Auto-Update: 2025-06-12T18:00:21.492452+00:00

CVE-2022/CVE-2022-43xx/CVE-2022-4363.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-4363",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-16T21:15:33.123",
-  "lastModified": "2025-05-19T13:35:20.460",
+  "lastModified": "2025-06-12T16:46:05.150",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,50 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/734dba0b-f550-4372-884a-d42f7b0c00c7/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:cedcommerce:wholesale_market:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.2.2",
+              "matchCriteriaId": "037D240C-B683-49CA-A6E7-840766B7E21E"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:cedcommerce:wholesale_market_for_woocommerce:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.0.1",
+              "matchCriteriaId": "0E2FD31F-9123-4054-92C5-0C1E3DEDED63"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/734dba0b-f550-4372-884a-d42f7b0c00c7/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2022/CVE-2022-49xx/CVE-2022-4976.json

@@ -2,13 +2,17 @@
   "id": "CVE-2022-4976",
   "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
   "published": "2025-06-12T01:15:25.370",
-  "lastModified": "2025-06-12T01:15:25.370",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.\n\nThe bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141."
+    },
+    {
+      "lang": "es",
+      "value": "Archive::Unzip::Burst (versi\u00f3n 0.01-0.09) para Perl incluye una librer\u00eda InfoZip afectada por varias vulnerabilidades. Esta librer\u00eda est\u00e1 afectada por CVE-2014-8139, CVE-2014-8140 y CVE-2014-8141."
     }
   ],
   "metrics": {},

CVE-2023/CVE-2023-205xx/CVE-2023-20599.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-20599",
   "sourceIdentifier": "psirt@amd.com",
   "published": "2025-06-10T17:17:51.013",
-  "lastModified": "2025-06-10T17:17:51.013",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP\u2019s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality."
+    },
+    {
+      "lang": "es",
+      "value": "Un control de acceso inadecuado a los registros en ASP puede permitir que un atacante privilegiado realice un acceso no autorizado a los registros del coprocesador criptogr\u00e1fico (CCP) de ASP desde x86, lo que genera una posible p\u00e9rdida de control del \u00edndice/puntero de la clave criptogr\u00e1fica y, por consiguiente, una p\u00e9rdida de integridad o confidencialidad."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-259xx/CVE-2023-25999.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-25999",
   "sourceIdentifier": "audit@patchstack.com",
   "published": "2025-06-09T16:15:33.890",
-  "lastModified": "2025-06-09T16:15:33.890",
+  "lastModified": "2025-06-12T16:06:47.857",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta al tema de WordPress WooCommerce de BodyCenter - Gym, Fitness, desde n/d hasta la versi\u00f3n 2.4."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-260xx/CVE-2023-26005.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-26005",
   "sourceIdentifier": "audit@patchstack.com",
   "published": "2025-06-09T16:15:34.043",
-  "lastModified": "2025-06-09T16:15:34.043",
+  "lastModified": "2025-06-12T16:06:47.857",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en BZOTheme Fitrush permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a Fitrush desde n/d hasta la versi\u00f3n 1.3.4."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-291xx/CVE-2023-29184.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-29184",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:17:51.383",
-  "lastModified": "2025-06-10T17:17:51.383",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before  & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de limpieza incompleta [CWE-459] en FortiOS 7.2 todas las versiones y anteriores y FortiProxy versi\u00f3n 7.2.0 a 7.2.2 y anteriores a 7.0.8 permite que un atacante con privilegios de VDOM agregue archivos de clave SSH en el sistema de manera silenciosa a trav\u00e9s de solicitudes CLI manipuladas."
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-393xx/CVE-2023-39323.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-39323",
   "sourceIdentifier": "security@golang.org",
   "published": "2023-10-05T21:15:11.283",
-  "lastModified": "2024-11-21T08:15:09.450",
+  "lastModified": "2025-06-12T16:15:20.520",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -36,6 +36,26 @@
         },
         "exploitabilityScore": 2.2,
         "impactScore": 5.9
+      },
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
       }
     ]
   },

CVE-2023/CVE-2023-452xx/CVE-2023-45256.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2023-45256",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-06-12T17:15:26.507",
+  "lastModified": "2025-06-12T17:15:26.507",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2025/06/10/MoneticoPaiement.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.monetico-paiement.fr/fr/installer/telechargements/kit_telechargeable.aspx?_tabi=I0&_pid=ValidateLicencePage",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-472xx/CVE-2023-47253.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-47253",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-11-06T06:15:40.957",
-  "lastModified": "2024-11-21T08:30:03.427",
+  "lastModified": "2025-06-12T17:15:27.357",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -122,6 +122,10 @@
         "Permissions Required"
       ]
     },
+    {
+      "url": "https://www.qualitor.com.br/official-security-advisory-cve-2023-47253",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://www.qualitor.com.br/qualitor-8-20",
       "source": "cve@mitre.org",

CVE-2023/CVE-2023-487xx/CVE-2023-48786.json

@@ -2,13 +2,17 @@
   "id": "CVE-2023-48786",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:18:40.720",
-  "lastModified": "2025-06-10T17:18:40.720",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de Server-side request forgery [CWE-918] en Fortinet FortiClientEMS versi\u00f3n 7.4.0 a 7.4.2 y anteriores a 7.2.6 puede permitir que un atacante autenticado realice solicitudes internas a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-101xx/CVE-2024-10103.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-10103",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-11-19T06:15:17.740",
-  "lastModified": "2024-11-19T21:57:32.967",
+  "lastModified": "2025-06-12T17:01:45.550",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,10 +51,32 @@
       ]
     }
   ],
-  "references": [
+  "configurations": [
     {
-      "url": "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/",
+      "nodes": [
-      "source": "contact@wpscan.com"
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:automattic:mailpoet:*:*:*:*:free:wordpress:*:*",
+              "versionEndExcluding": "5.3.2",
+              "matchCriteriaId": "CEA42F06-F491-4B16-A25C-C2E59145711E"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-112xx/CVE-2024-11267.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-11267",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:34.683",
-  "lastModified": "2025-05-20T20:15:29.590",
+  "lastModified": "2025-06-12T16:58:22.630",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:joomlaserviceprovider:jsp_store_locator:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.0",
+              "matchCriteriaId": "751745B9-D321-4FA9-AF57-F555723FBBFA"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-112xx/CVE-2024-11269.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-11269",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:34.797",
-  "lastModified": "2025-05-20T20:15:29.723",
+  "lastModified": "2025-06-12T16:58:51.360",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/3ad89687-adb0-4c45-938c-0c18fda7f36f/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/3ad89687-adb0-4c45-938c-0c18fda7f36f/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:mitchelllevy:ahathat:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.6",
+              "matchCriteriaId": "9BC16ABB-53C5-4DEF-9F18-FEE4D1906E4B"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/3ad89687-adb0-4c45-938c-0c18fda7f36f/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/3ad89687-adb0-4c45-938c-0c18fda7f36f/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-116xx/CVE-2024-11605.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-11605",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-12-27T06:15:22.820",
-  "lastModified": "2024-12-27T19:15:07.253",
+  "lastModified": "2025-06-12T17:03:14.057",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wp-publications_project:wp-publications:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.2",
+              "matchCriteriaId": "96DBFEE5-89CC-436A-BBE5-4B688CBBAEF4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-116xx/CVE-2024-11606.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-11606",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-01-07T06:15:14.427",
-  "lastModified": "2025-01-07T17:15:18.253",
+  "lastModified": "2025-06-12T16:56:12.680",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:tabs_shortcode_project:tabs_shortcode:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "2.0.2",
+              "matchCriteriaId": "62DBEF7B-8575-4F90-8033-09A9110C7D47"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-116xx/CVE-2024-11645.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-11645",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-12-27T06:15:23.157",
-  "lastModified": "2024-12-27T19:15:07.557",
+  "lastModified": "2025-06-12T17:03:58.067",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:computy:float_block:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.7",
+              "matchCriteriaId": "5F56DA70-1421-4D74-8ACC-2065D083C212"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-125xx/CVE-2024-12595.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-12595",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-01-02T06:15:07.983",
-  "lastModified": "2025-01-06T21:15:14.003",
+  "lastModified": "2025-06-12T17:04:11.687",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:mitchelllevy:ahathat:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.6",
+              "matchCriteriaId": "9BC16ABB-53C5-4DEF-9F18-FEE4D1906E4B"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-127xx/CVE-2024-12736.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-12736",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-01-09T06:15:15.273",
-  "lastModified": "2025-01-09T16:15:36.680",
+  "lastModified": "2025-06-12T16:56:50.743",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/d3c6a4c1-8358-4f8b-b58d-3f712052668f/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:bu:bu_section_editing:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "0.9.9",
+              "matchCriteriaId": "468F68D8-56BA-407B-8AD8-5504DA84ED46"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d3c6a4c1-8358-4f8b-b58d-3f712052668f/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-12xx/CVE-2024-1243.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-1243",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T02:15:20.270",
-  "lastModified": "2025-06-11T15:15:28.230",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-12xx/CVE-2024-1244.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-1244",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T03:15:21.253",
-  "lastModified": "2025-06-11T03:15:21.253",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks."
+    },
+    {
+      "lang": "es",
+      "value": "La validaci\u00f3n de entrada incorrecta en el agente HIDS de OSSEC para Windows (versi\u00f3n anterior a la 3.8.0) permite a un atacante con control sobre el servidor OSSEC o en posesi\u00f3n de la clave del agente configurarlo para que se conecte a una ruta UNC maliciosa. Esto provoca la filtraci\u00f3n del hash NetNTLMv2 de la cuenta de la m\u00e1quina, que puede retransmitirse para la ejecuci\u00f3n remota de c\u00f3digo o utilizarse para escalar privilegios al SYSTEM mediante la falsificaci\u00f3n de certificados de AD CS y otros ataques similares."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-130xx/CVE-2024-13089.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-13089",
   "sourceIdentifier": "prodsec@nozominetworks.com",
   "published": "2025-06-10T11:15:52.113",
-  "lastModified": "2025-06-10T11:15:52.113",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.\n\n\n\nUsers with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.\n\nWhile these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.\n\nThis issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad de actualizaci\u00f3n podr\u00eda permitir que un administrador autenticado ejecute comandos arbitrarios del sistema operativo no autorizados. Los usuarios con privilegios administrativos podr\u00edan cargar paquetes de actualizaci\u00f3n para actualizar las versiones de Nozomi Networks Guardian y CMC. Si bien estas actualizaciones est\u00e1n firmadas y sus firmas se validan antes de la instalaci\u00f3n, se ha identificado una comprobaci\u00f3n incorrecta de la validaci\u00f3n de firmas. Este problema podr\u00eda permitir que los usuarios ejecuten comandos de forma remota en el dispositivo, lo que afectar\u00eda la confidencialidad, la integridad y la disponibilidad."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-130xx/CVE-2024-13090.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-13090",
   "sourceIdentifier": "prodsec@nozominetworks.com",
   "published": "2025-06-10T11:15:52.477",
-  "lastModified": "2025-06-10T11:15:52.477",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A privilege escalation vulnerability may enable a service account to elevate its privileges.\n\n\n\nThe sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account.\n\nIt is important to note that no such vector has been identified in this instance."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de escalada de privilegios podr\u00eda permitir que una cuenta de servicio eleve sus privilegios. Las reglas de sudo configuradas para una cuenta de servicio local eran excesivamente permisivas, lo que podr\u00eda permitir acceso administrativo si un agente malicioso pudiera ejecutar comandos arbitrarios desde esa cuenta. Es importante destacar que no se ha identificado tal vector en este caso."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-15xx/CVE-2024-1597.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-1597",
   "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
   "published": "2024-02-19T13:15:07.740",
-  "lastModified": "2024-11-21T08:50:54.813",
+  "lastModified": "2025-06-12T16:15:21.557",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -231,6 +231,10 @@
       "tags": [
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
     }
   ]
 }

CVE-2024/CVE-2024-272xx/CVE-2024-27289.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-27289",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-03-06T19:15:08.140",
-  "lastModified": "2024-11-21T09:04:15.443",
+  "lastModified": "2025-06-12T16:15:21.747",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -67,6 +67,10 @@
     {
       "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p",
       "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
     }
   ]
 }

CVE-2024/CVE-2024-291xx/CVE-2024-29198.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-29198",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-10T15:15:22.140",
-  "lastModified": "2025-06-10T15:15:22.140",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue."
+    },
+    {
+      "lang": "es",
+      "value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. Es posible realizar Service Side Request Forgery (SSRF) a trav\u00e9s del endpoint de la solicitud de demostraci\u00f3n si no se ha configurado la URL base del proxy. La actualizaci\u00f3n a GeoServer 2.24.4 o 2.25.2 elimina el servlet TestWfsPost, lo que soluciona este problema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-321xx/CVE-2024-32119.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-32119",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:19:14.323",
-  "lastModified": "2025-06-10T17:19:14.323",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta [CWE-287] en Fortinet FortiClientEMS versi\u00f3n 7.4.0 y anteriores a 7.2.4 permite que un atacante no autenticado con conocimiento del FCTUID y VDOM del usuario objetivo realice operaciones como cargar o etiquetar en nombre del usuario objetivo a trav\u00e9s de solicitudes TCP especialmente manipuladas."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-328xx/CVE-2024-32888.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-32888",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-05-15T03:15:12.627",
-  "lastModified": "2024-11-21T09:15:56.580",
+  "lastModified": "2025-06-12T16:15:21.867",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -91,6 +91,10 @@
     {
       "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56",
       "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
     }
   ]
 }

CVE-2024/CVE-2024-347xx/CVE-2024-34711.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-34711",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-10T15:15:22.710",
-  "lastModified": "2025-06-10T15:15:22.710",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property."
+    },
+    {
+      "lang": "es",
+      "value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. Existe una vulnerabilidad de validaci\u00f3n de URI incorrecta que permite a un atacante no autorizado realizar un ataque de Entidades Externas XML (XEE) y enviar una solicitud GET a cualquier servidor HTTP. De forma predeterminada, GeoServer utiliza la clase PreventLocalEntityResolver de GeoTools para filtrar URI maliciosos en entidades XML antes de resolverlos. El URI debe coincidir con la expresi\u00f3n regular (?i)(jar:file|http|vfs)[^?#;]*\\\\.xsd. Sin embargo, la expresi\u00f3n regular permite a los atacantes realizar solicitudes a cualquier servidor HTTP o archivo limitado. Un atacante puede aprovechar esto para escanear redes internas, obtener informaci\u00f3n sobre ellas y luego explotarla. GeoServer 2.25.0 y versiones posteriores utilizan ENTITY_RESOLUTION_ALLOWLIST de forma predeterminada y no requieren que se proporcione una propiedad del sistema."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-352xx/CVE-2024-35295.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-35295",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2025-06-11T07:15:24.273",
-  "lastModified": "2025-06-12T06:15:21.440",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-373xx/CVE-2024-37394.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-37394",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T18:15:29.527",
-  "lastModified": "2025-06-11T15:15:28.363",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-373xx/CVE-2024-37395.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-37395",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T18:15:29.660",
-  "lastModified": "2025-06-11T15:15:28.567",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-373xx/CVE-2024-37396.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-37396",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T18:15:29.773",
-  "lastModified": "2025-06-11T15:15:28.753",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-385xx/CVE-2024-38524.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-38524",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-10T15:15:22.880",
-  "lastModified": "2025-06-10T15:15:22.880",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6."
+    },
+    {
+      "lang": "es",
+      "value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) no cuenta con ninguna comprobaci\u00f3n para ocultar informaci\u00f3n potencialmente confidencial a los usuarios, excepto por una propiedad oculta del sistema que oculta las ubicaciones de almacenamiento y las muestra por defecto. Esta vulnerabilidad se corrigi\u00f3 en las versiones 2.26.2 y 2.25.6."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-406xx/CVE-2024-40625.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-40625",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-10T15:15:23.043",
-  "lastModified": "2025-06-10T15:15:23.043",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0."
+    },
+    {
+      "lang": "es",
+      "value": "GeoServer es un servidor de c\u00f3digo abierto que permite a los usuarios compartir y editar datos geoespaciales. La API REST de Coverage /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} permite a los atacantes cargar archivos con una URL espec\u00edfica (donde {method} equivale a 'url') sin restricciones. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.26.0."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-415xx/CVE-2024-41502.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-41502",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T20:15:21.470",
-  "lastModified": "2025-06-11T14:15:29.773",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-415xx/CVE-2024-41503.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-41503",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T20:15:21.610",
-  "lastModified": "2025-06-11T14:15:29.950",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-415xx/CVE-2024-41504.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-41504",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T20:15:21.733",
-  "lastModified": "2025-06-11T14:15:30.113",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-415xx/CVE-2024-41505.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-41505",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T20:15:21.850",
-  "lastModified": "2025-06-11T14:15:30.277",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-417xx/CVE-2024-41797.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-41797",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2025-06-10T16:15:34.990",
-  "lastModified": "2025-06-10T16:15:34.990",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with \"guest\" role to invoke an internal \"do system\" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM RST2428P (6GK6242-6PA00) (Todas las versiones &lt; V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (Todas las versiones &lt; V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (Todas las versiones &lt; V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (Todas las versiones &lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (Todas las versiones &lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (Todas las versiones &lt; V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (230 V CA, 8xFO) (6GK5334-2TS01-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (230 V CA, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (24 V CC, 12xFO) (6GK5334-3TS01-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (24 V CC, 8xFO) (6GK5334-2TS01-2AR3) (Todas las versiones &lt; V3.1), SCALANCE XRM334 (24 V CC, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-2AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 12 x FO) (6GK5334-3TS01-4AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 8 x FO) (6GK5334-2TS01-4AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-4AR3) (Todas las versiones anteriores a la V3.1). Los dispositivos afectados presentan una vulnerabilidad de comprobaci\u00f3n de autorizaci\u00f3n incorrecta. Esto podr\u00eda permitir que un atacante remoto autenticado con rol de invitado invoque un comando interno \"do system\" que excede sus privilegios. Este comando permite la ejecuci\u00f3n de ciertas acciones de bajo riesgo, la m\u00e1s cr\u00edtica de las cuales es borrar el registro del sistema local."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-437xx/CVE-2024-43706.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-43706",
   "sourceIdentifier": "bressers@elastic.co",
   "published": "2025-06-10T17:19:24.820",
-  "lastModified": "2025-06-10T17:19:24.820",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint."
+    },
+    {
+      "lang": "es",
+      "value": "Una autorizaci\u00f3n incorrecta en Kibana puede generar un abuso de privilegios a trav\u00e9s de una solicitud HTTP directa a un endpoint del monitor sint\u00e9tico."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-441xx/CVE-2024-44103.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-44103",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:13.547",
-  "lastModified": "2024-09-18T17:18:39.040",
+  "lastModified": "2025-06-12T17:15:27.653",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges."
+      "value": "DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-441xx/CVE-2024-44104.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-44104",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:13.727",
-  "lastModified": "2024-09-18T17:33:06.413",
+  "lastModified": "2025-06-12T17:15:27.797",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges."
+      "value": "An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0)  allows a local authenticated attacker to escalate their privileges."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-441xx/CVE-2024-44105.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-44105",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:13.917",
-  "lastModified": "2024-09-18T17:48:11.193",
+  "lastModified": "2025-06-12T17:15:27.910",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials."
+      "value": "Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0)  allows a local authenticated attacker to obtain OS credentials."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-441xx/CVE-2024-44106.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-44106",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:14.110",
-  "lastModified": "2024-09-18T17:50:40.660",
+  "lastModified": "2025-06-12T17:15:28.023",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges."
+      "value": "Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-441xx/CVE-2024-44107.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-44107",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:14.283",
-  "lastModified": "2024-09-18T17:52:50.990",
+  "lastModified": "2025-06-12T17:15:28.140",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution."
+      "value": "DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-448xx/CVE-2024-44849.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-44849",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-09-09T18:15:03.957",
-  "lastModified": "2024-09-09T20:35:18.097",
+  "lastModified": "2025-06-12T17:15:28.253",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -59,6 +59,10 @@
     {
       "url": "https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file",
       "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.qualitor.com.br/official-security-advisory-cve-2024-44849",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2024/CVE-2024-449xx/CVE-2024-44905.json

@@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-44905",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-06-12T16:15:22.007",
+  "lastModified": "2025-06-12T16:15:22.007",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/go-pg/pg",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/go-pg/pg/blob/30e7053c6cacdd44d06cf2b92183b49188b7c922/types/append_value.go#L151",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-449xx/CVE-2024-44906.json

@@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-44906",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-06-12T16:15:22.140",
+  "lastModified": "2025-06-12T16:15:22.140",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/uptrace/bun/blob/1573ae7c2fffad1a7f72fd2d205e924b2fd4043b/driver/pgdriver/format.go#L62",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/uptrace/bun/tree/master/driver/pgdriver",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-453xx/CVE-2024-45329.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-45329",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:19:25.083",
-  "lastModified": "2025-06-10T17:19:25.083",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."
+    },
+    {
+      "lang": "es",
+      "value": "Una omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en Fortinet FortiPortal versiones 7.4.0, 7.2.0 a 7.2.5 y 7.0.0 a 7.0.8 puede permitir que un atacante autenticado vea informaci\u00f3n no autorizada del dispositivo a trav\u00e9s de la modificaci\u00f3n de la clave en las solicitudes API."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-464xx/CVE-2024-46452.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-46452",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-09T17:15:28.370",
-  "lastModified": "2025-06-09T20:15:22.803",
+  "lastModified": "2025-06-12T16:06:47.857",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de inyecci\u00f3n de encabezado de host en la funci\u00f3n de restablecimiento de contrase\u00f1a de VigyBag Open Source Online Shop commit 3f0e21b permite a los atacantes redirigir a los usuarios v\u00edctimas a un sitio malicioso a trav\u00e9s de una URL manipulada."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-470xx/CVE-2024-47081.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-47081",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-09T18:15:24.983",
-  "lastModified": "2025-06-09T18:15:24.983",
+  "lastModified": "2025-06-12T16:06:47.857",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."
+    },
+    {
+      "lang": "es",
+      "value": "Requests es una librer\u00eda HTTP. Debido a un problema de an\u00e1lisis de URL, las versiones de Requests anteriores a la 2.32.4 pueden filtrar credenciales .netrc a terceros para URL espec\u00edficas manipuladas con fines maliciosos. Los usuarios deben actualizar a la versi\u00f3n 2.32.4 para obtener una soluci\u00f3n. En versiones anteriores de Requests, el uso del archivo .netrc se puede desactivar con `trust_env=False` en la sesi\u00f3n de Requests."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-483xx/CVE-2024-48359.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-48359",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-10-31T20:15:05.340",
-  "lastModified": "2024-11-01T21:35:04.220",
+  "lastModified": "2025-06-12T17:15:28.417",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -55,6 +55,10 @@
     {
       "url": "https://github.com/OpenXP-Research/CVE-2024-48359",
       "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.qualitor.com.br/official-security-advisory-cve-2024-48359",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2024/CVE-2024-483xx/CVE-2024-48360.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-48360",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-10-31T20:15:05.420",
-  "lastModified": "2024-11-01T21:35:04.963",
+  "lastModified": "2025-06-12T17:15:28.563",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -56,6 +56,10 @@
       "url": "https://github.com/OpenXP-Research/CVE-2024-48360",
       "source": "cve@mitre.org"
     },
+    {
+      "url": "https://www.qualitor.com.br/official-security-advisory-cve-2024-48360",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://www.qualitor.com.br/qualitor-8-20",
       "source": "cve@mitre.org"

CVE-2024/CVE-2024-505xx/CVE-2024-50562.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-50562",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:19:25.360",
-  "lastModified": "2025-06-10T17:19:25.360",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente [CWE-613] en FortiOS SSL-VPN versi\u00f3n 7.6.0, versi\u00f3n 7.4.6 y anteriores, versi\u00f3n 7.2.10 y anteriores, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante en posesi\u00f3n de una cookie utilizada para iniciar sesi\u00f3n en el portal SSL-VPN inicie sesi\u00f3n nuevamente, aunque la sesi\u00f3n haya expirado o se haya cerrado la sesi\u00f3n."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-505xx/CVE-2024-50568.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-50568",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:19:25.660",
-  "lastModified": "2025-06-10T17:19:25.660",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests."
+    },
+    {
+      "lang": "es",
+      "value": "Un canal accesible por una vulnerabilidad que no es de endpoint [CWE-300] en Fortinet FortiOS versi\u00f3n 7.4.0 a 7.4.3, 7.2.0 a 7.2.7 y anteriores a 7.0.14 y FortiProxy versi\u00f3n 7.4.0 a 7.4.3, 7.2.0 a 7.2.9 y anteriores a 7.0.16 permite que un atacante no autenticado con conocimiento de datos espec\u00edficos del dispositivo falsifique la identidad de un dispositivo descendente de la estructura de seguridad a trav\u00e9s de solicitudes TCP manipuladas."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-533xx/CVE-2024-53359.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-53359",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-05-20T14:15:26.810",
-  "lastModified": "2025-05-21T20:25:16.407",
+  "lastModified": "2025-06-12T16:21:15.267",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,14 +51,37 @@
       ]
     }
   ],
-  "references": [
+  "configurations": [
     {
-      "url": "https://github.com/crysalix4/CVE/tree/main/CVE-2024-53359",
+      "nodes": [
-      "source": "cve@mitre.org"
-    },
         {
-      "url": "https://www.linkedin.com/in/le-anh-truong/",
+          "operator": "OR",
-      "source": "cve@mitre.org"
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:zalo:zalo:23.09.01:*:*:*:*:*:*:*",
+              "matchCriteriaId": "AA7F2814-FDDB-43B2-B638-E2109467DAD2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/crysalix4/CVE/tree/main/CVE-2024-53359",
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit"
+      ]
+    },
+    {
+      "url": "https://www.linkedin.com/in/le-anh-truong/",
+      "source": "cve@mitre.org",
+      "tags": [
+        "Not Applicable"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-540xx/CVE-2024-54019.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-54019",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2025-06-10T17:19:40.090",
-  "lastModified": "2025-06-10T17:19:40.090",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection."
+    },
+    {
+      "lang": "es",
+      "value": "Una validaci\u00f3n incorrecta del certificado con falta de coincidencia del host en Fortinet FortiClientWindows versi\u00f3n 7.4.0, versiones 7.2.0 a 7.2.6 y 7.0 todas las versiones permite que un atacante no autorizado redirija conexiones VPN a trav\u00e9s de suplantaci\u00f3n de DNS u otra forma de redirecci\u00f3n."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-550xx/CVE-2024-55063.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-55063",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-05-19T15:15:22.840",
-  "lastModified": "2025-05-21T20:25:33.823",
+  "lastModified": "2025-06-12T16:25:51.863",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,10 +51,31 @@
       ]
     }
   ],
-  "references": [
+  "configurations": [
     {
-      "url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55063.md",
+      "nodes": [
-      "source": "cve@mitre.org"
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:easyvirt:dc_netscope:*:*:*:*:*:*:*:*",
+              "versionEndIncluding": "8.7.0",
+              "matchCriteriaId": "6F91DF75-3D03-4861-8C23-96A8ACD91F3C"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55063.md",
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-555xx/CVE-2024-55567.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-55567",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-06-12T17:15:28.707",
+  "lastModified": "2025-06-12T17:15:28.707",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.insyde.com/security-pledge/sa-2024018/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-561xx/CVE-2024-56158.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-56158",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2025-06-12T15:15:38.967",
-  "lastModified": "2025-06-12T15:15:38.967",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-571xx/CVE-2024-57186.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-57186",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T17:19:40.367",
-  "lastModified": "2025-06-10T17:19:40.367",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler."
+    },
+    {
+      "lang": "es",
+      "value": "En Erxes &lt;1.6.2, un atacante no autenticado puede leer archivos arbitrarios del sistema mediante una vulnerabilidad de Path Traversal en el controlador del endpoint /read-file."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-571xx/CVE-2024-57189.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-57189",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T17:20:09.367",
-  "lastModified": "2025-06-10T17:20:09.367",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler."
+    },
+    {
+      "lang": "es",
+      "value": "En Erxes &lt;1.6.2, un atacante autenticado puede escribir en archivos arbitrarios en el sistema utilizando una vulnerabilidad de Path Traversal en el controlador de mutaciones GraphQL importHistoriesCreate."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-571xx/CVE-2024-57190.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-57190",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-06-10T17:20:38.540",
-  "lastModified": "2025-06-10T20:15:22.247",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a \"User\" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint."
+    },
+    {
+      "lang": "es",
+      "value": "Erxes &lt;1.6.1 es vulnerable a un control de acceso incorrecto. Un atacante puede eludir la autenticaci\u00f3n proporcionando un encabezado HTTP \"Usuario\" que contenga cualquier usuario, lo que le permite comunicarse con cualquier endpoint GraphQL."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-62xx/CVE-2024-6270.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-6270",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2024-08-05T06:16:41.520",
-  "lastModified": "2024-08-05T14:35:08.040",
+  "lastModified": "2025-06-12T16:59:44.880",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/3d0a6edc-61e8-42fb-8b93-ef083146bd9c/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:community_events_project:community_events:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "1.5.1",
+              "matchCriteriaId": "CD2B442E-7BCC-406B-A974-691D6E0AF330"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/3d0a6edc-61e8-42fb-8b93-ef083146bd9c/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-74xx/CVE-2024-7457.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-7457",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T00:15:23.740",
-  "lastModified": "2025-06-11T00:15:23.740",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS\u2019s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection."
+    },
+    {
+      "lang": "es",
+      "value": "La herramienta ws.stash.app.mac.daemon.helper contiene una vulnerabilidad causada por un uso incorrecto del modelo de autorizaci\u00f3n de macOS. En lugar de validar la referencia de autorizaci\u00f3n del cliente, el asistente invoca AuthorizationCopyRights() utilizando su propio contexto privilegiado (root), autoriz\u00e1ndose a s\u00ed mismo en lugar del cliente. Como resultado, otorga el derecho system.preferences.admin internamente, independientemente de los privilegios del cliente solicitante. Esta l\u00f3gica err\u00f3nea permite a los clientes sin privilegios invocar operaciones privilegiadas mediante XPC, incluyendo cambios no autorizados en las preferencias de red de todo el sistema, como la configuraci\u00f3n de proxy SOCKS, HTTP y HTTPS. La ausencia de comprobaciones adecuadas de firma de c\u00f3digo permite adem\u00e1s que procesos arbitrarios exploten esta vulnerabilidad, lo que provoca ataques de intermediario (MITM) mediante la redirecci\u00f3n del tr\u00e1fico."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-75xx/CVE-2024-7562.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-7562",
+  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
+  "published": "2025-06-12T16:15:22.320",
+  "lastModified": "2025-06-12T16:15:22.320",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "PSIRT-CNA@flexerasoftware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "PSIRT-CNA@flexerasoftware.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-379"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages",
+      "source": "PSIRT-CNA@flexerasoftware.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-80xx/CVE-2024-8012.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-8012",
   "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
   "published": "2024-09-10T21:15:14.510",
-  "lastModified": "2024-09-18T17:53:47.860",
+  "lastModified": "2025-06-12T17:15:28.840",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges."
+      "value": "An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-80xx/CVE-2024-8031.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8031",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:57.343",
-  "lastModified": "2025-05-17T04:16:09.820",
+  "lastModified": "2025-06-12T16:48:29.877",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/c6f54e6f-0a50-424f-ae3a-00b9880d9f13/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-552"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wpbookingcalendar:secure_downloads:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "1.2.3",
+              "matchCriteriaId": "FC062881-E388-4D28-9594-AE6EA2969863"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/c6f54e6f-0a50-424f-ae3a-00b9880d9f13/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-80xx/CVE-2024-8032.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8032",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:57.423",
-  "lastModified": "2025-05-20T20:15:39.297",
+  "lastModified": "2025-06-12T16:50:59.490",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/4c9120b1-ca81-411b-a2e2-a8d30f32a74b/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/4c9120b1-ca81-411b-a2e2-a8d30f32a74b/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ulfbenjaminsson:smooth_gallery_replacement:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.0",
+              "matchCriteriaId": "8EF0F2C1-30C2-4025-BA37-E7A8B43EBA5B"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/4c9120b1-ca81-411b-a2e2-a8d30f32a74b/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/4c9120b1-ca81-411b-a2e2-a8d30f32a74b/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-80xx/CVE-2024-8050.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8050",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:57.507",
-  "lastModified": "2025-05-20T20:15:39.453",
+  "lastModified": "2025-06-12T16:52:14.040",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/28c9c127-464a-4750-8b62-a9b90b01f1af/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/28c9c127-464a-4750-8b62-a9b90b01f1af/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:jfarthing:custom_author_base:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.1.1",
+              "matchCriteriaId": "FADEA7BA-D8FC-44B5-A29C-2F869FEBA233"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/28c9c127-464a-4750-8b62-a9b90b01f1af/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/28c9c127-464a-4750-8b62-a9b90b01f1af/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-80xx/CVE-2024-8082.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8082",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:57.590",
-  "lastModified": "2025-05-20T20:15:39.597",
+  "lastModified": "2025-06-12T16:53:49.273",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/47b2cd60-9ac4-49cf-8ca9-7d90656fc397/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/47b2cd60-9ac4-49cf-8ca9-7d90656fc397/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:justintadlock:widgets_reset:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "0.1",
+              "matchCriteriaId": "FB833A5A-7B86-49DF-AB39-D39585AB0223"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/47b2cd60-9ac4-49cf-8ca9-7d90656fc397/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/47b2cd60-9ac4-49cf-8ca9-7d90656fc397/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-80xx/CVE-2024-8085.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8085",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:57.673",
-  "lastModified": "2025-05-20T20:15:39.730",
+  "lastModified": "2025-06-12T16:54:30.820",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:solidcode:peoplepond:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.1.9",
+              "matchCriteriaId": "051900D9-42F5-454F-9D23-A874604CF872"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-82xx/CVE-2024-8270.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-8270",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T00:15:23.913",
-  "lastModified": "2025-06-11T00:15:23.913",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing  Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile."
+    },
+    {
+      "lang": "es",
+      "value": "La aplicaci\u00f3n Rocket.Chat para macOS se ve afectada por una vulnerabilidad que permite eludir las pol\u00edticas de Transparencia, Consentimiento y Control (TCC), lo que permite explotar o abusar de los permisos especificados en sus autorizaciones (p. ej., micr\u00f3fono, c\u00e1mara, automatizaci\u00f3n, cliente de red). Dado que Rocket.Chat no se firm\u00f3 con el entorno de ejecuci\u00f3n reforzado ni se configur\u00f3 para aplicar la validaci\u00f3n de librer\u00edas, es vulnerable a ataques de inyecci\u00f3n DYLIB, que pueden provocar acciones no autorizadas o la escalada de permisos. En consecuencia, un atacante obtiene capacidades no permitidas por defecto en el entorno de pruebas y su perfil de aplicaci\u00f3n."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-87xx/CVE-2024-8702.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8702",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:59.710",
-  "lastModified": "2025-05-17T04:16:15.117",
+  "lastModified": "2025-06-12T16:30:25.093",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/2199ef66-25bd-4eb4-a675-d8b30f047847/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wpproking:backup_database:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "4.9",
+              "matchCriteriaId": "85D7430C-AB77-4C11-8615-6E712B0FBB00"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/2199ef66-25bd-4eb4-a675-d8b30f047847/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-87xx/CVE-2024-8759.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-8759",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:15:59.877",
-  "lastModified": "2025-05-17T04:16:15.413",
+  "lastModified": "2025-06-12T16:33:28.690",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/3dd41ecb-d0dc-4c23-9e5b-b1f7fbaaddfd/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:kylephillips:nested_pages:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "3.2.9",
+              "matchCriteriaId": "B3E8D030-01BF-4176-9864-D04FA16CBE98"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/3dd41ecb-d0dc-4c23-9e5b-b1f7fbaaddfd/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-90xx/CVE-2024-9062.json

@@ -2,13 +2,17 @@
   "id": "CVE-2024-9062",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T00:15:24.043",
-  "lastModified": "2025-06-11T00:15:24.043",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."
+    },
+    {
+      "lang": "es",
+      "value": "La aplicaci\u00f3n Archify contiene una vulnerabilidad de escalada de privilegios local debido a una validaci\u00f3n insuficiente del cliente en su herramienta auxiliar privilegiada, com.oct4pie.archifyhelper, expuesta mediante XPC. Archify sigue el modelo de \"aplicaciones factorizadas\", delegando operaciones privilegiadas (como la eliminaci\u00f3n arbitraria de archivos y la modificaci\u00f3n de permisos) a esta herramienta auxiliar que se ejecuta como root. Sin embargo, esta herramienta no verifica la firma del c\u00f3digo, los derechos ni los indicadores de firma del cliente que se conecta. Aunque macOS ofrece mecanismos de validaci\u00f3n seguros como auditToken, estos no est\u00e1n implementados. Como resultado, cualquier proceso local puede establecer una conexi\u00f3n con la herramienta auxiliar e invocar funciones privilegiadas, lo que provoca la ejecuci\u00f3n no autorizada de acciones con privilegios de root."
     }
   ],
   "metrics": {

CVE-2024/CVE-2024-91xx/CVE-2024-9182.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9182",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:00.140",
-  "lastModified": "2025-05-17T04:16:16.670",
+  "lastModified": "2025-06-12T16:36:53.693",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/40007323-d684-430d-a882-8b4dfb76172b/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wpmaspik:maspik:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.1.3",
+              "matchCriteriaId": "4F87AEB9-6F52-4932-93F8-5088416D23D2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/40007323-d684-430d-a882-8b4dfb76172b/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-92xx/CVE-2024-9236.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9236",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:00.390",
-  "lastModified": "2025-05-17T04:16:17.077",
+  "lastModified": "2025-06-12T16:43:19.150",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/fd06ba56-37dd-4c23-ae7c-ab8de40d1645/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:radiustheme:team_-_wordpress_team_members_showcase:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "4.4.2",
+              "matchCriteriaId": "E556CEA3-B847-4E3B-9F72-8E6BF34AA40C"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/fd06ba56-37dd-4c23-ae7c-ab8de40d1645/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-92xx/CVE-2024-9238.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9238",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:00.463",
-  "lastModified": "2025-05-17T04:16:17.210",
+  "lastModified": "2025-06-12T16:31:47.370",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/a7de0cf6-3064-4595-9037-f8407fe40724/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:grandplugins:avif_uploader:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "1.1.1",
+              "matchCriteriaId": "B6C7AD06-D210-4EDD-B1E7-664D90416CE7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/a7de0cf6-3064-4595-9037-f8407fe40724/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-95xx/CVE-2024-9512.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9512",
   "sourceIdentifier": "cve@gitlab.com",
   "published": "2025-06-12T14:15:29.680",
-  "lastModified": "2025-06-12T14:15:29.680",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2024/CVE-2024-96xx/CVE-2024-9662.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9662",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:00.917",
-  "lastModified": "2025-05-16T21:15:33.887",
+  "lastModified": "2025-06-12T16:32:42.000",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/dfa6ff7d-c0dc-4118-afe0-587a24c76f12/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:toolstack:cyan_backup:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.5.3",
+              "matchCriteriaId": "34A79B44-F41A-4FD6-86BA-D5DF12A011F5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/dfa6ff7d-c0dc-4118-afe0-587a24c76f12/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-96xx/CVE-2024-9663.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9663",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.007",
-  "lastModified": "2025-05-16T21:15:34.010",
+  "lastModified": "2025-06-12T16:33:05.327",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/0dbd0927-f245-4202-b96b-e55f36a8bb30/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:toolstack:cyan_backup:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.5.3",
+              "matchCriteriaId": "34A79B44-F41A-4FD6-86BA-D5DF12A011F5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/0dbd0927-f245-4202-b96b-e55f36a8bb30/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-98xx/CVE-2024-9831.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9831",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.370",
-  "lastModified": "2025-05-16T14:42:18.700",
+  "lastModified": "2025-06-12T16:33:23.650",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/390baaf8-a162-43e5-9367-0d2e979d89f7/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/390baaf8-a162-43e5-9367-0d2e979d89f7/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:taskbuilder:taskbuilder:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "3.0.9",
+              "matchCriteriaId": "FB226788-25B9-48B1-A4C1-124CF21C048F"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/390baaf8-a162-43e5-9367-0d2e979d89f7/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/390baaf8-a162-43e5-9367-0d2e979d89f7/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-98xx/CVE-2024-9838.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9838",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.450",
-  "lastModified": "2025-05-16T21:15:34.497",
+  "lastModified": "2025-06-12T16:33:57.980",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/3cc0ff78-b310-40a4-899c-15fecbb345c5/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:flamescorpion:auto_affiliate_links:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "6.4.7",
+              "matchCriteriaId": "F9E95ABB-502F-46CF-BF93-45C13C386DC5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/3cc0ff78-b310-40a4-899c-15fecbb345c5/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-98xx/CVE-2024-9879.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9879",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.533",
-  "lastModified": "2025-05-16T21:15:34.617",
+  "lastModified": "2025-06-12T16:34:46.577",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,10 +51,32 @@
       ]
     }
   ],
-  "references": [
+  "configurations": [
     {
-      "url": "https://wpscan.com/vulnerability/cda54097-4aec-472e-a73f-31ecb76ebb23/",
+      "nodes": [
-      "source": "contact@wpscan.com"
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:melapress:melapress_file_monitor:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.1.1",
+              "matchCriteriaId": "E511F734-304D-45A2-8992-50FF54065121"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/cda54097-4aec-472e-a73f-31ecb76ebb23/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-98xx/CVE-2024-9882.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-9882",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.620",
-  "lastModified": "2025-05-17T04:16:17.613",
+  "lastModified": "2025-06-12T16:35:10.003",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,10 +39,44 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/7f7667fd-6ac6-4c90-aaf0-c7862bd8e9bd/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "1.9.4",
+              "matchCriteriaId": "42DD49B9-526E-4525-A9A9-406068C2DC91"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/7f7667fd-6ac6-4c90-aaf0-c7862bd8e9bd/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2025/CVE-2025-00xx/CVE-2025-0036.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0036",
   "sourceIdentifier": "psirt@amd.com",
   "published": "2025-06-10T00:15:21.197",
-  "lastModified": "2025-06-10T00:15:21.197",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data."
+    },
+    {
+      "lang": "es",
+      "value": "En los dispositivos SoC AMD Versal Adaptive, la configuraci\u00f3n incorrecta del SSS durante las operaciones criptogr\u00e1ficas en tiempo de ejecuci\u00f3n (post arranque) podr\u00eda provocar que los datos se escriban y lean incorrectamente desde ubicaciones no v\u00e1lidas, adem\u00e1s de devolver datos criptogr\u00e1ficos incorrectos."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-00xx/CVE-2025-0037.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0037",
   "sourceIdentifier": "psirt@amd.com",
   "published": "2025-06-10T00:15:22.103",
-  "lastModified": "2025-06-10T00:15:22.103",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality."
+    },
+    {
+      "lang": "es",
+      "value": "En los dispositivos SoC AMD Versal Adaptive, la falta de validaci\u00f3n de direcciones al ejecutar servicios de tiempo de ejecuci\u00f3n PLM a trav\u00e9s del firmware PLM puede permitir el acceso a espacios de memoria aislados o protegidos, lo que resulta en la p\u00e9rdida de integridad y confidencialidad."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-00xx/CVE-2025-0051.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0051",
   "sourceIdentifier": "psirt@purestorage.com",
   "published": "2025-06-10T18:15:30.030",
-  "lastModified": "2025-06-10T18:15:30.030",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service."
+    },
+    {
+      "lang": "es",
+      "value": "Una validaci\u00f3n de entrada incorrecta realizada durante el proceso de autenticaci\u00f3n de FlashArray podr\u00eda provocar una denegaci\u00f3n de servicio del sistema."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-00xx/CVE-2025-0052.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0052",
   "sourceIdentifier": "psirt@purestorage.com",
   "published": "2025-06-10T18:15:30.180",
-  "lastModified": "2025-06-10T18:15:30.180",
+  "lastModified": "2025-06-12T16:06:29.520",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service."
+    },
+    {
+      "lang": "es",
+      "value": "Una validaci\u00f3n de entrada incorrecta realizada durante el proceso de autenticaci\u00f3n de FlashBlade podr\u00eda provocar una denegaci\u00f3n de servicio del sistema."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-01xx/CVE-2025-0163.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0163",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2025-06-11T15:15:29.177",
-  "lastModified": "2025-06-11T15:15:29.177",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts."
+    },
+    {
+      "lang": "es",
+      "value": "IBM Security Verify Access Appliance y Docker 10.0 a 10.0.8 podr\u00edan permitir que un atacante remoto enumere nombres de usuario debido a una discrepancia de respuesta observable en cuentas deshabilitadas."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-03xx/CVE-2025-0329.json

@@ -2,8 +2,8 @@
   "id": "CVE-2025-0329",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:01.807",
-  "lastModified": "2025-05-20T20:15:41.090",
+  "lastModified": "2025-06-12T16:35:31.733",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/db101819-4404-46c9-a02e-b1b1b7ace11e/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/db101819-4404-46c9-a02e-b1b1b7ace11e/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:free:wordpress:*:*",
+              "versionEndExcluding": "6.2.4",
+              "matchCriteriaId": "1C8056A0-3504-433D-9DF6-CDBA6A141364"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/db101819-4404-46c9-a02e-b1b1b7ace11e/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/db101819-4404-46c9-a02e-b1b1b7ace11e/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2025/CVE-2025-06xx/CVE-2025-0673.json

@@ -2,8 +2,8 @@
   "id": "CVE-2025-0673",
   "sourceIdentifier": "cve@gitlab.com",
   "published": "2025-06-12T11:15:18.700",
-  "lastModified": "2025-06-12T11:15:18.700",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {

CVE-2025/CVE-2025-07xx/CVE-2025-0725.json

@@ -2,7 +2,7 @@
   "id": "CVE-2025-0725",
   "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
   "published": "2025-02-05T10:15:22.980",
-  "lastModified": "2025-05-13T18:35:30.150",
+  "lastModified": "2025-06-12T16:15:22.467",
   "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
@@ -237,6 +237,10 @@
         "Mailing List"
       ]
     },
+    {
+      "url": "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
     {
       "url": "https://security.netapp.com/advisory/ntap-20250306-0009/",
       "source": "af854a3a-2127-422b-91ae-364da2661108",

CVE-2025/CVE-2025-09xx/CVE-2025-0913.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0913",
   "sourceIdentifier": "security@golang.org",
   "published": "2025-06-11T18:15:24.627",
-  "lastModified": "2025-06-11T18:15:24.627",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink."
+    },
+    {
+      "lang": "es",
+      "value": "os.OpenFile(path, os.O_CREATE|O_EXCL) se comportaba de forma diferente en sistemas Unix y Windows cuando la ruta de destino era un enlace simb\u00f3lico pendiente. En sistemas Unix, OpenFile con los indicadores O_CREATE y O_EXCL nunca sigue enlaces simb\u00f3licos. En Windows, cuando la ruta de destino era un enlace simb\u00f3lico a una ubicaci\u00f3n inexistente, OpenFile creaba un archivo en esa ubicaci\u00f3n. OpenFile ahora siempre devuelve un error cuando los indicadores O_CREATE y O_EXCL est\u00e1n activados y la ruta de destino es un enlace simb\u00f3lico."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-09xx/CVE-2025-0917.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0917",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2025-06-11T18:15:24.790",
-  "lastModified": "2025-06-11T18:15:24.790",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
+    },
+    {
+      "lang": "es",
+      "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3 y 12.0.4 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a un usuario con privilegios incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-09xx/CVE-2025-0923.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-0923",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2025-06-11T18:15:24.963",
-  "lastModified": "2025-06-11T18:15:24.963",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system."
+    },
+    {
+      "lang": "es",
+      "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3 y 12.0.4 almacenan c\u00f3digo fuente en el servidor web que podr\u00eda contribuir a futuros ataques contra el sistema."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-10xx/CVE-2025-1033.json

@@ -2,8 +2,8 @@
   "id": "CVE-2025-1033",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2025-05-15T20:16:02.060",
-  "lastModified": "2025-05-20T20:15:41.497",
+  "lastModified": "2025-06-12T16:36:24.740",
-  "vulnStatus": "Undergoing Analysis",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -39,14 +39,52 @@
       }
     ]
   },
-  "references": [
+  "weaknesses": [
     {
-      "url": "https://wpscan.com/vulnerability/cbb63e80-92aa-4e85-9d47-dc68211af97d/",
+      "source": "nvd@nist.gov",
-      "source": "contact@wpscan.com"
+      "type": "Primary",
-    },
+      "description": [
         {
-      "url": "https://wpscan.com/vulnerability/cbb63e80-92aa-4e85-9d47-dc68211af97d/",
+          "lang": "en",
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:danielpowney:badgearoo:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.0.14",
+              "matchCriteriaId": "40E0D1DF-5D2D-4B09-A5CB-5394DEA2E8F5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/cbb63e80-92aa-4e85-9d47-dc68211af97d/",
+      "source": "contact@wpscan.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/cbb63e80-92aa-4e85-9d47-dc68211af97d/",
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2025/CVE-2025-10xx/CVE-2025-1041.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-1041",
   "sourceIdentifier": "securityalerts@avaya.com",
   "published": "2025-06-10T06:15:22.000",
-  "lastModified": "2025-06-10T06:15:22.000",
+  "lastModified": "2025-06-12T16:06:39.330",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "An improper input validation discovered in \n\nAvaya Call Management System\ncould allow an unauthorized \n\nremote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0."
+    },
+    {
+      "lang": "es",
+      "value": "Una validaci\u00f3n de entrada incorrecta detectada en Avaya Call Management System podr\u00eda permitir un comando remoto no autorizado mediante una solicitud web especialmente manipulada. Las versiones afectadas incluyen la 18.x, la 19.x anterior a la 19.2.0.7 y la 20.x anterior a la 20.0.1.0."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-10xx/CVE-2025-1055.json

@@ -2,13 +2,17 @@
   "id": "CVE-2025-1055",
   "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
   "published": "2025-06-11T00:15:24.273",
-  "lastModified": "2025-06-11T00:15:24.273",
+  "lastModified": "2025-06-12T16:06:20.180",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad en el controlador K7RKScan.sys, parte de la suite antimalware K7 Security, permite a un usuario local con pocos privilegios enviar solicitudes IOCTL manipuladas para finalizar una amplia gama de procesos que se ejecutan con privilegios administrativos o de sistema, excepto aquellos protegidos inherentemente por el sistema operativo. Esta falla se debe a la falta de control de acceso en el controlador IOCTL del controlador, lo que permite a usuarios sin privilegios realizar acciones privilegiadas en el espacio del kernel. Una explotaci\u00f3n exitosa puede provocar una denegaci\u00f3n de servicio al interrumpir servicios cr\u00edticos o aplicaciones privilegiadas."
     }
   ],
   "metrics": {