diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51533.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51533.json new file mode 100644 index 00000000000..a6f9681832d --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51533.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51533", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-02-28T19:15:09.963", + "lastModified": "2024-02-28T19:15:09.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-12-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51692.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51692.json new file mode 100644 index 00000000000..7c09cc3f098 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51692.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51692", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-02-28T19:15:10.147", + "lastModified": "2024-02-28T19:15:10.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52047.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52047.json new file mode 100644 index 00000000000..242445725fd --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52047.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-52047", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.590", + "lastModified": "2024-02-28T20:15:41.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chongfujun/test/blob/main/2023-52047.docx", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52048.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52048.json new file mode 100644 index 00000000000..07b460db66d --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52048.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-52048", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.640", + "lastModified": "2024-02-28T20:15:41.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/chongfujun/test/blob/main/2023-52048.docx", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24148.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24148.json new file mode 100644 index 00000000000..55db889121b --- /dev/null +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24148.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24148", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.683", + "lastModified": "2024-02-28T20:15:41.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libming/libming/issues/308", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25169.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25169.json new file mode 100644 index 00000000000..c6b90bc7439 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25169.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-25169", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.723", + "lastModified": "2024-02-28T20:15:41.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/JKh4hmD", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/Pt9qd8t", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/hLLPTVp", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/rfrKj3r", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json new file mode 100644 index 00000000000..260458f6705 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-25170", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.770", + "lastModified": "2024-02-28T20:15:41.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/DpxHpz9", + "source": "cve@mitre.org" + }, + { + "url": "https://ibb.co/T0fhLwR", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25202.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25202.json new file mode 100644 index 00000000000..525f65ccbfc --- /dev/null +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25202.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25202", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.810", + "lastModified": "2024-02-28T20:15:41.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Agampreet-Singh/CVE-2024-25202", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25435.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25435.json new file mode 100644 index 00000000000..8adbd89a99a --- /dev/null +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25435.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25435", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.857", + "lastModified": "2024-02-28T20:15:41.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-258xx/CVE-2024-25859.json b/CVE-2024/CVE-2024-258xx/CVE-2024-25859.json new file mode 100644 index 00000000000..a75ccbf921a --- /dev/null +++ b/CVE-2024/CVE-2024-258xx/CVE-2024-25859.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25859", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-28T20:15:41.900", + "lastModified": "2024-02-28T20:15:41.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.blesta.com/2024/02/08/security-advisory/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27285.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27285.json new file mode 100644 index 00000000000..4caa2fb6495 --- /dev/null +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27285.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-27285", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-28T20:15:41.940", + "lastModified": "2024-02-28T20:15:41.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "YARD is a Ruby Documentation tool. The \"frames.html\" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the \"frames.erb\" template file. This vulnerability is fixed in 0.9.35." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-279xx/CVE-2024-27948.json b/CVE-2024/CVE-2024-279xx/CVE-2024-27948.json new file mode 100644 index 00000000000..34070cf2d91 --- /dev/null +++ b/CVE-2024/CVE-2024-279xx/CVE-2024-27948.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27948", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-02-28T19:15:11.357", + "lastModified": "2024-02-28T19:15:11.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/atahualpa/wordpress-atahualpa-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d4c858aa696..3c713da9361 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-28T19:00:26.420903+00:00 +2024-02-28T21:00:24.883582+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-28T18:15:45.940000+00:00 +2024-02-28T20:15:41.940000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239832 +239844 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `12` -* [CVE-2023-51681](CVE-2023/CVE-2023-516xx/CVE-2023-51681.json) (`2024-02-28T17:15:07.270`) -* [CVE-2023-51683](CVE-2023/CVE-2023-516xx/CVE-2023-51683.json) (`2024-02-28T17:15:07.760`) -* [CVE-2023-52223](CVE-2023/CVE-2023-522xx/CVE-2023-52223.json) (`2024-02-28T17:15:07.953`) -* [CVE-2023-52226](CVE-2023/CVE-2023-522xx/CVE-2023-52226.json) (`2024-02-28T17:15:08.150`) -* [CVE-2024-0560](CVE-2024/CVE-2024-05xx/CVE-2024-0560.json) (`2024-02-28T17:15:08.340`) -* [CVE-2024-21749](CVE-2024/CVE-2024-217xx/CVE-2024-21749.json) (`2024-02-28T17:15:08.543`) -* [CVE-2024-1847](CVE-2024/CVE-2024-18xx/CVE-2024-1847.json) (`2024-02-28T18:15:45.687`) -* [CVE-2024-26342](CVE-2024/CVE-2024-263xx/CVE-2024-26342.json) (`2024-02-28T18:15:45.890`) -* [CVE-2024-27103](CVE-2024/CVE-2024-271xx/CVE-2024-27103.json) (`2024-02-28T18:15:45.940`) +* [CVE-2023-51533](CVE-2023/CVE-2023-515xx/CVE-2023-51533.json) (`2024-02-28T19:15:09.963`) +* [CVE-2023-51692](CVE-2023/CVE-2023-516xx/CVE-2023-51692.json) (`2024-02-28T19:15:10.147`) +* [CVE-2023-52047](CVE-2023/CVE-2023-520xx/CVE-2023-52047.json) (`2024-02-28T20:15:41.590`) +* [CVE-2023-52048](CVE-2023/CVE-2023-520xx/CVE-2023-52048.json) (`2024-02-28T20:15:41.640`) +* [CVE-2024-27948](CVE-2024/CVE-2024-279xx/CVE-2024-27948.json) (`2024-02-28T19:15:11.357`) +* [CVE-2024-24148](CVE-2024/CVE-2024-241xx/CVE-2024-24148.json) (`2024-02-28T20:15:41.683`) +* [CVE-2024-25169](CVE-2024/CVE-2024-251xx/CVE-2024-25169.json) (`2024-02-28T20:15:41.723`) +* [CVE-2024-25170](CVE-2024/CVE-2024-251xx/CVE-2024-25170.json) (`2024-02-28T20:15:41.770`) +* [CVE-2024-25202](CVE-2024/CVE-2024-252xx/CVE-2024-25202.json) (`2024-02-28T20:15:41.810`) +* [CVE-2024-25435](CVE-2024/CVE-2024-254xx/CVE-2024-25435.json) (`2024-02-28T20:15:41.857`) +* [CVE-2024-25859](CVE-2024/CVE-2024-258xx/CVE-2024-25859.json) (`2024-02-28T20:15:41.900`) +* [CVE-2024-27285](CVE-2024/CVE-2024-272xx/CVE-2024-27285.json) (`2024-02-28T20:15:41.940`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2023-41784](CVE-2023/CVE-2023-417xx/CVE-2023-41784.json) (`2024-02-28T17:46:34.213`) ## Download and Usage