Auto-Update: 2025-06-14T10:00:20.336442+00:00

CVE-2025/CVE-2025-41xx/CVE-2025-4187.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4187",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:22.050",
+  "lastModified": "2025-06-14T09:15:22.050",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-42xx/CVE-2025-4200.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4200",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:22.990",
+  "lastModified": "2025-06-14T09:15:22.990",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-98"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://themeforest.net/item/zagg-electronics-accessories-woocommerce-wordpress-theme/54636595",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-42xx/CVE-2025-4216.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4216",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:23.160",
+  "lastModified": "2025-06-14T09:15:23.160",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-45xx/CVE-2025-4592.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-4592",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:23.333",
+  "lastModified": "2025-06-14T09:15:23.333",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AI Image Lab \u2013 Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/ai-image-generator-lab/trunk/includes/admin/admin-page.php#L3",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-53xx/CVE-2025-5336.json

@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2025-5336",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:23.527",
+  "lastModified": "2025-06-14T09:15:23.527",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-no_number\u2019 parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L126",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/4.22/new/inc/assets/js/dev/app.dev.js#L818",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3309693/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/click-to-chat-for-whatsapp/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-55xx/CVE-2025-5589.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-5589",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:23.710",
+  "lastModified": "2025-06-14T09:15:23.710",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018status-classic-offline-text\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php#L50",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3309930/streamweasels-kick-integration/trunk/public/partials/streamweasels-kick-status-public-display.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/streamweasels-kick-integration/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6040.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6040",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:23.873",
+  "lastModified": "2025-06-14T09:15:23.873",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'ef_settings_submenu' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/easy-flashcards/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6055.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6055",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:24.050",
+  "lastModified": "2025-06-14T09:15:24.050",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/zen-social-sticky/trunk/zen-sticky-social.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6061.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6061",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:24.307",
+  "lastModified": "2025-06-14T09:15:24.307",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/kk-youtube-video/trunk/kk-youtube-video.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd581604-e2f6-42c4-81ef-10873683526b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6062.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6062",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:24.520",
+  "lastModified": "2025-06-14T09:15:24.520",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/yougler-blogger-profile-page/trunk/yougler-plugin.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6063.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6063",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:24.693",
+  "lastModified": "2025-06-14T09:15:24.693",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/xisearch-bar/trunk/xisearch.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6064.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6064",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:24.853",
+  "lastModified": "2025-06-14T09:15:24.853",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'url_shortener_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-url-shortener/trunk/index.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/154b3a1a-7246-42de-a555-2c655778d59e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6065.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-6065",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:25.020",
+  "lastModified": "2025-06-14T09:15:25.020",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/image-resizer-on-the-fly/trunk/image-resizer-on-the-fly.php#L25",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/image-resizer-on-the-fly/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-60xx/CVE-2025-6070.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-6070",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-14T09:15:25.180",
+  "lastModified": "2025-06-14T09:15:25.180",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-06-14T08:00:19.859549+00:00
+2025-06-14T10:00:20.336442+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-06-14T07:15:17.870000+00:00
+2025-06-14T09:15:25.180000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-297937
+297951
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `14`
 
-- [CVE-2025-3234](CVE-2025/CVE-2025-32xx/CVE-2025-3234.json) (`2025-06-14T06:15:18.117`)
+- [CVE-2025-4187](CVE-2025/CVE-2025-41xx/CVE-2025-4187.json) (`2025-06-14T09:15:22.050`)
-- [CVE-2025-5487](CVE-2025/CVE-2025-54xx/CVE-2025-5487.json) (`2025-06-14T07:15:17.870`)
+- [CVE-2025-4200](CVE-2025/CVE-2025-42xx/CVE-2025-4200.json) (`2025-06-14T09:15:22.990`)
+- [CVE-2025-4216](CVE-2025/CVE-2025-42xx/CVE-2025-4216.json) (`2025-06-14T09:15:23.160`)
+- [CVE-2025-4592](CVE-2025/CVE-2025-45xx/CVE-2025-4592.json) (`2025-06-14T09:15:23.333`)
+- [CVE-2025-5336](CVE-2025/CVE-2025-53xx/CVE-2025-5336.json) (`2025-06-14T09:15:23.527`)
+- [CVE-2025-5589](CVE-2025/CVE-2025-55xx/CVE-2025-5589.json) (`2025-06-14T09:15:23.710`)
+- [CVE-2025-6040](CVE-2025/CVE-2025-60xx/CVE-2025-6040.json) (`2025-06-14T09:15:23.873`)
+- [CVE-2025-6055](CVE-2025/CVE-2025-60xx/CVE-2025-6055.json) (`2025-06-14T09:15:24.050`)
+- [CVE-2025-6061](CVE-2025/CVE-2025-60xx/CVE-2025-6061.json) (`2025-06-14T09:15:24.307`)
+- [CVE-2025-6062](CVE-2025/CVE-2025-60xx/CVE-2025-6062.json) (`2025-06-14T09:15:24.520`)
+- [CVE-2025-6063](CVE-2025/CVE-2025-60xx/CVE-2025-6063.json) (`2025-06-14T09:15:24.693`)
+- [CVE-2025-6064](CVE-2025/CVE-2025-60xx/CVE-2025-6064.json) (`2025-06-14T09:15:24.853`)
+- [CVE-2025-6065](CVE-2025/CVE-2025-60xx/CVE-2025-6065.json) (`2025-06-14T09:15:25.020`)
+- [CVE-2025-6070](CVE-2025/CVE-2025-60xx/CVE-2025-6070.json) (`2025-06-14T09:15:25.180`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -292530,7 +292530,7 @@ CVE-2025-32308,0,0,2b7bec71af2d8aeb794f4d157dfc61ad4810b98ac960b587b7920f453cf78
 CVE-2025-32309,0,0,72e524edceb2da5dc017c83bf8ab60e46c6fe45eb184ab0349a1ba415921a900,2025-05-23T15:54:42.643000
 CVE-2025-3231,0,0,7fe259e10bdefff2f7d2cc360ec09abf1ea1f8d9711a4276861c2a354dc3b16e,2025-06-05T05:15:23.977000
 CVE-2025-32310,0,0,c3b2568a49d7a011e3cbc9748557e58f0519995b3a6735845f843c0d6b6482d9,2025-05-19T13:35:50.497000
-CVE-2025-3234,1,1,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000
+CVE-2025-3234,0,0,21bb08636d89b5f9c340274882831779318dea0cf5e7a8edbc31ace94a2f698f,2025-06-14T06:15:18.117000
 CVE-2025-3235,0,0,bf02e56a9b2acdd9197c016e355d3cdfc496d77110cbd9f5fcadcef4a0003d66,2025-05-16T15:43:09.640000
 CVE-2025-32352,0,0,14a2251916c9246fc3d185746736b75fd36a375e4aafcddd19d832e612b92a9a,2025-04-07T17:15:37.147000
 CVE-2025-32354,0,0,85128147f47ebee98ae2a1737b9ec1a8829a4b5a6a4c94ca962a085780718ca4,2025-06-11T21:20:21.863000
@@ -294612,6 +294612,7 @@ CVE-2025-4183,0,0,5e71026142945439a9594d0439f27ca7101a23d30fb9cd157d68469b5c04af
 CVE-2025-4184,0,0,231752f9dd81f3c878686a35cd086680fc85706af1d3abe68105ebbbb14f6dc9,2025-05-16T15:04:17.993000
 CVE-2025-4185,0,0,8aa6367e503165449fe24feb0fb59a420bcc6751f196b6bccc99b251140bb4f4,2025-05-02T13:52:51.693000
 CVE-2025-4186,0,0,dab70a09e90dae7c54c24591d73076ac14325c30ca1a211bf9896872e7af04dd,2025-05-02T13:52:51.693000
+CVE-2025-4187,1,1,ce037a46c10aba3526ee6daf50f83f56cb9244a49cc0b22533e0b440995f23dd,2025-06-14T09:15:22.050000
 CVE-2025-4188,0,0,dae4661d96faab4b86b2442932d3ed4a7d5e86b7964e0bf5b5ad937c7ef62825,2025-05-05T20:54:19.760000
 CVE-2025-4189,0,0,a0e2a19d22d932ca0e26b1ac038e49b5f17b80b816561f13c2c6e3219b687b6c,2025-05-19T13:35:20.460000
 CVE-2025-4190,0,0,53943bc80284ba750997ed519958820d606a7c8de596edfb3fb17f09fd02f946,2025-06-12T16:29:51.860000
@@ -294624,6 +294625,7 @@ CVE-2025-4196,0,0,b26d9e2fad715e7681143157d22f4891b95826ce8e53977c9ecced30c124cc
 CVE-2025-4197,0,0,ed8ec740b973b92253a741cf6d5d0ac209bbd44763ac57f0fdc0af84aaf28e3c,2025-05-28T16:02:23.317000
 CVE-2025-4198,0,0,e5602874b7c5cc6f9012651f4a60dc8d2e789373501ddfec072de22c80a74167,2025-05-05T20:54:19.760000
 CVE-2025-4199,0,0,553c17b65a2b6efd623dda6e1567d529495701f64dcb6b078b725c7f2893112f,2025-05-05T20:54:19.760000
+CVE-2025-4200,1,1,d1eb458066ff194c551bd28cb423b888c6b3da3a20b5073a64d5d3c2e910a54e,2025-06-14T09:15:22.990000
 CVE-2025-4204,0,0,2e611705c020858b2144a419577c11b9e07bf754b3f98b6b3360986c5bc7b1b4,2025-06-04T22:39:20.750000
 CVE-2025-4205,0,0,e5c422efa7296a5f9776daa32028189294bed6a05affab60f37bd65665314bf9,2025-06-04T14:54:33.783000
 CVE-2025-4206,0,0,bb3cb9f07bfc9d08a2c0843d010f353ba8ba2d3caafa1bbc30e33b9667f14930,2025-05-12T17:32:32.760000
@@ -294635,6 +294637,7 @@ CVE-2025-4211,0,0,404e0b904354aed3b5baa7e207d5cfca573f55dcef658a41b4b3c736c556ad
 CVE-2025-4213,0,0,ebe18be5ee5e37fbd0ec843f8652f96ea5e7e69c1b8a34e3e1bad241a91a7771,2025-05-28T20:56:16.840000
 CVE-2025-4214,0,0,1d60003a6cdf25de6477c856dc27cfd829a89b1b822b87cc832b4debc042c00e,2025-05-28T21:09:07.673000
 CVE-2025-4215,0,0,77be2382f902e198d303780e19aa94df13f88e4e0b8ba79572846b911ad2ad55,2025-06-12T01:15:26.443000
+CVE-2025-4216,1,1,14d5b84f03ced42de418c7125238b4220bfdf07d15ec7876ca59d9e333846a1f,2025-06-14T09:15:23.160000
 CVE-2025-4217,0,0,62c15aedce5780b22253f9cbd9800a9e9b8ad351bc24efee5e47483ed5db566c,2025-05-21T20:24:58.133000
 CVE-2025-4218,0,0,2c49204cc3b286450f9a71e19a17dbb76984ced9134a20a4535356e38fc3ed60,2025-05-05T20:54:19.760000
 CVE-2025-4219,0,0,1dbb3268c116fdb31206945d2c84e6a62b85afd7dbbb78abb2fd21bb825a5ad4,2025-05-21T20:24:58.133000
@@ -295296,6 +295299,7 @@ CVE-2025-45887,0,0,fb1a15240343f864311f44360980a2f79927e76ee0105844e8c76acb00550
 CVE-2025-4589,0,0,bb26d22fcf596d77e370296c8ae93489013c99f636d3a8cff9546409ae0197a5,2025-05-16T14:43:26.160000
 CVE-2025-4590,0,0,1338bc68ec3d6917d4ad238b5739bcbca3832b2475d3a347918656638fb549e4,2025-06-02T17:32:17.397000
 CVE-2025-4591,0,0,09b633064167908f2267d3dc13a3052b782cbd19249bba4734b3313b4950008b,2025-05-16T14:43:26.160000
+CVE-2025-4592,1,1,5c44f633f2012fc99846b6d9b62b801788e1f40df004901317364e90d81d1144,2025-06-14T09:15:23.333000
 CVE-2025-4594,0,0,c0d148a004f59cf53abe31af001741cb43bc8a881d1fbd6674a881b7467848f2,2025-05-23T15:54:42.643000
 CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000
 CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000
@@ -297467,6 +297471,7 @@ CVE-2025-5331,0,0,6d6e63e0f8a1a491f6a38b24f4a10f691f644991827baf7d50b9fb0e398065
 CVE-2025-5332,0,0,e1def175621c4e1d1942302bd613c0906cf0d988637a95edef4cbf91efd49e74,2025-06-04T15:37:02.583000
 CVE-2025-5334,0,0,3b25ffa10fa68a37bf0e18657dc7cc96e971a33e8fade936cdd130170872987d,2025-06-10T19:15:35.243000
 CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad95934637,2025-06-12T16:06:39.330000
+CVE-2025-5336,1,1,66f58ed710d27f4b2bf2e01a754073917852be9e5d922753d5aff62957bbdb9f,2025-06-14T09:15:23.527000
 CVE-2025-5340,0,0,9b48da383be5dfbe2bc488480a2be183877451ec75241964210e2e3aad9a2ceb,2025-06-04T14:54:33.783000
 CVE-2025-5341,0,0,2f7555dddd47395f556aef803e272926d99b2be1a7b798f5f5a29577ec1f1191,2025-06-05T20:12:23.777000
 CVE-2025-5353,0,0,a9d9e9f405a59eeaccd7ee5466c700cdd9eae2ba20f2bc9c98c5c42953abdf75,2025-06-12T16:06:39.330000
@@ -297556,7 +297561,7 @@ CVE-2025-5482,0,0,010176165dc064c9d0f5c42c228b3c1b03d533e2fec3bc43624fb7ad3f4bc0
 CVE-2025-5484,0,0,400ed56fb4f7c44bceca06b8432cd3e34b6d71f8c67dfd72400144a319fe73ec,2025-06-12T20:15:22.113000
 CVE-2025-5485,0,0,d3479a1adb4ba2fbfa64aaac1b5d6b7fe8b9403b5e13a2ac94a1e71146019ece,2025-06-12T20:15:22.283000
 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000
-CVE-2025-5487,1,1,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000
+CVE-2025-5487,0,0,3ede029b4b4bcc40d102b6937970a70f08956f4250f62c1aea9fb70b5aad50d2,2025-06-14T07:15:17.870000
 CVE-2025-5491,0,0,e2f506b3fba36a13dc12fb8dc2e089cb7773a4d51511233e748a5ab6f51b1a98,2025-06-13T03:15:52.300000
 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000
 CVE-2025-5493,0,0,1efa27605551d4754ba55b2a6097a15a4076a1f74a911a4fa864a052324b89ba,2025-06-04T14:54:33.783000
@@ -297633,6 +297638,7 @@ CVE-2025-5582,0,0,d2f1baa22f55fc38a8f865d0e99938121f7ce9bfb4e6584060e61c164943f9
 CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991ad,2025-06-04T17:44:26.393000
 CVE-2025-5584,0,0,554122312ccf631b36ad0ef789707a593ded0bc038e2cac6c090436b66fd53f2,2025-06-10T15:10:06.207000
 CVE-2025-5586,0,0,b91049de82efb55ef679cf10931aa4f56290c24a8f2fbf45be0281fcede07341,2025-06-06T14:07:28.330000
+CVE-2025-5589,1,1,3b8c0f350b849c9492ae78e46abb4302d508a80f7be3f44c57d2d1faa061bdf2,2025-06-14T09:15:23.710000
 CVE-2025-5592,0,0,36c388f33c323490a93ebd79d5f124d5f4fdc10d946cc1144d6e587fb6694158,2025-06-09T15:02:45.030000
 CVE-2025-5593,0,0,6df395e5fe3476beb67761792da6574eda83b6d9a337db7d77d384194417b8ee,2025-06-13T01:00:11.693000
 CVE-2025-5594,0,0,83e7fdcfac2ba201d4fe551d7608819296af218dfeb5718bd91a2cdb5f7cbdd0,2025-06-13T00:58:21.617000
@@ -297933,6 +297939,14 @@ CVE-2025-6029,0,0,0a7d097872a3743dce758382e23d64ef6427ff251b4a0e0984b49fe00ded11
 CVE-2025-6030,0,0,971340cab3989d6f103f455b80ce687f5365decc2b747d306ee807e98b81854a,2025-06-13T15:15:21.600000
 CVE-2025-6031,0,0,f55877d9a515055d82923e15e107b73e885b2a97ca1430544a245162a02b6450,2025-06-12T20:15:22.450000
 CVE-2025-6035,0,0,07dd0ef801ecdc5affcaf0e86947bc44410ec1004ed310d74f8d9a296fc9d5aa,2025-06-13T16:15:28.067000
+CVE-2025-6040,1,1,3e01209e0303d051f1d1ac7bf3016bbda2a497b4c19af1290cf47f36f272881a,2025-06-14T09:15:23.873000
 CVE-2025-6052,0,0,d6d0e5e14eb20ceb0c3bc2cb2793ad0094d53a851be1a17d6cfc808d70a5cddb,2025-06-13T16:15:28.230000
+CVE-2025-6055,1,1,f3fa6b9e87d2dacc2038c8e0306009891e39673a790a3aa4577884492d4b176d,2025-06-14T09:15:24.050000
 CVE-2025-6059,0,0,aa4cbe9d67456274a37be50dae943f3a8c684e351505447e0dcbada900f18e7c,2025-06-14T03:15:22.283000
+CVE-2025-6061,1,1,d7aa6a582ef8e8ae5a52cd7597e1f64b25983064d39378305235e3628c71f079,2025-06-14T09:15:24.307000
+CVE-2025-6062,1,1,64774487c618df7aca145bbd7ec40a38e830c1a69a4992fb4491551c85ac1fc7,2025-06-14T09:15:24.520000
+CVE-2025-6063,1,1,2890954e9b2098ac36d836d65cede9d0cf687a8267ef00899cfa3d31327b6f55,2025-06-14T09:15:24.693000
+CVE-2025-6064,1,1,f1b42f8abbe1dc42385b1b319a813fce6feba5bf2333128ae8bf40e0d2cea421,2025-06-14T09:15:24.853000
+CVE-2025-6065,1,1,5e976b8fac171cc7b59ad041eb4f60fb6d8881197db355ec035f6d3d2b656140,2025-06-14T09:15:25.020000
+CVE-2025-6070,1,1,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad612,2025-06-14T09:15:25.180000
 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000