5a7a17ce70cd861bdf25e955d88caf903bee442f7c48a0a2a2
 CVE-2024-5588,0,0,21589c4423d1fee081cb695dd8009f3bd5a36bd74dae1713c28449f0da1cd8d1,2024-06-04T19:21:10.267000
 CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047b7,2024-06-03T14:46:24.250000
 CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000
+CVE-2024-5596,1,1,4016bf95a79f12b924e7ab5cbf9a07088fcdd715a03926a86714537a6b8a14bc,2024-06-22T06:15:11.470000
 CVE-2024-5597,0,0,652827ff26b80eabae5b3eddf519a61b0da7de181ce61fd257911ec48c45cdb0,2024-06-12T18:10:47.080000
 CVE-2024-5599,0,0,e4d8d3217ca804a33354b51b54e1f3f41ce0e1fc1f554dedfe90ad1a46a87370,2024-06-11T18:24:39.057000
 CVE-2024-5605,0,0,4bb70fac398eb5e1fc6a3b8761dcfee9993510711b196c5d9f90dc1e34c785a3,2024-06-20T12:43:25.663000
@ -254836,8 +254839,8 @@ CVE-2024-5951,0,0,7ddd1cddf9a9fdc846148c5866e7aa3c8ed2def81486ca15d97d818d600ecb
 CVE-2024-5952,0,0,a56b129ed0896e22b77ffae27056ae02e2ff1e28286e49f9b0ac6b9f084a57b2,2024-06-17T12:43:31.090000
 CVE-2024-5953,0,0,5a82a23010422744b690f4b6e35b5f6ac9a7dbe5fabc2cd37af30b93c2bed444,2024-06-20T12:44:01.637000
 CVE-2024-5961,0,0,5b2a3ec0406c808b5387d2b9b0077c5bc424b1c4427d5cb7165a954efcfd8c0c,2024-06-17T12:42:04.623000
-CVE-2024-5965,1,1,ebeb204b95dcd79a479722fe7e94006c506f9a990da3afb7470f8fc3aa78b0d5,2024-06-22T04:15:12.460000
-CVE-2024-5966,1,1,f47f07d4960c5a2b5c339649a9c11b10622c84049c0341a9572840ab934c1ed7,2024-06-22T04:15:12.940000
+CVE-2024-5965,0,0,ebeb204b95dcd79a479722fe7e94006c506f9a990da3afb7470f8fc3aa78b0d5,2024-06-22T04:15:12.460000
+CVE-2024-5966,0,0,f47f07d4960c5a2b5c339649a9c11b10622c84049c0341a9572840ab934c1ed7,2024-06-22T04:15:12.940000
 CVE-2024-5967,0,0,a8cf0971f84f68dc327704c7b15af8c68f3ca5a6cf4ca8aa54163d9ca95100d5,2024-06-20T12:44:01.637000
 CVE-2024-5970,0,0,118b7b2e028a3447b60495fc36df0133e6c8ea6adad2a5f3d89bac8698786790,2024-06-20T12:44:01.637000
 CVE-2024-5976,0,0,e855126a3e03657c0f9ccfb70e360e6531fe17aa442fb39ef6227c53616360fe,2024-06-17T12:43:31.090000