admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-07T03:01:33.625356+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-07 03:05:02 +00:00
parent f29e6be57b
commit 7230c895f2
50 changed files with 3229 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-150xx/CVE-2020-15069.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-15069",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-06-29T18:15:12.313",
"lastModified": "2025-02-06T18:15:26.113",
"lastModified": "2025-02-07T02:00:02.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
}
]
},
"cisaExploitAdd": "2025-02-06",
"cisaActionDue": "2025-02-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Sophos XG Firewall Buffer Overflow Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",

6
CVE-2020/CVE-2020-295xx/CVE-2020-29574.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-29574",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T17:15:13.480",
"lastModified": "2025-02-06T18:15:27.600",
"lastModified": "2025-02-07T02:00:02.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
}
]
},
"cisaExploitAdd": "2025-02-06",
"cisaActionDue": "2025-02-27",
"cisaRequiredAction": "The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.",
"cisaVulnerabilityName": "CyberoamOS (CROS) SQL Injection Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",

6
CVE-2022/CVE-2022-237xx/CVE-2022-23748.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23748",
"sourceIdentifier": "cve@checkpoint.com",
"published": "2022-11-17T23:15:14.383",
"lastModified": "2025-02-06T18:15:27.907",
"lastModified": "2025-02-07T02:00:02.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -59,6 +59,10 @@
}
]
},
"cisaExploitAdd": "2025-02-06",
"cisaActionDue": "2025-02-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Dante Discovery Process Control Vulnerability",
"weaknesses": [
{
"source": "cve@checkpoint.com",

64
CVE-2023/CVE-2023-411xx/CVE-2023-41182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41182",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-05-03T03:15:27.740",
"lastModified": "2024-11-21T08:20:44.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:59:45.060",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -51,22 +73,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.0.20",
"matchCriteriaId": "576FE1E0-1CDF-44E3-BB14-489F9DE371CE"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.netgear.com/000065705/Security-Advisory-for-Post-authentication-Command-Injection-on-the-Prosafe-Network-Management-System-PSV-2023-0037",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1284/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.netgear.com/000065705/Security-Advisory-for-Post-authentication-Command-Injection-on-the-Prosafe-Network-Management-System-PSV-2023-0037",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1284/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-444xx/CVE-2023-44449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44449",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-05-03T03:16:01.273",
"lastModified": "2024-11-21T08:25:55.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:59:20.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -51,22 +73,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.0.31",
"matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1717/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1717/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-444xx/CVE-2023-44450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44450",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-05-03T03:16:01.453",
"lastModified": "2024-11-21T08:25:55.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:59:30.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -51,22 +73,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.0.31",
"matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1718/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1718/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-502xx/CVE-2023-50231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50231",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-05-03T03:16:12.013",
"lastModified": "2024-11-21T08:36:42.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:59:11.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -51,22 +73,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.0.31",
"matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1847/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1847/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-69xx/CVE-2023-6922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6922",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-28T09:15:40.673",
"lastModified": "2024-11-21T08:44:50.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:33:31.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acurax:under_construction_\\/_maintenance_mode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "6C7D3084-18DA-4ABD-A2EB-2D0CC7B79A77"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-06xx/CVE-2024-0680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0680",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-28T09:15:41.403",
"lastModified": "2024-11-21T08:47:08.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:27:25.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexpertdeveloper:wp_private_content_plus:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.6.1",
"matchCriteriaId": "7DD745FF-B265-4A14-9BB9-75012911ECB0"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/wp-private-content-plus/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/wp-private-content-plus/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-06xx/CVE-2024-0682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0682",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-28T09:15:41.573",
"lastModified": "2024-11-21T08:47:08.490",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:26:17.227",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:theandystratton:pagerestrict:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.5",
"matchCriteriaId": "5CBC6617-1884-4DF0-9445-7FBBCBA97784"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/pagerestrict/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/pagerestrict/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-07xx/CVE-2024-0786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0786",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-28T09:15:42.217",
"lastModified": "2024-11-21T08:47:22.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:23:21.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tatvic:conversios.io:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.0.8",
"matchCriteriaId": "D89FD457-9717-4337-A15A-11D5B5B9CF47"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-09xx/CVE-2024-0975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0975",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-28T09:15:42.377",
"lastModified": "2024-11-21T08:47:56.080",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:11:02.703",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brandonwamboldt:wordpress_access_control:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.13",
"matchCriteriaId": "17D01596-10C6-481F-9C3B-5D5F65654A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-214xx/CVE-2024-21413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21413",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:16:00.137",
"lastModified": "2024-11-21T08:54:18.730",
"lastModified": "2025-02-07T02:00:02.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-02-06",
"cisaActionDue": "2025-02-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Outlook Improper Input Validation Vulnerability",
"weaknesses": [
{
"source": "secure@microsoft.com",

74
CVE-2024/CVE-2024-22xx/CVE-2024-2273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2273",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:16.040",
"lastModified": "2024-11-21T09:09:24.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:17:45.397",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.35",
"matchCriteriaId": "50A1F023-7C60-4867-AE73-BB6C558EB9A7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-248xx/CVE-2024-24883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24883",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-11T01:24:53.977",
"lastModified": "2024-11-21T08:59:54.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-02-07T01:35:26.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bdthemes:prime_slider:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "3.11.11",
"matchCriteriaId": "2980E9CC-5533-4153-9F35-6E873D0121F3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-11-10-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-11-10-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-311xx/CVE-2024-31113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31113",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-14T15:24:31.653",
"lastModified": "2024-11-21T09:12:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:39:28.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.12",
"matchCriteriaId": "3371A08A-4252-40B5-8098-CA7CA05567FC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-312xx/CVE-2024-31293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31293",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-12T13:15:18.500",
"lastModified": "2024-11-21T09:13:12.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:39:13.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.7",
"matchCriteriaId": "6A691479-679A-47FD-B89D-C558A6D5F891"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-313xx/CVE-2024-31301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31301",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-12T13:15:18.690",
"lastModified": "2024-11-21T09:13:13.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:41:21.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:multiple_page_generator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.1",
"matchCriteriaId": "181FE981-BAA0-458C-B1EF-1C377539724B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-313xx/CVE-2024-31362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31362",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-12T13:15:20.003",
"lastModified": "2024-11-21T09:13:22.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T01:42:53.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.7.9",
"matchCriteriaId": "81FE6EAA-7C33-4D65-AC9F-1F7F27A3C3E7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2024/CVE-2024-31xx/CVE-2024-3189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3189",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-15T03:15:13.627",
"lastModified": "2024-11-21T09:29:06.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:33:04.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,41 +36,115 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.38",
"matchCriteriaId": "FF76162A-B90C-44B7-8E61-373F1B31DD9B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-lottie-block.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076712%40kadence-blocks&new=3076712%40kadence-blocks&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/766b0bde-c555-40c1-b174-20045bd89c11?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-lottie-block.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076712%40kadence-blocks&new=3076712%40kadence-blocks&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/766b0bde-c555-40c1-b174-20045bd89c11?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-321xx/CVE-2024-32100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32100",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-14T15:34:00.727",
"lastModified": "2024-11-21T09:14:28.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:40:26.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.12",
"matchCriteriaId": "3371A08A-4252-40B5-8098-CA7CA05567FC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-33xx/CVE-2024-3309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3309",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-27T10:15:07.307",
"lastModified": "2024-11-21T09:29:22.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:12:18.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "02EBC262-6344-4BCE-83AE-200DD4F2BBCA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3077558%40qi-addons-for-elementor&new=3077558%40qi-addons-for-elementor&sfp_email=&sfph_mail=#file9",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e154a12d-8ade-456e-ad64-e1cd419e2b2c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3077558%40qi-addons-for-elementor&new=3077558%40qi-addons-for-elementor&sfp_email=&sfph_mail=#file9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e154a12d-8ade-456e-ad64-e1cd419e2b2c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-343xx/CVE-2024-34352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34352",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-14T15:38:43.160",
"lastModified": "2024-11-21T09:18:29.253",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-02-07T02:44:20.557",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,52 @@
"value": "CWE-77"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.3-lts",
"matchCriteriaId": "D6EB02C4-510B-4BB9-85AB-29475554C12E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-343xx/CVE-2024-34389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34389",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-06T19:15:10.473",
"lastModified": "2024-11-21T09:18:34.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:21:39.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:afthemes:wp_post_author:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.5",
"matchCriteriaId": "9AFEECE4-E4C6-4079-A688-1CB9DB36E942"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-broken-access-control-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

111
CVE-2024/CVE-2024-39xx/CVE-2024-3909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3909",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-17T12:15:07.853",
"lastModified": "2024-11-21T09:30:40.570",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-02-07T01:57:01.643",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EEFAB-B3B0-4C10-A712-7A35F5FD076E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64192A8B-CC65-44EC-942B-CC16AADF0D69"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.261145",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.261145",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.313804",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.261145",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.261145",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.313804",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2024/CVE-2024-39xx/CVE-2024-3962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3962",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-26T09:15:12.337",
"lastModified": "2024-11-21T09:30:46.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:07:02.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,30 +39,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:product_addons_\\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "32.0.19",
"matchCriteriaId": "7E638BE9-2B4F-422E-9055-39E8F30D0367"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://themeisle.com/plugins/ppom-pro/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://themeisle.com/plugins/ppom-pro/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-39xx/CVE-2024-3988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3988",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-25T08:15:07.813",
"lastModified": "2024-11-21T09:30:50.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:00:06.753",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sinaextra:sina_extension_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.3",
"matchCriteriaId": "E2A9A971-8719-4DC3-BC51-266D422255C1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sina-extension-for-elementor/tags/3.5.1/widgets/basic/sina-fancytext.php#L475",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076054%40sina-extension-for-elementor&new=3076054%40sina-extension-for-elementor&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78b24567-c185-4bef-b025-016b091be2e4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/sina-extension-for-elementor/tags/3.5.1/widgets/basic/sina-fancytext.php#L475",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3076054%40sina-extension-for-elementor&new=3076054%40sina-extension-for-elementor&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78b24567-c185-4bef-b025-016b091be2e4?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-42xx/CVE-2024-4208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4208",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-15T03:15:14.077",
"lastModified": "2024-11-21T09:42:23.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:35:22.610",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.38",
"matchCriteriaId": "FF76162A-B90C-44B7-8E61-373F1B31DD9B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-42xx/CVE-2024-4209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4209",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-14T15:43:06.080",
"lastModified": "2024-11-21T09:42:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:25:42.230",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.37",
"matchCriteriaId": "8ACDC321-7159-440E-841E-A80224A278C3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-countdown-block.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/dist/blocks-countdown.js",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cff2e5be-0de0-4e62-a881-6156760b7d99?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-countdown-block.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/dist/blocks-countdown.js",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cff2e5be-0de0-4e62-a881-6156760b7d99?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-44xx/CVE-2024-4481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4481",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-14T15:43:52.927",
"lastModified": "2024-11-21T09:42:54.803",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-07T02:27:48.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.37",
"matchCriteriaId": "8ACDC321-7159-440E-841E-A80224A278C3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-advanced-heading-block.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-advanced-heading-block.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2025/CVE-2025-04xx/CVE-2025-0411.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-0411",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-01-25T05:15:09.533",
"lastModified": "2025-01-29T21:15:20.860",
"lastModified": "2025-02-07T02:00:02.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,10 @@
}
]
},
"cisaExploitAdd": "2025-02-06",
"cisaActionDue": "2025-02-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "7-Zip Mark of the Web Bypass Vulnerability",
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",

100
CVE-2025/CVE-2025-06xx/CVE-2025-0674.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-0674",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-02-07T00:15:27.017",
"lastModified": "2025-02-07T00:15:27.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Elber products are affected by an authentication bypass \nvulnerability which allows unauthorized access to the password \nmanagement functionality. Attackers can exploit this issue by \nmanipulating the endpoint to overwrite any user's password within the \nsystem. This grants them unauthorized administrative access to protected\n areas of the application, compromising the device's system security."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-06xx/CVE-2025-0675.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-0675",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-02-07T00:15:28.030",
"lastModified": "2025-02-07T00:15:28.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-912"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

64
CVE-2025/CVE-2025-10xx/CVE-2025-1061.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-1061",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-07T02:15:29.587",
"lastModified": "2025-02-07T02:15:29.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://nextendweb.com/nextend-social-login-docs/provider-apple/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve",
"source": "security@wordfence.com"
}
]
}

141
CVE-2025/CVE-2025-10xx/CVE-2025-1082.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-1082",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-06T23:15:08.140",
"lastModified": "2025-02-06T23:15:08.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/StoredXSS-ExamEdit.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.294858",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.294858",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.489633",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-10xx/CVE-2025-1083.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-1083",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-06T23:15:08.350",
"lastModified": "2025-02-06T23:15:08.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"baseScore": 2.6,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
},
{
"lang": "en",
"value": "CWE-942"
}
]
}
],
"references": [
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/OverlyPermissiveCORS-Multiple.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.294859",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.294859",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.489634",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-10xx/CVE-2025-1084.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-1084",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-07T00:15:28.180",
"lastModified": "2025-02-07T00:15:28.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/CrossSiteRequestForgery-Multiple.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.294860",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.294860",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.489644",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2025/CVE-2025-10xx/CVE-2025-1085.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2025-1085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-07T01:15:07.930",
"lastModified": "2025-02-07T01:15:07.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.294861",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.294861",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.489857",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2025/CVE-2025-10xx/CVE-2025-1086.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2025-1086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-07T02:15:30.523",
"lastModified": "2025-02-07T02:15:30.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.294862",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.294862",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.491021",
"source": "cna@vuldb.com"
}
]
}

63
CVE-2025/CVE-2025-211xx/CVE-2025-21177.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2025-21177",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:08.573",
"lastModified": "2025-02-06T23:15:08.573",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21177",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-212xx/CVE-2025-21253.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21253",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:08.737",
"lastModified": "2025-02-06T23:15:08.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-451"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-212xx/CVE-2025-21267.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21267",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:08.893",
"lastModified": "2025-02-06T23:15:08.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-358"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-212xx/CVE-2025-21279.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21279",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:09.043",
"lastModified": "2025-02-06T23:15:09.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-212xx/CVE-2025-21283.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21283",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:09.213",
"lastModified": "2025-02-06T23:15:09.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1222"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-213xx/CVE-2025-21342.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21342",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:09.363",
"lastModified": "2025-02-06T23:15:09.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342",
"source": "secure@microsoft.com"
}
]
}

14
CVE-2025/CVE-2025-213xx/CVE-2025-21396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-21396",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-01-29T23:15:32.640",
"lastModified": "2025-01-29T23:15:32.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-02-06T23:15:09.513",
"vulnStatus": "Undergoing Analysis",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
@ -29,8 +29,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
@ -38,18 +38,18 @@
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

44
CVE-2025/CVE-2025-214xx/CVE-2025-21404.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21404",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:09.700",
"lastModified": "2025-02-06T23:15:09.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2025/CVE-2025-214xx/CVE-2025-21408.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-21408",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-02-06T23:15:09.827",
"lastModified": "2025-02-06T23:15:09.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408",
"source": "secure@microsoft.com"
}
]
}

93
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-06T23:00:48.045582+00:00
2025-02-07T03:01:33.625356+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-06T22:15:40.393000+00:00
2025-02-07T02:44:20.557000+00:00
```
### Last Data Feed Release
@ -27,65 +27,66 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-02-06T01:00:04.376832+00:00
2025-02-07T01:00:10.094768+00:00
```
### Total Number of included CVEs
```plain
280301
280317
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `16`
- [CVE-2020-36085](CVE-2020/CVE-2020-360xx/CVE-2020-36085.json) (`2025-02-06T22:15:33.937`)
- [CVE-2024-25883](CVE-2024/CVE-2024-258xx/CVE-2024-25883.json) (`2025-02-06T22:15:37.393`)
- [CVE-2024-48589](CVE-2024/CVE-2024-485xx/CVE-2024-48589.json) (`2025-02-06T22:15:37.943`)
- [CVE-2024-53586](CVE-2024/CVE-2024-535xx/CVE-2024-53586.json) (`2025-02-06T22:15:38.167`)
- [CVE-2024-54171](CVE-2024/CVE-2024-541xx/CVE-2024-54171.json) (`2025-02-06T21:15:21.453`)
- [CVE-2024-54909](CVE-2024/CVE-2024-549xx/CVE-2024-54909.json) (`2025-02-06T22:15:38.250`)
- [CVE-2024-55241](CVE-2024/CVE-2024-552xx/CVE-2024-55241.json) (`2025-02-06T22:15:38.483`)
- [CVE-2024-56467](CVE-2024/CVE-2024-564xx/CVE-2024-56467.json) (`2025-02-06T21:15:21.600`)
- [CVE-2024-56889](CVE-2024/CVE-2024-568xx/CVE-2024-56889.json) (`2025-02-06T22:15:38.903`)
- [CVE-2024-57392](CVE-2024/CVE-2024-573xx/CVE-2024-57392.json) (`2025-02-06T22:15:39.140`)
- [CVE-2024-57609](CVE-2024/CVE-2024-576xx/CVE-2024-57609.json) (`2025-02-06T22:15:39.627`)
- [CVE-2025-0158](CVE-2025/CVE-2025-01xx/CVE-2025-0158.json) (`2025-02-06T21:15:21.923`)
- [CVE-2025-1004](CVE-2025/CVE-2025-10xx/CVE-2025-1004.json) (`2025-02-06T21:15:22.247`)
- [CVE-2025-1081](CVE-2025/CVE-2025-10xx/CVE-2025-1081.json) (`2025-02-06T21:15:23.120`)
- [CVE-2025-23094](CVE-2025/CVE-2025-230xx/CVE-2025-23094.json) (`2025-02-06T21:15:23.477`)
- [CVE-2025-0674](CVE-2025/CVE-2025-06xx/CVE-2025-0674.json) (`2025-02-07T00:15:27.017`)
- [CVE-2025-0675](CVE-2025/CVE-2025-06xx/CVE-2025-0675.json) (`2025-02-07T00:15:28.030`)
- [CVE-2025-1061](CVE-2025/CVE-2025-10xx/CVE-2025-1061.json) (`2025-02-07T02:15:29.587`)
- [CVE-2025-1082](CVE-2025/CVE-2025-10xx/CVE-2025-1082.json) (`2025-02-06T23:15:08.140`)
- [CVE-2025-1083](CVE-2025/CVE-2025-10xx/CVE-2025-1083.json) (`2025-02-06T23:15:08.350`)
- [CVE-2025-1084](CVE-2025/CVE-2025-10xx/CVE-2025-1084.json) (`2025-02-07T00:15:28.180`)
- [CVE-2025-1085](CVE-2025/CVE-2025-10xx/CVE-2025-1085.json) (`2025-02-07T01:15:07.930`)
- [CVE-2025-1086](CVE-2025/CVE-2025-10xx/CVE-2025-1086.json) (`2025-02-07T02:15:30.523`)
- [CVE-2025-21177](CVE-2025/CVE-2025-211xx/CVE-2025-21177.json) (`2025-02-06T23:15:08.573`)
- [CVE-2025-21253](CVE-2025/CVE-2025-212xx/CVE-2025-21253.json) (`2025-02-06T23:15:08.737`)
- [CVE-2025-21267](CVE-2025/CVE-2025-212xx/CVE-2025-21267.json) (`2025-02-06T23:15:08.893`)
- [CVE-2025-21279](CVE-2025/CVE-2025-212xx/CVE-2025-21279.json) (`2025-02-06T23:15:09.043`)
- [CVE-2025-21283](CVE-2025/CVE-2025-212xx/CVE-2025-21283.json) (`2025-02-06T23:15:09.213`)
- [CVE-2025-21342](CVE-2025/CVE-2025-213xx/CVE-2025-21342.json) (`2025-02-06T23:15:09.363`)
- [CVE-2025-21404](CVE-2025/CVE-2025-214xx/CVE-2025-21404.json) (`2025-02-06T23:15:09.700`)
- [CVE-2025-21408](CVE-2025/CVE-2025-214xx/CVE-2025-21408.json) (`2025-02-06T23:15:09.827`)
### CVEs modified in the last Commit
Recently modified CVEs: `100`
Recently modified CVEs: `32`
- [CVE-2024-27137](CVE-2024/CVE-2024-271xx/CVE-2024-27137.json) (`2025-02-06T21:15:20.997`)
- [CVE-2024-33898](CVE-2024/CVE-2024-338xx/CVE-2024-33898.json) (`2025-02-06T22:15:37.507`)
- [CVE-2024-34235](CVE-2024/CVE-2024-342xx/CVE-2024-34235.json) (`2025-02-06T22:15:37.670`)
- [CVE-2024-34329](CVE-2024/CVE-2024-343xx/CVE-2024-34329.json) (`2025-02-06T21:15:21.130`)
- [CVE-2024-39033](CVE-2024/CVE-2024-390xx/CVE-2024-39033.json) (`2025-02-06T22:15:37.803`)
- [CVE-2024-50690](CVE-2024/CVE-2024-506xx/CVE-2024-50690.json) (`2025-02-06T22:15:38.033`)
- [CVE-2024-55227](CVE-2024/CVE-2024-552xx/CVE-2024-55227.json) (`2025-02-06T22:15:38.340`)
- [CVE-2024-55488](CVE-2024/CVE-2024-554xx/CVE-2024-55488.json) (`2025-02-06T22:15:38.573`)
- [CVE-2024-55971](CVE-2024/CVE-2024-559xx/CVE-2024-55971.json) (`2025-02-06T22:15:38.713`)
- [CVE-2024-57041](CVE-2024/CVE-2024-570xx/CVE-2024-57041.json) (`2025-02-06T22:15:39.000`)
- [CVE-2024-57428](CVE-2024/CVE-2024-574xx/CVE-2024-57428.json) (`2025-02-06T22:15:39.223`)
- [CVE-2024-57429](CVE-2024/CVE-2024-574xx/CVE-2024-57429.json) (`2025-02-06T22:15:39.360`)
- [CVE-2024-57430](CVE-2024/CVE-2024-574xx/CVE-2024-57430.json) (`2025-02-06T22:15:39.493`)
- [CVE-2024-57599](CVE-2024/CVE-2024-575xx/CVE-2024-57599.json) (`2025-02-06T21:15:21.760`)
- [CVE-2024-7595](CVE-2024/CVE-2024-75xx/CVE-2024-7595.json) (`2025-02-06T22:15:39.717`)
- [CVE-2024-7596](CVE-2024/CVE-2024-75xx/CVE-2024-7596.json) (`2025-02-06T22:15:39.853`)
- [CVE-2025-0510](CVE-2025/CVE-2025-05xx/CVE-2025-0510.json) (`2025-02-06T21:15:22.083`)
- [CVE-2025-0611](CVE-2025/CVE-2025-06xx/CVE-2025-0611.json) (`2025-02-06T22:15:40.053`)
- [CVE-2025-1014](CVE-2025/CVE-2025-10xx/CVE-2025-1014.json) (`2025-02-06T21:15:22.397`)
- [CVE-2025-1015](CVE-2025/CVE-2025-10xx/CVE-2025-1015.json) (`2025-02-06T22:15:40.247`)
- [CVE-2025-1016](CVE-2025/CVE-2025-10xx/CVE-2025-1016.json) (`2025-02-06T21:15:22.560`)
- [CVE-2025-1017](CVE-2025/CVE-2025-10xx/CVE-2025-1017.json) (`2025-02-06T21:15:22.760`)
- [CVE-2025-1020](CVE-2025/CVE-2025-10xx/CVE-2025-1020.json) (`2025-02-06T21:15:22.943`)
- [CVE-2025-22867](CVE-2025/CVE-2025-228xx/CVE-2025-22867.json) (`2025-02-06T22:15:40.393`)
- [CVE-2025-22992](CVE-2025/CVE-2025-229xx/CVE-2025-22992.json) (`2025-02-06T21:15:23.317`)
- [CVE-2023-6922](CVE-2023/CVE-2023-69xx/CVE-2023-6922.json) (`2025-02-07T01:33:31.247`)
- [CVE-2024-0680](CVE-2024/CVE-2024-06xx/CVE-2024-0680.json) (`2025-02-07T01:27:25.297`)
- [CVE-2024-0682](CVE-2024/CVE-2024-06xx/CVE-2024-0682.json) (`2025-02-07T01:26:17.227`)
- [CVE-2024-0786](CVE-2024/CVE-2024-07xx/CVE-2024-0786.json) (`2025-02-07T01:23:21.203`)
- [CVE-2024-0975](CVE-2024/CVE-2024-09xx/CVE-2024-0975.json) (`2025-02-07T01:11:02.703`)
- [CVE-2024-21413](CVE-2024/CVE-2024-214xx/CVE-2024-21413.json) (`2025-02-07T02:00:02.403`)
- [CVE-2024-2273](CVE-2024/CVE-2024-22xx/CVE-2024-2273.json) (`2025-02-07T02:17:45.397`)
- [CVE-2024-24883](CVE-2024/CVE-2024-248xx/CVE-2024-24883.json) (`2025-02-07T01:35:26.953`)
- [CVE-2024-31113](CVE-2024/CVE-2024-311xx/CVE-2024-31113.json) (`2025-02-07T02:39:28.647`)
- [CVE-2024-31293](CVE-2024/CVE-2024-312xx/CVE-2024-31293.json) (`2025-02-07T01:39:13.393`)
- [CVE-2024-31301](CVE-2024/CVE-2024-313xx/CVE-2024-31301.json) (`2025-02-07T01:41:21.207`)
- [CVE-2024-31362](CVE-2024/CVE-2024-313xx/CVE-2024-31362.json) (`2025-02-07T01:42:53.247`)
- [CVE-2024-3189](CVE-2024/CVE-2024-31xx/CVE-2024-3189.json) (`2025-02-07T02:33:04.960`)
- [CVE-2024-32100](CVE-2024/CVE-2024-321xx/CVE-2024-32100.json) (`2025-02-07T02:40:26.900`)
- [CVE-2024-3309](CVE-2024/CVE-2024-33xx/CVE-2024-3309.json) (`2025-02-07T02:12:18.337`)
- [CVE-2024-34352](CVE-2024/CVE-2024-343xx/CVE-2024-34352.json) (`2025-02-07T02:44:20.557`)
- [CVE-2024-34389](CVE-2024/CVE-2024-343xx/CVE-2024-34389.json) (`2025-02-07T02:21:39.957`)
- [CVE-2024-3909](CVE-2024/CVE-2024-39xx/CVE-2024-3909.json) (`2025-02-07T01:57:01.643`)
- [CVE-2024-3962](CVE-2024/CVE-2024-39xx/CVE-2024-3962.json) (`2025-02-07T02:07:02.537`)
- [CVE-2024-3988](CVE-2024/CVE-2024-39xx/CVE-2024-3988.json) (`2025-02-07T02:00:06.753`)
- [CVE-2024-4208](CVE-2024/CVE-2024-42xx/CVE-2024-4208.json) (`2025-02-07T02:35:22.610`)
- [CVE-2024-4209](CVE-2024/CVE-2024-42xx/CVE-2024-4209.json) (`2025-02-07T02:25:42.230`)
- [CVE-2024-4481](CVE-2024/CVE-2024-44xx/CVE-2024-4481.json) (`2025-02-07T02:27:48.233`)
- [CVE-2025-0411](CVE-2025/CVE-2025-04xx/CVE-2025-0411.json) (`2025-02-07T02:00:02.403`)
- [CVE-2025-21396](CVE-2025/CVE-2025-213xx/CVE-2025-21396.json) (`2025-02-06T23:15:09.513`)
## Download and Usage

310
_state.csv
View File

File diff suppressed because it is too large Load Diff