Auto-Update: 2025-02-18T03:00:58.505723+00:00

2025-07-09 16:05:11 +00:00 · 2025-02-18 03:04:26 +00:00 · 2025-02-18 03:04:26 +00:00 · 8283df4bb3
commit 8283df4bb3
parent 5d387937b4
7 changed files with 338 additions and 11 deletions
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13741.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13741.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-13741",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-18T02:15:13.047",
+  "lastModified": "2025-02-18T02:15:13.047",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/class-profile-magic-public.php#L1717",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/partials/crop.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-252xx/CVE-2025-25221.json
+++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25221.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-25221",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-02-18T01:15:09.070",
+  "lastModified": "2025-02-18T01:15:09.070",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN26024080/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/?download",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-252xx/CVE-2025-25222.json
+++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25222.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-25222",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-02-18T01:15:09.210",
+  "lastModified": "2025-02-18T01:15:09.210",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN26024080/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/?download",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-252xx/CVE-2025-25223.json
+++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25223.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-25223",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-02-18T01:15:09.347",
+  "lastModified": "2025-02-18T01:15:09.347",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN26024080/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/?download",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-252xx/CVE-2025-25224.json
+++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25224.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-25224",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-02-18T01:15:09.473",
+  "lastModified": "2025-02-18T01:15:09.473",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN26024080/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/?download",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-18T00:55:34.524990+00:00
+2025-02-18T03:00:58.505723+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-18T00:15:21.277000+00:00
+2025-02-18T02:15:13.047000+00:00
 ```

 ### Last Data Feed Release
@ -27,22 +27,24 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-02-17T01:00:04.521937+00:00
+2025-02-18T01:00:04.385107+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-281562
+281567
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `5`

- [CVE-2021-46686](CVE-2021/CVE-2021-466xx/CVE-2021-46686.json) (`2025-02-18T00:15:20.757`)
- [CVE-2025-20075](CVE-2025/CVE-2025-200xx/CVE-2025-20075.json) (`2025-02-18T00:15:21.107`)
- [CVE-2025-25055](CVE-2025/CVE-2025-250xx/CVE-2025-25055.json) (`2025-02-18T00:15:21.277`)
+- [CVE-2024-13741](CVE-2024/CVE-2024-137xx/CVE-2024-13741.json) (`2025-02-18T02:15:13.047`)
+- [CVE-2025-25221](CVE-2025/CVE-2025-252xx/CVE-2025-25221.json) (`2025-02-18T01:15:09.070`)
+- [CVE-2025-25222](CVE-2025/CVE-2025-252xx/CVE-2025-25222.json) (`2025-02-18T01:15:09.210`)
+- [CVE-2025-25223](CVE-2025/CVE-2025-252xx/CVE-2025-25223.json) (`2025-02-18T01:15:09.347`)
+- [CVE-2025-25224](CVE-2025/CVE-2025-252xx/CVE-2025-25224.json) (`2025-02-18T01:15:09.473`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -187014,7 +187014,7 @@ CVE-2021-46678,0,0,04bb01ddefd6b08ae34da850f28969bf1fd48b6ec6f7ac9928ea2d26aef99
 CVE-2021-46679,0,0,e71ccd076a6ae7e0f6f587f1d263b42972b07326261ba8f60376d56ebf30b94b,2024-11-21T06:34:35.073000
 CVE-2021-46680,0,0,743c5ff723ecf0faa233ca15a34a6d03c1d1ce1540a27b119b5f12de1b94ccae,2024-11-21T06:34:35.200000
 CVE-2021-46681,0,0,7d17d4f941995ec733f3b447e7865ce5f8feb0f0c38311126a31d57e8febe34b,2024-11-21T06:34:35.337000
-CVE-2021-46686,1,1,f815848c5845216b94100b436fa391dd31ce22b951af901af7e8e4deafd852c3,2025-02-18T00:15:20.757000
+CVE-2021-46686,0,0,f815848c5845216b94100b436fa391dd31ce22b951af901af7e8e4deafd852c3,2025-02-18T00:15:20.757000
 CVE-2021-46687,0,0,ee16dc4b19486f597f459c21f48e3fa2e43e5d53ed3dbefa2391e5b8ee9a9f43,2024-11-21T06:34:35.470000
 CVE-2021-46699,0,0,4a9b5e6bcc6fd69f85508f74afc6d71d96f5587d15db13582c904bb2016757d6,2024-11-21T06:34:35.600000
 CVE-2021-46700,0,0,367bfb2f2e894c3a01abf1666b85c8afa9f70ff0229704db7f6d44e2cda699d5,2024-11-21T06:34:35.710000
@ -246696,6 +246696,7 @@ CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb9
 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000
 CVE-2024-13735,0,0,5831f6a512bd98ee3e9e0b41a189da9a28ce9d6efc5226591d1a0439e0759ef9,2025-02-14T10:15:09.207000
 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
+CVE-2024-13741,1,1,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000
 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000
 CVE-2024-13749,0,0,80f262ecaea974125eab2d55e54ea371d41d3a900599102c4f121cdbe4bfacc8,2025-02-12T04:15:09.793000
 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@ -279339,7 +279340,7 @@ CVE-2025-20055,0,0,2d78db23287090ae5d3190213b75b348c3d1d689e77c9b32372b6d83b934f
 CVE-2025-20058,0,0,af25661117d7a8f1ae52c2135ac2ae15c5889bbaee5a55db180a54f06b9f9e1f,2025-02-05T18:15:29.943000
 CVE-2025-20061,0,0,e62e8a8fd4ab6d97299876ba25c6f346e45990a2a45061ca766da62571a8af24,2025-01-29T20:15:35.363000
 CVE-2025-20072,0,0,b9e9cb3d894db8c29d56585c14d2cf06ce7800f36f472c346f2184b6fcf02e0f,2025-01-16T18:15:28.517000
-CVE-2025-20075,1,1,b30b32e2f08da502fea0698f2946161a425eb310144fa5e17bbcbe0fe4f71804,2025-02-18T00:15:21.107000
+CVE-2025-20075,0,0,b30b32e2f08da502fea0698f2946161a425eb310144fa5e17bbcbe0fe4f71804,2025-02-18T00:15:21.107000
 CVE-2025-20086,0,0,c718ee138c5d706935ee7319c465eb1db60c32a8ee92f074be268892106cc0d1,2025-01-15T17:15:19.107000
 CVE-2025-20088,0,0,d069a0a8d0e55448ae448cb2d1bba620f97cc6785542779fdc1ef2f2206cb89e,2025-01-15T17:15:19.243000
 CVE-2025-20094,0,0,cc9826181bf1f83e2cac160833fefdc5cca091c7fe9a0c6abd476a3468c0bc65,2025-02-06T08:15:29.837000
@ -281307,7 +281308,7 @@ CVE-2025-24980,0,0,93f5736ad811fe47d31660fba8d04da062656820cb9c23ad70329bc04caee
 CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000
 CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000
 CVE-2025-25039,0,0,2c724cd99b172314f0551d5e25be43761b6ee80f3cb5f750659e6bd374aa7b28,2025-02-04T19:15:33.977000
-CVE-2025-25055,1,1,7bdf77ab21026e12270a24a96ec203744f408d808d0439c316497fbe0f801ffc,2025-02-18T00:15:21.277000
+CVE-2025-25055,0,0,7bdf77ab21026e12270a24a96ec203744f408d808d0439c316497fbe0f801ffc,2025-02-18T00:15:21.277000
 CVE-2025-25062,0,0,c25c343fff538b868333c18656ef24f68b7ac30942ec67bd9f1be9d92e00b2a9,2025-02-03T04:15:09.587000
 CVE-2025-25063,0,0,fe8d3efef171b62a11b34e6bca9a7ce9094019d5a41cf3cdaf3675f4485dfea9,2025-02-03T04:15:09.760000
 CVE-2025-25064,0,0,6dceec11fd59119aed7d408b3f6402c7bd962bb609f5c09b6f193840bd49f8e7,2025-02-06T20:15:41.190000
@ -281397,6 +281398,10 @@ CVE-2025-25203,0,0,040b03b28fff3f91466e7eaa5a2d6143cc21f99e3d967437d45c81f30cd9c
 CVE-2025-25204,0,0,08e898f00cdd4836e5416642a3da9e96b59613851a80bcbfd14158c90e610a8f,2025-02-14T17:15:19.140000
 CVE-2025-25205,0,0,53d346539ec5bb58856ce63a9d1fdca5438e2c859c2047a9cb707ece5a8bcbe8,2025-02-12T19:15:21.717000
 CVE-2025-25206,0,0,e9846eb9edb5a629adfeda97812105c1d9509aaf2c4838d333e92f590466aefc,2025-02-14T17:15:19.327000
+CVE-2025-25221,1,1,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000
+CVE-2025-25222,1,1,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000
+CVE-2025-25223,1,1,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000
+CVE-2025-25224,1,1,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000
 CVE-2025-25241,0,0,685093741c4cbeb4c7e856690722e80ea121ecc2a87182689308551a55f65cb8,2025-02-11T06:15:24.120000
 CVE-2025-25243,0,0,899b55762ee14dd98936d3ff86efc1dbe88fe1088da4c8c1779e82f64331f15e,2025-02-11T06:15:24.330000
 CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000