diff --git a/CVE-2018/CVE-2018-146xx/CVE-2018-14628.json b/CVE-2018/CVE-2018-146xx/CVE-2018-14628.json index ca2338af19a..2c511889ceb 100644 --- a/CVE-2018/CVE-2018-146xx/CVE-2018-14628.json +++ b/CVE-2018/CVE-2018-146xx/CVE-2018-14628.json @@ -2,8 +2,8 @@ "id": "CVE-2018-14628", "sourceIdentifier": "secalert@redhat.com", "published": "2023-01-17T18:15:10.810", - "lastModified": "2024-11-21T03:49:27.463", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T16:10:38.410", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -62,7 +62,15 @@ "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", - "matchCriteriaId": "FE6906E8-E743-4350-845A-CEBC5C9B3488" + "versionEndExcluding": "4.18.9", + "matchCriteriaId": "4D5D18F8-E566-46F4-A9AB-79126F369E86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.0", + "versionEndExcluding": "4.19.3", + "matchCriteriaId": "DF28158F-BE64-4887-83CD-93AC6C5CD5D2" } ] } @@ -87,7 +95,10 @@ "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/28/4", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445", @@ -111,15 +122,26 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/11/28/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445", @@ -143,15 +165,26 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230223-0008/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-324xx/CVE-2022-32427.json b/CVE-2022/CVE-2022-324xx/CVE-2022-32427.json index 108f1f034c6..5df9db0a985 100644 --- a/CVE-2022/CVE-2022-324xx/CVE-2022-32427.json +++ b/CVE-2022/CVE-2022-324xx/CVE-2022-32427.json @@ -2,8 +2,8 @@ "id": "CVE-2022-32427", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-25T02:15:19.660", - "lastModified": "2024-11-21T07:06:21.367", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T16:10:51.403", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,8 +61,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:printerlogic:windows_client:*:*:*:*:*:*:*:*", - "versionEndExcluding": "25.0.0688", - "matchCriteriaId": "A39FAAB6-59AA-4860-8842-8FCC3ACEC294" + "versionEndExcluding": "25.0.0.688", + "matchCriteriaId": "CB337606-0C59-40B1-961D-12D7FC52DE09" } ] } diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json index 8676aab6260..b73d00c57a3 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22084", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-10-17T22:15:13.793", - "lastModified": "2024-11-21T07:44:14.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T16:10:07.627", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -120,12 +120,81 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0", + "versionEndExcluding": "10.4.32", + "matchCriteriaId": "3DD69211-93D8-414C-AC73-BCA5D102D7A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.0", + "versionEndExcluding": "10.5.23", + "matchCriteriaId": "CFC3AC1F-1DAE-4FEA-956B-A76C818F961F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.6.0", + "versionEndExcluding": "10.6.16", + "matchCriteriaId": "1D39D37C-9FC4-43D0-8756-3EE0B732251D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.10.0", + "versionEndExcluding": "10.10.7", + "matchCriteriaId": "1EA20D33-316A-448B-A31A-B9EC1206A15A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.11.0", + "versionEndExcluding": "10.11.6", + "matchCriteriaId": "5B681657-2F69-4B9C-A575-E73E3BE6171F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.0.4", + "matchCriteriaId": "D92B8F3E-2A3F-40A5-AD00-6653A5BB02D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndExcluding": "11.1.3", + "matchCriteriaId": "9579B159-E636-4192-B57F-A7CD7EA42F31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.2.0", + "versionEndExcluding": "11.2.2", + "matchCriteriaId": "005A9911-318E-4259-BE2A-F04523CB53C4" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/", @@ -165,7 +234,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/", diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json index 440e7801313..2dbb5ba584b 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31597.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31597", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T18:15:10.017", - "lastModified": "2024-11-21T08:02:03.987", + "lastModified": "2025-01-22T15:15:08.770", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-863" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json index 1e6d6552ba5..aa0baff1040 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31729.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31729", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T02:15:12.380", - "lastModified": "2024-11-21T08:02:13.323", + "lastModified": "2025-01-22T15:15:09.043", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-77" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ @@ -112,6 +142,10 @@ "tags": [ "Broken Link" ] + }, + { + "url": "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31871.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31871.json index 6f8ed0a3a38..307abc899ee 100644 --- a/CVE-2023/CVE-2023-318xx/CVE-2023-31871.json +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31871.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31871", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T17:15:08.957", - "lastModified": "2024-11-21T08:02:21.240", + "lastModified": "2025-01-22T15:15:09.237", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33204.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33204.json index 017ee336b32..1936a1ed04b 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33204.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33204.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33204", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-18T08:15:08.773", - "lastModified": "2024-11-21T08:05:07.467", + "lastModified": "2025-01-22T15:15:09.430", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-190" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json new file mode 100644 index 00000000000..62e81a3e1ed --- /dev/null +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-36998", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:09.647", + "lastModified": "2025-01-22T15:15:09.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://nextepc.com", + "source": "cve@mitre.org" + }, + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37002.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37002.json new file mode 100644 index 00000000000..69a454a7f44 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37002.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37002", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:09.757", + "lastModified": "2025-01-22T15:15:09.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37003.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37003.json new file mode 100644 index 00000000000..436fd42c78a --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37003.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37003", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:09.867", + "lastModified": "2025-01-22T15:15:09.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37004.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37004.json new file mode 100644 index 00000000000..da130cbbcc6 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37004.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37004", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:09.970", + "lastModified": "2025-01-22T15:15:09.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37005.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37005.json new file mode 100644 index 00000000000..b8b759bf595 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37005.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37005", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.067", + "lastModified": "2025-01-22T15:15:10.067", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37006.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37006.json new file mode 100644 index 00000000000..5d65d8dc652 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37006.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37006", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.170", + "lastModified": "2025-01-22T15:15:10.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37007.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37007.json new file mode 100644 index 00000000000..c1193db050a --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37007.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37007", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.270", + "lastModified": "2025-01-22T15:15:10.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37008.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37008.json new file mode 100644 index 00000000000..4d247c7a3c2 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37008.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37008", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.373", + "lastModified": "2025-01-22T15:15:10.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37009.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37009.json new file mode 100644 index 00000000000..d52be2463c8 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37009.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37009", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.473", + "lastModified": "2025-01-22T15:15:10.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37010.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37010.json new file mode 100644 index 00000000000..6e747c85244 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37010.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37010", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.580", + "lastModified": "2025-01-22T15:15:10.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37011.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37011.json new file mode 100644 index 00000000000..12aa02147e3 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37011.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37011", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.683", + "lastModified": "2025-01-22T15:15:10.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37012.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37012.json new file mode 100644 index 00000000000..d8548588fc5 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37012.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37012", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.783", + "lastModified": "2025-01-22T15:15:10.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37013.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37013.json new file mode 100644 index 00000000000..7912091f759 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37013.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37013", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.883", + "lastModified": "2025-01-22T15:15:10.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json new file mode 100644 index 00000000000..a55cb3d4078 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37014", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:10.987", + "lastModified": "2025-01-22T15:15:10.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json new file mode 100644 index 00000000000..f194e03a921 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37015", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.100", + "lastModified": "2025-01-22T15:15:11.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json new file mode 100644 index 00000000000..9d942c54955 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37016", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.207", + "lastModified": "2025-01-22T15:15:11.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json new file mode 100644 index 00000000000..e0d24430d69 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37017", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.310", + "lastModified": "2025-01-22T15:15:11.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json new file mode 100644 index 00000000000..22f91cf2cd4 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37018", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.410", + "lastModified": "2025-01-22T15:15:11.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json new file mode 100644 index 00000000000..7305a00eadb --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37019", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.510", + "lastModified": "2025-01-22T15:15:11.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json new file mode 100644 index 00000000000..ff03782d002 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37020", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.613", + "lastModified": "2025-01-22T15:15:11.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json new file mode 100644 index 00000000000..8120d0a7831 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37021", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.710", + "lastModified": "2025-01-22T15:15:11.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json new file mode 100644 index 00000000000..f0f12a39509 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37022", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.817", + "lastModified": "2025-01-22T15:15:11.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json new file mode 100644 index 00000000000..1fca0717fcc --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2023-37023", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:11.913", + "lastModified": "2025-01-22T15:15:11.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37035.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37035.json index 78b4aa03a29..a54e4c5d771 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37035.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37035.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37035", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T23:15:10.823", - "lastModified": "2025-01-21T23:15:10.823", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:12.017", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://cellularsecurity.org/ransacked", diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37777.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37777.json new file mode 100644 index 00000000000..5f98cb1a3ef --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37777.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-37777", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T16:15:28.187", + "lastModified": "2025-01-22T16:15:28.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Synnefo Internet Management Software 2023 was discovered to contain a SQL injection vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338", + "source": "cve@mitre.org" + }, + { + "url": "https://synnefoims.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51529.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51529.json index 0188355b06a..4aeee389171 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51529.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51529.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51529", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-29T05:15:08.570", - "lastModified": "2024-11-21T08:38:19.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:21:12.423", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "2.3.4", + "matchCriteriaId": "A4AD1E21-DDE5-47A2-AF90-20E840E7F7C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json new file mode 100644 index 00000000000..5770736ac41 --- /dev/null +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-10929", + "sourceIdentifier": "arm-security@arm.com", + "published": "2025-01-22T16:15:28.790", + "lastModified": "2025-01-22T16:15:28.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1390.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1390.json index d1a38162416..051943f0314 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1390.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1390.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1390", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-29T01:43:49.500", - "lastModified": "2024-11-21T08:50:28.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:49:11.553", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,30 +39,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.11.2", + "matchCriteriaId": "AF386728-7F5D-424F-B3D8-0027914BC828" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1408.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1408.json index 0ccffb68222..5971dbc228a 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1408.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1408.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1408", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-29T01:43:49.943", - "lastModified": "2024-11-21T08:50:31.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:44:00.387", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "4.15.0", + "matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1519.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1519.json index e3a79a86dad..dba7eecce58 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1519.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1519.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1519", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-29T01:43:52.287", - "lastModified": "2024-11-21T08:50:44.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:38:11.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.9, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "4.15.0", + "matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1570.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1570.json index d8b410feaab..e78b5961a48 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1570.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1570.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1570", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-29T01:43:52.670", - "lastModified": "2024-11-21T08:50:51.480", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:31:46.067", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "4.15.0", + "matchCriteriaId": "34BCC12F-8ACE-4D52-998E-31A794F51452" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json index 3554b622009..0e940690d4c 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23310", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:09.097", - "lastModified": "2024-11-21T08:57:28.770", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:18:16.783", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,24 +49,82 @@ "value": "CWE-825" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", + "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json index 153fbe6e456..f571f156371 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23313", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:09.477", - "lastModified": "2024-11-21T08:57:29.013", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T15:30:48.677", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", + "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json new file mode 100644 index 00000000000..68ba4e13898 --- /dev/null +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-24429", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T16:15:28.907", + "lastModified": "2025-01-22T16:15:28.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json new file mode 100644 index 00000000000..4314467c77e --- /dev/null +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-24430", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:12.680", + "lastModified": "2025-01-22T15:15:12.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24432.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24432.json new file mode 100644 index 00000000000..650bd6195a1 --- /dev/null +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24432.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-24432", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:12.793", + "lastModified": "2025-01-22T15:15:12.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27305.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27305.json index 56b6eb65e50..06012fae78a 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27305.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27305.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27305", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-12T21:15:58.630", - "lastModified": "2024-11-21T09:04:17.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:02:31.500", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,32 +69,78 @@ "value": "CWE-345" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aio-libs:aiosmtpd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.5", + "matchCriteriaId": "4C74E682-012F-4D4E-B76F-C45329900908" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.postfix.org/smtp-smuggling.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.postfix.org/smtp-smuggling.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28236.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28236.json index c7a7cd31ca1..b6439ef1afb 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28236.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28236.json @@ -2,8 +2,8 @@ "id": "CVE-2024-28236", "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-12T21:15:59.027", - "lastModified": "2024-11-21T09:06:03.913", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:05:22.287", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -53,24 +73,64 @@ "value": "CWE-532" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:go-vela:worker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.23.2", + "matchCriteriaId": "00862902-9C2F-41A0-B71B-831E777AB83C" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json new file mode 100644 index 00000000000..ed0111beeb4 --- /dev/null +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-31903", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-22T16:15:29.030", + "lastModified": "2025-01-22T16:15:29.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7172233", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3382.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3382.json index 1aedb20cb7b..db32164d941 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3382.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3382.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3382", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-04-10T17:15:56.793", - "lastModified": "2024-11-21T09:29:30.253", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:44:24.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,16 +69,107 @@ "value": "CWE-770" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.2.0", + "versionEndExcluding": "10.2.7", + "matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.0.4", + "matchCriteriaId": "60048B56-C9E4-4492-9F4F-485AC3690FA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndExcluding": "11.1.2", + "matchCriteriaId": "21CFD38A-7AED-4CEE-BDA9-77D815689C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", + "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", + "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C702B085-D739-4E06-805F-D01144279071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29237799-7DF5-478C-AE36-EC8E8416EAB7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CEB69E29-2974-4963-96D6-E0C08D7777F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1F7914EA-FEA6-4911-9A47-4F516BEE6663" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37BC54A5-071C-4F62-87EB-2314CA019B08" + } + ] + } + ] } ], "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3382", - "source": "psirt@paloaltonetworks.com" + "source": "psirt@paloaltonetworks.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.paloaltonetworks.com/CVE-2024-3382", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json b/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json new file mode 100644 index 00000000000..6800a5d6e8f --- /dev/null +++ b/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-34235", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:12.900", + "lastModified": "2025-01-22T15:15:12.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cellularsecurity.org/ransacked", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json new file mode 100644 index 00000000000..425ddf4812a --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-42012", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T16:15:29.183", + "lastModified": "2025-01-22T16:15:29.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.graudata.com/en/products/protection-against-ransomware/blocky-for-veeam/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json new file mode 100644 index 00000000000..9ccafad73cc --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-42013", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T16:15:29.303", + "lastModified": "2025-01-22T16:15:29.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.graudata.com/en/products/protection-against-ransomware/blocky-for-veeam/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42471.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42471.json index 9a783b40015..d668af4843a 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42471.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42471.json @@ -2,13 +2,13 @@ "id": "CVE-2024-42471", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-02T18:15:35.540", - "lastModified": "2024-09-16T16:18:09.597", - "vulnStatus": "Analyzed", + "lastModified": "2025-01-22T16:15:29.417", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue." + "value": "actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4777.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4777.json index 79e73a4a84c..3205e26e9e3 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4777.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4777.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4777", "sourceIdentifier": "security@mozilla.org", "published": "2024-05-14T18:15:16.413", - "lastModified": "2024-11-21T09:43:35.560", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T16:45:18.820", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,171 @@ "value": "Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 126, Firefox ESR < 115.11 y Thunderbird < 115.11." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", + "versionEndExcluding": "115.11.0", + "matchCriteriaId": "DCAE3CC2-8B68-45CA-BADF-3DF1AF50ECD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", + "versionEndExcluding": "126.0", + "matchCriteriaId": "2695925F-3984-4304-A630-5FF27054F360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.11.0", + "matchCriteriaId": "0C7339B9-8741-4320-BF1C-3BC9F1D051FF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-21/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-22/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-23/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-21/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-22/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-23/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49735.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49735.json index ffb3bda4d55..a4394cac8d2 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49735.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49735.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49735", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.393", - "lastModified": "2025-01-21T23:15:14.393", - "vulnStatus": "Received", + "lastModified": "2025-01-22T16:15:29.573", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49736.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49736.json index 6b07ac3e830..8b201c8d8e5 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49736.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49736.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49736", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.490", - "lastModified": "2025-01-21T23:15:14.490", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.007", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49737.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49737.json index 40e98eb6aed..6418c41bb63 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49737.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49737", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.593", - "lastModified": "2025-01-21T23:15:14.593", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.150", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49738.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49738.json index 882e5893783..c908a665959 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49738.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49738.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49738", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.687", - "lastModified": "2025-01-21T23:15:14.687", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.280", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49742.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49742.json index 089259e70f1..9968642d03b 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49742.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49742", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.783", - "lastModified": "2025-01-21T23:15:14.783", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.407", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49744.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49744.json index edd9ba37427..ccecd9f35ec 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49744.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49744.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49744", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.880", - "lastModified": "2025-01-21T23:15:14.880", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.557", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49745.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49745.json index b18d8eab4e4..7a4233e6ea2 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49745.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49745.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49745", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:14.993", - "lastModified": "2025-01-21T23:15:14.993", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.707", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49747.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49747.json index d3e93ccb446..0807cbaff9c 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49747.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49747.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49747", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:15.100", - "lastModified": "2025-01-21T23:15:15.100", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.840", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49748.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49748.json index 72195834c60..969cb1c1f33 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49748.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49748.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49748", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:15.197", - "lastModified": "2025-01-21T23:15:15.197", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:13.980", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49749.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49749.json index 1907ede7c69..ba94edfa405 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49749.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49749", "sourceIdentifier": "security@android.com", "published": "2025-01-21T23:15:15.283", - "lastModified": "2025-01-21T23:15:15.283", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:14.110", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,42 @@ "value": "In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2025-01-01", diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51941.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51941.json index 89b96a3310d..cc23c46491e 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51941.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51941.json @@ -2,16 +2,43 @@ "id": "CVE-2024-51941", "sourceIdentifier": "security@apache.org", "published": "2025-01-21T22:15:12.447", - "lastModified": "2025-01-21T23:15:15.380", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:14.247", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo remoto en la funci\u00f3n Ambari Metrics y AMS Alerts, que permite a los usuarios autenticados inyectar y ejecutar c\u00f3digo arbitrario. La vulnerabilidad se produce al procesar definiciones de alertas, donde se puede inyectar informaci\u00f3n maliciosa en la ruta de ejecuci\u00f3n de la alerta script. Un atacante con acceso autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor. El problema se ha solucionado en las \u00faltimas versiones de Ambari." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json new file mode 100644 index 00000000000..b03b5408924 --- /dev/null +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-55488", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T16:15:29.770", + "lastModified": "2025-01-22T16:15:29.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://umbraco.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.nccgroup.com/us/research-blog/technical-advisory-cross-site-scripting-in-umbraco-rich-text-display/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57575.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57575.json index 1d2cdf44fe5..2472203f6b3 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57575.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57575.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57575", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:16.537", - "lastModified": "2025-01-16T21:15:16.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:53:51.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,78 @@ "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro ssid en la funci\u00f3n form_fast_setting_wifi_set." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/blob/main/1/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57583.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57583.json index 3d88645e41f..d51ef2cd595 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57583.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57583.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57583", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.800", - "lastModified": "2025-01-16T21:15:17.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T16:53:20.263", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,78 @@ "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro usbName en la funci\u00f3n formSetSambaConf." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3A313A-5085-4ABB-92D0-A26208EE44FB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57726.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57726.json index fd3683c644b..cb9ab989807 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57726.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57726.json @@ -2,7 +2,7 @@ "id": "CVE-2024-57726", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-15T23:15:09.520", - "lastModified": "2025-01-16T21:22:00.710", + "lastModified": "2025-01-22T16:25:12.533", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -22,20 +22,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 8.8, - "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "UNCHANGED", + "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 3.1, + "impactScore": 6.0 } ] }, diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json index ed9ff965708..0fe27ba329b 100644 --- a/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7344.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7344", "sourceIdentifier": "cret@cert.org", "published": "2025-01-14T14:15:34.930", - "lastModified": "2025-01-21T19:15:11.700", - "vulnStatus": "Modified", + "lastModified": "2025-01-22T15:41:04.577", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -172,7 +172,12 @@ }, { "url": "https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-73xx/CVE-2024-7347.json b/CVE-2024/CVE-2024-73xx/CVE-2024-7347.json index 84accd55bf7..6b5722a2122 100644 --- a/CVE-2024/CVE-2024-73xx/CVE-2024-7347.json +++ b/CVE-2024/CVE-2024-73xx/CVE-2024-7347.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7347", "sourceIdentifier": "f5sirt@f5.com", "published": "2024-08-14T15:15:31.870", - "lastModified": "2024-11-21T09:51:20.560", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T16:10:28.490", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -139,6 +139,11 @@ "versionEndExcluding": "1.26.2", "matchCriteriaId": "F0EA24A0-D4CA-4394-9A01-D7B9A5DBAF0C" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:nginx_open_source:1.27.0:*:*:*:*:*:*:*", + "matchCriteriaId": "97A8277F-E124-4A18-A545-05DE412FF811" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", @@ -176,7 +181,10 @@ }, { "url": "http://www.openwall.com/lists/oss-security/2024/08/14/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9020.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9020.json index 9720d5cdd80..0f69fd2c870 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9020.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9020.json @@ -2,16 +2,43 @@ "id": "CVE-2024-9020", "sourceIdentifier": "contact@wpscan.com", "published": "2025-01-18T06:15:27.787", - "lastModified": "2025-01-18T06:15:27.787", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:14.407", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento List category posts de WordPress anterior a la versi\u00f3n 0.90.3 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de mostrarlos nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques Cross-Site Scripting Almacenado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/6caa4e5d-8112-4d00-8e97-b41df611a071/", diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0203.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0203.json index 9bfad83b395..60cb5fcd5a6 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0203.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0203.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0203", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-04T07:15:18.153", - "lastModified": "2025-01-04T07:15:18.153", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:47:10.633", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -111,7 +131,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -122,28 +142,70 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:student_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E1621856-3353-479E-B400-A461E52248D3" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/th4s1s/e8488d7e35d789581979f3b7e4c48b1f", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.290140", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.290140", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.473410", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0204.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0204.json index de08a346f52..fbb07d92636 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0204.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0204.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0204", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-04T08:15:06.923", - "lastModified": "2025-01-04T08:15:06.923", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:42:44.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -111,7 +131,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -122,28 +142,70 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/th4s1s/6f0b3fcf85455238b4316d0fda7d489e", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.290141", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.290141", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.474031", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0205.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0205.json index e5fe4c132fd..00b89c40424 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0205.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0205.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0205", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-04T09:15:06.280", - "lastModified": "2025-01-04T09:15:06.280", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:33:38.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -111,7 +131,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -122,28 +142,71 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/th4s1s/832bc65fadd7d49894f68a75f834c7f3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.290142", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.290142", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.474032", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0206.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0206.json index c032d39c646..fda80c03317 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0206.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0206.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0206", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-04T12:15:24.830", - "lastModified": "2025-01-04T12:15:24.830", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-01-22T15:24:50.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -111,7 +131,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -122,28 +142,71 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:online_shoe_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4814A5C5-6D0C-4EA4-8BA8-1309F1913C0A" + } + ] + } + ] } ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/th4s1s/955b71b20235dddf30689d4b85b4d271", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.290143", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.290143", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.474033", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0395.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0395.json index 9e73a26f216..6b4f2f550fc 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0395.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0395.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0395", "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "published": "2025-01-22T13:15:20.933", - "lastModified": "2025-01-22T13:15:20.933", - "vulnStatus": "Received", + "lastModified": "2025-01-22T16:15:29.893", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -28,6 +28,18 @@ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18" + }, + { + "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18" + }, + { + "url": "https://sourceware.org/pipermail/libc-announce/2025/000044.html", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2025/01/22/4", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json new file mode 100644 index 00000000000..72d94523450 --- /dev/null +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0604", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-01-22T15:15:14.827", + "lastModified": "2025-01-22T15:15:14.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-0604", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338993", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json new file mode 100644 index 00000000000..28e7ab2e9a7 --- /dev/null +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-0638", + "sourceIdentifier": "sep@nlnetlabs.nl", + "published": "2025-01-22T16:15:29.977", + "lastModified": "2025-01-22T16:15:29.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sep@nlnetlabs.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sep@nlnetlabs.nl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1286" + } + ] + } + ], + "references": [ + { + "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt", + "source": "sep@nlnetlabs.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-213xx/CVE-2025-21329.json b/CVE-2025/CVE-2025-213xx/CVE-2025-21329.json index f8ad73a7d04..21d9706d1af 100644 --- a/CVE-2025/CVE-2025-213xx/CVE-2025-21329.json +++ b/CVE-2025/CVE-2025-213xx/CVE-2025-21329.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21329", "sourceIdentifier": "secure@microsoft.com", "published": "2025-01-14T18:15:57.733", - "lastModified": "2025-01-14T18:15:57.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-22T15:02:32.270", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,154 @@ "value": "CWE-41" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20890", + "matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20890", + "matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.7699", + "matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.7699", + "matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.6775", + "matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.6775", + "matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.5371", + "matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.5371", + "matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.4751", + "matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.4751", + "matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.2894", + "matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.7699", + "matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6775", + "matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.3091", + "matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.1369", + "matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.2894", + "matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-227xx/CVE-2025-22772.json b/CVE-2025/CVE-2025-227xx/CVE-2025-22772.json new file mode 100644 index 00000000000..0966406cccc --- /dev/null +++ b/CVE-2025/CVE-2025-227xx/CVE-2025-22772.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22772", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:14.990", + "lastModified": "2025-01-22T15:15:14.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mapbox-for-wp-advanced/vulnerability/wordpress-mapbox-for-wp-advanced-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22980.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22980.json new file mode 100644 index 00000000000..e075f98c361 --- /dev/null +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22980.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-22980", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-22T15:15:15.130", + "lastModified": "2025-01-22T15:15:15.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/slims/slims9_bulian/issues/270", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23195.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23195.json index 2b046b036d3..3593caa458f 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23195.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23195.json @@ -2,16 +2,43 @@ "id": "CVE-2025-23195", "sourceIdentifier": "security@apache.org", "published": "2025-01-21T22:15:12.863", - "lastModified": "2025-01-21T23:15:15.490", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:15.237", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie \nproject, allowing an attacker to inject malicious XML entities. This \nvulnerability occurs due to insecure parsing of XML input using the \n`DocumentBuilderFactory` class without disabling external entity \nresolution. An attacker can exploit this vulnerability to read arbitrary\n files on the server or perform server-side request forgery (SSRF) \nattacks. The issue has been fixed in both Ambari 2.7.9 and the trunk \nbranch." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de entidad externa XML (XXE) en el proyecto Ambari/Oozie, que permite a un atacante inyectar entidades XML maliciosas. Esta vulnerabilidad se produce debido a un an\u00e1lisis inseguro de la entrada XML mediante la clase `DocumentBuilderFactory` sin deshabilitar la resoluci\u00f3n de entidades externas. Un atacante puede aprovechar esta vulnerabilidad para leer archivos arbitrarios en el servidor o realizar ataques Server-Side Request Forgery (SSRF). El problema se ha solucionado tanto en Ambari 2.7.9 como en la rama troncal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23196.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23196.json index 0ec6eb6c584..9cadb339f56 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23196.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23196.json @@ -2,16 +2,43 @@ "id": "CVE-2025-23196", "sourceIdentifier": "security@apache.org", "published": "2025-01-21T22:15:12.987", - "lastModified": "2025-01-21T23:15:15.593", - "vulnStatus": "Received", + "lastModified": "2025-01-22T15:15:15.390", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A code injection vulnerability exists in the Ambari Alert Definition \nfeature, allowing authenticated users to inject and execute arbitrary \nshell commands. The vulnerability arises when defining alert scripts, \nwhere the script filename field is executed using `sh -c`. An attacker \nwith authenticated access can exploit this vulnerability to inject \nmalicious commands, leading to remote code execution on the server. The \nissue has been fixed in the latest versions of Ambari." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la funci\u00f3n de definici\u00f3n de alertas de Ambari, que permite a los usuarios autenticados inyectar y ejecutar comandos de shell arbitrarios. La vulnerabilidad surge al definir la alerta scripts, donde el campo de nombre de archivo script se ejecuta utilizando `sh -c`. Un atacante con acceso autenticado puede aprovechar esta vulnerabilidad para inyectar comandos maliciosos, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo en el servidor. El problema se ha solucionado en las \u00faltimas versiones de Ambari." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23449.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23449.json new file mode 100644 index 00000000000..49aaabb1442 --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23449.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23449", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:15.650", + "lastModified": "2025-01-22T15:15:15.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-shortcode-buttons/vulnerability/wordpress-simple-shortcode-buttons-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23462.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23462.json new file mode 100644 index 00000000000..c05314b8ff1 --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23462.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23462", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:15.800", + "lastModified": "2025-01-22T15:15:15.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fwd-slider/vulnerability/wordpress-fwd-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23475.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23475.json new file mode 100644 index 00000000000..0d263e3a2ef --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23475.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23475", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:15.950", + "lastModified": "2025-01-22T15:15:15.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/history-timeline/vulnerability/wordpress-history-timeline-plugin-0-7-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23486.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23486.json new file mode 100644 index 00000000000..d9187c11ecb --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23486.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23486", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.093", + "lastModified": "2025-01-22T15:15:16.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/database-sync/vulnerability/wordpress-database-sync-plugin-0-5-1-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23495.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23495.json new file mode 100644 index 00000000000..4de9ac52f33 --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23495.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23495", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.230", + "lastModified": "2025-01-22T15:15:16.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-order-searching/vulnerability/wordpress-woocommerce-order-search-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-234xx/CVE-2025-23498.json b/CVE-2025/CVE-2025-234xx/CVE-2025-23498.json new file mode 100644 index 00000000000..04299ed635c --- /dev/null +++ b/CVE-2025/CVE-2025-234xx/CVE-2025-23498.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23498", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.370", + "lastModified": "2025-01-22T15:15:16.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Translation.Pro allows Reflected XSS. This issue affects Translation.Pro: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/translation-pro/vulnerability/wordpress-translation-pro-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23500.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23500.json new file mode 100644 index 00000000000..3dcb435aba2 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23500.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23500", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.500", + "lastModified": "2025-01-22T15:15:16.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-content-construction-kit/vulnerability/wordpress-simple-custom-post-type-custom-field-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23503.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23503.json new file mode 100644 index 00000000000..a45faa567d1 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23503.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23503", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.633", + "lastModified": "2025-01-22T15:15:16.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/customizable-captcha-and-contact-us-form/vulnerability/wordpress-customizable-captcha-and-contact-us-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23506.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23506.json new file mode 100644 index 00000000000..6b7eb2004da --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23506.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23506", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.777", + "lastModified": "2025-01-22T15:15:16.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP IMAP Auth allows Reflected XSS. This issue affects WP IMAP Auth: from n/a through 4.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-imap-authentication/vulnerability/wordpress-wp-imap-auth-plugin-4-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23507.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23507.json new file mode 100644 index 00000000000..8302ed885f3 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23507.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23507", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:16.910", + "lastModified": "2025-01-22T15:15:16.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/blrt-wp-embed/vulnerability/wordpress-blrt-wp-embed-plugin-1-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23509.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23509.json new file mode 100644 index 00000000000..e71444938ac --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23509.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23509", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.043", + "lastModified": "2025-01-22T15:15:17.043", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/comments-with-hypercommentscom/vulnerability/wordpress-hypercomments-plugin-0-9-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23512.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23512.json new file mode 100644 index 00000000000..44c34d03b4b --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23512.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23512", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.160", + "lastModified": "2025-01-22T15:15:17.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Team118GROUP Team 118GROUP Agent allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team 118GROUP Agent: from n/a through 1.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/team-118group-agent/vulnerability/wordpress-team-118group-agent-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23535.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23535.json new file mode 100644 index 00000000000..5159dc62005 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23535.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23535", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.290", + "lastModified": "2025-01-22T15:15:17.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/drag-and-drop-custom-sidebar/vulnerability/wordpress-real-wordpress-sidebar-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23548.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23548.json new file mode 100644 index 00000000000..ec992b7314a --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23548.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23548", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.423", + "lastModified": "2025-01-22T15:15:17.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bilal TAS Responsivity allows Reflected XSS. This issue affects Responsivity: from n/a through 0.0.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/responsivity/vulnerability/wordpress-responsivity-plugin-0-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23562.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23562.json new file mode 100644 index 00000000000..51bfcb19fe8 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23562.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23562", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.557", + "lastModified": "2025-01-22T15:15:17.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/xlsx-viewer/vulnerability/wordpress-xlsxviewer-plugin-2-1-1-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23578.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23578.json new file mode 100644 index 00000000000..22a0652bebc --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23578.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23578", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.687", + "lastModified": "2025-01-22T15:15:17.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom CSS Addons allows Reflected XSS. This issue affects Custom CSS Addons: from n/a through 1.9.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/css-addons/vulnerability/wordpress-custom-css-addons-plugin-1-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23583.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23583.json new file mode 100644 index 00000000000..5e8b0fed5e2 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23583.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23583", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.820", + "lastModified": "2025-01-22T15:15:17.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership allows Reflected XSS. This issue affects Explara Membership: from n/a through 0.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/explara-membership/vulnerability/wordpress-explara-membership-plugin-0-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23589.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23589.json new file mode 100644 index 00000000000..1e4dca208c7 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23589.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23589", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:17.950", + "lastModified": "2025-01-22T15:15:17.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ContentOptin Lite allows Reflected XSS. This issue affects ContentOptin Lite: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contentoptin/vulnerability/wordpress-contentoptin-lite-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23592.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23592.json new file mode 100644 index 00000000000..bc0c3389ad1 --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23592.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23592", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.097", + "lastModified": "2025-01-22T15:15:18.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound dForms allows Reflected XSS. This issue affects dForms: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dforms/vulnerability/wordpress-dforms-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-235xx/CVE-2025-23597.json b/CVE-2025/CVE-2025-235xx/CVE-2025-23597.json new file mode 100644 index 00000000000..4ee25b2dfff --- /dev/null +++ b/CVE-2025/CVE-2025-235xx/CVE-2025-23597.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23597", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.230", + "lastModified": "2025-01-22T15:15:18.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riosis Private Limited Rio Photo Gallery allows Reflected XSS. This issue affects Rio Photo Gallery: from n/a through 0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rio-photo-gallery/vulnerability/wordpress-rio-photo-gallery-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23601.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23601.json new file mode 100644 index 00000000000..aaf9e8476fb --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23601.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23601", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.363", + "lastModified": "2025-01-22T15:15:18.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tab My Content allows Reflected XSS. This issue affects Tab My Content: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tab-my-content/vulnerability/wordpress-tab-my-content-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23602.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23602.json new file mode 100644 index 00000000000..91e4d55e275 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23602.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23602", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.503", + "lastModified": "2025-01-22T15:15:18.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23603.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23603.json new file mode 100644 index 00000000000..c20091feb2e --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23603.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23603", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.667", + "lastModified": "2025-01-22T15:15:18.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Group category creator allows Reflected XSS. This issue affects Group category creator: from n/a through 1.3.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/group-category-creator/vulnerability/wordpress-group-category-creator-plugin-1-3-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23604.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23604.json new file mode 100644 index 00000000000..45571c6f4b1 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23604.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23604", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.810", + "lastModified": "2025-01-22T15:15:18.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Rezdy Reloaded allows Stored XSS. This issue affects Rezdy Reloaded: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/reloaded-rezdy/vulnerability/wordpress-rezdy-reloaded-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23605.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23605.json new file mode 100644 index 00000000000..8233b5df03a --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23605.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23605", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:18.937", + "lastModified": "2025-01-22T15:15:18.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LamPD Call To Action Popup allows Reflected XSS. This issue affects Call To Action Popup: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/call-to-action-popup/vulnerability/wordpress-call-to-action-popup-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23606.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23606.json new file mode 100644 index 00000000000..c2b0d55c069 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23606.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23606", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.073", + "lastModified": "2025-01-22T15:15:19.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Calendi allows Reflected XSS. This issue affects Calendi: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/calendi/vulnerability/wordpress-calendi-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23607.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23607.json new file mode 100644 index 00000000000..39808b887cd --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23607.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23607", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.200", + "lastModified": "2025-01-22T15:15:19.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camoo Sarl CAMOO SMS allows Reflected XSS. This issue affects CAMOO SMS: from n/a through 3.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/camoo-sms/vulnerability/wordpress-camoo-sms-plugin-3-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23609.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23609.json new file mode 100644 index 00000000000..8049b246d48 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23609.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23609", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.343", + "lastModified": "2025-01-22T15:15:19.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Helmuth Lammer Tagesteller allows Reflected XSS. This issue affects Tagesteller: from n/a through v.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tagesteller/vulnerability/wordpress-tagesteller-plugin-v-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23610.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23610.json new file mode 100644 index 00000000000..d984ded6f5c --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23610.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23610", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.473", + "lastModified": "2025-01-22T15:15:19.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ultimate Events allows Reflected XSS. This issue affects Ultimate Events: from n/a through 1.3.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-events/vulnerability/wordpress-ultimate-events-plugin-1-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23611.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23611.json new file mode 100644 index 00000000000..415b575ff3c --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23611.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23611", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.610", + "lastModified": "2025-01-22T15:15:19.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wh-cache-and-security/vulnerability/wordpress-wh-cache-security-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23625.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23625.json new file mode 100644 index 00000000000..244cc3a7263 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23625.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23625", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.747", + "lastModified": "2025-01-22T15:15:19.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWcode, PDSonline Unique UX allows Reflected XSS. This issue affects Unique UX: from n/a through 0.9.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/unique-ux/vulnerability/wordpress-unique-ux-plugin-0-9-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23630.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23630.json new file mode 100644 index 00000000000..e80bd83607e --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23630.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23630", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:19.877", + "lastModified": "2025-01-22T15:15:19.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Cyber Slider allows Reflected XSS. This issue affects Cyber Slider: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cyber-new-slider/vulnerability/wordpress-cyber-slider-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23631.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23631.json new file mode 100644 index 00000000000..f80b88bb111 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23631.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23631", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.013", + "lastModified": "2025-01-22T15:15:20.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Content Planner allows Reflected XSS. This issue affects Content Planner: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/content-planner/vulnerability/wordpress-content-planner-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23643.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23643.json new file mode 100644 index 00000000000..1882dbca213 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23643.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23643", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.153", + "lastModified": "2025-01-22T15:15:20.153", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ReadMe Creator allows Reflected XSS. This issue affects ReadMe Creator: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/readme-creator/vulnerability/wordpress-readme-creator-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23672.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23672.json new file mode 100644 index 00000000000..5ce81bcc5aa --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23672.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23672", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.287", + "lastModified": "2025-01-22T15:15:20.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Instant Appointment allows Reflected XSS. This issue affects Instant Appointment: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/instant-appointment/vulnerability/wordpress-instant-appointment-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23674.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23674.json new file mode 100644 index 00000000000..528c06145e6 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23674.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23674", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.420", + "lastModified": "2025-01-22T15:15:20.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bit.ly linker allows Reflected XSS. This issue affects Bit.ly linker: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bitly-linker/vulnerability/wordpress-bit-ly-linker-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23676.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23676.json new file mode 100644 index 00000000000..f8b1b77d3ed --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23676.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23676", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.563", + "lastModified": "2025-01-22T15:15:20.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LH Email allows Reflected XSS. This issue affects LH Email: from n/a through 1.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lh-email/vulnerability/wordpress-lh-email-plugin-1-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23678.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23678.json new file mode 100644 index 00000000000..528ba36a33b --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23678.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23678", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.703", + "lastModified": "2025-01-22T15:15:20.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LocalGrid allows Reflected XSS. This issue affects LocalGrid: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/localgrid/vulnerability/wordpress-localgrid-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23679.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23679.json new file mode 100644 index 00000000000..5ac43ed7281 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23679.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23679", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.840", + "lastModified": "2025-01-22T15:15:20.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moshiur Rahman Mehedi FP RSS Category Excluder allows Reflected XSS. This issue affects FP RSS Category Excluder: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fp-rss-category-excluder/vulnerability/wordpress-fp-rss-category-excluder-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23681.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23681.json new file mode 100644 index 00000000000..a7c04ab540d --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23681.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23681", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:20.977", + "lastModified": "2025-01-22T15:15:20.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jannatqualitybacklinks.com REDIRECTION PLUS allows Reflected XSS. This issue affects REDIRECTION PLUS: from n/a through 2.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/redirection-plus/vulnerability/wordpress-redirection-plus-plugin-2-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23682.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23682.json new file mode 100644 index 00000000000..8864cbf4378 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23682.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23682", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.123", + "lastModified": "2025-01-22T15:15:21.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Preloader Quotes allows Reflected XSS. This issue affects Preloader Quotes: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/preloader-quotes/vulnerability/wordpress-preloader-quotes-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23683.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23683.json new file mode 100644 index 00000000000..6bc96e300eb --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23683.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23683", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.260", + "lastModified": "2025-01-22T15:15:21.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MACME allows Reflected XSS. This issue affects MACME: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/macme/vulnerability/wordpress-macme-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23684.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23684.json new file mode 100644 index 00000000000..ea6f1c37be3 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23684.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23684", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.403", + "lastModified": "2025-01-22T16:15:30.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/debug-tool/vulnerability/wordpress-debug-tool-plugin-2-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23686.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23686.json new file mode 100644 index 00000000000..efc6232296b --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23686.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23686", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.547", + "lastModified": "2025-01-22T16:15:30.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Callum Richards Admin Menu Organizer allows Reflected XSS. This issue affects Admin Menu Organizer: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/admin-menu-organizer/vulnerability/wordpress-admin-menu-organizer-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23695.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23695.json new file mode 100644 index 00000000000..877892479b8 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23695.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23695", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.727", + "lastModified": "2025-01-22T16:15:30.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CtyGrid Hyp3rL0cal Search allows Reflected XSS. This issue affects CtyGrid Hyp3rL0cal Search: from n/a through 0.1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hyp3rl0cal-city-search/vulnerability/wordpress-ctygrid-hyp3rl0cal-search-plugin-0-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23696.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23696.json new file mode 100644 index 00000000000..724174e6126 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23696.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23696", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:21.870", + "lastModified": "2025-01-22T16:15:30.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Staging CDN allows Reflected XSS. This issue affects Staging CDN: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/staging-cdn/vulnerability/wordpress-staging-cdn-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-236xx/CVE-2025-23697.json b/CVE-2025/CVE-2025-236xx/CVE-2025-23697.json new file mode 100644 index 00000000000..2489a321591 --- /dev/null +++ b/CVE-2025/CVE-2025-236xx/CVE-2025-23697.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23697", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.000", + "lastModified": "2025-01-22T16:15:30.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDeal s.r.o. Pod\u010dl\u00e1nkov\u00e1 inzerce allows Reflected XSS. This issue affects Pod\u010dl\u00e1nkov\u00e1 inzerce: from n/a through 2.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/podclankova-inzerce/vulnerability/wordpress-podclankova-inzerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23700.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23700.json new file mode 100644 index 00000000000..1df11a72edf --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23700.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-23700", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.120", + "lastModified": "2025-01-22T16:15:31.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yonatan Reinberg yCyclista allows Reflected XSS. This issue affects yCyclista: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ycyclista/vulnerability/wordpress-ycyclista-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23701.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23701.json new file mode 100644 index 00000000000..ab057ce78de --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23701.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23701", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.250", + "lastModified": "2025-01-22T15:15:22.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Blackford, LimeSquare Pty Ltd Lime Developer Login allows Reflected XSS. This issue affects Lime Developer Login: from n/a through 1.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lime-developer-login/vulnerability/wordpress-lime-developer-login-plugin-1-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23706.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23706.json new file mode 100644 index 00000000000..2509ae99f3f --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23706.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23706", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.387", + "lastModified": "2025-01-22T15:15:22.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Jet Skinner for BuddyPress allows Reflected XSS. This issue affects Jet Skinner for BuddyPress: from n/a through 1.2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/jet-skinner-for-buddypress/vulnerability/wordpress-jet-skinner-for-buddypress-plugin-1-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23709.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23709.json new file mode 100644 index 00000000000..8e769b3845f --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23709.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23709", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.510", + "lastModified": "2025-01-22T15:15:22.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiro G. Formatted post allows Reflected XSS. This issue affects Formatted post: from n/a through 1.01." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/formatted-post/vulnerability/wordpress-formatted-post-plugin-1-01-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23732.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23732.json new file mode 100644 index 00000000000..251d4a38908 --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23732.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23732", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.640", + "lastModified": "2025-01-22T15:15:22.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filtering allows Reflected XSS. This issue affects Easy Filtering: from n/a through 2.5.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-filtering/vulnerability/wordpress-easy-filtering-plugin-2-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23746.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23746.json new file mode 100644 index 00000000000..d599c4edc8c --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23746.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23746", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.783", + "lastModified": "2025-01-22T15:15:22.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cmc-migrate/vulnerability/wordpress-cmc-migrate-plugin-0-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23758.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23758.json new file mode 100644 index 00000000000..8242f32885f --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23758.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23758", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:22.907", + "lastModified": "2025-01-22T15:15:22.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pootle-button/vulnerability/wordpress-pootle-button-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23768.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23768.json new file mode 100644 index 00000000000..9662cc49f59 --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23768.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23768", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.040", + "lastModified": "2025-01-22T15:15:23.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/infunding/vulnerability/wordpress-infunding-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23769.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23769.json new file mode 100644 index 00000000000..965e3af88c9 --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23769.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23769", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.177", + "lastModified": "2025-01-22T15:15:23.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/content-mirror/vulnerability/wordpress-content-mirror-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23770.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23770.json new file mode 100644 index 00000000000..5e4c3f9b5b5 --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23770.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23770", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.303", + "lastModified": "2025-01-22T15:15:23.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fast-tube/vulnerability/wordpress-fast-tube-plugin-2-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23774.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23774.json new file mode 100644 index 00000000000..57a5f977c2b --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23774.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23774", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.440", + "lastModified": "2025-01-22T15:15:23.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpdb-to-sql/vulnerability/wordpress-wpdb-to-sql-plugin-1-2-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23781.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23781.json new file mode 100644 index 00000000000..6043d6a9cee --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23781.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23781", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.573", + "lastModified": "2025-01-22T15:15:23.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wm-options-import-export/vulnerability/wordpress-wm-options-import-export-plugin-1-0-1-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23784.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23784.json new file mode 100644 index 00000000000..b5e5145a0d9 --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23784.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23784", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.713", + "lastModified": "2025-01-22T15:15:23.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-round-robin-lead-distribution/vulnerability/wordpress-contact-form-7-round-robin-lead-distribution-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-237xx/CVE-2025-23798.json b/CVE-2025/CVE-2025-237xx/CVE-2025-23798.json new file mode 100644 index 00000000000..33e9a59787f --- /dev/null +++ b/CVE-2025/CVE-2025-237xx/CVE-2025-23798.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23798", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:23.873", + "lastModified": "2025-01-22T15:15:23.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mass-messaging-in-buddypress/vulnerability/wordpress-mass-messaging-in-buddypress-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23803.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23803.json new file mode 100644 index 00000000000..7170ff4aeac --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23803.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23803", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.020", + "lastModified": "2025-01-22T15:15:24.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/snippy/vulnerability/wordpress-snippy-plugin-1-4-1-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23806.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23806.json new file mode 100644 index 00000000000..8a7ac7a399f --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23806.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23806", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.163", + "lastModified": "2025-01-22T15:15:24.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows Reflected XSS. This issue affects Ultimate Subscribe: from n/a through 1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-subscribe/vulnerability/wordpress-ultimate-subscribe-plugin-1-3-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23809.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23809.json new file mode 100644 index 00000000000..b321ce15e53 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23809.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23809", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T16:15:31.437", + "lastModified": "2025-01-22T16:15:31.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/blue-wrench-videos-widget/vulnerability/wordpress-blue-wrench-video-widget-plugin-2-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23811.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23811.json new file mode 100644 index 00000000000..7f94df73806 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23811.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23811", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.297", + "lastModified": "2025-01-22T15:15:24.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp2appir/vulnerability/wordpress-wp2app-plugin-2-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23812.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23812.json new file mode 100644 index 00000000000..cb49ecaeaa6 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23812.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23812", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.437", + "lastModified": "2025-01-22T15:15:24.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-round-robin-lead-distribution/vulnerability/wordpress-contact-form-7-round-robin-lead-distribution-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23846.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23846.json new file mode 100644 index 00000000000..fba7d4eff60 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23846.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23846", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.570", + "lastModified": "2025-01-22T15:15:24.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kolja Nolte Flexible Blogtitle allows Reflected XSS. This issue affects Flexible Blogtitle: from n/a through 0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flexible-blogtitle/vulnerability/wordpress-flexible-blogtitle-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23866.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23866.json new file mode 100644 index 00000000000..e7c8ed6e5e6 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23866.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23866", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.707", + "lastModified": "2025-01-22T15:15:24.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EU DSGVO Helper allows Reflected XSS. This issue affects EU DSGVO Helper: from n/a through 1.0.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dsgvo/vulnerability/wordpress-eu-dsgvo-helper-plugin-1-0-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23867.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23867.json new file mode 100644 index 00000000000..a1c99496f9e --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23867.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23867", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.847", + "lastModified": "2025-01-22T15:15:24.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpfilesearch/vulnerability/wordpress-wordpress-file-search-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23874.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23874.json new file mode 100644 index 00000000000..5169fe50171 --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23874.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23874", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:24.980", + "lastModified": "2025-01-22T15:15:24.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Block Pack allows Reflected XSS. This issue affects WP Block Pack: from n/a through 1.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-block-pack/vulnerability/wordpress-wp-block-pack-plugin-1-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-238xx/CVE-2025-23882.json b/CVE-2025/CVE-2025-238xx/CVE-2025-23882.json new file mode 100644 index 00000000000..38104248a7a --- /dev/null +++ b/CVE-2025/CVE-2025-238xx/CVE-2025-23882.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23882", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.123", + "lastModified": "2025-01-22T15:15:25.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-download-codes/vulnerability/wordpress-wp-download-codes-plugin-2-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23910.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23910.json new file mode 100644 index 00000000000..e7e1c71b996 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23910.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23910", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.267", + "lastModified": "2025-01-22T15:15:25.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Menus Plus+ allows SQL Injection. This issue affects Menus Plus+: from n/a through 1.9.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/menus-plus/vulnerability/wordpress-menus-plus-plugin-1-9-6-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23914.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23914.json new file mode 100644 index 00000000000..32e1d26dfc7 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23914.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23914", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T16:15:31.780", + "lastModified": "2025-01-22T16:15:31.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/muzaara-adwords-optimize-dashboard/vulnerability/wordpress-muzaara-google-ads-report-plugin-3-1-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23918.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23918.json new file mode 100644 index 00000000000..b034374aea1 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23918.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23918", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.403", + "lastModified": "2025-01-22T15:15:25.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smallerik-file-browser/vulnerability/wordpress-smallerik-file-browser-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23921.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23921.json new file mode 100644 index 00000000000..5f5e7fbbd06 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23921.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23921", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.547", + "lastModified": "2025-01-22T15:15:25.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gf-multi-uploader/vulnerability/wordpress-multi-uploader-for-gravity-forms-plugin-1-1-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23931.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23931.json new file mode 100644 index 00000000000..c944cfa90bd --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23931.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23931", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.687", + "lastModified": "2025-01-22T15:15:25.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dh-local-seo/vulnerability/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23932.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23932.json new file mode 100644 index 00000000000..bed4508965c --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23932.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23932", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.827", + "lastModified": "2025-01-22T15:15:25.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/quick-count/vulnerability/wordpress-quick-count-plugin-3-00-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23938.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23938.json new file mode 100644 index 00000000000..926c03b7289 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23938.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23938", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:25.967", + "lastModified": "2025-01-22T15:15:25.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Image Gallery Box by CRUDLab allows PHP Local File Inclusion. This issue affects Image Gallery Box by CRUDLab: from n/a through 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-gallery-box-by-crudlab/vulnerability/wordpress-image-gallery-box-by-crudlab-plugin-1-0-3-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23942.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23942.json new file mode 100644 index 00000000000..4245347adf4 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23942.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23942", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.103", + "lastModified": "2025-01-22T15:15:26.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23944.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23944.json new file mode 100644 index 00000000000..ffefa13850e --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23944.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23944", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.240", + "lastModified": "2025-01-22T15:15:26.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wooexim/vulnerability/wordpress-wooexim-plugin-5-0-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23948.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23948.json new file mode 100644 index 00000000000..5e6fab8a1a0 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23948.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23948", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.383", + "lastModified": "2025-01-22T15:15:26.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebArea Background animation blocks allows PHP Local File Inclusion. This issue affects Background animation blocks: from n/a through 2.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/background-animation-blocks/vulnerability/wordpress-background-animation-blocks-plugin-2-1-5-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23949.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23949.json new file mode 100644 index 00000000000..77b0ea89e97 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23949.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23949", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.527", + "lastModified": "2025-01-22T15:15:26.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mihajlovic Nenad Improved Sale Badges \u2013 Free Version allows PHP Local File Inclusion. This issue affects Improved Sale Badges \u2013 Free Version: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/improved-sale-badges-free-version/vulnerability/wordpress-improved-sale-badges-free-version-plugin-1-0-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23953.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23953.json new file mode 100644 index 00000000000..d23adeeb442 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23953.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23953", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.670", + "lastModified": "2025-01-22T15:15:26.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/user-files/vulnerability/wordpress-user-files-plugin-2-4-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23959.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23959.json new file mode 100644 index 00000000000..7a0ae714cb7 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23959.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23959", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.810", + "lastModified": "2025-01-22T15:15:26.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/good-old-gallery/vulnerability/wordpress-good-old-gallery-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23966.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23966.json new file mode 100644 index 00000000000..25325bd96d1 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23966.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23966", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T15:15:26.950", + "lastModified": "2025-01-22T15:15:26.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/a-gateway-for-pasargad-bank-on-woocommerce/vulnerability/wordpress-a-gateway-for-pasargad-bank-on-woocommerce-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23992.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23992.json new file mode 100644 index 00000000000..76c9630c0e2 --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23992.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23992", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-01-22T16:15:32.120", + "lastModified": "2025-01-22T16:15:32.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/toocheke-companion/vulnerability/wordpress-toocheke-companion-plugin-1-166-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24027.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24027.json new file mode 100644 index 00000000000..3cd8435e555 --- /dev/null +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24027.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24027", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-01-22T15:15:27.090", + "lastModified": "2025-01-22T15:15:27.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PrestaShop/ps_contactinfo/commit/d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PrestaShop/ps_contactinfo/security/advisories/GHSA-35pq-7pv2-2rfw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a4e311c79e9..cf8fd54ae26 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-22T15:00:37.663375+00:00 +2025-01-22T17:00:26.262198+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-22T14:59:37.587000+00:00 +2025-01-22T16:53:51.830000+00:00 ``` ### Last Data Feed Release @@ -33,40 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278471 +278595 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `124` -- [CVE-2025-0395](CVE-2025/CVE-2025-03xx/CVE-2025-0395.json) (`2025-01-22T13:15:20.933`) +- [CVE-2025-23806](CVE-2025/CVE-2025-238xx/CVE-2025-23806.json) (`2025-01-22T15:15:24.163`) +- [CVE-2025-23809](CVE-2025/CVE-2025-238xx/CVE-2025-23809.json) (`2025-01-22T16:15:31.437`) +- [CVE-2025-23811](CVE-2025/CVE-2025-238xx/CVE-2025-23811.json) (`2025-01-22T15:15:24.297`) +- [CVE-2025-23812](CVE-2025/CVE-2025-238xx/CVE-2025-23812.json) (`2025-01-22T15:15:24.437`) +- [CVE-2025-23846](CVE-2025/CVE-2025-238xx/CVE-2025-23846.json) (`2025-01-22T15:15:24.570`) +- [CVE-2025-23866](CVE-2025/CVE-2025-238xx/CVE-2025-23866.json) (`2025-01-22T15:15:24.707`) +- [CVE-2025-23867](CVE-2025/CVE-2025-238xx/CVE-2025-23867.json) (`2025-01-22T15:15:24.847`) +- [CVE-2025-23874](CVE-2025/CVE-2025-238xx/CVE-2025-23874.json) (`2025-01-22T15:15:24.980`) +- [CVE-2025-23882](CVE-2025/CVE-2025-238xx/CVE-2025-23882.json) (`2025-01-22T15:15:25.123`) +- [CVE-2025-23910](CVE-2025/CVE-2025-239xx/CVE-2025-23910.json) (`2025-01-22T15:15:25.267`) +- [CVE-2025-23914](CVE-2025/CVE-2025-239xx/CVE-2025-23914.json) (`2025-01-22T16:15:31.780`) +- [CVE-2025-23918](CVE-2025/CVE-2025-239xx/CVE-2025-23918.json) (`2025-01-22T15:15:25.403`) +- [CVE-2025-23921](CVE-2025/CVE-2025-239xx/CVE-2025-23921.json) (`2025-01-22T15:15:25.547`) +- [CVE-2025-23931](CVE-2025/CVE-2025-239xx/CVE-2025-23931.json) (`2025-01-22T15:15:25.687`) +- [CVE-2025-23932](CVE-2025/CVE-2025-239xx/CVE-2025-23932.json) (`2025-01-22T15:15:25.827`) +- [CVE-2025-23938](CVE-2025/CVE-2025-239xx/CVE-2025-23938.json) (`2025-01-22T15:15:25.967`) +- [CVE-2025-23942](CVE-2025/CVE-2025-239xx/CVE-2025-23942.json) (`2025-01-22T15:15:26.103`) +- [CVE-2025-23944](CVE-2025/CVE-2025-239xx/CVE-2025-23944.json) (`2025-01-22T15:15:26.240`) +- [CVE-2025-23948](CVE-2025/CVE-2025-239xx/CVE-2025-23948.json) (`2025-01-22T15:15:26.383`) +- [CVE-2025-23949](CVE-2025/CVE-2025-239xx/CVE-2025-23949.json) (`2025-01-22T15:15:26.527`) +- [CVE-2025-23953](CVE-2025/CVE-2025-239xx/CVE-2025-23953.json) (`2025-01-22T15:15:26.670`) +- [CVE-2025-23959](CVE-2025/CVE-2025-239xx/CVE-2025-23959.json) (`2025-01-22T15:15:26.810`) +- [CVE-2025-23966](CVE-2025/CVE-2025-239xx/CVE-2025-23966.json) (`2025-01-22T15:15:26.950`) +- [CVE-2025-23992](CVE-2025/CVE-2025-239xx/CVE-2025-23992.json) (`2025-01-22T16:15:32.120`) +- [CVE-2025-24027](CVE-2025/CVE-2025-240xx/CVE-2025-24027.json) (`2025-01-22T15:15:27.090`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `45` -- [CVE-2023-42307](CVE-2023/CVE-2023-423xx/CVE-2023-42307.json) (`2025-01-22T14:54:38.390`) -- [CVE-2024-23606](CVE-2024/CVE-2024-236xx/CVE-2024-23606.json) (`2025-01-22T14:58:56.600`) -- [CVE-2024-23809](CVE-2024/CVE-2024-238xx/CVE-2024-23809.json) (`2025-01-22T14:43:30.827`) -- [CVE-2024-27132](CVE-2024/CVE-2024-271xx/CVE-2024-27132.json) (`2025-01-22T14:15:26.130`) -- [CVE-2024-27133](CVE-2024/CVE-2024-271xx/CVE-2024-27133.json) (`2025-01-22T13:46:56.667`) -- [CVE-2024-27318](CVE-2024/CVE-2024-273xx/CVE-2024-27318.json) (`2025-01-22T14:44:50.917`) -- [CVE-2024-27319](CVE-2024/CVE-2024-273xx/CVE-2024-27319.json) (`2025-01-22T14:26:49.917`) -- [CVE-2024-57937](CVE-2024/CVE-2024-579xx/CVE-2024-57937.json) (`2025-01-22T13:15:20.400`) -- [CVE-2025-21315](CVE-2025/CVE-2025-213xx/CVE-2025-21315.json) (`2025-01-22T14:40:33.967`) -- [CVE-2025-21316](CVE-2025/CVE-2025-213xx/CVE-2025-21316.json) (`2025-01-22T14:41:48.963`) -- [CVE-2025-21317](CVE-2025/CVE-2025-213xx/CVE-2025-21317.json) (`2025-01-22T14:42:50.910`) -- [CVE-2025-21318](CVE-2025/CVE-2025-213xx/CVE-2025-21318.json) (`2025-01-22T14:43:57.630`) -- [CVE-2025-21319](CVE-2025/CVE-2025-213xx/CVE-2025-21319.json) (`2025-01-22T14:44:50.860`) -- [CVE-2025-21320](CVE-2025/CVE-2025-213xx/CVE-2025-21320.json) (`2025-01-22T14:45:53.317`) -- [CVE-2025-21321](CVE-2025/CVE-2025-213xx/CVE-2025-21321.json) (`2025-01-22T14:46:12.787`) -- [CVE-2025-21323](CVE-2025/CVE-2025-213xx/CVE-2025-21323.json) (`2025-01-22T14:47:11.963`) -- [CVE-2025-21324](CVE-2025/CVE-2025-213xx/CVE-2025-21324.json) (`2025-01-22T14:46:51.207`) -- [CVE-2025-21326](CVE-2025/CVE-2025-213xx/CVE-2025-21326.json) (`2025-01-22T14:48:07.620`) -- [CVE-2025-21327](CVE-2025/CVE-2025-213xx/CVE-2025-21327.json) (`2025-01-22T14:59:37.587`) -- [CVE-2025-21328](CVE-2025/CVE-2025-213xx/CVE-2025-21328.json) (`2025-01-22T14:59:12.047`) +- [CVE-2024-49735](CVE-2024/CVE-2024-497xx/CVE-2024-49735.json) (`2025-01-22T16:15:29.573`) +- [CVE-2024-49736](CVE-2024/CVE-2024-497xx/CVE-2024-49736.json) (`2025-01-22T15:15:13.007`) +- [CVE-2024-49737](CVE-2024/CVE-2024-497xx/CVE-2024-49737.json) (`2025-01-22T15:15:13.150`) +- [CVE-2024-49738](CVE-2024/CVE-2024-497xx/CVE-2024-49738.json) (`2025-01-22T15:15:13.280`) +- [CVE-2024-49742](CVE-2024/CVE-2024-497xx/CVE-2024-49742.json) (`2025-01-22T15:15:13.407`) +- [CVE-2024-49744](CVE-2024/CVE-2024-497xx/CVE-2024-49744.json) (`2025-01-22T15:15:13.557`) +- [CVE-2024-49745](CVE-2024/CVE-2024-497xx/CVE-2024-49745.json) (`2025-01-22T15:15:13.707`) +- [CVE-2024-49747](CVE-2024/CVE-2024-497xx/CVE-2024-49747.json) (`2025-01-22T15:15:13.840`) +- [CVE-2024-49748](CVE-2024/CVE-2024-497xx/CVE-2024-49748.json) (`2025-01-22T15:15:13.980`) +- [CVE-2024-49749](CVE-2024/CVE-2024-497xx/CVE-2024-49749.json) (`2025-01-22T15:15:14.110`) +- [CVE-2024-51941](CVE-2024/CVE-2024-519xx/CVE-2024-51941.json) (`2025-01-22T15:15:14.247`) +- [CVE-2024-57575](CVE-2024/CVE-2024-575xx/CVE-2024-57575.json) (`2025-01-22T16:53:51.830`) +- [CVE-2024-57583](CVE-2024/CVE-2024-575xx/CVE-2024-57583.json) (`2025-01-22T16:53:20.263`) +- [CVE-2024-57726](CVE-2024/CVE-2024-577xx/CVE-2024-57726.json) (`2025-01-22T16:25:12.533`) +- [CVE-2024-7344](CVE-2024/CVE-2024-73xx/CVE-2024-7344.json) (`2025-01-22T15:41:04.577`) +- [CVE-2024-7347](CVE-2024/CVE-2024-73xx/CVE-2024-7347.json) (`2025-01-22T16:10:28.490`) +- [CVE-2024-9020](CVE-2024/CVE-2024-90xx/CVE-2024-9020.json) (`2025-01-22T15:15:14.407`) +- [CVE-2025-0203](CVE-2025/CVE-2025-02xx/CVE-2025-0203.json) (`2025-01-22T15:47:10.633`) +- [CVE-2025-0204](CVE-2025/CVE-2025-02xx/CVE-2025-0204.json) (`2025-01-22T15:42:44.060`) +- [CVE-2025-0205](CVE-2025/CVE-2025-02xx/CVE-2025-0205.json) (`2025-01-22T15:33:38.597`) +- [CVE-2025-0206](CVE-2025/CVE-2025-02xx/CVE-2025-0206.json) (`2025-01-22T15:24:50.937`) +- [CVE-2025-0395](CVE-2025/CVE-2025-03xx/CVE-2025-0395.json) (`2025-01-22T16:15:29.893`) +- [CVE-2025-21329](CVE-2025/CVE-2025-213xx/CVE-2025-21329.json) (`2025-01-22T15:02:32.270`) +- [CVE-2025-23195](CVE-2025/CVE-2025-231xx/CVE-2025-23195.json) (`2025-01-22T15:15:15.237`) +- [CVE-2025-23196](CVE-2025/CVE-2025-231xx/CVE-2025-23196.json) (`2025-01-22T15:15:15.390`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 746c3c79de9..f15bf241a63 100644 --- a/_state.csv +++ b/_state.csv @@ -115313,7 +115313,7 @@ CVE-2018-14624,0,0,36aa1b2ecf39b6dd6b0c6e9b17b748b71239ead4beec7fe32161e43f01ea9 CVE-2018-14625,0,0,ae0b1384e52a2313f8e935d0fd7b4d74e4857f031357615f7ccef40b4cececc5,2024-11-21T03:49:27.037000 CVE-2018-14626,0,0,093eab743947661f9b3a1e8eab9fe5da6af49f7bdb3ea04c7527d28f39ea1caa,2024-11-21T03:49:27.180000 CVE-2018-14627,0,0,5753c9d1dc5bee4ebd6218ed4faf7cedfc289787c4083d05abd7ba662d5cc11f,2024-11-21T03:49:27.310000 -CVE-2018-14628,0,0,14cf740679f8b2f5f0d6af3830b14468f74b971c053a16c251c1f1b041ef1856,2024-11-21T03:49:27.463000 +CVE-2018-14628,0,1,8d6a06adc98ad32af743b78368e83f8a0e33d6e3051d59e814fabd8917a29444,2025-01-22T16:10:38.410000 CVE-2018-14629,0,0,801ba65c1f5d9ea5b9a3b32f4e8ccc29f4fe913d98e2bb050a226d846d6e9f9b,2024-11-21T03:49:27.623000 CVE-2018-1463,0,0,294af0f142ee75e0a12d34fc1ae7b029ed6868203c60374a3e80ed244b30c681,2024-11-21T03:59:52.310000 CVE-2018-14630,0,0,dcc6c28dd65b4f7eb72f0a646c026d0da64d998b71c4bdb1f8e8b92654b0c126,2024-11-21T03:49:27.770000 @@ -200481,7 +200481,7 @@ CVE-2022-32417,0,0,d64f19058251d88c14160b8f609db47d69ca031dcf015b8e8878d830ca3c2 CVE-2022-3242,0,0,1c73ec2d1f6f69f9cc2febb7ee35d92f9fb4b3a3a99a05eeb2fa3b82f4600399,2024-11-21T07:19:07.643000 CVE-2022-32420,0,0,e82c9311a55a1f6b169829406434dffa63bc018f3132002b0bda7da2debb7f92,2024-11-21T07:06:21.083000 CVE-2022-32425,0,0,ad6e1c74636e1b8940feea7a3c6128080e8a5e466735d42cd203ffcade73b6f2,2024-11-21T07:06:21.227000 -CVE-2022-32427,0,0,5d5b98eeed6ec947a62c83c90ee34681612381c5e5ae008f89d9e20ee725b6c7,2024-11-21T07:06:21.367000 +CVE-2022-32427,0,1,8894777b61bd93d6e7166d2ffb8559bfbfde0cea2cb2200095f432a32b8fdbd3,2025-01-22T16:10:51.403000 CVE-2022-32429,0,0,340f8334e3ead01ece5d0cf008e8b80ff3942c9fe5919b0b4e59a89cc32df1f6,2024-11-21T07:06:21.513000 CVE-2022-3243,0,0,0ad00fd54d518a8767726778b7d3d62fc8ce4664131b47fdbd08523227836ca2,2024-11-21T07:19:07.780000 CVE-2022-32430,0,0,3c00ae0f81ccaf00007552fec860354d3595308ce665bfa010dd07934953ca43,2024-11-21T07:06:21.653000 @@ -216959,7 +216959,7 @@ CVE-2023-22080,0,0,6a1575c7329708f6beb64fe6bdd6962ae4615de752f26fb2ce83470eef282 CVE-2023-22081,0,0,8098b67026ff6b067f26ad72e46f746e7415829127eabb312f3ddfca90d8d836,2024-11-21T07:44:14.347000 CVE-2023-22082,0,0,217f2a7d5d523b4332dcd4ba0f1ee40b70b3f8dda6f1da13ddb6619c8dd3e76a,2024-11-21T07:44:14.483000 CVE-2023-22083,0,0,549569d4f434b2b64b53f184eb945f77bc60cf824fbb758a791df5757f7c7ca7,2024-11-21T07:44:14.600000 -CVE-2023-22084,0,0,b9fe8e55e64e62cf3d002ffe5c012d2fdc5f627f5e46602f9a00c6ae8ba19072,2024-11-21T07:44:14.717000 +CVE-2023-22084,0,1,f043c014a7d0fe08f101e9c3332dfc390a6a944c09aacb0e30ad3ded0fda5f07,2025-01-22T16:10:07.627000 CVE-2023-22085,0,0,6bfc1d596b6f19fc1e323c430faac564baf4255880646c1b2e54a076f1922f61,2024-11-21T07:44:14.853000 CVE-2023-22086,0,0,31b717095cd6330dc7fe03956beaa84a2f0f4a7376ac8b20a2aebdace32ca4e8,2024-11-21T07:44:14.967000 CVE-2023-22087,0,0,242e6251cbd6d56e4bc795b041c8038cb4373057265c4411e435a4e04ae60c9c,2024-11-21T07:44:15.087000 @@ -224527,7 +224527,7 @@ CVE-2023-31587,0,0,e3e9fa62a3bcdaae5be5ba07108774f22c24f16b19946c6231450e8e366c5 CVE-2023-3159,0,0,9807e6d823aeb3a21864e69407a3985c2540754f15da81cf40cfb1f6730d0a44,2024-11-21T08:16:35.373000 CVE-2023-31594,0,0,2ce3e386965dea1f61dddc297872812c537c7c3578bf01ba97d20e1959ccf4a0,2025-01-16T15:15:10.397000 CVE-2023-31595,0,0,2026436fcd8bf62d8ba7fed6d43e84eb30b5d83d2404d7bba01566f62966490b,2024-11-21T08:02:03.823000 -CVE-2023-31597,0,0,5e3ee5a7288f93d86f529f94fad6d525d8acba4608f2a5acee56ac07aea85fe7,2024-11-21T08:02:03.987000 +CVE-2023-31597,0,1,1f8bdd9d0a309d5ec76ed85b4521636202eecaa199c66cd085c2481943451f84,2025-01-22T15:15:08.770000 CVE-2023-3160,0,0,3706adbaff758c87939153381553b204ed7dad56f061b584bcec323680f304d6,2024-11-21T08:16:35.520000 CVE-2023-31606,0,0,566928f240e95aed16a3c3742b1ad454864df53f0c03b37939832a70716ca961,2024-11-21T08:02:04.130000 CVE-2023-31607,0,0,7ad6178e32d830059cd8b10ec7a2dd8d4aafa1cb81bdcf4aa36742f616e32ed1,2024-11-21T08:02:04.280000 @@ -224601,7 +224601,7 @@ CVE-2023-31724,0,0,f136e6d29012cb72688c8055424f030d16332cc47fb41ce432cff8f3b5043 CVE-2023-31725,0,0,fccc160562726b8de174ea471d330427b9c97e64fe5802af6e7a278c6136a310,2024-11-21T08:02:12.843000 CVE-2023-31726,0,0,b91c3c01947d9cd4f2893e286d5dd2597c383b83e1d789ca47c1df062d733706,2025-01-21T19:15:10.157000 CVE-2023-31728,0,0,1d216e390f5004be5bad0e31ab34abe0504f9631fe739cc8bfddee3565a6fc2c,2024-11-21T08:02:13.123000 -CVE-2023-31729,0,0,3ecfbc783a78ce625148daf90edd05604b2e471606e2b7189b57f41eb4a01667,2024-11-21T08:02:13.323000 +CVE-2023-31729,0,1,fb850d7e9530696277b89467d42b2446bbca42462c9d5510c48ec451f9e2b3a1,2025-01-22T15:15:09.043000 CVE-2023-3173,0,0,022677952ebd42989b06e1597f2563b8948d7c0602e4beeb60f1c2aa27971ff0,2024-11-21T08:16:37.493000 CVE-2023-31740,0,0,80e7b9a45904c8543256467b80a91316d59d9a1749284741343b92ae51a51232,2025-01-21T19:15:10.353000 CVE-2023-31741,0,0,b89581e0d2046fed9493237ea7dce65f515c3b7ec5a3eb03b769c3cda9c77a61,2025-01-21T19:15:10.547000 @@ -224671,7 +224671,7 @@ CVE-2023-31862,0,0,183773c4fb48488b0f34d273b560a7d98eb8d59c9dafd533700dcea0bf624 CVE-2023-31867,0,0,3f97c746a106b59feb7da8efbb130c3ebd33dce765f13b1306b2c553d6ba473a,2024-11-21T08:02:20.963000 CVE-2023-31868,0,0,6e260dda95c178839b85901984cda3cae3d6a2568e86e3744b8b1efedda9c1ce,2024-11-21T08:02:21.100000 CVE-2023-3187,0,0,45abe4d68423e085db7e015c5bcbba672c78865717ff9602ec07cb7d3d5494b6,2024-11-21T08:16:39.137000 -CVE-2023-31871,0,0,8b8ca72386d2b1708741347d04b09238e1e9d2e382a6a49aaf53fa7c6203586c,2024-11-21T08:02:21.240000 +CVE-2023-31871,0,1,c6714f3ca0909870885f9e4316df01380af14fccb4af3b23d234101bc7caf222,2025-01-22T15:15:09.237000 CVE-2023-31873,0,0,e8f324843a2b4958ad8c7c21a6de302711bfe57ffed4fca5ff260067652382db,2025-01-14T19:15:29.990000 CVE-2023-31874,0,0,aaeeb0431a9a1893d552c2a1d86d7024a1cb24bbc16d2ac3b3a4d2f0898bb0a7,2025-01-14T19:15:30.187000 CVE-2023-3188,0,0,ed975c2ca95a43dd0a1601e3d12e0e041e6ed66a4ffa6869eb0b4e0368f2ec18,2024-11-21T08:16:39.287000 @@ -225914,7 +225914,7 @@ CVE-2023-33200,0,0,1482adc920259f95b6a700c02d62d5aeb18de8038dc9f0fa8efc557ac3801 CVE-2023-33201,0,0,46948cbfdecddf27ae9357173adcb832bd0a7c27ffbf7a2d7b96267b60b2c447,2024-11-21T08:05:06.870000 CVE-2023-33202,0,0,c1f0b838e1e25f532d4e871e1a1c2423c3a3d4c6a6baa771d9553fc2585425e2,2024-11-21T08:05:07.057000 CVE-2023-33203,0,0,74e478a7f3e2b5250c04b4920837ca7ceba8b0a676ca8415788ae03fe1c180b1,2024-11-21T08:05:07.270000 -CVE-2023-33204,0,0,7fe2a475980e3195f5318c17bbe13bd91f3394f0f95bc837510e99ce3a29883a,2024-11-21T08:05:07.467000 +CVE-2023-33204,0,1,cea2fde1a1ebbc478e53b25fcdce6e68b350a0b628a540cc4b97fe230433fa51,2025-01-22T15:15:09.430000 CVE-2023-33206,0,0,59ce158ed0055ec7cc71d8ed85e231647fdd939f2a653e9d867caea0c5474a9e,2024-08-19T19:04:03.527000 CVE-2023-33207,0,0,3e2ea1c51159f842434559a3d9780e80b56d06684a2de676b943edcb202ba5ea,2024-11-21T08:05:07.897000 CVE-2023-33208,0,0,81223ae0d1c7ed9c9541da1a08a9bd4c064cb93d9e0dcafaa23e9d2dfae255aa,2024-11-21T08:05:08.040000 @@ -228623,8 +228623,31 @@ CVE-2023-36992,0,0,bae724c6dfb236c635b6c832140deece61ed44b28909df77601ad61a13545 CVE-2023-36993,0,0,4c68873d179dc3a675980898a346ad69636c26c4f9df0ac27f53753d08294f3a,2024-11-21T08:11:00.330000 CVE-2023-36994,0,0,fff5298c4b24c0e5b92702a6a1f0446ede67f47123caeb5ebf984e5560e8128b,2024-11-21T08:11:00.477000 CVE-2023-36995,0,0,4e2506dc3314d1c8d3c5decfa5d038b5e536042093e975b150aa20e381792196,2024-11-21T08:11:00.623000 +CVE-2023-36998,1,1,050b9f23b70793da5e6e28022f4c8d3392ca43208afa94d6ffb9fbdeae85b81e,2025-01-22T15:15:09.647000 CVE-2023-3700,0,0,453d92acb238b2558e7054067437e7c096de953ccf1cbfc4152eb94511be7528,2024-11-21T08:17:52.480000 +CVE-2023-37002,1,1,25a391d4521fb6bdd9d80d99be497c908addf8c4b798245a4c9e587f83a6be23,2025-01-22T15:15:09.757000 +CVE-2023-37003,1,1,4301da6b77cb5320623c97a28fe26ef828f1db5df4973cb167fa2e225860c979,2025-01-22T15:15:09.867000 +CVE-2023-37004,1,1,30e8fe7c552e6758164f070c8b643b24b902af67a8b9e8cd849e8a4f72955726,2025-01-22T15:15:09.970000 +CVE-2023-37005,1,1,478ae349c18f582d14de24715ebb5f027fb6be6eeddda8339b13e9c8d04ce8bb,2025-01-22T15:15:10.067000 +CVE-2023-37006,1,1,063a55b6b1bf43281e94c46ed0d82b423221a672228b49bdf1d3d3bed52647bb,2025-01-22T15:15:10.170000 +CVE-2023-37007,1,1,5ce5ba5e9dac8d99801c83070ac97392594170709b9934ff29d77e9f73d1d630,2025-01-22T15:15:10.270000 +CVE-2023-37008,1,1,b5b34e6c507cc9f89e55577f268c80e136445bde2f6fcb7e8d59d27a9d56362b,2025-01-22T15:15:10.373000 +CVE-2023-37009,1,1,f8e9160fbb8cada09b213f677944db678dd2061f88cbd70ecd20c63690336331,2025-01-22T15:15:10.473000 CVE-2023-3701,0,0,50c60623ffa7110070b51e3894d8b141f7b048bb1af146331e25664835932475,2024-11-21T08:17:52.610000 +CVE-2023-37010,1,1,db91e1583a7f4cae891cc62de0b0abd853c64237b0f7f7ed598bfa2ae11ffa41,2025-01-22T15:15:10.580000 +CVE-2023-37011,1,1,10e4db718a9fd96024e307839707ef8a5501fb4943d8cfe86e523e9692779a34,2025-01-22T15:15:10.683000 +CVE-2023-37012,1,1,c9df3caf42232b255846ddb0fc112463b3fa15dade422f6bb3673ba7652ee282,2025-01-22T15:15:10.783000 +CVE-2023-37013,1,1,6fbe217b9c9df40775ec262fd152758e20a0de7a6293ed020f995fba3b79f075,2025-01-22T15:15:10.883000 +CVE-2023-37014,1,1,2b54ff439f8b41bf4b2fbbd2be62923d7ba9e49157f05c892b09bab86d315f30,2025-01-22T15:15:10.987000 +CVE-2023-37015,1,1,66eb73469b3ba78b3bab79aeac6ed24ca4d3de4a641b6c180ec19e903039dadd,2025-01-22T15:15:11.100000 +CVE-2023-37016,1,1,8868c5ec313c58fd9423256b4570250ee9f085e38d76a3597757ad99b53b6e56,2025-01-22T15:15:11.207000 +CVE-2023-37017,1,1,09eaf3964fab7bf3f6f67e22c338e5bc8cc4a602f57d2893183367b5e452ca70,2025-01-22T15:15:11.310000 +CVE-2023-37018,1,1,16b59946c2b55bcdd78347ea3af7a79bb463313e51f4116dfefc754730e013f0,2025-01-22T15:15:11.410000 +CVE-2023-37019,1,1,edf7b6a2ad715042569c565919367bd3db4e10905fae667123c59f9a1a2cc26f,2025-01-22T15:15:11.510000 +CVE-2023-37020,1,1,0f1e5e8c95316ef7094cc0c60501980062de896244304caffad32e9e769abbb4,2025-01-22T15:15:11.613000 +CVE-2023-37021,1,1,1a830f672e29163e83b8a89e2600a4e2a6422ba8cde7f2035d8b0ba2ff721a0f,2025-01-22T15:15:11.710000 +CVE-2023-37022,1,1,0b0fd64ce93d8a6c0376111f45a55e6bfe7530be537d4a4470b1846a858a55e8,2025-01-22T15:15:11.817000 +CVE-2023-37023,1,1,bd9dc31664e38e12575d80c55c419ca71263921e4ea4349c3dd7d6e3d5ec000b,2025-01-22T15:15:11.913000 CVE-2023-37024,0,0,fdde923f545a782296ba940851623c412455317ea848c36c10ce5ccf126d428b,2025-01-21T23:15:09.500000 CVE-2023-37025,0,0,f90abd65c13cfed8867b2c6ee8abcfc09f44a8341f55662a404159db37abc10b,2025-01-21T23:15:09.623000 CVE-2023-37026,0,0,bfbad1a1a324a8114ef90dd361be4401e77b13e26a65b2ffdcdcfa09407fb402,2025-01-21T23:15:09.747000 @@ -228637,7 +228660,7 @@ CVE-2023-37031,0,0,106f5ee9c873f3689420a5aeaa2d7e1796b238ac49a78634e0a65e0d2b3cb CVE-2023-37032,0,0,80ace4103da18e9cace3feaf65daad824cef6637ee11a013b6bed7be6fc3e084,2025-01-21T23:15:10.473000 CVE-2023-37033,0,0,32028a3e1e8d86131f8f8821f5a01fc99919ce9591be3439b64ccd2ca1c5d5a9,2025-01-21T23:15:10.580000 CVE-2023-37034,0,0,34ea2153524fa8bb2d0c220606ad810f0556a9a247d6faa25fb623865f8968a4,2025-01-21T23:15:10.703000 -CVE-2023-37035,0,0,ff1692b0763c06213e2210a89d95f32034317fd27b655b9d1521dd2a60718b97,2025-01-21T23:15:10.823000 +CVE-2023-37035,0,1,4b68b44e876ecbdfd20bbceeb836e386c8998e840e614841a322bd28cdb9d09d,2025-01-22T15:15:12.017000 CVE-2023-37036,0,0,10aca712be1ca99db21ed3c7abe2896d9d73585b83ec10f389501c7e54297d2d,2025-01-21T23:15:10.970000 CVE-2023-37037,0,0,55d0be8f067165e37af1a64464df4bcf595561c724711afa1728c2effadc1360,2025-01-21T23:15:11.080000 CVE-2023-37038,0,0,5b2e955f501ea29279d0f6fd257167b7b466219d721bde59e67dd5d4b17fbaaf,2025-01-21T23:15:11.203000 @@ -229193,6 +229216,7 @@ CVE-2023-3777,0,0,0a5c2b434a475c2596be8b4702119daa0a7ff2510c52387329cf5dfe36d76f CVE-2023-37770,0,0,7948ebb82ba3c4d501e76d04f7c9ea141d2f29ba331509dc38f3c4014869bfca,2024-11-21T08:12:14.713000 CVE-2023-37771,0,0,571558f975810ad1a18c92729d1baa9a885ba229675f8f8b36f1f00c20f4c1f3,2024-11-21T08:12:14.883000 CVE-2023-37772,0,0,2c9825453789b3704f1bb92537d3ff9be391ef8f2d0a8addbff93cf7755fdb75,2024-11-21T08:12:15.037000 +CVE-2023-37777,1,1,ecc5bfc8cd2f15d8ff3fd934a591faf29440078db0df1fcd53aedf6e48abd8d2,2025-01-22T16:15:28.187000 CVE-2023-37781,0,0,ae5c172e9edc2c48161a9b4a9bf7d2a65636bca3c57570aa1aea9bb200fe229a,2024-11-21T08:12:15.200000 CVE-2023-37785,0,0,345093fae305f6a074a713d36337118217321babdb63a765da58ba8c38347cd5,2024-11-21T08:12:15.373000 CVE-2023-37786,0,0,d10df939f6a5298afb57ae4aecf763187ccb1b069623eba9c34ce09272783198,2024-11-21T08:12:15.553000 @@ -232878,7 +232902,7 @@ CVE-2023-42295,0,0,78fdaddf17673316050d94ecf48f4e22f5939229676b80860a38339eeb1c0 CVE-2023-42298,0,0,12a46d213e32df690be0aaadda6c8295bef1ce681653af4999fa64c565cfcc0b,2024-11-21T08:22:24.967000 CVE-2023-42299,0,0,42e6d0e90217ebd6897af35060870a789eeb3f84316d086cdc1d68c50431992c,2024-11-21T08:22:25.097000 CVE-2023-4230,0,0,9534782230cd0029822ce45f05cf5c34e400f785e0d37fc88e451b5d0ffb5aa0,2024-11-21T08:34:40.460000 -CVE-2023-42307,0,1,d7129d837cf9382d5da28d998ef01f5b491e48b1ec3a684e5e508fa934a38c43,2025-01-22T14:54:38.390000 +CVE-2023-42307,0,0,d7129d837cf9382d5da28d998ef01f5b491e48b1ec3a684e5e508fa934a38c43,2025-01-22T14:54:38.390000 CVE-2023-42308,0,0,5779b47b0b3c03d47a2d139bd688f9b5b10b3cfcfb042139000d5ced50d75bb1,2024-11-21T08:22:25.383000 CVE-2023-4231,0,0,d8a5cd6afa3860ab1c78883cf8bf20eccd0d6d00cd46736814e11d4097787654,2024-11-21T08:34:40.597000 CVE-2023-42319,0,0,80b696e6d91a3f59e80d731c4538ea95a74347144234efd042f13fab4e1d33a7,2024-11-21T08:22:25.583000 @@ -239335,7 +239359,7 @@ CVE-2023-51525,0,0,cc8a41c95e97e3eef08e489711755257d7199a61c16f9491fa2dfe0854a50 CVE-2023-51526,0,0,dc39ba53880880a209811de957064dec653f5a2194637d5488682a7102ecc314,2024-11-21T08:38:18.633000 CVE-2023-51527,0,0,c3da9a7c1c016de9d25d32847d10f50d0382b55f23b651c58546e170ef761d78,2024-11-21T08:38:18.760000 CVE-2023-51528,0,0,c49e308c293e2d0ca394ad156fe5902ce66e0aa1218ae3b97aed072ebe31c1a8,2024-11-21T08:38:18.887000 -CVE-2023-51529,0,0,b8c068f3e39d275989a4658cedde8d7a88e84181269d7e4d5d3233f644bbbd08,2024-11-21T08:38:19.010000 +CVE-2023-51529,0,1,ef479d22e0a83a673466919347ece1db7eb5c7423bb53907f916b358d608d132,2025-01-22T16:21:12.423000 CVE-2023-5153,0,0,9c9af9ee0585ae99c11dc28be44a3d285d24f0e534e56e6e3bc49f885c490b2b,2024-11-21T08:41:10.440000 CVE-2023-51530,0,0,aacd0ae4430751ee66bd692b65f7bdedffd90735fbd54cf00f3857e1ffbc7331,2024-11-21T08:38:19.133000 CVE-2023-51531,0,0,71ff9fd2d5f352c2c15ad64fe11aebf88dd3b69b741259be74db54a5b11c32e1,2024-11-21T08:38:19.260000 @@ -244079,6 +244103,7 @@ CVE-2024-10924,0,0,f1198492ea5d0448c480cfb52c449c77b28f46a760324baad7abe4da889f1 CVE-2024-10926,0,0,ad47f219103ae4ebd92db7592078769652c8133d266b35358f61dcfb9dc4e1ed,2024-11-08T19:01:25.633000 CVE-2024-10927,0,0,f09c2725d755f5937d35809a87d5ada4fd8d3d09c9d48fcc66b16a3fa883071d,2024-11-22T19:14:48.190000 CVE-2024-10928,0,0,862f1a88452be3b22edef7e2642809ba572832547c6da90647052695aaf77de0,2024-11-22T19:10:19.290000 +CVE-2024-10929,1,1,c339a09b7418a4b1af0ff6406ebd0b49b561f995c2406671fd12a529fe0453f7,2025-01-22T16:15:28.790000 CVE-2024-1093,0,0,ac60ea90a5bdbcab92bbb148d0d6ccb636fae604fade2bd9337658c1f747481a,2024-12-23T17:03:58.370000 CVE-2024-10932,0,0,28109702b795f9356a11af2c3727eebea623b98c280555fa2778753a6b0d3d2f,2025-01-04T08:15:05.713000 CVE-2024-10933,0,0,04454997e745a68880991c602cc8325b99e3c53905740538bda66aba85b8cef1,2024-12-05T20:15:21.417000 @@ -246127,7 +246152,7 @@ CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c82 CVE-2024-1387,0,0,2c2f906637a61e38d38a9b0ca47ff4dc68c131d6fabb5f801315dfb2710ce089,2025-01-07T18:19:26.400000 CVE-2024-1388,0,0,4055ac29f5fc98e5c697dde8e9fd854a4a3e80aad935e1d1af922e2721330e53,2025-01-16T15:18:18.140000 CVE-2024-1389,0,0,5873690e0845507df8953cc4f63b4ccd0c40998cbb5a2b9d552ef1fc675e0a5e,2024-11-21T08:50:28.477000 -CVE-2024-1390,0,0,37b0dff04be1b8b0f2a887698f2eb84de50a3b7e7acefe6e7e54550c938a7935,2024-11-21T08:50:28.600000 +CVE-2024-1390,0,1,4f3d9af8e4f645cacc042445b3c6c1015224ae23e87226c88c372fa7ef3e2644,2025-01-22T16:49:11.553000 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000 CVE-2024-1392,0,0,7d376d426c7bde42291bb43e543815dd80a04cb004b570eb44a0e5840366c498,2025-01-17T19:53:57.010000 CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000 @@ -246145,7 +246170,7 @@ CVE-2024-1404,0,0,72e7bfa50d663f6618ea5cb7b36bb28904508f29cf1e05b2cbe5def310af38 CVE-2024-1405,0,0,f1f20b7fcf6fcb7016c5464ac9de09f0711e13473f6f7d4ae7139e675dbe1403,2024-11-21T08:50:30.937000 CVE-2024-1406,0,0,6b28f10833aa0266c21bf391a699e38b0fbc18d07df506bf50ade27d766794c5,2024-11-21T08:50:31.093000 CVE-2024-1407,0,0,aea146a24e9e07a019a2882d28a7220b14386947f663004dd47c26ab47e7f0fa,2025-01-17T15:05:23.520000 -CVE-2024-1408,0,0,6ef60a72951d16c0b9e728b84742a4d35c67925763670f067b8c3c5941c31590,2024-11-21T08:50:31.397000 +CVE-2024-1408,0,1,6a5d8e939c0fd88c81e5b17570e1c72e8e089968a9376e722c191d6ab22a6e4c,2025-01-22T16:44:00.387000 CVE-2024-1409,0,0,7962f407df3c3ae50439b2eca79b45057e814b108e0e2b019b6d191d89933849,2024-11-21T08:50:31.520000 CVE-2024-1410,0,0,5e6f7cca224df908329417aec1336b7ff4ef9e141a0c106289cba50bfd976a14,2024-11-21T08:50:31.643000 CVE-2024-1411,0,0,1a3f3817141b708692776a1cc4fd5069ccf1e40fdb5dcd96fc448a68f63f24d6,2025-01-15T18:41:08.613000 @@ -246248,7 +246273,7 @@ CVE-2024-1512,0,0,26a89e8ea4daeb69acb8ef0a5290d443e1fbb4f0997b4751a3c4b63986c140 CVE-2024-1514,0,0,065a08306127871145f34727c9c34814a36355420c30f0cb2ae4276b319437fa,2024-11-21T08:50:44.403000 CVE-2024-1515,0,0,a3add1da137a72880095a1615a74b53662a1751b21dec935a7c4b7d184dd4113,2024-02-16T18:15:07.820000 CVE-2024-1516,0,0,ae0dda1e388fbe9bb68c26e49d1e55447c78bca551e4128fdafd45f882514681,2024-11-21T08:50:44.537000 -CVE-2024-1519,0,0,68e2c5d7aa1ea12a6c179a0ebccef917bdb0025ea47fdd845e62522c35f52d77,2024-11-21T08:50:44.663000 +CVE-2024-1519,0,1,ef8db52d6697b00e9b63b12b86b1ca9a8ef9f7b004809c241d596d1b84437d97,2025-01-22T16:38:11.330000 CVE-2024-1520,0,0,42b948a706335187322a4277626050fd427db0ba076fbc016021b2dffcc98301,2024-11-21T08:50:44.787000 CVE-2024-1521,0,0,85d803e7fe3d979f91dca5b591f48c2f70fe4bd0fc6f503898efba23c478b51a,2024-11-21T08:50:44.933000 CVE-2024-1522,0,0,9cdb2d31b60237752ef77325c4d109881b58042aa66e5c8934108a236d1a4daf,2024-11-21T08:50:45.060000 @@ -246296,7 +246321,7 @@ CVE-2024-1566,0,0,4ac720135761f12018d810740b03599e211c6d2088b3ec7481b0c1665640c9 CVE-2024-1567,0,0,6cdbaee71c1770d77caf03403af77d158a420504c05e33f36e632e6fe2f3ce20,2025-01-08T20:47:46.820000 CVE-2024-1568,0,0,4660f06f13504a73ee731b062d7289c45d2cdd5ee8fbad08955ed262bed14189,2025-01-16T15:34:31.447000 CVE-2024-1569,0,0,cc3fd6764ddebd625443ddcd2f6dd2aba14c01115654ddd2b36f709166cad3a4,2024-11-21T08:50:51.360000 -CVE-2024-1570,0,0,c77fb8a1605b8ff029c140717833d66157c8c7aa9377bb5398abaa6409f8c2d4,2024-11-21T08:50:51.480000 +CVE-2024-1570,0,1,25898391ded7988cd2da012ae2a7ccaf83daa0ac2ffc39f3073e6c6025585cb6,2025-01-22T16:31:46.067000 CVE-2024-1571,0,0,59f01ab78b4f7b0f9ac0a699e09826fef03bb32078a1a72f10d58201a8f77caf,2024-11-21T08:50:51.597000 CVE-2024-1572,0,0,a83548f030b810663477d0b6737646927187cff3fac85148113c7069e7392583,2024-11-21T08:50:51.713000 CVE-2024-1573,0,0,55326b48e714bd45f8a7f03a13179fac399e55741cedcbe359268a4ab07b26b6,2024-11-21T08:50:51.837000 @@ -249372,9 +249397,9 @@ CVE-2024-23307,0,0,a9556517f89dd7026defc5e7a83735290a7a0d5574a0ffa43eae73ba7c04a CVE-2024-23308,0,0,2451e6da930bbab951e0370d09bf853ad2eafd61488a022c59e14c670726c985,2024-12-12T19:10:12.500000 CVE-2024-23309,0,0,9871251e43bcd47915fc0e89139d02bfc787229cb784c5b0133b33f1742cb37f,2024-11-21T08:57:28.620000 CVE-2024-2331,0,0,725ba9bc922e0647096bf95f81d8267c1757632a1de6135c4813ddf1b07ca317,2024-11-21T09:09:31.250000 -CVE-2024-23310,0,0,83a242ac975fbbda610595200d0b9997c57aaf104e1dab0cb2992f658e1c2eb0,2024-11-21T08:57:28.770000 +CVE-2024-23310,0,1,451aa86a63ae136a8d0e148ff74cfa1dbe778cec053bdd91ed8edd81fc8225ea,2025-01-22T16:18:16.783000 CVE-2024-23312,0,0,c66457950e92c000c52798147d176b50f5cb337e36e1eeeef424a02e12bbfb36,2024-11-15T14:00:09.720000 -CVE-2024-23313,0,0,fa6137b5efd928d77d86249f06e4289dadfac22bed2a798fd5d4958e0812a931,2024-11-21T08:57:29.013000 +CVE-2024-23313,0,1,521ca534e335670c7ec3a91e711faddd21409921c71ecbd07d230843832b3507,2025-01-22T15:30:48.677000 CVE-2024-23314,0,0,42bb7e0a54a79cfda8be0f14ce8581a9d6ac611ce699060b9ef1b60b052c5f08,2024-11-21T08:57:29.147000 CVE-2024-23315,0,0,7d1dc70c2077c35cd6479c6b1655e6667530eb2dca011d25832e4c199f02224f,2024-11-21T08:57:29.267000 CVE-2024-23316,0,0,f991e4d2bfc533226809c990c7070963c80c9a8181a0ab46cecdef9ea8914294,2024-11-21T08:57:29.393000 @@ -249646,7 +249671,7 @@ CVE-2024-23601,0,0,ca7f67f2eee0becf70f57a8dfe360cc7f33c9ee2f3cf65add8eac8273640f CVE-2024-23603,0,0,aea1f31cacccf724f0eb767dfc62b8f5f7cb80ced40ede6e78ddaf281fcb5ad2,2024-11-21T08:57:59.193000 CVE-2024-23604,0,0,dc5cd839af33b7b3dcb48b002d81e48ae97043185456c58e26e0040b5dd4ee1e,2024-11-21T08:57:59.313000 CVE-2024-23605,0,0,6feaaf8078973106d62b89fd77d8350c669a4c873ff6f3514aa9598da39c9a5e,2024-11-21T08:57:59.433000 -CVE-2024-23606,0,1,bab8065b9d3fb9f309eec8177d382348fc7f7d5cfbe3e357e07d9b91afce2e37,2025-01-22T14:58:56.600000 +CVE-2024-23606,0,0,bab8065b9d3fb9f309eec8177d382348fc7f7d5cfbe3e357e07d9b91afce2e37,2025-01-22T14:58:56.600000 CVE-2024-23607,0,0,1e3cde2a3bdd7f2b024b02a6b58595499e745787f58fee09de464f8683b42032,2024-11-21T08:57:59.680000 CVE-2024-23608,0,0,f4f0d3dc90613d42fc8485a3197c71394b07fbc0df27981f4d6ad3675d04a364,2024-11-21T08:57:59.797000 CVE-2024-23609,0,0,b90f833366370fe43c05814eb1526887e7cb7b82ee5ea7a039ba9de77d7a868d,2024-11-21T08:57:59.930000 @@ -249835,7 +249860,7 @@ CVE-2024-23805,0,0,bfc06a300b76d855656e499453de6a2febdd5e93279f95b30c9afdcca5e12 CVE-2024-23806,0,0,9d829fca3834f4b79580eb189255076ef10c6078bd0e056438230fee41d8a8e9,2024-11-21T08:58:27.657000 CVE-2024-23807,0,0,1b8575bc8a82d32cc06f5bea6ac8791009b0d290ab9e89fa4395ac86da1a6ad6,2025-01-16T17:51:40.503000 CVE-2024-23808,0,0,842f67d830d40bbdccbee3dceed160f694418bdd49df687322b2edab20d3eba0,2025-01-02T19:07:39.450000 -CVE-2024-23809,0,1,71a78e83cb34cae55fe1b6be6716acf43dd1548e52486039da1e509c6cb10ae5,2025-01-22T14:43:30.827000 +CVE-2024-23809,0,0,71a78e83cb34cae55fe1b6be6716acf43dd1548e52486039da1e509c6cb10ae5,2025-01-22T14:43:30.827000 CVE-2024-2381,0,0,f66ddad084efb65ff7bf956ee961f930c1176d8e9e8c0f951e63dbd6dfd2cc0e,2024-11-21T09:09:37.907000 CVE-2024-23810,0,0,f2f5fad1095108d3dacd61e6f85b7446124baa2350c0d88169d5c5b20a0468ab,2024-11-21T08:58:28.240000 CVE-2024-23811,0,0,0403fc7b759c5031a0e3964d5cd968c4b8d98cfb4b93f144bb06accdee9c592b,2024-11-21T08:58:28.397000 @@ -250198,8 +250223,11 @@ CVE-2024-24425,0,0,f020647313a266e9b26d920d7b3ff0c5a70298ceb4b38f72086ac27d496b3 CVE-2024-24426,0,0,1ba202c66d22ec01d9165c4229044ba2d8de45fa575e097063ba053bd7d0b3a7,2024-12-03T17:15:09.400000 CVE-2024-24427,0,0,2019b77465bfd95e39f1460e0b6b34de1fd7f7de7c71851c707c200c7bcefb73,2025-01-21T23:15:12.640000 CVE-2024-24428,0,0,56ac6724305fe409e3e4c3d95c26987e02b61fc626ad26902adf33f2c52010a7,2025-01-21T23:15:12.767000 +CVE-2024-24429,1,1,4ab29af21421fe9731a30a80f100729ff3757ff97b28d5817033562018b538d4,2025-01-22T16:15:28.907000 CVE-2024-2443,0,0,1bdda57280ff24c7755bfc385c8c5e030e460e899c6d0c2078c3b0acbbc8fb06,2024-11-21T09:09:45.827000 +CVE-2024-24430,1,1,46b66d232b9249c729f8cafc71a3d1e619dc092962ad7a81b422b7d65ab3b805,2025-01-22T15:15:12.680000 CVE-2024-24431,0,0,df56f81b7c3a1e35add47673987ba3302b83c2d47d8419bd59e79e036d2e2abd,2024-12-03T16:15:21.187000 +CVE-2024-24432,1,1,8f5779f5919d73329002c1b84a29f1fc16c658faaf52302aadd0e87a855a1c40,2025-01-22T15:15:12.793000 CVE-2024-2444,0,0,d9ff5dc2f1cec3e82221567fd131c75cf5704e6ca903fd99eda244483e9cdd6e,2024-11-21T09:09:45.953000 CVE-2024-24442,0,0,dab1d192224455c9dbc2bb672a2b1d0803f5127b7d95d237ff5a5b7907e7708e,2025-01-21T22:15:11.610000 CVE-2024-24443,0,0,9e2edcea8b8b5767acc38926824c13bf6abb747a0f51a97e2a5a56f1a3d118a3,2025-01-21T23:15:12.897000 @@ -252313,8 +252341,8 @@ CVE-2024-27128,0,0,25abf69fc83895a13784e9349a98139b1d75374ed7ab65f669ba6c5628c6f CVE-2024-27129,0,0,675d38ad59f656bb9de2a8532dded9ee79e6e9ec1860c1ad35fe28a7fec1161e,2024-11-21T09:03:54.740000 CVE-2024-2713,0,0,7c28d27f25ddda1c231ac9fe3977258c4de4e99af0cc5bcd61fd742e54970955,2024-11-21T09:10:21.290000 CVE-2024-27130,0,0,c9d6b28e2a18273de881a42f0dd25c4fe8494c26ad6475c525d0437de22d4449,2024-11-21T09:03:54.880000 -CVE-2024-27132,0,1,97112c2430a1efdd24acd2d9a19461523930f5b80f33a45ebf983e3f77055e65,2025-01-22T14:15:26.130000 -CVE-2024-27133,0,1,0bc1efdc0e9ed092d39790d962760e4b53b0fb29de201e5b7a8c363318010504,2025-01-22T13:46:56.667000 +CVE-2024-27132,0,0,97112c2430a1efdd24acd2d9a19461523930f5b80f33a45ebf983e3f77055e65,2025-01-22T14:15:26.130000 +CVE-2024-27133,0,0,0bc1efdc0e9ed092d39790d962760e4b53b0fb29de201e5b7a8c363318010504,2025-01-22T13:46:56.667000 CVE-2024-27134,0,0,10536f2c6cec2d014c78c98ff1034c300c2e1bbf125cdac8c205d1c9fa4af632,2024-11-25T14:15:06.867000 CVE-2024-27135,0,0,249bd83d6faa31f9be0c60ed0834bd7d41455f59453e7696691b7627646e8f7c,2024-11-21T09:03:55.270000 CVE-2024-27136,0,0,bb37721f8ed99b1ce670c8cc12d36d4a8ef9b3720f3c4a42663714f551f679da,2024-11-21T09:03:55.410000 @@ -252480,7 +252508,7 @@ CVE-2024-27301,0,0,0dc0e7fcca77305d1b07d51dc5d6e87edec76f4b67ea0b4c91144191fc73c CVE-2024-27302,0,0,1126d35a4a36c0394d9e8298833cf3f9ca789e1f50e656755905c9a44280507f,2024-11-21T09:04:16.990000 CVE-2024-27303,0,0,446eb07103109107a6b5cb1a7ac6ddf2d6869e3efe4680886a25ae0d19a80f11,2024-11-21T09:04:17.120000 CVE-2024-27304,0,0,6d9daedacc8a33e2d7baab9bf30efd010b154dcb9215fa336d95f0244e4ac2d9,2024-12-12T21:15:07.677000 -CVE-2024-27305,0,0,0d0d80e5ff3c51365bd80b1ddf136e0cecee1591fdb3961edf8408a2473717a9,2024-11-21T09:04:17.380000 +CVE-2024-27305,0,1,e12f3c61dd0cffc99acfa36652f57b0b6eeecc0c2f6472e94e57f7ef61b87913,2025-01-22T15:02:31.500000 CVE-2024-27306,0,0,7a28ab142666bcaf42530dd089da65a8aca11e816370cd89a9870260ca5d05b6,2024-11-21T09:04:17.527000 CVE-2024-27307,0,0,cf618de8ec42069f47b1c5022714176e378177129a4fe94cef62bc4f79ac235a,2024-11-21T09:04:17.667000 CVE-2024-27308,0,0,37f214bdd3eae19c6ca746aa11f3f3b092a842a3922749c87981b4f4a93b4ee5,2024-11-21T09:04:17.800000 @@ -252494,8 +252522,8 @@ CVE-2024-27314,0,0,c7800ff43b3dde4e64855ff4c8e9e09054f2d9523de2c8225fcf94e9bdda5 CVE-2024-27315,0,0,d76b0fcdba6f7b4b207cb9b903ce70dcff45e546dcd16fd74a8323c6a63e3929,2024-12-31T16:16:15.510000 CVE-2024-27316,0,0,24fdf0f9b0ad852f5d9fcb01da998781549ca6c0b793197d9e2355018b079f16,2024-11-21T09:04:18.993000 CVE-2024-27317,0,0,76b2a59ff51f548a5b920f9a9e5de4c3dbbbe200760563bdad4794a3fa9cb613,2025-01-19T03:23:26.087000 -CVE-2024-27318,0,1,9f0c74c35c13b5ce49c8771ff1a0af97b9c149eedddd66adf6405f7b9a43397a,2025-01-22T14:44:50.917000 -CVE-2024-27319,0,1,ebbfc65a281e37322d6480be873d167aae6fd498287908f590776c027ddaf596,2025-01-22T14:26:49.917000 +CVE-2024-27318,0,0,9f0c74c35c13b5ce49c8771ff1a0af97b9c149eedddd66adf6405f7b9a43397a,2025-01-22T14:44:50.917000 +CVE-2024-27319,0,0,ebbfc65a281e37322d6480be873d167aae6fd498287908f590776c027ddaf596,2025-01-22T14:26:49.917000 CVE-2024-2732,0,0,c53ca86f62810bb8d7151754be48472811994b863d082d4f89a0e05dc2c7c2e4,2024-11-21T09:10:23.810000 CVE-2024-27320,0,0,9bd432bffd8b92613cb510da17aad942a21d8d3e1a29df2e50a7d5d1126a5837,2024-09-23T13:56:48.353000 CVE-2024-27321,0,0,21cb175abd156e3dc500ea41f70806ccea3c2efdc89a895115ff1bfb44978981,2024-09-20T17:06:58.440000 @@ -253225,7 +253253,7 @@ CVE-2024-28232,0,0,4016560842e5dbe0556f8c825e8c7f66803aa1fc46a7caeb391820502d6b2 CVE-2024-28233,0,0,9dfb6a281036a246e6a8c7797767e8821a8200df2339f7f383cd7903646892b5,2024-11-21T09:06:03.527000 CVE-2024-28234,0,0,598260d530e844b988103ffca1d1f3c6f915fb6f021808bfe5979b115274823f,2025-01-02T17:49:55.720000 CVE-2024-28235,0,0,f9c80821f34b650e72ffd4fc2fa6535c9df1dafab141b6f3941dee35e5200ab7,2025-01-17T15:42:02.050000 -CVE-2024-28236,0,0,006d943face2653d8586409285dc0b25a377f4f26cdaa112ad9338f349805672,2024-11-21T09:06:03.913000 +CVE-2024-28236,0,1,294f4bea5192de8890d34a2469441173f7ea2e4a4a8d788a4e4b9d638a85213a,2025-01-22T15:05:22.287000 CVE-2024-28237,0,0,6596ca9e95c7bbdbdf1ce7fad38ad1f3d78868edb778ee33c83d80a6c532886b,2025-01-08T16:22:58.707000 CVE-2024-28238,0,0,54e673a11dc58ef2f1ce67b17902858e9a639439ca947a54911f01e497b4cc07,2025-01-03T16:14:55.823000 CVE-2024-28239,0,0,cad2389eb8ad3f3fc89b4de0deaf45f55e8417efae42f10b632472f86525ee21,2025-01-03T16:17:32.100000 @@ -255819,6 +255847,7 @@ CVE-2024-31898,0,0,2bdf434c4d06bca201e71e4a7c99060368586d3dea800b988968adc32062e CVE-2024-31899,0,0,e3477cb6ba6850b36435640b21267340780a9020b61b2670506bdd2d9d1ba253,2025-01-07T20:02:40.877000 CVE-2024-3190,0,0,bad297e304fb4b0d6eafd0a234cf1fc72af8a9c2c234dc9ef80f9a08d6ffcbca,2024-11-21T09:29:06.810000 CVE-2024-31902,0,0,003a18851ece455ee1e6ea2a4455c0284b8742534b1304a5388aa31d40a16816,2024-11-21T09:14:06.483000 +CVE-2024-31903,1,1,a9ee045a5ba7b879b4c31f26753e26edef5ce97c6e396a00e63c54ed05546807,2025-01-22T16:15:29.030000 CVE-2024-31904,0,0,d2a04e1afb3ab14e7bd62c982b1ec9fbcf0becba36a47360842f1553f25b269c,2025-01-07T21:05:40.810000 CVE-2024-31905,0,0,4f1bdfcd5321f7b992df963e233e7a11fb0781b24167b44218cf69a784597a28,2024-08-28T22:08:30.560000 CVE-2024-31907,0,0,56360f441ba18f82366ed4eb471a5c96a8260a64fefc6012f99306629a9a97be,2025-01-08T17:06:40.250000 @@ -257261,7 +257290,7 @@ CVE-2024-33809,0,0,5f800f5285ff2bfc0ecc751acd21c04b6bc87ec606c35f99e2cfc9f62ed3b CVE-2024-3381,0,0,54f1490359f84b37b9085d1c2a64f460d8cc1a4d213b5755f1dd6de7bae13285,2024-05-27T13:15:08.490000 CVE-2024-33818,0,0,8ed01d3814fe01ef937bdf9ed38c458a5713855afe9ef1068e8930fb56f7619a,2024-11-21T09:17:32.723000 CVE-2024-33819,0,0,7e61d4c0dd3553f64a2e5fef11b92143383472dd77b567ea2aea59f5055dae94,2024-11-21T09:17:32.847000 -CVE-2024-3382,0,0,d3e95e0895dbe2bff75fc41f3bd892dcb46b975969b2f7c43869f8d6a79fe7ec,2024-11-21T09:29:30.253000 +CVE-2024-3382,0,1,2806fc89766558764c830c6154793a1d7167aad2ece415e69784f0d03afe9946,2025-01-22T15:44:24.527000 CVE-2024-33820,0,0,cfee89ad7ad37aa0a23734591a3b5cbc350282c1f511c40effb3edcabf5bfacf,2024-11-21T09:17:33.030000 CVE-2024-33829,0,0,29c77d19540accb450598443b67b5c2e3910197757a370c151dd370ee4356fa7,2024-11-21T09:17:33.210000 CVE-2024-3383,0,0,430b0d8561d28c308c86f02f1afeb4736d70095c27a3c26603f2024bafec2629,2024-11-21T09:29:30.393000 @@ -257614,6 +257643,7 @@ CVE-2024-34226,0,0,1d377f61cf795fbe00be67ffd9f00a82954a881e118fc5adc61c7c13a7e4c CVE-2024-3423,0,0,04c44e8c396e88e33e76b227756ab6e4a3cdb303568294582004d57706273469,2024-11-21T09:29:34.370000 CVE-2024-34230,0,0,ee5efe3516751b032076977625757928f003fe090164432914314acde3d27151,2024-11-21T09:18:20.700000 CVE-2024-34231,0,0,29220a31577fead32a56d0eaaed07b40b7e0f50ecbc13725dd1aa6abfb3d2ca2,2024-11-21T09:18:20.947000 +CVE-2024-34235,1,1,af0ad3586f59718b30b4386fbbf1fda4d3ffade8250cb8d07a7bc44099145fab,2025-01-22T15:15:12.900000 CVE-2024-3424,0,0,e0718adbebcf95028a75e1d01668f5e86810db0c5f9d10c5b9f35accf22b943e,2025-01-17T16:39:48.853000 CVE-2024-34240,0,0,a6cc74a4b7e6ac1ff4630f4dda1cfe0067255faac0d07ac084685fd926fc750d,2024-11-21T09:18:21.180000 CVE-2024-34241,0,0,e6b9fe6b441390d6d7cebe002b321929ea0e881ede166ad6eb49a567d3b43c57,2024-11-21T09:18:21.420000 @@ -263434,6 +263464,8 @@ CVE-2024-42009,0,0,9a4960a836fc73ce032e2e0a9284183ff828482153b71c569eb4f6a260620 CVE-2024-4201,0,0,caa8de420bccc88e064fd619fe08f6837c80c46ab6ceb4db233139f54456b674,2024-11-21T09:42:22.800000 CVE-2024-42010,0,0,03e7dee0af7871a1319da5b152346d87a38864f6270cfec745878dfc136b3e64,2024-08-12T14:15:07.370000 CVE-2024-42011,0,0,266d3b924a10f9b724bb81458292feaa2d0436def0bdd21429b955b06ed88aca,2024-10-30T18:35:10.283000 +CVE-2024-42012,1,1,ff0ddccfcde7aae3f33b3ee9a2186803e72deb89bf1da17b62fcece083609a4d,2025-01-22T16:15:29.183000 +CVE-2024-42013,1,1,8c91ff5c027d0d86c7f9698278f51c909392fd40179c79b6bba7da92932fd578,2025-01-22T16:15:29.303000 CVE-2024-42017,0,0,5509e2b803cf969223b73bdcf88f1502d3b190466153a8d92dad3bae23d94eb3,2024-10-29T15:35:30.713000 CVE-2024-42018,0,0,eb9a1a6ae48726fe6d8ca5270a76e202e200b6b8c357ecfcb36c7033e7e13c63,2024-11-06T20:35:23.377000 CVE-2024-42019,0,0,3685530b36a39a63856807b2e771ed1cffbe416901360d0224102921ef6aa582,2024-09-09T17:35:05.247000 @@ -263865,7 +263897,7 @@ CVE-2024-42468,0,0,91c14dbad0da95a7d20ad07c6ebbc6085068bc54fc3eef0d212065df746a9 CVE-2024-42469,0,0,bd532ffbfcb2510bddf31f3489868340a08ae9cc539bc98fff873ea7f9675c22,2024-09-12T16:02:35.023000 CVE-2024-4247,0,0,026ea97df26ebfa2459cfc0be0355aa17efdb50861c588da4ecdc7266d52e5ae,2024-11-21T09:42:28.047000 CVE-2024-42470,0,0,8b7b5dccd48e502c3b09a254aa458aad8ac26b6024d8fbceaeb5d75e56828aec,2024-09-12T16:04:23.273000 -CVE-2024-42471,0,0,e0e4d3523c7159f42d4de91f54e00f7de305b8e8cbb62880d9077bd25834634d,2024-09-16T16:18:09.597000 +CVE-2024-42471,0,1,b53941438ad45b511dfe4dbdac0a594d005f8966c7e083cb147e076c067320cb,2025-01-22T16:15:29.417000 CVE-2024-42472,0,0,db9f0de24b1225cdc8879f2296bf2f39eb10609a5468059691ded7e4227382ef,2024-11-21T09:34:05.540000 CVE-2024-42473,0,0,74a74a158c4e42de3e6b5ebd0e1022e526e45c03aec99eaf13526fc0b3957655,2024-10-01T12:21:50.327000 CVE-2024-42474,0,0,849037a26897712db76b382c255fc41b35047731bd22fe7efbcd94de2edd89bf,2024-09-16T14:30:13.683000 @@ -267664,7 +267696,7 @@ CVE-2024-47766,0,0,5b022f50b7abc217edfef7982d0e5a686ced57373c6d0a3e12a0288c83d82 CVE-2024-47767,0,0,94aadbc9fc16d474275d6aca7a65361d425ec92b8c6014ba3dfdd771cd3b2ca8,2024-10-17T13:50:45.307000 CVE-2024-47768,0,0,88ae4f70ab087b8300d230292887e805c01d66e7a5c039ba6592b0b94e773598,2024-11-13T14:55:39.690000 CVE-2024-47769,0,0,0c177c50fe296e854c4d574b21c2d2abde6e70c193e41fa822f8df15acb9f1d0,2024-11-13T15:12:54.033000 -CVE-2024-4777,0,0,63a7b0403e8467f3ddae9d3e3b7326dc574b95f8b453338060c6ffad16e3405a,2024-11-21T09:43:35.560000 +CVE-2024-4777,0,1,f5d82bbae979bc4d2f73fd5aa0aa703237c6002a2996292106f7c34b0b91fd70,2025-01-22T16:45:18.820000 CVE-2024-47771,0,0,d9e667f8f1c80546a8045e1095310494da0b5c3573a4d135848ba5926d74346b,2024-10-16T16:38:43.170000 CVE-2024-47772,0,0,268d48580bc08bc06a9592581bf7c15b183982df7936e45259c48576c264bf04,2024-10-19T00:58:21.947000 CVE-2024-47773,0,0,2009644e404b2ecafb661ade272442df90db2955e19ee81df643af922d4ed623,2024-10-10T12:56:30.817000 @@ -268885,17 +268917,17 @@ CVE-2024-4973,0,0,19ccbb7e67bd4c75d6b883a0abe41227afb09f5e151258438b28388488924a CVE-2024-49732,0,0,79905e81310627bd846c6b303778a61c549180fd7d441513bb9aa76a2aa5f629,2025-01-21T23:15:14.100000 CVE-2024-49733,0,0,4ea3a79600738a5a051a531e4536c27a7275ffb6bb3cb3f57ddf3e3052ec65d9,2025-01-21T23:15:14.197000 CVE-2024-49734,0,0,854a15556093726e3f16593398c49e1d6f74bdcecae8161021ca6186dedae34c,2025-01-21T23:15:14.307000 -CVE-2024-49735,0,0,1296e6e23fbf65ca9bad133852c38ec242bc46303ae0c589c7b83a4437f5bf44,2025-01-21T23:15:14.393000 -CVE-2024-49736,0,0,b31489b53c95a963d6fe757a2b7eaab06c2eac5c5ec3a23ac16ea46be2a0ff10,2025-01-21T23:15:14.490000 -CVE-2024-49737,0,0,48a5c56aa30d0c425d0818b92cdb4afa2423618e4586dcdf982a716de06b5a0d,2025-01-21T23:15:14.593000 -CVE-2024-49738,0,0,3af34105015f3c9a7780d15caad6d9aa7b5795fe1b88cd4b1ceb096d83557266,2025-01-21T23:15:14.687000 +CVE-2024-49735,0,1,6e82e6dd127ffa040fc1a14579443a53bb3ca3cda230b1dd32f241c6aea7cef1,2025-01-22T16:15:29.573000 +CVE-2024-49736,0,1,abb53a60f7b8c4b30ab54ebc044e67a54dc2d8658382f295c6a64d25e7172ecd,2025-01-22T15:15:13.007000 +CVE-2024-49737,0,1,5b8a41296add9b60d2bd23d524691a6a9402bd8f7a3a23c7a85b4ed4febbc7ea,2025-01-22T15:15:13.150000 +CVE-2024-49738,0,1,cd4b279ab947304d716fd3789992ba3820266545e70a14de0202f788aaf229e5,2025-01-22T15:15:13.280000 CVE-2024-4974,0,0,d16672721f53b136de1b80de87435b925886996f97e506cdb2d6dc9e6ef8a3f1,2024-11-21T09:43:59.157000 -CVE-2024-49742,0,0,303abb2f341f6b59910fb5cf4e5611dd6fb085d25994feb496561e70a0360649,2025-01-21T23:15:14.783000 -CVE-2024-49744,0,0,50d6db28ffee926a6be143948f0d56041fc5b8cbc03eb8938ed140f66c1b8744,2025-01-21T23:15:14.880000 -CVE-2024-49745,0,0,732c9995487915a16fdfddaf74b0c2fe6eaeef473b1072c3856dbfef068c5afa,2025-01-21T23:15:14.993000 -CVE-2024-49747,0,0,20330c4e539b3226b17e694f6ef5e88fef6bafb9664f63bbcdf16f7aeaa34554,2025-01-21T23:15:15.100000 -CVE-2024-49748,0,0,48c5d8eaa50aeef10379ff6e4ee5fd009174d778b5a2b79c767eb33b4f5f8a22,2025-01-21T23:15:15.197000 -CVE-2024-49749,0,0,4b4aab07a4c4d3f9def717251192670d047d02ef65d9a9d856555869559a1e5d,2025-01-21T23:15:15.283000 +CVE-2024-49742,0,1,7eef665a1fecedb640da0453d3423d2565b0b2a9863841471a0905437587a333,2025-01-22T15:15:13.407000 +CVE-2024-49744,0,1,893c3e4158dfef22e11bfb26c5e77a6967b9bc4fa8c4ba4f91957edccb19b8ed,2025-01-22T15:15:13.557000 +CVE-2024-49745,0,1,ec3fc231238b743039fbaaf5776ba076c7962f598c5d5696f0fb57938019d8eb,2025-01-22T15:15:13.707000 +CVE-2024-49747,0,1,2d8b794bd3749166ed339f9f429c39b24a48fe7fd48c61f20f9e5b51e0b3a34e,2025-01-22T15:15:13.840000 +CVE-2024-49748,0,1,38b0ed020d011a6e22437dc3312798cb1d17299f8e1aaee32090cd2c9c8a600c,2025-01-22T15:15:13.980000 +CVE-2024-49749,0,1,12bb211f652372e794b8cfd82d8b0d77d0ac3ffddc07278e6873cb738eef5427,2025-01-22T15:15:14.110000 CVE-2024-4975,0,0,d158c3c26e7b9ed3b1558cbe1dfa904308e63625da2b58fbfd707b0851aa6e0c,2024-11-21T09:43:59.293000 CVE-2024-49750,0,0,b8c0592657dc23f5dade6581318fd4431bb1aa3486d0f4172a6b42fac1aa50c3,2024-11-06T14:58:19.993000 CVE-2024-49751,0,0,b6ddfe86ed223562a30da85143aed986d928de448e01372a87230a49d1f635ac,2024-10-25T12:56:36.827000 @@ -270561,7 +270593,7 @@ CVE-2024-51938,0,0,242c0a65941c537ffd1a193d6e9d54026ec931cfbdc5570b7417a6063e45f CVE-2024-51939,0,0,20d7c044823f2dbd5a93ccbf1e62122469f38a0e0e61d27f0eead27fdd2e22c5,2024-11-19T21:57:32.967000 CVE-2024-5194,0,0,dbdec7c8317bad6b5de916ef203d1a0f247b2d83da15b3a997ab91b9b739d1ef,2024-11-21T09:47:09.967000 CVE-2024-51940,0,0,eea7140ef8e6920e3e5dd47ba7cd4d003e663b87564e69e84f825f175f7f9241,2024-11-19T21:57:32.967000 -CVE-2024-51941,0,0,f17cf139f996ecff5a38a7b4acf7051815f57226302470cab5c47b18234808ce,2025-01-21T23:15:15.380000 +CVE-2024-51941,0,1,99e7c2ec210b1b461bcd0a5c19e2f109b9f77e87df47efb160f27ffa568291f1,2025-01-22T15:15:14.247000 CVE-2024-5195,0,0,e5801157a03af57b0b477f12ddbbdfdf2400954236093425a1336efcab3d77e3,2024-11-21T09:47:10.100000 CVE-2024-5196,0,0,c1ed13355afe2ad57b4673ab6c37a350a1a3ee6e8c7dde25b17a93063a8f0698,2024-11-21T09:47:10.230000 CVE-2024-5197,0,0,c395e7ddc635786cbca10e48f5338a794f356687d6b361f56c4276f3833a35e8,2024-11-21T09:47:10.363000 @@ -272474,6 +272506,7 @@ CVE-2024-5547,0,0,c70f2b15fdfae1a20148a4f5dddd13a94d9e6eb1c9039906b5e94118b8ba53 CVE-2024-55470,0,0,dcfc79f3be29f89e1f2e700b61e3b076a29307f3f819bb5e3e6622ca15c02991,2024-12-20T18:15:30.370000 CVE-2024-55471,0,0,53c8545095dcd233b02e5b5368ccdda8e9894ef3eef3c8dd7b456e3a987cf26a,2024-12-20T18:15:30.730000 CVE-2024-5548,0,0,960acca9fdb4c73166f01cb6cab77802df52faee348d661f3dcdec3a5e889741,2024-11-21T09:47:54.380000 +CVE-2024-55488,1,1,f0f3e524c8548fe1fe6d4f124bfe8710d694b8d638ca11299653bfd921fc9617,2025-01-22T16:15:29.770000 CVE-2024-5549,0,0,523dae47b6780776874c36c71ab66f8ac6e8e99599490648ee341f214b628e63,2024-11-21T09:47:54.507000 CVE-2024-55492,0,0,8ed1b6fc2ceef3fd61acd090adb38bc92ce31dd641c3b527d1e8f1507c1a53ee,2024-12-18T19:15:11.777000 CVE-2024-55494,0,0,a1b10176f7d1839512005775c9e7583ed311f893fd691a402dee6bebdd80dd5c,2025-01-13T22:15:14.153000 @@ -273441,7 +273474,7 @@ CVE-2024-57545,0,0,29448170a68680a59613fe6cb937aba1159c3cc4ca362fc589dd6bd024a8a CVE-2024-5755,0,0,d9beb74b4cc757e5dafe2ce46b6f3c5c752c1749a1b4a2abdedbdd95bff1173d,2024-11-21T09:48:17.093000 CVE-2024-5756,0,0,f306d50c688e90f1ac281dc052b52f0a73fe2794efab7031898c419d58649207,2024-11-21T09:48:17.217000 CVE-2024-5757,0,0,d27353d3a809fffc6956c99202ff019e529c86d532d278e7bed95c99f1ad6b65,2024-11-21T09:48:17.330000 -CVE-2024-57575,0,0,4c20e12c2159ee9823e8ce70147259a0cf06d0b26ef1058991f1959b2f49e863,2025-01-16T21:15:16.537000 +CVE-2024-57575,0,1,59a16fb9024fc8c7ec7916d5858b18b7919141f32cacfdb0ceffe784dd16fcd5,2025-01-22T16:53:51.830000 CVE-2024-57577,0,0,bae775b370a8acb307c4cb68af424e3eba8ab59b46dde10579b517ba186c6837,2025-01-17T18:15:27.893000 CVE-2024-57578,0,0,c3279c5dafbf0cdd4403337b162aba3068d6b8d4f0424f16fe98dbf2bcb27771,2025-01-17T18:15:28.430000 CVE-2024-57579,0,0,0233c9ac7198ab370ea173147491e5d577f0db0cbec488179ef90a735ff73434,2025-01-17T18:15:28.983000 @@ -273449,7 +273482,7 @@ CVE-2024-5758,0,0,c078716fbf80b259c8ceac06415d3d039d4ef773f8ae701649c6b0b1483ee9 CVE-2024-57580,0,0,bdb0b94b78717db32044fb1ebf152be16356daef98584c7a2fbebb19f878301b,2025-01-17T17:15:12.410000 CVE-2024-57581,0,0,d33766716cfcc1229c50a7310d1424328b4dc7c6b3c33c20370b98899cfad2e3,2025-01-17T17:15:12.597000 CVE-2024-57582,0,0,2a1d35e4fc860c65eb8a4315ed1ba4c31f49b01c911d5b356fd3e8b7f891a8b3,2025-01-17T17:15:12.797000 -CVE-2024-57583,0,0,3ea8c345c22dfdd34c10584c8a9369f8b980af48e02c5051532800fb546089d2,2025-01-16T21:15:17.800000 +CVE-2024-57583,0,1,a02bfc66fca0e321afc33c8ed95edf293ab0d78b8736a62da8c5a6dc7f2892d3,2025-01-22T16:53:20.263000 CVE-2024-5759,0,0,7a62530c172037696b680530af67b7622649644977afb4734ee0d6d8975bff51,2024-11-21T09:48:17.467000 CVE-2024-5760,0,0,fdcabe1f95ff5e6dbce832204c1f64827ff6fe6277e57163fb295e96d7b29093,2024-09-13T16:28:43.077000 CVE-2024-5761,0,0,1fdad964c86313b412878f67fac5999c9a1ea015b844614bc58b000414661a53,2024-06-07T19:15:24.467000 @@ -273528,7 +273561,7 @@ CVE-2024-57703,0,0,648a1f97a651c02bc9cbd814c3aaa6ce923f775ec3dcd0727ff2f9993e5e0 CVE-2024-57704,0,0,5d3ea96b243ef47ad9a653892bd654803ec2d81d9a41451dd6e5053bc648eb08,2025-01-16T23:15:08.113000 CVE-2024-5771,0,0,8829a844c7846b06bb23778fad93312a505e31e0f93087e15ef0b64a0b36f535,2024-11-21T09:48:18.863000 CVE-2024-5772,0,0,04004702ec5106d11d8a70be9a1c34eceae4a60526afd5c3eb12e840c71e6683,2024-11-21T09:48:19.003000 -CVE-2024-57726,0,0,820a1b6bdd15a37e6d3db682d2d771037a99eedc4ad8f92c40f8d91529800064,2025-01-16T21:22:00.710000 +CVE-2024-57726,0,1,65fd2cddc719c88ffa0e00b4be18aec8ffa9fb5d459bdfe85cd0cb0d5409aec0,2025-01-22T16:25:12.533000 CVE-2024-57727,0,0,92f5d24a0d77d41fbb6ea3a796a25597f2aecf3a4600a0571ed4ae9364be0356,2025-01-16T21:22:25.317000 CVE-2024-57728,0,0,fb354679bf974c668fb55e36081142c182c86cd0df2050f9f41db6946683897d,2025-01-16T21:24:08.077000 CVE-2024-5773,0,0,a81a8a1444339b4362dba96291597bd9b9bbe8a53c3349e61bbda1dd4baa2ba4,2024-11-21T09:48:19.137000 @@ -273661,7 +273694,7 @@ CVE-2024-57933,0,0,a5f09101c1f266dd013e3ec124d1c1801c0703b5babe99bf295e942e95532 CVE-2024-57934,0,0,43034e503550b569256632c4502d946f08931a3530bd54d0ff9ea3c30d627029,2025-01-21T12:15:27.047000 CVE-2024-57935,0,0,e6daeb99554ae407cceaff9066c461bc5bc63d681f5adb174db5d16d19702a15,2025-01-21T12:15:27.153000 CVE-2024-57936,0,0,417d6b45a5c6544407230a177f750b81a6fb6c38ea6d13678499dd9c742ed051,2025-01-21T12:15:27.257000 -CVE-2024-57937,0,1,f2713cfe55ce0b98723add19c398fbf3ee712c696fe715eebadbe1d21a06c1df,2025-01-22T13:15:20.400000 +CVE-2024-57937,0,0,f2713cfe55ce0b98723add19c398fbf3ee712c696fe715eebadbe1d21a06c1df,2025-01-22T13:15:20.400000 CVE-2024-57938,0,0,77ff62e982dad7ae42785578957ddb550a937967229142e5b9667c5d344b85c0,2025-01-21T12:15:27.463000 CVE-2024-57939,0,0,d2414769f2e217c395dc0f8aa10fa264b19bc4c515c6ed730880adaf71b9e812,2025-01-21T13:15:07.903000 CVE-2024-57940,0,0,0e01baa746fce3bed4ce967c293e4b2f4cc181fdcc444d5ee628bbc2a308ac51,2025-01-21T13:15:08.540000 @@ -275056,10 +275089,10 @@ CVE-2024-7340,0,0,afceb6b3fac1138f8cb83e0f415cec5ebdcab90ac887ac6cc7416d04596c33 CVE-2024-7341,0,0,9879605967e8521e630e3508fca649ab0616466777cf91cc4c4478c8d606e537,2024-10-04T12:48:43.523000 CVE-2024-7342,0,0,bbab372366d62b7492fd885c0fd46da4598051b512f5991327f8cfce46915879,2024-08-15T18:40:22.537000 CVE-2024-7343,0,0,7f2632b50e9d4a4da19cdb31448eaac6640ad60d85ef9c956fde33f5c8956343,2024-08-15T18:40:52.707000 -CVE-2024-7344,0,0,9c4a559fc4f6e8d57d78d1e14e55917280ab002c14d693edb4fd49760899ca23,2025-01-21T19:15:11.700000 +CVE-2024-7344,0,1,41ec0d1fc8818b5427742be88275de65e522c05fc70fb579f3eb90da335d2c77,2025-01-22T15:41:04.577000 CVE-2024-7345,0,0,7689b50cbee63ee18ebf904fc91903644247462e42f3178c6191ec55402d6f73,2024-09-05T14:11:00.493000 CVE-2024-7346,0,0,25638c7d38cc54d22ba7fca216c7c1e04ae0c03279aa3b42c264161ca8172985,2024-09-05T14:03:24.040000 -CVE-2024-7347,0,0,80bd78827e01668f2a8f57d07d33f259d2d173eeee58a99344a8fc6ac7d3aeb8,2024-11-21T09:51:20.560000 +CVE-2024-7347,0,1,76507e84fbd35b359868f6cef009a1ad152aee7a0ffa5fef85d30e96f1519d08,2025-01-22T16:10:28.490000 CVE-2024-7348,0,0,09c0d21b00fb7cb86488ca2787685d9b9da3b886a45d9334b1e89a04d5e121f5,2024-11-21T09:51:20.720000 CVE-2024-7349,0,0,ccf23d688d536a2eff13a87ef73563f5aaca69c358d1f3c9dd8bb4ccf304b0b7,2024-09-12T12:43:32.957000 CVE-2024-7350,0,0,fafe078281631d5be201e74994adbfcbb9fc4af4b45d3f1320c0b47fe8799534,2024-08-08T13:04:18.753000 @@ -276466,7 +276499,7 @@ CVE-2024-9009,0,0,eeb88ddbe5b876be2da9458977e863a4a7e2f8f749b5ec4c67398617f01067 CVE-2024-9011,0,0,5f917ba5d6e9e414a668fa259efdc89c2355605a5666ae5f81812d44488e6ab9,2024-09-25T17:48:14.820000 CVE-2024-9014,0,0,220003038e0ed1cc49a0befe3090135c41cd16a5f829c2d65bd6cc8f984c0497,2024-09-26T13:32:55.343000 CVE-2024-9018,0,0,9d5f9a71065cb5737c3eb97e3b8fce2545d7a7505edc442df3224ec9cdcd8b15,2024-10-07T19:20:48.293000 -CVE-2024-9020,0,0,e5d01320e0bd87d659fe948b5f9ce3d9a3dc4c2dbd0f80d37232759f033fa622,2025-01-18T06:15:27.787000 +CVE-2024-9020,0,1,13f7d55260c3dda01ac88411af938bbf50d791e8c741bac69665223f77a450e5,2025-01-22T15:15:14.407000 CVE-2024-9021,0,0,38ce15408413883ac2962e131e46ff98aae3d8ba8d1d410ba95b4f315f4dd5ce,2024-10-10T12:57:21.987000 CVE-2024-9022,0,0,b97de3f37f13459888a48b84864cef3e3e6492a34af924d2e6bb02f8326a41fe,2024-10-15T14:34:12.063000 CVE-2024-9023,0,0,566271d29d8f54a0a61ddaf86501114bfe67a778e35c5f516ed0b6b3612b9879,2024-10-01T14:39:38.370000 @@ -277306,10 +277339,10 @@ CVE-2025-0199,0,0,865eff50876368f6ac555513ef5b5fdc0dc9570302fec6e10d6fc34ec2c217 CVE-2025-0200,0,0,1c56f86e27712fa129121bf2c2fd0e92b6fdb9217c52909f73ec929344fbe1a0,2025-01-04T03:15:07.020000 CVE-2025-0201,0,0,30d561bbfd9ec1b18fbccd47b917b093d8cbccc70befce1eb07ea9e1538c205f,2025-01-04T04:15:05.620000 CVE-2025-0202,0,0,4c4572616f5f93191d3ca13fa7d12bcd95c17e726cd3cc4bf6f102513e2b629c,2025-01-22T07:15:16.570000 -CVE-2025-0203,0,0,f4f16172cc907092be7bf8bd85b3cb11ecbb96f6a39eff1b8d36416624072d2e,2025-01-04T07:15:18.153000 -CVE-2025-0204,0,0,846f0ee815d008acd3fd5c74a82117af3a462c0c6ef86ae890ec1388afee5e98,2025-01-04T08:15:06.923000 -CVE-2025-0205,0,0,31eeffd6d61e77b4c0d2cbe6c9b332395394cebf914095982ea8aa78b86d03a1,2025-01-04T09:15:06.280000 -CVE-2025-0206,0,0,7060596fb0cabe4d4977ba5fac21ec1b8ffcf626d16b8cad6103edc7ad85c228,2025-01-04T12:15:24.830000 +CVE-2025-0203,0,1,a5f6177ca59532137b7b1f2b25e590caf5585a2f4c15e38814775e99d2a98cb0,2025-01-22T15:47:10.633000 +CVE-2025-0204,0,1,c001082b579b79c29609669bbec6a0725a6fcece40acb248427f26e9b7e4a830,2025-01-22T15:42:44.060000 +CVE-2025-0205,0,1,c1b8963cbb2c2d758fd565d8a381a54f1bf965f9ab8540f4de794a43621e8aeb,2025-01-22T15:33:38.597000 +CVE-2025-0206,0,1,064dfa4d1e97db9eae9addeb262c8b5d590ee6362351d05bec1694aa9acd36ce,2025-01-22T15:24:50.937000 CVE-2025-0207,0,0,efb215193134d5c08e2d49348e35ad7019ed0b6e630925d219b699652b9455e4,2025-01-10T21:27:26.337000 CVE-2025-0208,0,0,5a82bd838f0fb22689ddb131fe9167ef55569a112269991392ae74673203ed76,2025-01-10T21:28:35.270000 CVE-2025-0210,0,0,3ba2859cb45e451a40b49d3263091b5cb6aeae0c2bc600704b5eb18b048c0e12,2025-01-10T21:20:42.080000 @@ -277388,7 +277421,7 @@ CVE-2025-0391,0,0,ab8f7905746a492810fe86765faefb1fff997fc4d75bb4be776d20c58a3559 CVE-2025-0392,0,0,59785954f613ac3d294944412df9ed2ed102ba9c9ed7f965ef5916a645263c65,2025-01-11T11:15:06.657000 CVE-2025-0393,0,0,959e820d75bdf7a4a4738ade5c663f0e8ec388ca0f6b468cd52102afbed99998,2025-01-14T09:15:21.263000 CVE-2025-0394,0,0,8af05602da319139a083fa2a7a4d905dc508d9028abbcf98db5f09623dbab6ca,2025-01-14T09:15:21.430000 -CVE-2025-0395,1,1,cf87ba40103953bd3059e082ae74eceed6be7b1d8bcba1ca2600843f0faddaf7,2025-01-22T13:15:20.933000 +CVE-2025-0395,0,1,028a49af5b50e5ca5090934d62970e433f1ebf15a1a5555a600e8217de824ec3,2025-01-22T16:15:29.893000 CVE-2025-0396,0,0,18d39e6a7adcce3603c1c0aa9eb8543815bc0fec0a28cf7987d5debab0b3fa41,2025-01-12T12:15:17.963000 CVE-2025-0397,0,0,08feac0210d169d6c425c3e514046442ce8702b1c9bf4c395a52e3132e842759,2025-01-12T13:15:07.333000 CVE-2025-0398,0,0,4dce72a8ed9b3c643da849528d4f1f4a44373786b63fbf729a0e8a57af35dcc2,2025-01-12T14:15:08.993000 @@ -277495,10 +277528,12 @@ CVE-2025-0584,0,0,37edd7443b159fd364fe1f94f606e27d6a33e0c9083f38da0f466f56b50d0a CVE-2025-0585,0,0,da99d05fd55072bf46a920856a2fb4b6ebf8e817a63e5b48426e8c31494a0fa3,2025-01-20T03:15:09.283000 CVE-2025-0586,0,0,abf0a06c875b8bd5421f2c6f6ef5b8719d6ca1dacc61f1270de8b585f4b2e6ab,2025-01-20T03:15:09.433000 CVE-2025-0590,0,0,c554cb9a0bdc14b97d65dbcaf6b8f0519615dcf5380f9d8d26f0b94a792fad9b,2025-01-21T15:15:14.117000 +CVE-2025-0604,1,1,87d9407a02620becef67b9dd9028944889fa4567f9f58fb72c0a174c2afe74dd,2025-01-22T15:15:14.827000 CVE-2025-0614,0,0,c85e5b141df45983a9b8023744afed1074e3155c77698a4efcba3b1933f20f8e,2025-01-21T12:15:27.580000 CVE-2025-0615,0,0,24948b17ddad86445a37019481e808c754a1ff5ca4b2da53c27f9618c73c00c8,2025-01-21T12:15:27.737000 CVE-2025-0623,0,0,341d910d0f0f4575e107592c92f38288f68e01fe716af21df488a6d82193e481,2025-01-21T17:15:16.817000 CVE-2025-0625,0,0,aa2cb20c8c831ead0221791f1496fad6fff25e44f479f9085e096921461f29e7,2025-01-22T02:15:31.123000 +CVE-2025-0638,1,1,ac9cca0d245198ff4674963eab0600993bc0b56692f14b75cf07327388ff27d0,2025-01-22T16:15:29.977000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000 @@ -277638,20 +277673,20 @@ CVE-2025-21311,0,0,b56c463e369aca2df31d59e80920fd6bff0c923b7be3f999d807397e5f54e CVE-2025-21312,0,0,db7e9adf484eecd8c9e33952b10670d4ab4a6c31412fb4f9d1d84b29a5796d2d,2025-01-14T18:15:54.770000 CVE-2025-21313,0,0,7ac3ef64e6b325e25b46611210f95c57375237478ee561be5061d04148cdca80,2025-01-14T18:15:55.007000 CVE-2025-21314,0,0,e10d4e44e3792ecb48788730063ade6b797b0fa3f6d495c19fac3cc1f4bb98a3,2025-01-14T18:15:55.163000 -CVE-2025-21315,0,1,5a13d39751996d646bad2814d5d374399878c40170b6fad35ea2f1b021fad591,2025-01-22T14:40:33.967000 -CVE-2025-21316,0,1,82452fd2c845ec85f7c6e5170cf3bd46a3abf2af010f9fecee630f5a318e9cab,2025-01-22T14:41:48.963000 -CVE-2025-21317,0,1,47a39641747b93c1cf8683236678f9f7006a6541e67da79b6f56e0f7a89aa8b4,2025-01-22T14:42:50.910000 -CVE-2025-21318,0,1,37c2f3629b3799d3d76873bcddcdbeb3ba8a23a22239f92eed8c11de9c5c7e31,2025-01-22T14:43:57.630000 -CVE-2025-21319,0,1,4ccb1b3d39c63ec552a98f81e04752d660c39a637ce839bcc3143fe54365d48d,2025-01-22T14:44:50.860000 -CVE-2025-21320,0,1,64568b0df3303426d11157001b49f37c41450f1b369fd6b5b01a06f29a8e600b,2025-01-22T14:45:53.317000 -CVE-2025-21321,0,1,8eaa5c182aa8b73985abafd66d823dd6012a7e80a091417b1719d0967da5e06a,2025-01-22T14:46:12.787000 -CVE-2025-21323,0,1,a73a1631a5186a151b017a313391a3761333ecb9ade0b752496092d793aa20bc,2025-01-22T14:47:11.963000 -CVE-2025-21324,0,1,4ce590d9aa9465948f8944282a6eb5f28a29dd0137b8686afe0b97b3d8cc8e88,2025-01-22T14:46:51.207000 +CVE-2025-21315,0,0,5a13d39751996d646bad2814d5d374399878c40170b6fad35ea2f1b021fad591,2025-01-22T14:40:33.967000 +CVE-2025-21316,0,0,82452fd2c845ec85f7c6e5170cf3bd46a3abf2af010f9fecee630f5a318e9cab,2025-01-22T14:41:48.963000 +CVE-2025-21317,0,0,47a39641747b93c1cf8683236678f9f7006a6541e67da79b6f56e0f7a89aa8b4,2025-01-22T14:42:50.910000 +CVE-2025-21318,0,0,37c2f3629b3799d3d76873bcddcdbeb3ba8a23a22239f92eed8c11de9c5c7e31,2025-01-22T14:43:57.630000 +CVE-2025-21319,0,0,4ccb1b3d39c63ec552a98f81e04752d660c39a637ce839bcc3143fe54365d48d,2025-01-22T14:44:50.860000 +CVE-2025-21320,0,0,64568b0df3303426d11157001b49f37c41450f1b369fd6b5b01a06f29a8e600b,2025-01-22T14:45:53.317000 +CVE-2025-21321,0,0,8eaa5c182aa8b73985abafd66d823dd6012a7e80a091417b1719d0967da5e06a,2025-01-22T14:46:12.787000 +CVE-2025-21323,0,0,a73a1631a5186a151b017a313391a3761333ecb9ade0b752496092d793aa20bc,2025-01-22T14:47:11.963000 +CVE-2025-21324,0,0,4ce590d9aa9465948f8944282a6eb5f28a29dd0137b8686afe0b97b3d8cc8e88,2025-01-22T14:46:51.207000 CVE-2025-21325,0,0,31758d0cc76d6380f02d2304f83926081d1e932ac95a6eee2a71dc7102dbe268,2025-01-17T01:15:31.073000 -CVE-2025-21326,0,1,a5e6f1ef9b9a2944d2bea648da839845d2d7762f68463063bd25e92cfb364e2b,2025-01-22T14:48:07.620000 -CVE-2025-21327,0,1,7bac4461b88a40da2348ee4029e1707219f2df088efa12aa55c2e9580623a255,2025-01-22T14:59:37.587000 -CVE-2025-21328,0,1,dd919c7fd6a45815c6a0be9a54c809e84249c572d7c566b2907d17270baa8f75,2025-01-22T14:59:12.047000 -CVE-2025-21329,0,0,a0895a1c387b8ff9b6c5a245a0e15ad298a5e72612aacc87cbc41ad0b6226729,2025-01-14T18:15:57.733000 +CVE-2025-21326,0,0,a5e6f1ef9b9a2944d2bea648da839845d2d7762f68463063bd25e92cfb364e2b,2025-01-22T14:48:07.620000 +CVE-2025-21327,0,0,7bac4461b88a40da2348ee4029e1707219f2df088efa12aa55c2e9580623a255,2025-01-22T14:59:37.587000 +CVE-2025-21328,0,0,dd919c7fd6a45815c6a0be9a54c809e84249c572d7c566b2907d17270baa8f75,2025-01-22T14:59:12.047000 +CVE-2025-21329,0,1,9be90aee067b9fd32a5a19fe91b2514af6fe209fd987df078deb30d3caaab83e,2025-01-22T15:02:32.270000 CVE-2025-21330,0,0,e9596fdbe050e6b04292f06212bec1896e015b0111ce0ee99a206b6dc4f64682,2025-01-21T20:04:19.400000 CVE-2025-21331,0,0,082b98f28b869f075fe82528f0ac19a8ce6f77d17ae317e8556aad895fa48f1a,2025-01-21T19:58:20.833000 CVE-2025-21332,0,0,edf859babd061219cc1cce3d52c09e668a5e0f31058bfea0e2ae4470ea2b16a4,2025-01-21T19:57:17.993000 @@ -278099,6 +278134,7 @@ CVE-2025-22764,0,0,bb4ba9e4fde2400f152116cd1aad7bbbdbb7d640219a8e01ca47cc112eba4 CVE-2025-22765,0,0,05da1bdc9e7167edf5387de0586b61a1995a9741b623487d7015cbf79f0a61e1,2025-01-15T16:15:39.543000 CVE-2025-22766,0,0,343e87bbd358f52869bf43f77788e51e9a96e6bce59424af557599ac7a821c7c,2025-01-15T16:15:39.700000 CVE-2025-22769,0,0,4e6d679e63f8fe706c18670ecdd89233f779b3c6dadefbabc9659ff336c0b4a9,2025-01-15T16:15:39.860000 +CVE-2025-22772,1,1,3a00e89ad909c68ba2b86c31324220231310a44e7a9d8f09a57bfe4d0193ce08,2025-01-22T15:15:14.990000 CVE-2025-22773,0,0,fcf097b5a8bf8f017de7fe5f8a18a77369aacf0486c55459d6bb76d657f29d3d,2025-01-15T16:15:40.027000 CVE-2025-22776,0,0,3a44d2ed038c8fcf2a82ed573a85678c06e1f13008a49c36e4d4a59c650fa83c,2025-01-15T16:15:40.193000 CVE-2025-22777,0,0,6e361a5228daa020e40ee58c141da823e7968148e70048924a6df32b9ceb16ce,2025-01-13T18:15:22 @@ -278158,6 +278194,7 @@ CVE-2025-22963,0,0,12477de813cda7364e5796cbdb911aad8e18d4387dfeeba96b71ade7cc11b CVE-2025-22964,0,0,e69aed1923aea3897411457b44976dbc204f41e7c2ec36d989f628a69185179c,2025-01-15T23:15:10.650000 CVE-2025-22968,0,0,41c7a798ef1cac51f67409788e09403bf1c73ade164309e1bf03d8de0a22a69b,2025-01-16T16:15:35.917000 CVE-2025-22976,0,0,7635385bbb1168f03f689653f73812b5306e7c676072ca854591d831ffee9997,2025-01-15T23:15:10.783000 +CVE-2025-22980,1,1,1b650497280c100d9e87200d77a5d79d3f284742776a6c05fc5e9f294577aa3c,2025-01-22T15:15:15.130000 CVE-2025-22983,0,0,a4325d671f457e3a88359f4b166998f53b22f358b22808393b6eeb33cff62cc1,2025-01-14T16:15:35.603000 CVE-2025-22984,0,0,c374cc7c54df2dedb6ecac62cfd3186e913633b44b128647ebb7edc501f96a0c,2025-01-14T16:15:35.710000 CVE-2025-22996,0,0,c50cf62284cf751584047e7a98111e31ae9d7e05423e0e28a6dfeca6772a6ab9,2025-01-15T17:15:21.837000 @@ -278213,8 +278250,8 @@ CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4 CVE-2025-23127,0,0,ef1aeaee3e917139d62386eaa309c28fa46e54be8ed45ecdaab4f9d4f96931db,2025-01-11T15:15:09.173000 CVE-2025-23128,0,0,856260a69fb4f1bb5d13296c47ffc7dac686c7ca9a44fff8151b1b7f11a740a9,2025-01-11T15:15:09.250000 CVE-2025-23184,0,0,85dc0b5143649e34450a3676900e6e40d3e1c3056b6e1dfc30b9a36cadde4291,2025-01-21T10:15:08.110000 -CVE-2025-23195,0,0,de9c3e0616055755eb88496195be7da667a673da404c67e50eb3df705a66a6a9,2025-01-21T23:15:15.490000 -CVE-2025-23196,0,0,8dd8ba3f17a570f9ea5afcd55b41095127c66b8baaf5d7d04e4de9e454ce58bf,2025-01-21T23:15:15.593000 +CVE-2025-23195,0,1,330ec078db97e6dc3fdb7cdbe57f6450c92255b88a9b52bc02ab0cb6754204fa,2025-01-22T15:15:15.237000 +CVE-2025-23196,0,1,c86901772359f4512fdd147449b9ed6294fa0f580a5b9af77dfe2551cf2e530c,2025-01-22T15:15:15.390000 CVE-2025-23198,0,0,8821b8df90adb16cf3625e528f68c391c0bcfa1c8e1e079b50c30f527c621897,2025-01-16T23:15:08.410000 CVE-2025-23199,0,0,3b82f03297e12f7b25649af5d3a8aa211e1441848bb66c00094132bcfe252a94,2025-01-16T23:15:08.567000 CVE-2025-23200,0,0,76f8b53439f8a2997652c579cc0769759091077ab1b58d306f6ddac70c67ff17,2025-01-16T23:15:08.720000 @@ -278246,55 +278283,89 @@ CVE-2025-23438,0,0,d5b99d41ae258b81c318d76badc751e3c16a7fbfb5848a85ee9570d47579e CVE-2025-23442,0,0,ff778f6541faf895ad64165d80b689e528bc89a7807a8adddefabde77d4edffa,2025-01-16T20:15:35.210000 CVE-2025-23444,0,0,bd139aa5f0d5452b293e56da4268a8dc616b5f5ec3a0335035b071fc8609deb1,2025-01-16T20:15:35.360000 CVE-2025-23445,0,0,641133bc0863203a2790eaa4ca8b7599bd8c7c6922be0e426f2e225feec309f9,2025-01-16T20:15:35.513000 +CVE-2025-23449,1,1,6bbcc9886e2c670b577a3a18178e87df9ed4a131fd95c3706bc4c5f073e90961,2025-01-22T15:15:15.650000 CVE-2025-23452,0,0,9ae20555b511c9e710c7a052682906033b9071856145809833c544b191d171ae,2025-01-16T20:15:35.730000 CVE-2025-23453,0,0,559af2b40776602b954faf6eb051d0ee733c24375fc61f4efde0fb69b854694c,2025-01-16T20:15:35.883000 CVE-2025-23454,0,0,378302c8707f6fd96559ef4a7f4efc3726f47806c14b509deb4db543cb645290,2025-01-21T18:15:16.223000 CVE-2025-23455,0,0,b68e42bf1b83a50e0ae3f133160e0d1ee1a7c47161ff1547208b101f38e9ccf6,2025-01-16T20:15:36.033000 CVE-2025-23456,0,0,b9d69f441ecef487989469cbcdd543bce473422ca06c51c0b02404c7506af3d0,2025-01-16T20:15:36.247000 CVE-2025-23461,0,0,579c786c500a65f7aa3e7a2033668428f43b1c94463c7a65645aeaa42575698b,2025-01-21T18:15:16.387000 +CVE-2025-23462,1,1,c83da6f92808e55252781daa2b8102b2a0626a82ecff91e0a94155a57a6af52b,2025-01-22T15:15:15.800000 CVE-2025-23463,0,0,98d57f4a46d47d157b5ed19edc615443bfb511b5852b7cb0045c98e9789a1faf,2025-01-16T20:15:36.397000 CVE-2025-23467,0,0,2bf367475f14e1f3924f0a4f22a4aea1a79671e1b9e87972e80793a0f370189e,2025-01-16T20:15:36.547000 CVE-2025-23470,0,0,8848375424af5ed790014076bbf48be372e428fab979e2d67fe4f034138fca32,2025-01-16T20:15:36.700000 CVE-2025-23471,0,0,8559e2ce78e3acc0fab057aadfea445292e3f0c4980827d748c143f09c30fffa,2025-01-16T20:15:36.840000 +CVE-2025-23475,1,1,abfa8175f15a8c73c768247625e270489041dc5b6e8d664338de8f476db8dfb7,2025-01-22T15:15:15.950000 CVE-2025-23476,0,0,2e73d00e315595f7a053681ff301d905967319719056a5b9f811682d4d934c03,2025-01-16T20:15:36.990000 CVE-2025-23477,0,0,c7489baa6f69ef0bb4b1b7eaf1230c06dad483f56b09a6c00a2b524d2ba86b48,2025-01-21T18:15:16.570000 CVE-2025-23483,0,0,4bc6ad2f14d9de9a0797c4da2efee9475ed740963c9329c34f76f07dc090372d,2025-01-16T20:15:37.133000 +CVE-2025-23486,1,1,a151744ace0baf7355a35feb751799851f8129e7da75e14c50722636b3d28eae,2025-01-22T15:15:16.093000 CVE-2025-23489,0,0,3a3896d255f4929b2a6075498e324095380c69536d4ce827a6f668f6ee92ce2a,2025-01-21T18:15:16.740000 +CVE-2025-23495,1,1,e624f14289c8ce911d08e4eb390eac71a09062a20dafcdb0b721551249a2164f,2025-01-22T15:15:16.230000 CVE-2025-23497,0,0,e94acfea44c4d198d5a805782578eef8be632de6ca980583b81a625d10980e86,2025-01-16T20:15:37.293000 +CVE-2025-23498,1,1,2268e6bec17a5f4f64ae99a91e6f95b642dd60a2ee00673b34d1dc59aa5200c1,2025-01-22T15:15:16.370000 CVE-2025-23499,0,0,18de021795ada6e9003ac109fee0e567e9be54c39a2e050c169b423a62e8fca7,2025-01-16T20:15:37.440000 +CVE-2025-23500,1,1,91a82946fab21967d3b6dbee527f97915154ff38de1323f9bf60075ab19bd6a9,2025-01-22T15:15:16.500000 CVE-2025-23501,0,0,2ca3004ea38a2bebeea912643e9114dc05292b671294dc56e8b3bf1f4edc5f4c,2025-01-16T20:15:37.593000 +CVE-2025-23503,1,1,80be664a3eb5b76d13393576ef7abb61c375e9c1bc129f0052ec70eef733c7b3,2025-01-22T15:15:16.633000 +CVE-2025-23506,1,1,30310ef26b26ecaa96c1cd04907444f802ebcf0b7098d704f1603f14c78f517e,2025-01-22T15:15:16.777000 +CVE-2025-23507,1,1,812d4a62b581f6dd4957734d246921934999b28ae76f67f125c6191e54d589d3,2025-01-22T15:15:16.910000 CVE-2025-23508,0,0,790c1f1efcbcf318bf4001598b0da1f3fe803cd0e7ef29b63714b6cf9d49876c,2025-01-16T20:15:37.737000 +CVE-2025-23509,1,1,cb6c2b1174641777b3b8be8152dda4c81a20345e9ee36c211fce6f5f55ac5e1b,2025-01-22T15:15:17.043000 CVE-2025-23510,0,0,0551a63cb17b341b73a80a568037ce1923b810839cf988e2aae99d670ecbccb1,2025-01-16T20:15:37.890000 CVE-2025-23511,0,0,996d3c261b7453d558ae9e3bf08bfd98e9228b013a71ca7506bf459ee4c525d6,2025-01-16T20:15:38.040000 +CVE-2025-23512,1,1,25ea34cdd44b3fec289362e17617e718f5bd0062d0fb236a44d671db855c3fcf,2025-01-22T15:15:17.160000 CVE-2025-23513,0,0,b49e0ef03f655c5857bfec7a9b723b31c64932dc8261d0e026a3117175ad4f06,2025-01-16T20:15:38.193000 CVE-2025-23514,0,0,34e07e624b89702dfcb5b7bfffc35f3e8691ecd3b879348a43ce40f20c111b68,2025-01-16T20:15:38.337000 CVE-2025-23528,0,0,12168907b0864434d8a4020bcee1f63e4e5adfac10d77e79ea19c426fc40d9ce,2025-01-16T20:15:38.480000 CVE-2025-23530,0,0,8ec89260a35cc3a80dc4111e53382b9b64fc77741f1d33c294cb6047b2afd7ab,2025-01-16T20:15:38.630000 CVE-2025-23532,0,0,deffa93a5742d05598342f489a5313af6567bbdcc8641635c5652a151952e2c9,2025-01-16T20:15:38.783000 CVE-2025-23533,0,0,2feaf795f1df273221ac6faa2b92c08d09ccb79103144b0efc3eedd5b4158baa,2025-01-16T20:15:38.930000 +CVE-2025-23535,1,1,8c6c7853932dc86cad261901d628618e5a1cd59da8c0402b855e776a2dfe5b87,2025-01-22T15:15:17.290000 CVE-2025-23537,0,0,79e57ef42623bfacf08bcf48f182a917b206d07a7014897deba86aa5721ba1be,2025-01-16T20:15:39.070000 CVE-2025-23547,0,0,6f6ff07f3f424280073fce42bfdec78cd39e7aff8dc91e913640e544d32ed50a,2025-01-16T20:15:39.220000 +CVE-2025-23548,1,1,c721dc1137d98fc07da1935fe1c35885f96adfba5f6a1ac31f8a89ee20a0c5cc,2025-01-22T15:15:17.423000 CVE-2025-23551,0,0,3a2e7c6f8f024397a3482b683af17f9f32814f81bbc6ca9c38c2f9e9c6fffb26,2025-01-21T18:15:16.927000 CVE-2025-23557,0,0,4948e4f74dc87131949549d056234a4050a760fc1ac3fba66738bd84c832aa2e,2025-01-16T20:15:39.363000 CVE-2025-23558,0,0,4291468aaa8c22c74e0bbb0da124051b4e99d0d01c1849f5de31eebeb38c94a6,2025-01-16T20:15:39.503000 CVE-2025-23559,0,0,f107280d0e32fb23f5905ab5f11f98c3b724795adfc26ea0537d5d8ff93e33a0,2025-01-16T20:15:39.650000 CVE-2025-23560,0,0,19b166e58f91145a20070e52b1a91deda6a79a11328a651eb2f155e7b5e396b0,2025-01-16T20:15:39.797000 +CVE-2025-23562,1,1,0821333113da319954bd091c14293df487d7cd138f4dba1eca4a09fb86aeda7e,2025-01-22T15:15:17.557000 CVE-2025-23566,0,0,88ff034c0930eb7962346da8f31a94b9eca19a480252f7930366050551ebf8fd,2025-01-16T20:15:39.947000 CVE-2025-23567,0,0,a5334e3a1104d1d3b6196126e4f57ba74f8e92384c039079a9ba04e3f6d27982,2025-01-16T20:15:40.090000 CVE-2025-23569,0,0,e1a856fd806178c29488dac0d174aee24c02bc663bf84b5b8e41189ca4debaaf,2025-01-16T20:15:40.230000 CVE-2025-23572,0,0,de6082afe4a128b0f4da24928b9919e3a956306fd340d20a91397a5cf127b9da,2025-01-16T20:15:40.403000 CVE-2025-23573,0,0,47a2bcb665ab1e714c4b6c92d3ce819a124f5bc1e2f376db1bb99620f62cdb15,2025-01-16T20:15:40.740000 CVE-2025-23577,0,0,3b4af4e716479b74840f3095c9fd247d1229a5054ee21299e6427c4aa395d98c,2025-01-16T20:15:40.877000 +CVE-2025-23578,1,1,f708e31c6de5a86dea38d33547975de66c336e6d0303dec1b150fe8cc9302e08,2025-01-22T15:15:17.687000 CVE-2025-23580,0,0,9eddf1eaf4a2583c5b20fc89e10aebe5e5cb76e2c48e48f723b868a0c186ea78,2025-01-21T18:15:17.133000 +CVE-2025-23583,1,1,89446bd1812e0bd45f0d3294b52f4322c4c517986038f3f90e76266ea92928eb,2025-01-22T15:15:17.820000 +CVE-2025-23589,1,1,74a757f601230eab4ee58c1089b93c9544751015dd8e4966bae8697ffb0cab88,2025-01-22T15:15:17.950000 +CVE-2025-23592,1,1,c87dc130bbf66b4c6a0968a3ed7dad715e6675098d8720b6f32bed0c19f7b3cc,2025-01-22T15:15:18.097000 +CVE-2025-23597,1,1,fc06c679d2a2b40c5e7f08a2d7abf6951e495ca8370aefad9cccc8430369bcef,2025-01-22T15:15:18.230000 +CVE-2025-23601,1,1,06c8c2a2a7ecfa69abe997380c981772165bf082de61b014b970f7589c636a06,2025-01-22T15:15:18.363000 +CVE-2025-23602,1,1,11e799a3cab86aa8163996cf13c6d2ad675df72a6f091c99c4bdf1bfb38ccaf5,2025-01-22T15:15:18.503000 +CVE-2025-23603,1,1,ed9daa648d35ef25153f47c4fad725ce6887686049499acb86c08fde0ba99a0f,2025-01-22T15:15:18.667000 +CVE-2025-23604,1,1,84fd112feffc0131ff3c203ca73c4af398db56f66a61c6d2835f3e2756ed98b2,2025-01-22T15:15:18.810000 +CVE-2025-23605,1,1,ae4fec196d1dc1b832453ea9215414736d1e98d98f373b6a2c7903b1d88cb17a,2025-01-22T15:15:18.937000 +CVE-2025-23606,1,1,0ee5355fde41d2bc73e2c4e9c6d390169df372d7a41f6d3a93a1090161861862,2025-01-22T15:15:19.073000 +CVE-2025-23607,1,1,c0547b75766f509223c1e036dccb8deb3606ab189e01667115b20b19b0f124f2,2025-01-22T15:15:19.200000 +CVE-2025-23609,1,1,df23a2919c94b2b16eb8d0e3352f2b745fe5bd0958b662e7f3acf295ea100218,2025-01-22T15:15:19.343000 +CVE-2025-23610,1,1,fded1830d43565dcaa6303361612e26a6faee72e05634f88161f185c38060986,2025-01-22T15:15:19.473000 +CVE-2025-23611,1,1,0fa9fe31de6eb13601640e8aa16e79063806ee87d181a3afe85dbc669bdecd23,2025-01-22T15:15:19.610000 CVE-2025-23617,0,0,87ef3623aa25e2331adb93f67250ff54cd8c0a9d97a9df407392635eb142408e,2025-01-16T20:15:41.027000 CVE-2025-23618,0,0,2b70f46c9d14af7d7f45645689d4bdb93fcf0d60e0c8dbeddd3d561041eb97d6,2025-01-16T20:15:41.193000 CVE-2025-23620,0,0,09647c5f995fa9db6ccd9597829259959bc90db907c440ccec24baf4752a0b99,2025-01-16T20:15:41.340000 CVE-2025-23623,0,0,3a19bc13049e6280f5b56d5b01402a56d91485d47ecc589213c73480465da52e,2025-01-16T20:15:41.480000 +CVE-2025-23625,1,1,217e6ef7081bd7c0b9ba662afee4b1c58fb2a9d65b968b7120bc7c3250e2e5fd,2025-01-22T15:15:19.747000 CVE-2025-23627,0,0,a0e2c69c295a72f80218793a17c28928376cacd73ebedddc83b23cca208996f3,2025-01-16T20:15:41.617000 +CVE-2025-23630,1,1,b208c37b8385004cf5b9ab8d1ec82d31a1f5c74f6a94ffaf184ddae9429cddca,2025-01-22T15:15:19.877000 +CVE-2025-23631,1,1,02f6d9465957d5054c431116ffffa3869b38bff6e84764dd8de2115daaa0a23a,2025-01-22T15:15:20.013000 CVE-2025-23639,0,0,b5e6c8257038b7490893c42ae7e3121aaccdfc060b9557b2c3eb27b9ad45934a,2025-01-16T20:15:41.763000 CVE-2025-23640,0,0,118e59034a736b15100f4213d9ad0026082135513d4f080af852d559dd80b4a0,2025-01-16T20:15:41.900000 CVE-2025-23641,0,0,7d997794a239066a0b1939bc772f48c377254fbba43ec4f01793fcc89efd7a16,2025-01-16T20:15:42.037000 CVE-2025-23642,0,0,6e64755b7ebe6355ada34a7729dd7046343f3faf18763fdbff82b45cfa37662e,2025-01-16T20:15:42.190000 +CVE-2025-23643,1,1,9f37a10364f980bad82780c689fdd78a0deaa3ad1e962d401a820b194b2472df,2025-01-22T15:15:20.153000 CVE-2025-23644,0,0,326651915de9287cf85320be6c8601ed58c356f5737bd31685f6785764f50a52,2025-01-16T20:15:42.323000 CVE-2025-23649,0,0,a43a99cf921270df6f54630a1d678841e6741ab04c2bf8f250e77ecaecfc577f,2025-01-16T20:15:42.463000 CVE-2025-23654,0,0,e18c9b36c57bb400d64806c75d784772ed09a49c73653ec930b121712ce380df,2025-01-16T20:15:42.607000 @@ -278304,42 +278375,68 @@ CVE-2025-23661,0,0,1f7f57e7bde62e643387dd0bb1448a0354f6c08b04d2c093fc9523e9645f7 CVE-2025-23662,0,0,551ab5d2ddda20a665b042bd77267fd330911bfdaae473af13983770c49d1a4c,2025-01-16T20:15:43.167000 CVE-2025-23664,0,0,5eaae3d9bb9680e71179473e67178d8041daabfe633ea61ccf7a551976bb9be7,2025-01-16T20:15:43.320000 CVE-2025-23665,0,0,df3a85fb9b6ff519cb09c58b53e0bb17cb58cc0d047b57ae4c9ab7778577a02d,2025-01-16T20:15:43.460000 +CVE-2025-23672,1,1,c3fb91af1806348814c63d2074cf691c867e564aacd74a17c71282cea64e38ad,2025-01-22T15:15:20.287000 CVE-2025-23673,0,0,29cefcd5e33b42efd9dd838456a4202e1ca110aefe8c270bd5abccdd213d0d3b,2025-01-16T20:15:43.620000 +CVE-2025-23674,1,1,564e59b5646963f90da8d6de7e570117f5c77d33a4ef7b8468aaa60a3e08443e,2025-01-22T15:15:20.420000 CVE-2025-23675,0,0,458c1564a7ab6b017d8c9eba76dd37a8a1853b4061aa5abc64dc3ca26db82593,2025-01-16T20:15:43.753000 +CVE-2025-23676,1,1,18be2b13b1b7ba91a99e0a34f4f28cd978a6f344061f3dcc8948012463f56f04,2025-01-22T15:15:20.563000 CVE-2025-23677,0,0,4f1d78d3726e731bfdb135ac6135bd5100b5ae0cb26c60d465015a36da99e6d2,2025-01-16T20:15:43.900000 +CVE-2025-23678,1,1,b3410bde97a95c9b9a03a0d369341d6c5658893135b851378c1d8f847642358e,2025-01-22T15:15:20.703000 +CVE-2025-23679,1,1,93895d1870d3adabcbd4fb28c2e5720cc79a9c04168bf33764d6520ba310bea0,2025-01-22T15:15:20.840000 +CVE-2025-23681,1,1,509cb0a613eb557f8ea195c8e72dfbcf0e8aa99589c2537e75cb3ffcf5700059,2025-01-22T15:15:20.977000 +CVE-2025-23682,1,1,bc0c141099979b7d253776b5d6bad67fbb952b19a1f94f525728324058074ac4,2025-01-22T15:15:21.123000 +CVE-2025-23683,1,1,a3fdbbfed0d3ea240d77190a49def75faa2f7492b32723bbf199bee3e981e548,2025-01-22T15:15:21.260000 +CVE-2025-23684,1,1,c46bc8e9bf9aa909760560cbfad6d08ccb9bc0c607ac7315a88722fbc67f3ef9,2025-01-22T16:15:30.260000 +CVE-2025-23686,1,1,0c58b3a3ffe3be2de9ae3d7864ede303d49849d5b1b75d6d89318e30ed12a089,2025-01-22T16:15:30.433000 CVE-2025-23689,0,0,3a077a022662cdd0d4798ac2d9b9685961bbdf05d3a8d2e748b53124c3ed929b,2025-01-16T20:15:44.040000 CVE-2025-23690,0,0,b9e8b4ce7cf418df7c2c552d6aa61f7715b27609fc2dbb370252e45d7528a647,2025-01-16T20:15:44.197000 CVE-2025-23691,0,0,8bccb2407b1830314e082c5ccc8a74914d5f3fb937895330615769bfb1ba0062,2025-01-16T20:15:44.353000 CVE-2025-23692,0,0,2e17dc09b58fdef7a64a307b9ebb3a4288c1a3ecd370c86b93c09184b7a088a4,2025-01-16T20:15:44.503000 CVE-2025-23693,0,0,35d2dbe83503ee70f28839300571a6bba777b599f92d984a8e0b4e211b5751b4,2025-01-16T20:15:44.637000 CVE-2025-23694,0,0,47fbe05d2104a10812a77806de68baefc74a15965356e2e1bafbd830b42b3650,2025-01-16T20:15:44.780000 +CVE-2025-23695,1,1,f166deda11b61054e0bf2058755f5b277ea75f7862850941337d49e768180aab,2025-01-22T16:15:30.597000 +CVE-2025-23696,1,1,216d48c3dd3286b58b62c74d3ad46886e08eb98e8b8830dc9f3fa8e90f181895,2025-01-22T16:15:30.757000 +CVE-2025-23697,1,1,4d7f30807308f17eb9712be7127e9c310d0f80a00ab56a911f3a4a58863881a2,2025-01-22T16:15:30.923000 CVE-2025-23698,0,0,b0aad547409e3d2f2bb0d70a09a8547f4cac544665b4cf85000d48948b843e58,2025-01-16T20:15:44.910000 CVE-2025-23699,0,0,21e2b4434b6bbb2f1d160ef769c9fc35e826158249f91b861f8551b4bb2b9f2f,2025-01-16T20:15:45.060000 +CVE-2025-23700,1,1,86fab3e7b6c454fa73ec1009deff6ac4bf723429159a48741efb53d8e2023bc6,2025-01-22T16:15:31.097000 +CVE-2025-23701,1,1,be658b156f070fc8a4b1f52018bd898578f0d64f4fdda903c2aded4c368a4ad6,2025-01-22T15:15:22.250000 CVE-2025-23702,0,0,c6087cb20ed5d5e18a0f143ed78da44b9304f988bd02c1f96e1ffd07550520eb,2025-01-16T20:15:45.213000 CVE-2025-23703,0,0,80d20080ae636ff64d3abc90ff0d9b20e73943a9d0425a8d457e36c9952ac466,2025-01-16T20:15:45.350000 +CVE-2025-23706,1,1,8f7d835b9ae16e615e772d050f78aaa9773417aeee4d038d87e360deb07104fc,2025-01-22T15:15:22.387000 CVE-2025-23708,0,0,eca4a26e61bfe7d5a4e9902977260b188ae344ef1b45725f171e324e5412b97a,2025-01-16T20:15:45.493000 +CVE-2025-23709,1,1,f5d5ed235fe031776e79eb893b7377cf13833832d5a076b93cfc7d39097e51e6,2025-01-22T15:15:22.510000 CVE-2025-23710,0,0,45dbc592fe3473641cdbf2e1a14db4016a63a47b44096e0e2c864d61e4448449,2025-01-16T20:15:45.643000 CVE-2025-23712,0,0,94aa96484213156f9d49bbdc6963c4fd02ab0d8cdee27a020eca5b412a516f8b,2025-01-16T20:15:45.800000 CVE-2025-23713,0,0,e91ea4a4691cd6ea54cef5c014a380cbfb6e447d22416c2178d1e94d8d5e41a9,2025-01-16T20:15:45.940000 CVE-2025-23715,0,0,0640be33a6d521fa9ce6237978250a0e811e0054ca0a5799459a317b8874e4f3,2025-01-16T20:15:46.083000 CVE-2025-23717,0,0,79ec33c46c47146faede274dbb2e9b9df8747f6c2068f93e33c80d094e53ab2c,2025-01-16T20:15:46.247000 CVE-2025-23720,0,0,4f4258f5d82ee9a1c0adeb945db0c0e48cfc2254164386bb711744a2792e3be7,2025-01-16T20:15:46.397000 +CVE-2025-23732,1,1,f9c2c6f51463d41e0549eb7ece41c4bdf20f17f0aaca7cc5f9b2be741123ae8a,2025-01-22T15:15:22.640000 CVE-2025-23743,0,0,803f800009872449a18217dc53667bf2ed09ca71991d264f6860698994827cf0,2025-01-16T20:15:46.550000 CVE-2025-23745,0,0,09ea8b53d4365edcfe38eb3fcbe51bfbcfdfed88a9df4c2f4d1f35c6770b51bd,2025-01-16T20:15:46.687000 +CVE-2025-23746,1,1,7dbcfbc8753c7d90992ff04e5fd6d512faf8dd958e556fda8c0f424e0b99fb1e,2025-01-22T15:15:22.783000 CVE-2025-23749,0,0,6aa13db4e4c786d5dfaed7476f7ecb15c17aa377119bb300a3e3bb269b753986,2025-01-16T20:15:46.830000 +CVE-2025-23758,1,1,004cddbb7fcbf8d1b137f59bee4ff830f62d28795451287aaac51385f35e31d2,2025-01-22T15:15:22.907000 CVE-2025-23760,0,0,c926328276013ba4c92054487020a2c00b6299d54746739ff21a4a2b0e4582aa,2025-01-16T21:15:18.257000 CVE-2025-23761,0,0,54955953ddba7da6b8dc6db7af99134b4479d6ff349ea65bc12f9e3c7ac517a4,2025-01-16T21:15:18.410000 CVE-2025-23764,0,0,7f32d20a1e65ecaa3e33bea3553398156868c7ff8731a49a86f2b21b51701ff3,2025-01-16T21:15:18.550000 CVE-2025-23765,0,0,2796d242b4e694c96282a5c8ffeecba3b80388403b475a6ae706c6a35a37e943,2025-01-16T21:15:18.700000 CVE-2025-23767,0,0,76b955d01b413ad0d12074ad466dc5f46f00daa50de12aab124eaa31dd6c7055,2025-01-16T20:15:46.967000 +CVE-2025-23768,1,1,8a37b10750c0d8a9113da1349b6a5ac4b04213b749ef3d87a2eb18f4ebec01f4,2025-01-22T15:15:23.040000 +CVE-2025-23769,1,1,0205226b5568a6b8100dae57f65820a5a6c06790e358e13a78c3fed89ee846f3,2025-01-22T15:15:23.177000 +CVE-2025-23770,1,1,b80dd0a1eb611aff8eee8b8d24e1a997632aea8da27ccb5f8e9b6a5f01a62c02,2025-01-22T15:15:23.303000 CVE-2025-23772,0,0,982ec2219b56005812368f626d4b56d161e9940f6a430166e5a95ac8a677bf4d,2025-01-16T21:15:18.860000 +CVE-2025-23774,1,1,c9a419831e646d53a11d0e9bd0c3d52e6869c5009556ab9fd6a114e7e32a616a,2025-01-22T15:15:23.440000 CVE-2025-23775,0,0,881e3af0467c920e3a0da1ed882de028f641d7f31ac26735099153067f58bff2,2025-01-16T21:15:19.007000 CVE-2025-23776,0,0,37de3b2b14e271fcfbb20da8692ccd78a75aacda39d2827a4094c19b2c20520c,2025-01-16T21:15:19.160000 CVE-2025-23777,0,0,4a326f48ab7f72fda28a2029d2e8fcff1eb6ecc0b79f9b4a29e6b77da3703898,2025-01-16T21:15:19.323000 CVE-2025-23778,0,0,ec507f7d7972e2e40560045a380302593c7d0acc005e784a6facac59ad9068bf,2025-01-16T21:15:19.483000 CVE-2025-23779,0,0,529f2e7055a40628327b34353ab55d9e33e7bfdf9dee62cd6c791680554374f9,2025-01-16T21:15:19.640000 CVE-2025-23780,0,0,8e8a5a259b47149e41183320f4a6badd26f64cf46f39776b5541a103424e4292,2025-01-16T21:15:19.800000 +CVE-2025-23781,1,1,953665edb2cfe0730ade6a83e3c5162e57665918533376ee8284ca911772d51c,2025-01-22T15:15:23.573000 CVE-2025-23783,0,0,87e60e041b1b360cdc15ef5034f69c2a2df8e80bf19196341df29f91771cdf1c,2025-01-16T20:15:47.100000 +CVE-2025-23784,1,1,22611a9b377599282030ad7b3a02cc917eec46e262e8b35598e213806a71df0c,2025-01-22T15:15:23.713000 CVE-2025-23785,0,0,8fa57e244fde111a8cf011b78b0ec1aa32722f2ffac730a959e493b1a51f13a5,2025-01-16T21:15:19.967000 CVE-2025-23791,0,0,0a4e14fe20d5edd4b851b0fffb1f61f6e7f8fd7d1002fde34a1dd39504f5e9f6,2025-01-16T21:15:20.113000 CVE-2025-23793,0,0,75d4eba66871712d0a39959a57f39e10c86950a377381e50afae76d31dc84af5,2025-01-16T21:15:20.267000 @@ -278347,14 +278444,20 @@ CVE-2025-23794,0,0,8097f4da128cc9925b9ca616a7ea5eba076c4b40e08f589897a5a808ba282 CVE-2025-23795,0,0,f110438d2af14e24d173b3605ff2ed725867872c4e87dee92040f4ebb58e5378,2025-01-16T21:15:20.567000 CVE-2025-23796,0,0,0a3fabd756343760fb9fd7ea1faf1fd87c92ac1431e709162d1ddbc10e973b0c,2025-01-16T21:15:20.727000 CVE-2025-23797,0,0,082b5b5ea2fb63d11c655fbf0b483df0d8fb7cfd44eb169c32045a13b0f3b570,2025-01-16T21:15:20.877000 +CVE-2025-23798,1,1,ce8844ff13833d2ff14d80124c81af5080575f19c0ea76d8b6850f5fe5b0fd21,2025-01-22T15:15:23.873000 CVE-2025-23800,0,0,878d719ae1f903e32e2d6add2209886c141de252f651652314e69251a4a34fb9,2025-01-16T21:15:21.040000 CVE-2025-23801,0,0,f35c3b1c7ca35d2725621e19aa2aa2edc970115b0f68db658f0c8dc9dcb2d2ec,2025-01-16T21:15:21.190000 CVE-2025-23802,0,0,c4f195bb87a3033611183b9369b140030963b1f0853d1ac42f2e5edb0b688d0d,2025-01-16T21:15:21.350000 +CVE-2025-23803,1,1,3bec4e0296fc9b80fb78e337cd054888f35cdcf565a99368252ca2182f0e0715,2025-01-22T15:15:24.020000 CVE-2025-23804,0,0,f01e041339f930aed71b2815914fa94f4834913754ef387be79590cf4f99c081,2025-01-16T21:15:21.497000 CVE-2025-23805,0,0,3a5cec6a0d5f7ce2298f7397b6ff24f9044aef89b62bccf77a5ee52165d1206a,2025-01-16T21:15:21.643000 +CVE-2025-23806,1,1,d38ed68a9aa60596739d524b627f715144aa11c9d723e7cd418c21a919641003,2025-01-22T15:15:24.163000 CVE-2025-23807,0,0,c8793edd44edeaeef736793be45847bc259f064ecf1054a483762c7668919c71,2025-01-16T21:15:21.800000 CVE-2025-23808,0,0,bc9ac4b7d3fac9a3e82e2e48ff9c8301d6a5068db6fc11c17fa56f429c0d18b5,2025-01-16T21:15:21.957000 +CVE-2025-23809,1,1,3d3652094253c29220e58add24ab29cd5b4e555858960cd6abf015b210e62e31,2025-01-22T16:15:31.437000 CVE-2025-23810,0,0,3d886969fb81b13e95f7725e8aa5117b9c91c9b06310f0521237e64ca9eef400,2025-01-16T21:15:22.107000 +CVE-2025-23811,1,1,5630eea83a5805f16e1709ace6299319b1266cd947390180af8b627ebbac2c1e,2025-01-22T15:15:24.297000 +CVE-2025-23812,1,1,ebb6347b04bfb0418781d264a972d27c27171f0118a07bd3e7a70b67c1f80315,2025-01-22T15:15:24.437000 CVE-2025-23815,0,0,4a53eeb2a80c868296a8df4afc48475dd10d854a2810a22ebcb90f3a1fb7faf3,2025-01-16T21:15:22.257000 CVE-2025-23816,0,0,99e7a2982284cfe1c4b342546ab2ac7819e99932258e5aada2c1a28f9b0c569b,2025-01-16T21:15:22.407000 CVE-2025-23817,0,0,64c5a2eba1c8283bdb068da6e45257681009c02912f79237808c3a614cc30aa9,2025-01-16T21:15:22.560000 @@ -278375,6 +278478,7 @@ CVE-2025-23833,0,0,4c637caa193ae54ea0fefd3799a58624823ed2bc221582b8c4c01c5796d42 CVE-2025-23841,0,0,c097c459c2277c131514a3ea078b91eba98a25a334eaa639de34719734a5222a,2025-01-16T21:15:24.793000 CVE-2025-23842,0,0,2b0139d7daa7e9dee90c237d483621e8535d39bd8efb9a3ce143d2d5a6b0d36f,2025-01-16T21:15:24.940000 CVE-2025-23844,0,0,86105cb76b38d6ea0728b9c1232799c3e34ea63adb94598d263dfa4f4d3924ce,2025-01-16T21:15:25.080000 +CVE-2025-23846,1,1,efd4cbcf5a4ed00b418bc131812d8a0a511c669fd47459d9a748c96f746200d4,2025-01-22T15:15:24.570000 CVE-2025-23848,0,0,89a987df9d0bbdbc45b1ea1fdc383b4ea7fa77b656809c9e88d08eb1cb2905d0,2025-01-16T21:15:25.220000 CVE-2025-23854,0,0,d260b02665c562e6c59db554faa1d37d019f8ad115df9a55a6f95eb87b662a62,2025-01-16T21:15:25.357000 CVE-2025-23856,0,0,a5c5728227279c4b26e1b13f4ba8f4d185c4e16a374fd50014963dfe066d3a3b,2025-01-16T21:15:25.507000 @@ -278385,17 +278489,21 @@ CVE-2025-23862,0,0,43e455fddf90f3c34447a467c3335ac8042fb5f9707f4b791661628b9dcec CVE-2025-23863,0,0,d95616b48be55928594c24e61ae94fcfcf2463e7aaa3a762196667a8aa388657,2025-01-16T21:15:26.290000 CVE-2025-23864,0,0,1556074f6c47d6d73c0cc3aa4d602a6ab24890828b110133a498f4cdba0dea65,2025-01-16T21:15:26.430000 CVE-2025-23865,0,0,0f3c21c1c89d126d4283426d805a410361dee62541d9cde4b5cadf45f81c85ed,2025-01-16T21:15:26.583000 +CVE-2025-23866,1,1,30af30071ed15c62f01419cbc9bde4bf3883cc229504ebdc59ec189a68b97367,2025-01-22T15:15:24.707000 +CVE-2025-23867,1,1,03bf8ec767c5797644c323e1664c08a3c8b5ece2036bd5159b145eb3c55a998a,2025-01-22T15:15:24.847000 CVE-2025-23868,0,0,f054cc8161a63226e2f01ef4b9a1ba0ad43bff6340146631c56121e88c3bba58,2025-01-16T21:15:26.730000 CVE-2025-23869,0,0,4ff4bed04cf3b4deb5ef6b86c7b6e6145ded54a8b4752207bd266af492da5b3e,2025-01-16T21:15:26.893000 CVE-2025-23870,0,0,aa54609d2783feb35973271834ffff0b27116b97fe710c44aedeaea0cd9f042a,2025-01-16T21:15:27.040000 CVE-2025-23871,0,0,d9dbe04e8340ac78b18cddcea5b8bfc0e9baf12244cfae716035b32809abf62b,2025-01-16T21:15:27.200000 CVE-2025-23872,0,0,ad5d143e05278154fbef8060b107468b95d0105b74d84c1bd9fc37a9fe01c905,2025-01-16T21:15:27.357000 CVE-2025-23873,0,0,21fcc6c8e584e8c276265223255a97771a21324b69d85135cc089e2cd5c60517,2025-01-16T21:15:27.863000 +CVE-2025-23874,1,1,4e6b5a8a04f9e8846aff5d4043c5940f9c2943dd7d57278b4aee387d7e4be759,2025-01-22T15:15:24.980000 CVE-2025-23875,0,0,16f54e792dc7d4a56ea38d4496bd3b79642a5531dd27f8c7625708b8f89725af,2025-01-16T21:15:28.323000 CVE-2025-23876,0,0,f11fbcf0ce95bac97cefd73d61ac714e53732fcd35e4b468f025890b159066c2,2025-01-16T21:15:28.763000 CVE-2025-23877,0,0,67025350455285a68998b55a0ec477bcc912252817d20c216ea4c1dcc27f2fb9,2025-01-16T21:15:28.963000 CVE-2025-23878,0,0,807177fe8c69371ec7b74f4303cca26584dc822ecc32e3bde8ff81af05f082df,2025-01-16T21:15:29.140000 CVE-2025-23880,0,0,71a75ff3204104210dc427f5d046fe7419ca87cd3fedcae98d2508e2784497e7,2025-01-16T21:15:29.310000 +CVE-2025-23882,1,1,36131ddac86e672871dd2b6d7d5797bc0de4549602be74e627aabd01b0c3e405,2025-01-22T15:15:25.123000 CVE-2025-23884,0,0,2def982b7cbe8992747b18233289c0f945bb92c66265a1e1ac9f76f2473c47c3,2025-01-16T21:15:29.730000 CVE-2025-23886,0,0,5adc366069b87d101e00a6524456b5154407eae636225dee1ada8aae236060c3,2025-01-16T21:15:29.927000 CVE-2025-23887,0,0,a17bdf8e65f60d3c4a1321c98888258c25a1548bb756f03e22626cb0bf3ab535,2025-01-16T21:15:30.087000 @@ -278414,13 +278522,17 @@ CVE-2025-23902,0,0,991c47a865a929869add2c8c1b94dc787e70c9818f90cecd06fc91fb70230 CVE-2025-23907,0,0,62f2d830555983225c93d67a33766339f0b5f5b8104b470ef809680dd862709a,2025-01-16T21:15:32.333000 CVE-2025-23908,0,0,4b396a8852131d43d79fe1137cb49df2e0d52a86fdb32e54e4afe34ce1d8d3d5,2025-01-16T21:15:32.480000 CVE-2025-23909,0,0,076770cf61637e2194048d503e6efbb5af30e3d945de88d9df8b24a008808b14,2025-01-16T21:15:32.637000 +CVE-2025-23910,1,1,0f01cddabcd226a245f97586cb95708d55b6526dc92dab0fad836d5a46f1c064,2025-01-22T15:15:25.267000 CVE-2025-23911,0,0,c84f3c03cbebcde516d9e7d2eb31121dc76cbe9eae3d6a160197ca5c801b3a0a,2025-01-16T21:15:32.780000 CVE-2025-23912,0,0,71f7ed0446b35740cd65fa0532ba539441677e227c9d6f0291e2824b2aeca7a5,2025-01-16T21:15:32.930000 CVE-2025-23913,0,0,1c0db589efde0430efbdd4fb08728bf77f22a5c19824f1868ffb6f7669d99839,2025-01-16T21:15:33.100000 +CVE-2025-23914,1,1,2d2a2d14a68c9ee5dd22c22c387a4bef0cd7dfcabd105c27d5e8551bcf567463,2025-01-22T16:15:31.780000 CVE-2025-23915,0,0,fa24c11495785c31783d19f6d79202d5ec4bca34e91b58aa8e740d106f4a1d45,2025-01-16T21:15:33.253000 CVE-2025-23916,0,0,df230f94ac1ab867fbfdcf489fe576668e9fd039e54487be35c133ed2b81a0af,2025-01-16T21:15:33.433000 CVE-2025-23917,0,0,7adbd4e05f39d3ad757642f9dc07ad1eff7d27e478b9d8ca9b60045924a3a9d1,2025-01-16T21:15:33.580000 +CVE-2025-23918,1,1,0d64455764f99b6b2c96575cf79204b4b446db5619bb01e1367593ac54e3a919,2025-01-22T15:15:25.403000 CVE-2025-23919,0,0,530a6f7b84536027ccf362bf86724781949239704cbb67f8ff6c932f12c95e60,2025-01-16T21:15:33.743000 +CVE-2025-23921,1,1,a9b5a7d55bac4c4dd84bffab829dcd3cbad96c80a5346c205b57ed5d74cb12d0,2025-01-22T15:15:25.547000 CVE-2025-23922,0,0,bb97fee5262b013c016123296c4a3d7cf40c3875e8a2ea8b79c5b398ca7c549f,2025-01-16T21:15:33.890000 CVE-2025-23924,0,0,d12978221d16424d8c65d853599bf7bdb6e6b9e944d35a5a447045d9d423687a,2025-01-16T21:15:34.040000 CVE-2025-23925,0,0,147c33496e609cb0b342453122e8ad0181b83b87a4b33c441f136e208bcf4a46,2025-01-16T21:15:34.187000 @@ -278429,25 +278541,36 @@ CVE-2025-23927,0,0,8d9bc571b10adf5f0a5277b4afea3bff2ef4c187801274cc14acbeffd320c CVE-2025-23928,0,0,dda7521d0ca3a1016d24ef4001c08678b9721ea4cf47bd8a5c455160651349dd,2025-01-16T21:15:34.663000 CVE-2025-23929,0,0,7a78b750dcc7312313e19411143a886e72bc0ae48e8c8ee26d293e169e386b25,2025-01-16T21:15:34.817000 CVE-2025-23930,0,0,6ba6d73f7443c4991c12a7db93d08a3afb46e790500ca2b79d23bef6b9715d9d,2025-01-16T21:15:34.987000 +CVE-2025-23931,1,1,596bebb7e224b34cc7b6e2bda8402ebf761bce6b9747b26d0d8ab532ac0ee7ff,2025-01-22T15:15:25.687000 +CVE-2025-23932,1,1,43f9a9748d7a3614d7f11338bc0dbaa5c54c23077d555c8c17b25f14f0cdfba7,2025-01-22T15:15:25.827000 CVE-2025-23933,0,0,5314812bb5bb73b3b9600ea0aa8e888771464c5c0299b578bc9a093b69f0f8ef,2025-01-16T21:15:35.210000 CVE-2025-23934,0,0,a8cb5365e4d11290f220de8207cb9b17a94fa7b952841219eee098e5e9d7f9bb,2025-01-16T21:15:35.367000 CVE-2025-23935,0,0,9d94e38cc5252425c16e22bbae5e8fd55332ed37693e2532154d3f3758f684a5,2025-01-16T21:15:35.513000 CVE-2025-23936,0,0,98ce9dfbd803e0feff46465ce5ff38cf3522df4082c1a68d72eabd4f11de5228,2025-01-16T21:15:35.677000 +CVE-2025-23938,1,1,19bf844e8ac0ee6a4d7788a637a5409669c34a0cffa27f702b4cd496e92edd50,2025-01-22T15:15:25.967000 CVE-2025-23939,0,0,b227fdb5ca72e62491a5d98a4ab01cce82bbd9f83860732763526745b1f362c4,2025-01-16T21:15:35.910000 CVE-2025-23940,0,0,9e516bed5aa526650bb86798b45bda26374c4c5498fa69a2ccaa76e3d1fb0ffa,2025-01-16T21:15:36.087000 CVE-2025-23941,0,0,1c0020dfccb64dc56163de9642fbb38130446635c08bc70e04e868e60ee25c62,2025-01-16T21:15:36.230000 +CVE-2025-23942,1,1,ecfe313cb6b825f55ce425b59b448fe4a36734d2197b057491ebea76cca1aaf6,2025-01-22T15:15:26.103000 CVE-2025-23943,0,0,b11e5fd30a25f84e994f31d10cb8bcc269623009eb1bca3cbe37db51ed9b30fe,2025-01-16T21:15:36.373000 +CVE-2025-23944,1,1,15b1932ae6c8038ca12f3ca2f2547db955e4b5b16b65d6f01ad320413325aa0a,2025-01-22T15:15:26.240000 CVE-2025-23946,0,0,9de3ccf4350f51c6d8e67eab9fdaace2b0128c36302335bbd7ddc29cf4115806,2025-01-16T21:15:36.520000 CVE-2025-23947,0,0,b918dd9018ba545f112604d29f16795478738d9868aa76eb24c352a7a4e3c4ec,2025-01-16T21:15:36.670000 +CVE-2025-23948,1,1,9aa38eedf8129d161855f1e2750a1f175a3eac2c0905506069f7c571d6484cdf,2025-01-22T15:15:26.383000 +CVE-2025-23949,1,1,5eecf838b220be3c1c102991b178db23ad071d86b150ba2b59c089f05bceccb6,2025-01-22T15:15:26.527000 CVE-2025-23950,0,0,4ac29c4dd1a428d4afa0ee44a692bfd3a045bfda7b0c1933c7ec004bbdec77a8,2025-01-16T21:15:36.817000 CVE-2025-23951,0,0,2d32c1931f285be8ff0de2b01cdf7652c918f38bc79b845ac3d321ee8c1bb84b,2025-01-16T21:15:36.983000 +CVE-2025-23953,1,1,81292523bdc4ad689b105f905d2a58bfc25055e222d5fe31359e6aaed6770d15,2025-01-22T15:15:26.670000 CVE-2025-23954,0,0,c0b532e328dfa85d7de261ede6d898c1c93d187c5ff87f67c3d88a90ff144287,2025-01-16T21:15:37.133000 CVE-2025-23955,0,0,b35ff47ed4400b2edb51393bc234d7c4ad9797e847fec68985488245984a054d,2025-01-16T21:15:37.277000 CVE-2025-23957,0,0,40b759ae20a341b30b3caf9db81dbe00398828638d81ba3346ad7f7cf25fc424,2025-01-16T21:15:37.420000 +CVE-2025-23959,1,1,2b2438fe3b4602dbb82e2518e6b22fd87132fb61763724b02645b4f69574a537,2025-01-22T15:15:26.810000 CVE-2025-23961,0,0,36c0da688ed3e8548f86716b57ea278db435c869e71f4caf3f9de5e6869464d4,2025-01-16T21:15:37.573000 CVE-2025-23962,0,0,38c72a66f748d246b44f5351bf9ff0f3b3815cc4926f227945695c33eaf96317,2025-01-16T21:15:37.730000 CVE-2025-23963,0,0,b25e75626ec56255a41425e6f3edd3e3aea1c19b7ee658d0d0b26b28ec1f0c5c,2025-01-16T21:15:37.873000 CVE-2025-23965,0,0,53fb1e10aaa7ebd57bd7f00633a90cd803f03e00b4bc8c44e50c428b42627500,2025-01-16T21:15:38.023000 +CVE-2025-23966,1,1,fc7e5999f530a14a10296c13e28375f3f98dfdb4b4ec37b22cf284eaa57194f2,2025-01-22T15:15:26.950000 +CVE-2025-23992,1,1,b353942bf3f0d4eb4ddb991ecb2094a0114d56869df6885590beeb621557c514,2025-01-22T16:15:32.120000 CVE-2025-23994,0,0,70f6bae30845c345a2a47659ac6161a5d38902de51586bdd3566df0acd6686b4,2025-01-21T18:15:17.313000 CVE-2025-23996,0,0,ae90e408390ff598631802aba137fcf08482552e78b237e33cc88a7d0fe325b3,2025-01-21T18:15:17.503000 CVE-2025-23997,0,0,24391beabeac13aaabf73ec76c7bfade06e22f6f0a4bfa6ee1b706ec5c838819,2025-01-21T14:15:13.230000 @@ -278463,6 +278586,7 @@ CVE-2025-24018,0,0,253cb165de2151aa99c00e094e395864d5f28218ab550c9418de5b539f47c CVE-2025-24019,0,0,d677e8b4264557b8de91d13cc1839d782f81c7838cdf1014e4423ff0e2378420,2025-01-21T18:15:17.933000 CVE-2025-24020,0,0,d1d82909cc1d36cd28a38444ff637a664659fd65670255997925f7aeb54551d2,2025-01-21T18:15:18.157000 CVE-2025-24024,0,0,cc1a55cdc4aa0884265065c04ec8fcbe647c671a5eda489d6e2b90242b0234c1,2025-01-21T20:15:46.617000 +CVE-2025-24027,1,1,b4b9d72fc8e3425a087a0a1486908f265d010b0a775752f732c367a7acbbe48d,2025-01-22T15:15:27.090000 CVE-2025-24337,0,0,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5deb68,2025-01-20T14:15:27.130000 CVE-2025-24456,0,0,5fe51cb996c5e88ea28ff025771c6fdd6bead7226d83716177b689e9ee536362,2025-01-21T18:15:18.320000 CVE-2025-24457,0,0,0d337221a417a095ea0eb470ff71de9036b70c5502b7158bdb2ff26e48b1123e,2025-01-21T18:15:18.520000