Auto-Update: 2025-03-12T07:00:26.352235+00:00

2025-05-08 19:47:09 +00:00 · 2025-03-12 07:03:55 +00:00 · 2025-03-12 07:03:55 +00:00 · 6fbf97e1d7
commit 6fbf97e1d7
parent 645a64762a
4 changed files with 143 additions and 17 deletions
--- a/CVE-2024/CVE-2024-134xx/CVE-2024-13498.json
+++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13498.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13498",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-12T06:15:21.360",
+  "lastModified": "2025-03-12T06:15:21.360",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3235420/nex-forms-express-wp-form-builder",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f188a5e6-699e-4e1a-b4e4-7fb4056b0bee?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-249xx/CVE-2025-24912.json
+++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24912.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-24912",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-03-12T05:15:37.430",
+  "lastModified": "2025-03-12T05:15:37.430",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-826"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN19358384/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://w1.fi/hostapd/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-12T05:00:20.401823+00:00
+2025-03-12T07:00:26.352235+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-12T04:15:19.810000+00:00
+2025-03-12T06:15:21.360000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-285010
+285012
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `2`

- [CVE-2025-1508](CVE-2025/CVE-2025-15xx/CVE-2025-1508.json) (`2025-03-12T04:15:16.520`)
- [CVE-2025-2076](CVE-2025/CVE-2025-20xx/CVE-2025-2076.json) (`2025-03-12T04:15:18.800`)
- [CVE-2025-2077](CVE-2025/CVE-2025-20xx/CVE-2025-2077.json) (`2025-03-12T04:15:19.000`)
- [CVE-2025-2078](CVE-2025/CVE-2025-20xx/CVE-2025-2078.json) (`2025-03-12T04:15:19.210`)
- [CVE-2025-2205](CVE-2025/CVE-2025-22xx/CVE-2025-2205.json) (`2025-03-12T04:15:19.810`)
+- [CVE-2024-13498](CVE-2024/CVE-2024-134xx/CVE-2024-13498.json) (`2025-03-12T06:15:21.360`)
+- [CVE-2025-24912](CVE-2025/CVE-2025-249xx/CVE-2025-24912.json) (`2025-03-12T05:15:37.430`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2025-0736](CVE-2025/CVE-2025-07xx/CVE-2025-0736.json) (`2025-03-12T04:15:16.120`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -247504,6 +247504,7 @@ CVE-2024-13493,0,0,42ff21ae6aacbec92978e0ea28bdc61ddb564d9f2d81f25e9d1e5dfa73ff8
 CVE-2024-13494,0,0,df89de1c8df07248517af2290bff81bf7153aa4d140a9b389da9d1731435daec,2025-02-28T01:30:32.830000
 CVE-2024-13495,0,0,7a8bc062291cac2ab3dfb8a0fb7feeecd31abf131df44b7d6a18b1140227b207,2025-01-24T20:46:53.307000
 CVE-2024-13496,0,0,192a8533534e044b339576d96e9cea7e19a2bbd248a7b183889cec35656a4f79,2025-01-24T20:45:57.463000
+CVE-2024-13498,1,1,77e6a8cf4d81104f905c38f77c45b2cd90487f916b046fcb4e6b362664e5c3fc,2025-03-12T06:15:21.360000
 CVE-2024-13499,0,0,6d635dc5b8c51f2804fa43df8b3beb018f4524a3b4ba54f25865b62cf92ed7dc,2025-01-24T20:37:12.533000
 CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a81697f,2024-11-21T08:50:23.313000
 CVE-2024-13500,0,0,1d9733764e3484aa60c36eea5a3cc1dd4fa8ffd0ae1e33244025d55da4de9296,2025-02-24T12:33:48.790000
@ -280666,7 +280667,7 @@ CVE-2025-0731,0,0,f3a6f53720f313459a1d5c1132e09ca05c60b7759061d8bc51c79df9c0e88e
 CVE-2025-0732,0,0,234fd2ae69db2537978e4781055144f526040d5063bfcbf5b1f197cbf63f9002,2025-01-27T18:15:40.550000
 CVE-2025-0733,0,0,2bf1ffcd7082ed8aaca488c566ff86bd86ffe68cc8167f42bed7cf7977336901,2025-01-27T18:15:40.760000
 CVE-2025-0734,0,0,285f7de184b54b422889f4b7f4a2f33b2c51f439962170e20fbeb8ccab20cca0,2025-01-27T19:15:19.130000
-CVE-2025-0736,0,1,617a5ddea57abcdf256e6967443d75c2dd05a1610c723b0d9b33b82494c364a0,2025-03-12T04:15:16.120000
+CVE-2025-0736,0,0,617a5ddea57abcdf256e6967443d75c2dd05a1610c723b0d9b33b82494c364a0,2025-03-12T04:15:16.120000
 CVE-2025-0739,0,0,41c7aa42155acfa48aae06734cd8d83436a961090ccba1b93472554d3983f7be,2025-01-30T11:15:11.607000
 CVE-2025-0740,0,0,155e9d6f961ba6dee7fc07e7b783db70542a7ac9c3e2747c6112c92b9d868dea,2025-01-30T11:15:11.763000
 CVE-2025-0741,0,0,8f17ca37bec615ff2b2277f71622af8920095cf0d2b07b32c37627367d03b22b,2025-02-18T19:15:23.390000
@ -281116,7 +281117,7 @@ CVE-2025-1502,0,0,87e6960c6bf75cc8b1380ef7c7e3303ad768ae7a5699ebb71505f60154582a
 CVE-2025-1504,0,0,0caf0fe296ba3de7804662f98b8d86d33ae80da3d9d2ad938f31b1ae97694007,2025-03-08T03:15:37.393000
 CVE-2025-1505,0,0,1355264158a2ba11ce2fd21a6bc45f6ba2c7a41beba2055617c8a72a80e67517,2025-03-06T20:21:36.547000
 CVE-2025-1506,0,0,1a3dc27492e0227e9be18d0d6fcaaa964bb01e29c760d9e3b9cb263d26e312c0,2025-02-28T06:15:25.557000
-CVE-2025-1508,1,1,b2cd4d0824cc5219817eb8a9b79c48fbcbb2173215ee20cd145f9f55298c019d,2025-03-12T04:15:16.520000
+CVE-2025-1508,0,0,b2cd4d0824cc5219817eb8a9b79c48fbcbb2173215ee20cd145f9f55298c019d,2025-03-12T04:15:16.520000
 CVE-2025-1509,0,0,1a5faaee231a2f918a1f7dcbd7fa0b900016cced0ec7ab7dbbc19bb7eed90578,2025-03-06T12:42:22.567000
 CVE-2025-1510,0,0,eaafc82c94652e15aeba6be8dab487f63a6f8dda886db91ee01d546563bfcf4b,2025-03-06T12:42:22.567000
 CVE-2025-1511,0,0,b1b588667a5e649574877e42702a5753176a9b5bb63efe10313a554d2504ba09,2025-03-06T17:52:55.370000
@ -281526,9 +281527,9 @@ CVE-2025-20652,0,0,9485bc5abd99cf5824b119c49fe5e9158c152f14429264c67d56a50ce2458
 CVE-2025-20653,0,0,10a8cea4b8c1ccc068072024007c444ff7d2ceef126747513723a7cf953de00b,2025-03-03T03:15:10.170000
 CVE-2025-2066,0,0,5dca3a37881c3080b5ed7399cf07d794623bec104102f99020f28f3358b971ab,2025-03-07T05:15:17.293000
 CVE-2025-2067,0,0,3e39862fd040dc0c3c929624d43984557b3839cb6c47b4edad23eed5ac7ebc44,2025-03-07T05:15:17.527000
-CVE-2025-2076,1,1,24a758f7a86394782db81ef4af3222f1e613ff94fdd0dd1e08649b8ff7696eee,2025-03-12T04:15:18.800000
-CVE-2025-2077,1,1,833655cf85729bc0d4619a303a298859245dabde098925120057434e69a2db8e,2025-03-12T04:15:19
-CVE-2025-2078,1,1,ef718d6889b12d2ed964b42b18c172b6cd0f266dda26fe749c945a10dae8a673,2025-03-12T04:15:19.210000
+CVE-2025-2076,0,0,24a758f7a86394782db81ef4af3222f1e613ff94fdd0dd1e08649b8ff7696eee,2025-03-12T04:15:18.800000
+CVE-2025-2077,0,0,833655cf85729bc0d4619a303a298859245dabde098925120057434e69a2db8e,2025-03-12T04:15:19
+CVE-2025-2078,0,0,ef718d6889b12d2ed964b42b18c172b6cd0f266dda26fe749c945a10dae8a673,2025-03-12T04:15:19.210000
 CVE-2025-2084,0,0,7b68ef2309ccccd38242c33dc15a6f85d87d16ae9a52fb77acbab191d667e863,2025-03-07T12:15:34.260000
 CVE-2025-2085,0,0,191ae6560abe8476fe190d0474dcec83084d054bdfc1b3da1737410b52c6b5f9,2025-03-07T12:15:35.270000
 CVE-2025-2086,0,0,03ab66f16f90758422ca1b2a306b10532564ca7b41e17c4b9e6b45a241d05c69,2025-03-07T14:15:37.850000
@ -282244,7 +282245,7 @@ CVE-2025-2193,0,0,dbb88f82f459ba010cbc51df271b53627184df972115671971d575e5495271
 CVE-2025-2194,0,0,e1aa96e726cf539676cb80ef975737c88c94790ed00a89f75cdf680a8e3413dc,2025-03-11T14:15:27.753000
 CVE-2025-2195,0,0,e292a4558d2ed8851de21bc82f067e4484772946d40eaa7eddec3f6225a02ee5,2025-03-11T14:15:27.937000
 CVE-2025-2196,0,0,2e4abd9c4f34d1ee0490e793cc34c4f7350a86f2ca91a96b3d64b855f88f05ff,2025-03-11T15:15:45.820000
-CVE-2025-2205,1,1,bea16b1a16e693c8473750af52aec371f4ca5bd91bb9d58a7e216fe106243098,2025-03-12T04:15:19.810000
+CVE-2025-2205,0,0,bea16b1a16e693c8473750af52aec371f4ca5bd91bb9d58a7e216fe106243098,2025-03-12T04:15:19.810000
 CVE-2025-2206,0,0,80d6a68dbba5ddb5b4f8630d141f655617e7f2b851183cc6bb7c82feaff25eec,2025-03-11T20:15:18.487000
 CVE-2025-2207,0,0,ab9be1f7f0c8b3cb770103b31096325dc711f180b3beb0e01dd4028d76cb7446,2025-03-11T20:15:18.690000
 CVE-2025-2208,0,0,67dbdc30017be8b55f14b6c01bfa089b03292c36c0e21ced49a6b647a674a3f3,2025-03-11T21:15:54.117000
@ -283948,6 +283949,7 @@ CVE-2025-24903,0,0,f94c50d2f0574a93b5b48805712360c1af6392fea087d65c2ed61830aedff
 CVE-2025-24904,0,0,922b25d3a9b426b643b71230fe8a3d6600552e09598c6cd6bc1bcb32f760c1d1,2025-02-13T16:16:49.053000
 CVE-2025-24905,0,0,a12cf1d4a84b7dfc2fc6ddf401dddb1af801de5f0e459b8125fad6e258d821aa,2025-02-13T19:00:37.593000
 CVE-2025-24906,0,0,c4750456c80f4de3a8d1ced568cbceb00ad477041c107087bb6724cafda48816,2025-02-13T18:59:59.940000
+CVE-2025-24912,1,1,b28c9a97ef4a2f2b9e1c0d349635dd21775333409307b5e3933144c12878b03a,2025-03-12T05:15:37.430000
 CVE-2025-24924,0,0,a7084794ce1702a81fd2bcd238459f023095753247c4c7d60e5ed9e8f0ccc53a,2025-03-05T00:15:38.423000
 CVE-2025-24928,0,0,8e9335012d42a7d487e5f9921ea54f865e117f9248798a001634be5429fb2b4a,2025-02-18T23:15:10.250000
 CVE-2025-24946,0,0,6cbcc6ed12b7350bc1e3ba362180af6c5ebed1ea35a0fb612c7c5af9a1e19fef,2025-02-20T03:15:12.800000