mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
Auto-Update: 2025-04-19T10:00:19.885624+00:00
This commit is contained in:
cad-safe-bot
parent
e98a59aed2
commit
76f2d640b2
60
CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
Normal file
60
CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2021-4455",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-04-19T08:15:13.220",
|
||||
"lastModified": "2025-04-19T08:15:13.220",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.exploit-db.com/exploits/50533",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de9183c-95b9-4500-85e2-08dcee956360?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
64
CVE-2025/CVE-2025-34xx/CVE-2025-3404.json
Normal file
64
CVE-2025/CVE-2025-34xx/CVE-2025-3404.json
Normal file
@ -0,0 +1,64 @@
|
||||
{
|
||||
"id": "CVE-2025-3404",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-04-19T08:15:13.780",
|
||||
"lastModified": "2025-04-19T08:15:13.780",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-22"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
14
README.md
14
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2025-04-19T08:00:19.922788+00:00
|
||||
2025-04-19T10:00:19.885624+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2025-04-19T07:15:13.250000+00:00
|
||||
2025-04-19T08:15:13.780000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
290900
|
||||
290902
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `4`
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2024-13926](CVE-2024/CVE-2024-139xx/CVE-2024-13926.json) (`2025-04-19T06:15:18.347`)
|
||||
- [CVE-2025-2111](CVE-2025/CVE-2025-21xx/CVE-2025-2111.json) (`2025-04-19T06:15:19.657`)
|
||||
- [CVE-2025-3797](CVE-2025/CVE-2025-37xx/CVE-2025-3797.json) (`2025-04-19T07:15:13.250`)
|
||||
- [CVE-2025-3809](CVE-2025/CVE-2025-38xx/CVE-2025-3809.json) (`2025-04-19T06:15:19.960`)
|
||||
- [CVE-2021-4455](CVE-2021/CVE-2021-44xx/CVE-2021-4455.json) (`2025-04-19T08:15:13.220`)
|
||||
- [CVE-2025-3404](CVE-2025/CVE-2025-34xx/CVE-2025-3404.json) (`2025-04-19T08:15:13.780`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
10
_state.csv
10
_state.csv
@ -185737,6 +185737,7 @@ CVE-2021-44545,0,0,7028fb142f00073c7946b672f2300046564e5efec3c7e574f45814b31d120
|
||||
CVE-2021-44547,0,0,e1b35c68e3f8401880b07e59afed19077e4b56bdf48baaf8c949e189dc39ea7d,2024-11-21T06:31:12.333000
|
||||
CVE-2021-44548,0,0,2d48fe28684af15895e9773f250bbc741ea4fa16501618e309cd4c435b91ba16,2024-11-21T06:31:12.457000
|
||||
CVE-2021-44549,0,0,6831fced5594a6b4a5cbff2541e9ce1a0eee5f7b4b4f48df146da51cfd776065,2024-11-21T06:31:12.580000
|
||||
CVE-2021-4455,1,1,c91a80fc4b00e779614cb3b8a879e8b522eaa69c31dcc8db51033de605223318,2025-04-19T08:15:13.220000
|
||||
CVE-2021-44550,0,0,5af7bba0e92faa96a09f9ee5deb8cb2046d16ed1b302b816e3cf61ed174716e4,2024-11-21T06:31:12.700000
|
||||
CVE-2021-44554,0,0,7b13dd9b102d97854d9adf8fa6293bdf2ea7c2db3b1b708995b7e3f84448bbc1,2024-11-21T06:31:12.863000
|
||||
CVE-2021-44556,0,0,454fb7c4653e03c3f25c76ed117d4fae318942e2f143daa705119ac6b412f0d0,2024-11-21T06:31:13.033000
|
||||
@ -248415,7 +248416,7 @@ CVE-2024-13922,0,0,6cd484021b2a9356da4dab3938017878db2ce098f796a1ee0313bd1e4dc9d
|
||||
CVE-2024-13923,0,0,a528ee5b51622639984378ce5c82c5f3996bc4ee38135a9723b678cb2485bd4f,2025-03-26T18:18:32.280000
|
||||
CVE-2024-13924,0,0,6771f2a575eb9b234ba437c9c60a2d5807f8aded376287df6e1ca4c3782207e4,2025-03-12T16:23:39.567000
|
||||
CVE-2024-13925,0,0,d5381786baf413fd2dd4859dd45a92bcf06b65f21ce2fc9312416a8cb44b68e1,2025-04-18T14:15:20.327000
|
||||
CVE-2024-13926,1,1,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000
|
||||
CVE-2024-13926,0,0,9751c4684e7a15fd9721704e8ab59162051e824997423d3ef3b66ed778df9446,2025-04-19T06:15:18.347000
|
||||
CVE-2024-1393,0,0,807d9a3a72d3c227cf073d19ae4d043ce29012d9a81f19ad09766963a4531e84,2025-01-17T19:54:07.350000
|
||||
CVE-2024-13933,0,0,6c1d1592227807572b59c7607e13d58cd1b568936f1ec0b9bb42956c7610a4b0,2025-03-19T12:15:14.003000
|
||||
CVE-2024-13939,0,0,921141b59fb64caa413d175858785c8fecf23c4615e123e5aadc58ca56a65359,2025-04-11T18:10:56.160000
|
||||
@ -283017,7 +283018,7 @@ CVE-2025-21104,0,0,7bcf930b71004c8c145b902c46fc599699f48561324b95d5aab96c7981b7a
|
||||
CVE-2025-21105,0,0,7769ede7d6d67929cda835ad36f1b7f8a4f0b24a4fa55bfbbf6043d06ace29a6,2025-02-20T12:15:11.233000
|
||||
CVE-2025-21106,0,0,f21695bcd3dc50ebb62318d228568a1613cd20d1a89ae6dcd1f4af03df1c2f91,2025-02-20T12:15:11.373000
|
||||
CVE-2025-21107,0,0,0827735892f4001f988a0739aad719c8ee1fb9144fe1da312da1da34f24b5ce6,2025-02-07T20:01:14.760000
|
||||
CVE-2025-2111,1,1,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000
|
||||
CVE-2025-2111,0,0,90824833d0c8c260babeed5f2d02e1fbf59e8850ab0452ea3b4a300f29501332,2025-04-19T06:15:19.657000
|
||||
CVE-2025-21111,0,0,36449c466fabe660f3fc2f10d8992e6a7d9c5e3d2cf72d3dce2cc840c6da552b,2025-01-24T19:11:42.417000
|
||||
CVE-2025-21117,0,0,645b1da2e8af06c5f3d21bae0eae50f754102ea2f31528d1d042846d09e2ec44,2025-03-28T13:24:51.620000
|
||||
CVE-2025-2112,0,0,12876043094c79f81e904e1d2257170a373b17e7d0d24c6eb1a19e93cc051c0d,2025-03-10T16:15:13.817000
|
||||
@ -290556,6 +290557,7 @@ CVE-2025-3400,0,0,cf8d2677c113eaba5cb7e83bc217fa3a16d8d96bb1f2d78546954dbd49132a
|
||||
CVE-2025-3401,0,0,631e8a4259cdba906c225d1eb0133c66fa3c13f4e78b0d1bc5178acd11ac745f,2025-04-09T14:11:52.510000
|
||||
CVE-2025-3402,0,0,fb2eb5b194518a576d30d497d3c07d8afb7daa9ab5c7a3db51d822547dfc3965,2025-04-08T19:15:53.267000
|
||||
CVE-2025-3403,0,0,5499ba1d1841e737df5ef1f2a2d32505df727eeda279da8a9f0ff20d660ca6b7,2025-04-08T19:15:53.387000
|
||||
CVE-2025-3404,1,1,72258a7cfa85b1e9834dc73776c2323b60f82629bdb39b4ba2f07bb9ebd842ad,2025-04-19T08:15:13.780000
|
||||
CVE-2025-3405,0,0,a31287bf487edd9888ccf3a2cc660111ad412bcd7d306362616791fdc35de9e0,2025-04-08T18:13:53.347000
|
||||
CVE-2025-3406,0,0,7ba1ebe9a4174ed6e20c2f4fe1e75a4864d330055141a3dcb596eb92ec7fbc3a,2025-04-08T18:13:53.347000
|
||||
CVE-2025-3407,0,0,e5cceac7b7d945db6bab90635fdc2ec04fc23eea7f5eaa5ff6a3dce8910502a2,2025-04-08T18:13:53.347000
|
||||
@ -290732,9 +290734,9 @@ CVE-2025-3790,0,0,d5ad1f3b13a63f5c54d366ff24749d16ab7fb7d35d8ebd487f5b8f35d3604a
|
||||
CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd56557c1,2025-04-18T07:15:43.090000
|
||||
CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000
|
||||
CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000
|
||||
CVE-2025-3797,1,1,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000
|
||||
CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000
|
||||
CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000
|
||||
CVE-2025-3809,1,1,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000
|
||||
CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000
|
||||
CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000
|
||||
CVE-2025-38152,0,0,d2296d820f7f71e71472cf853a8cba12b58f3c84c5429c1618bed2e28567d654,2025-04-18T07:15:43.403000
|
||||
CVE-2025-38240,0,0,55c3c53507175385d390f4e5f0701155663d7d45488ce3854f0ce48d67d704f4,2025-04-18T07:15:43.510000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user