diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4187.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4187.json new file mode 100644 index 00000000000..313cf9596ab --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4187.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4187", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:22.050", + "lastModified": "2025-06-14T09:15:22.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4200.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4200.json new file mode 100644 index 00000000000..f348fb59772 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4200.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4200", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:22.990", + "lastModified": "2025-06-14T09:15:22.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/zagg-electronics-accessories-woocommerce-wordpress-theme/54636595", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4216.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4216.json new file mode 100644 index 00000000000..2f592b5ffbe --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4216.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4216", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:23.160", + "lastModified": "2025-06-14T09:15:23.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4592.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4592.json new file mode 100644 index 00000000000..5e43c8cc7a2 --- /dev/null +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4592.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4592", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:23.333", + "lastModified": "2025-06-14T09:15:23.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AI Image Lab \u2013 Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ai-image-generator-lab/trunk/includes/admin/admin-page.php#L3", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5336.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5336.json new file mode 100644 index 00000000000..d0e693a7f67 --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5336.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-5336", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:23.527", + "lastModified": "2025-06-14T09:15:23.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-no_number\u2019 parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L126", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L818", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3309693/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/click-to-chat-for-whatsapp/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5589.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5589.json new file mode 100644 index 00000000000..62e1033c356 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5589.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5589", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:23.710", + "lastModified": "2025-06-14T09:15:23.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018status-classic-offline-text\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php#L50", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3309930/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/streamweasels-kick-integration/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6040.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6040.json new file mode 100644 index 00000000000..ad1b8690293 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6040.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6040", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:23.873", + "lastModified": "2025-06-14T09:15:23.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'ef_settings_submenu' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/easy-flashcards/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6055.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6055.json new file mode 100644 index 00000000000..b6e8777226e --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6055.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6055", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:24.050", + "lastModified": "2025-06-14T09:15:24.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/zen-social-sticky/trunk/zen-sticky-social.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6061.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6061.json new file mode 100644 index 00000000000..07c6568ead7 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6061.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6061", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:24.307", + "lastModified": "2025-06-14T09:15:24.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/kk-youtube-video/trunk/kk-youtube-video.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd581604-e2f6-42c4-81ef-10873683526b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6062.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6062.json new file mode 100644 index 00000000000..a32e8ee3c7a --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6062.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6062", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:24.520", + "lastModified": "2025-06-14T09:15:24.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yougler-blogger-profile-page/trunk/yougler-plugin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6063.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6063.json new file mode 100644 index 00000000000..841e8186cf7 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6063.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6063", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:24.693", + "lastModified": "2025-06-14T09:15:24.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/xisearch-bar/trunk/xisearch.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6064.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6064.json new file mode 100644 index 00000000000..4efa295ad1e --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6064.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6064", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:24.853", + "lastModified": "2025-06-14T09:15:24.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'url_shortener_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-url-shortener/trunk/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/154b3a1a-7246-42de-a555-2c655778d59e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6065.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6065.json new file mode 100644 index 00000000000..7b2af1537f9 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6065.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6065", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:25.020", + "lastModified": "2025-06-14T09:15:25.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-resizer-on-the-fly/trunk/image-resizer-on-the-fly.php#L25", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/image-resizer-on-the-fly/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6070.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6070.json new file mode 100644 index 00000000000..3f47a7400d3 --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6070.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6070", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-14T09:15:25.180", + "lastModified": "2025-06-14T09:15:25.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e674acf2ceb..6a4ec978fca 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-14T08:00:19.859549+00:00 +2025-06-14T10:00:20.336442+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-14T07:15:17.870000+00:00 +2025-06-14T09:15:25.180000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297937 +297951 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `14` -- [CVE-2025-3234](CVE-2025/CVE-2025-32xx/CVE-2025-3234.json) (`2025-06-14T06:15:18.117`) -- [CVE-2025-5487](CVE-2025/CVE-2025-54xx/CVE-2025-5487.json) (`2025-06-14T07:15:17.870`) +- [CVE-2025-4187](CVE-2025/CVE-2025-41xx/CVE-2025-4187.json) (`2025-06-14T09:15:22.050`) +- [CVE-2025-4200](CVE-2025/CVE-2025-42xx/CVE-2025-4200.json) (`2025-06-14T09:15:22.990`) +- [CVE-2025-4216](CVE-2025/CVE-2025-42xx/CVE-2025-4216.json) (`2025-06-14T09:15:23.160`) +- [CVE-2025-4592](CVE-2025/CVE-2025-45xx/CVE-2025-4592.json) (`2025-06-14T09:15:23.333`) +- [CVE-2025-5336](CVE-2025/CVE-2025-53xx/CVE-2025-5336.json) (`2025-06-14T09:15:23.527`) +- [CVE-2025-5589](CVE-2025/CVE-2025-55xx/CVE-2025-5589.json) (`2025-06-14T09:15:23.710`) +- [CVE-2025-6040](CVE-2025/CVE-2025-60xx/CVE-2025-6040.json) (`2025-06-14T09:15:23.873`) +- [CVE-2025-6055](CVE-2025/CVE-2025-60xx/CVE-2025-6055.json) (`2025-06-14T09:15:24.050`) +- [CVE-2025-6061](CVE-2025/CVE-2025-60xx/CVE-2025-6061.json) (`2025-06-14T09:15:24.307`) +- [CVE-2025-6062](CVE-2025/CVE-2025-60xx/CVE-2025-6062.json) (`2025-06-14T09:15:24.520`) +- [CVE-2025-6063](CVE-2025/CVE-2025-60xx/CVE-2025-6063.json) (`2025-06-14T09:15:24.693`) +- [CVE-2025-6064](CVE-2025/CVE-2025-60xx/CVE-2025-6064.json) (`2025-06-14T09:15:24.853`) +- [CVE-2025-6065](CVE-2025/CVE-2025-60xx/CVE-2025-6065.json) (`2025-06-14T09:15:25.020`) +- [CVE-2025-6070](CVE-2025/CVE-2025-60xx/CVE-2025-6070.json) (`2025-06-14T09:15:25.180`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7d77e41c9ae..96f773c846b 100644 --- a/_state.csv +++ b/_state.csv @@ -292530,7 +292530,7 @@ CVE-2025-32308,0,0,2b7bec71af2d8aeb794f4d157dfc61ad4810b98ac960b587b7920f453cf78 CVE-2025-32309,0,0,72e524edceb2da5dc017c83bf8ab60e46c6fe45eb184ab0349a1ba415921a900,2025-05-23T15:54:42.643000 CVE-2025-3231,0,0,7fe259e10bdefff2f7d2cc360ec09abf1ea1f8d9711a4276861c2a354dc3b16e,2025-06-05T05:15:23.977000 CVE-2025-32310,0,0,c3b2568a49d7a011e3cbc9748557e58f0519995b3a6735845f843c0d6b6482d9,2025-05-19T13:35:50.497000 -CVE-2025-3234,1,1,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000 +CVE-2025-3234,0,0,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000 CVE-2025-3235,0,0,bf02e56a9b2acdd9197c016e355d3cdfc496d77110cbd9f5fcadcef4a0003d66,2025-05-16T15:43:09.640000 CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000 CVE-2025-32354,0,0,85128147f47ebee98ae2a1737b9ec1a8829a4b5a6a4c94ca962a085780718ca4,2025-06-11T21:20:21.863000 @@ -294612,6 +294612,7 @@ CVE-2025-4183,0,0,5e71026142945439a9594d0439f27ca7101a23d30fb9cd157d68469b5c04af CVE-2025-4184,0,0,231752f9dd81f3c878686a35cd086680fc85706af1d3abe68105ebbbb14f6dc9,2025-05-16T15:04:17.993000 CVE-2025-4185,0,0,8aa6367e503165449fe24feb0fb59a420bcc6751f196b6bccc99b251140bb4f4,2025-05-02T13:52:51.693000 CVE-2025-4186,0,0,dab70a09e90dae7c54c24591d73076ac14325c30ca1a211bf9896872e7af04dd,2025-05-02T13:52:51.693000 +CVE-2025-4187,1,1,ce037a46c10aba3526ee6daf50f83f56cb9244a49cc0b22533e0b440995f23dd,2025-06-14T09:15:22.050000 CVE-2025-4188,0,0,dae4661d96faab4b86b2442932d3ed4a7d5e86b7964e0bf5b5ad937c7ef62825,2025-05-05T20:54:19.760000 CVE-2025-4189,0,0,a0e2a19d22d932ca0e26b1ac038e49b5f17b80b816561f13c2c6e3219b687b6c,2025-05-19T13:35:20.460000 CVE-2025-4190,0,0,53943bc80284ba750997ed519958820d606a7c8de596edfb3fb17f09fd02f946,2025-06-12T16:29:51.860000 @@ -294624,6 +294625,7 @@ CVE-2025-4196,0,0,b26d9e2fad715e7681143157d22f4891b95826ce8e53977c9ecced30c124cc CVE-2025-4197,0,0,ed8ec740b973b92253a741cf6d5d0ac209bbd44763ac57f0fdc0af84aaf28e3c,2025-05-28T16:02:23.317000 CVE-2025-4198,0,0,e5602874b7c5cc6f9012651f4a60dc8d2e789373501ddfec072de22c80a74167,2025-05-05T20:54:19.760000 CVE-2025-4199,0,0,553c17b65a2b6efd623dda6e1567d529495701f64dcb6b078b725c7f2893112f,2025-05-05T20:54:19.760000 +CVE-2025-4200,1,1,d1eb458066ff194c551bd28cb423b888c6b3da3a20b5073a64d5d3c2e910a54e,2025-06-14T09:15:22.990000 CVE-2025-4204,0,0,2e611705c020858b2144a419577c11b9e07bf754b3f98b6b3360986c5bc7b1b4,2025-06-04T22:39:20.750000 CVE-2025-4205,0,0,e5c422efa7296a5f9776daa32028189294bed6a05affab60f37bd65665314bf9,2025-06-04T14:54:33.783000 CVE-2025-4206,0,0,bb3cb9f07bfc9d08a2c0843d010f353ba8ba2d3caafa1bbc30e33b9667f14930,2025-05-12T17:32:32.760000 @@ -294635,6 +294637,7 @@ CVE-2025-4211,0,0,404e0b904354aed3b5baa7e207d5cfca573f55dcef658a41b4b3c736c556ad CVE-2025-4213,0,0,ebe18be5ee5e37fbd0ec843f8652f96ea5e7e69c1b8a34e3e1bad241a91a7771,2025-05-28T20:56:16.840000 CVE-2025-4214,0,0,1d60003a6cdf25de6477c856dc27cfd829a89b1b822b87cc832b4debc042c00e,2025-05-28T21:09:07.673000 CVE-2025-4215,0,0,77be2382f902e198d303780e19aa94df13f88e4e0b8ba79572846b911ad2ad55,2025-06-12T01:15:26.443000 +CVE-2025-4216,1,1,14d5b84f03ced42de418c7125238b4220bfdf07d15ec7876ca59d9e333846a1f,2025-06-14T09:15:23.160000 CVE-2025-4217,0,0,62c15aedce5780b22253f9cbd9800a9e9b8ad351bc24efee5e47483ed5db566c,2025-05-21T20:24:58.133000 CVE-2025-4218,0,0,2c49204cc3b286450f9a71e19a17dbb76984ced9134a20a4535356e38fc3ed60,2025-05-05T20:54:19.760000 CVE-2025-4219,0,0,1dbb3268c116fdb31206945d2c84e6a62b85afd7dbbb78abb2fd21bb825a5ad4,2025-05-21T20:24:58.133000 @@ -295296,6 +295299,7 @@ CVE-2025-45887,0,0,fb1a15240343f864311f44360980a2f79927e76ee0105844e8c76acb00550 CVE-2025-4589,0,0,bb26d22fcf596d77e370296c8ae93489013c99f636d3a8cff9546409ae0197a5,2025-05-16T14:43:26.160000 CVE-2025-4590,0,0,1338bc68ec3d6917d4ad238b5739bcbca3832b2475d3a347918656638fb549e4,2025-06-02T17:32:17.397000 CVE-2025-4591,0,0,09b633064167908f2267d3dc13a3052b782cbd19249bba4734b3313b4950008b,2025-05-16T14:43:26.160000 +CVE-2025-4592,1,1,5c44f633f2012fc99846b6d9b62b801788e1f40df004901317364e90d81d1144,2025-06-14T09:15:23.333000 CVE-2025-4594,0,0,c0d148a004f59cf53abe31af001741cb43bc8a881d1fbd6674a881b7467848f2,2025-05-23T15:54:42.643000 CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000 CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000 @@ -297467,6 +297471,7 @@ CVE-2025-5331,0,0,6d6e63e0f8a1a491f6a38b24f4a10f691f644991827baf7d50b9fb0e398065 CVE-2025-5332,0,0,e1def175621c4e1d1942302bd613c0906cf0d988637a95edef4cbf91efd49e74,2025-06-04T15:37:02.583000 CVE-2025-5334,0,0,3b25ffa10fa68a37bf0e18657dc7cc96e971a33e8fade936cdd130170872987d,2025-06-10T19:15:35.243000 CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad95934637,2025-06-12T16:06:39.330000 +CVE-2025-5336,1,1,66f58ed710d27f4b2bf2e01a754073917852be9e5d922753d5aff62957bbdb9f,2025-06-14T09:15:23.527000 CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2ceb,2025-06-04T14:54:33.783000 CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000 CVE-2025-5353,0,0,a9d9e9f405a59eeaccd7ee5466c700cdd9eae2ba20f2bc9c98c5c42953abdf75,2025-06-12T16:06:39.330000 @@ -297556,7 +297561,7 @@ CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0 CVE-2025-5484,0,0,400ed56fb4f7c44bceca06b8432cd3e34b6d71f8c67dfd72400144a319fe73ec,2025-06-12T20:15:22.113000 CVE-2025-5485,0,0,d3479a1adb4ba2fbfa64aaac1b5d6b7fe8b9403b5e13a2ac94a1e71146019ece,2025-06-12T20:15:22.283000 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000 -CVE-2025-5487,1,1,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000 +CVE-2025-5487,0,0,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000 CVE-2025-5491,0,0,e2f506b3fba36a13dc12fb8dc2e089cb7773a4d51511233e748a5ab6f51b1a98,2025-06-13T03:15:52.300000 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000 @@ -297633,6 +297638,7 @@ CVE-2025-5582,0,0,d2f1baa22f55fc38a8f865d0e99938121f7ce9bfb4e6584060e61c164943f9 CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991ad,2025-06-04T17:44:26.393000 CVE-2025-5584,0,0,554122312ccf631b36ad0ef789707a593ded0bc038e2cac6c090436b66fd53f2,2025-06-10T15:10:06.207000 CVE-2025-5586,0,0,b91049de82efb55ef679cf10931aa4f56290c24a8f2fbf45be0281fcede07341,2025-06-06T14:07:28.330000 +CVE-2025-5589,1,1,3b8c0f350b849c9492ae78e46abb4302d508a80f7be3f44c57d2d1faa061bdf2,2025-06-14T09:15:23.710000 CVE-2025-5592,0,0,36c388f33c323490a93ebd79d5f124d5f4fdc10d946cc1144d6e587fb6694158,2025-06-09T15:02:45.030000 CVE-2025-5593,0,0,6df395e5fe3476beb67761792da6574eda83b6d9a337db7d77d384194417b8ee,2025-06-13T01:00:11.693000 CVE-2025-5594,0,0,83e7fdcfac2ba201d4fe551d7608819296af218dfeb5718bd91a2cdb5f7cbdd0,2025-06-13T00:58:21.617000 @@ -297933,6 +297939,14 @@ CVE-2025-6029,0,0,0a7d097872a3743dce758382e23d64ef6427ff251b4a0e0984b49fe00ded11 CVE-2025-6030,0,0,971340cab3989d6f103f455b80ce687f5365decc2b747d306ee807e98b81854a,2025-06-13T15:15:21.600000 CVE-2025-6031,0,0,f55877d9a515055d82923e15e107b73e885b2a97ca1430544a245162a02b6450,2025-06-12T20:15:22.450000 CVE-2025-6035,0,0,07dd0ef801ecdc5affcaf0e86947bc44410ec1004ed310d74f8d9a296fc9d5aa,2025-06-13T16:15:28.067000 +CVE-2025-6040,1,1,3e01209e0303d051f1d1ac7bf3016bbda2a497b4c19af1290cf47f36f272881a,2025-06-14T09:15:23.873000 CVE-2025-6052,0,0,d6d0e5e14eb20ceb0c3bc2cb2793ad0094d53a851be1a17d6cfc808d70a5cddb,2025-06-13T16:15:28.230000 +CVE-2025-6055,1,1,f3fa6b9e87d2dacc2038c8e0306009891e39673a790a3aa4577884492d4b176d,2025-06-14T09:15:24.050000 CVE-2025-6059,0,0,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000 +CVE-2025-6061,1,1,d7aa6a582ef8e8ae5a52cd7597e1f64b25983064d39378305235e3628c71f079,2025-06-14T09:15:24.307000 +CVE-2025-6062,1,1,64774487c618df7aca145bbd7ec40a38e830c1a69a4992fb4491551c85ac1fc7,2025-06-14T09:15:24.520000 +CVE-2025-6063,1,1,2890954e9b2098ac36d836d65cede9d0cf687a8267ef00899cfa3d31327b6f55,2025-06-14T09:15:24.693000 +CVE-2025-6064,1,1,f1b42f8abbe1dc42385b1b319a813fce6feba5bf2333128ae8bf40e0d2cea421,2025-06-14T09:15:24.853000 +CVE-2025-6065,1,1,5e976b8fac171cc7b59ad041eb4f60fb6d8881197db355ec035f6d3d2b656140,2025-06-14T09:15:25.020000 +CVE-2025-6070,1,1,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad612,2025-06-14T09:15:25.180000 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000