From 8283df4bb3b7e7b07eefc6dfc5d368e8e3c4d705 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 18 Feb 2025 03:04:26 +0000 Subject: [PATCH] Auto-Update: 2025-02-18T03:00:58.505723+00:00 --- CVE-2024/CVE-2024-137xx/CVE-2024-13741.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-252xx/CVE-2025-25221.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-252xx/CVE-2025-25222.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-252xx/CVE-2025-25223.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-252xx/CVE-2025-25224.json | 64 +++++++++++++++++++++ README.md | 18 +++--- _state.csv | 11 +++- 7 files changed, 338 insertions(+), 11 deletions(-) create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13741.json create mode 100644 CVE-2025/CVE-2025-252xx/CVE-2025-25221.json create mode 100644 CVE-2025/CVE-2025-252xx/CVE-2025-25222.json create mode 100644 CVE-2025/CVE-2025-252xx/CVE-2025-25223.json create mode 100644 CVE-2025/CVE-2025-252xx/CVE-2025-25224.json diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13741.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13741.json new file mode 100644 index 00000000000..29bc7b08f82 --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13741.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13741", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-18T02:15:13.047", + "lastModified": "2025-02-18T02:15:13.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/class-profile-magic-public.php#L1717", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/partials/crop.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25221.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25221.json new file mode 100644 index 00000000000..646b5ddd59e --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25221.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-25221", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-02-18T01:15:09.070", + "lastModified": "2025-02-18T01:15:09.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN26024080/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/?download", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25222.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25222.json new file mode 100644 index 00000000000..900cc3ab018 --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25222.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-25222", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-02-18T01:15:09.210", + "lastModified": "2025-02-18T01:15:09.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN26024080/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/?download", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25223.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25223.json new file mode 100644 index 00000000000..f1c9f5f7164 --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25223.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-25223", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-02-18T01:15:09.347", + "lastModified": "2025-02-18T01:15:09.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN26024080/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/?download", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25224.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25224.json new file mode 100644 index 00000000000..c692c3b4419 --- /dev/null +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25224.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-25224", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-02-18T01:15:09.473", + "lastModified": "2025-02-18T01:15:09.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN26024080/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/?download", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4aced20c096..387736f34b1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-18T00:55:34.524990+00:00 +2025-02-18T03:00:58.505723+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-18T00:15:21.277000+00:00 +2025-02-18T02:15:13.047000+00:00 ``` ### Last Data Feed Release @@ -27,22 +27,24 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-02-17T01:00:04.521937+00:00 +2025-02-18T01:00:04.385107+00:00 ``` ### Total Number of included CVEs ```plain -281562 +281567 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -- [CVE-2021-46686](CVE-2021/CVE-2021-466xx/CVE-2021-46686.json) (`2025-02-18T00:15:20.757`) -- [CVE-2025-20075](CVE-2025/CVE-2025-200xx/CVE-2025-20075.json) (`2025-02-18T00:15:21.107`) -- [CVE-2025-25055](CVE-2025/CVE-2025-250xx/CVE-2025-25055.json) (`2025-02-18T00:15:21.277`) +- [CVE-2024-13741](CVE-2024/CVE-2024-137xx/CVE-2024-13741.json) (`2025-02-18T02:15:13.047`) +- [CVE-2025-25221](CVE-2025/CVE-2025-252xx/CVE-2025-25221.json) (`2025-02-18T01:15:09.070`) +- [CVE-2025-25222](CVE-2025/CVE-2025-252xx/CVE-2025-25222.json) (`2025-02-18T01:15:09.210`) +- [CVE-2025-25223](CVE-2025/CVE-2025-252xx/CVE-2025-25223.json) (`2025-02-18T01:15:09.347`) +- [CVE-2025-25224](CVE-2025/CVE-2025-252xx/CVE-2025-25224.json) (`2025-02-18T01:15:09.473`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4edbeecfe65..9771b9b2405 100644 --- a/_state.csv +++ b/_state.csv @@ -187014,7 +187014,7 @@ CVE-2021-46678,0,0,04bb01ddefd6b08ae34da850f28969bf1fd48b6ec6f7ac9928ea2d26aef99 CVE-2021-46679,0,0,e71ccd076a6ae7e0f6f587f1d263b42972b07326261ba8f60376d56ebf30b94b,2024-11-21T06:34:35.073000 CVE-2021-46680,0,0,743c5ff723ecf0faa233ca15a34a6d03c1d1ce1540a27b119b5f12de1b94ccae,2024-11-21T06:34:35.200000 CVE-2021-46681,0,0,7d17d4f941995ec733f3b447e7865ce5f8feb0f0c38311126a31d57e8febe34b,2024-11-21T06:34:35.337000 -CVE-2021-46686,1,1,f815848c5845216b94100b436fa391dd31ce22b951af901af7e8e4deafd852c3,2025-02-18T00:15:20.757000 +CVE-2021-46686,0,0,f815848c5845216b94100b436fa391dd31ce22b951af901af7e8e4deafd852c3,2025-02-18T00:15:20.757000 CVE-2021-46687,0,0,ee16dc4b19486f597f459c21f48e3fa2e43e5d53ed3dbefa2391e5b8ee9a9f43,2024-11-21T06:34:35.470000 CVE-2021-46699,0,0,4a9b5e6bcc6fd69f85508f74afc6d71d96f5587d15db13582c904bb2016757d6,2024-11-21T06:34:35.600000 CVE-2021-46700,0,0,367bfb2f2e894c3a01abf1666b85c8afa9f70ff0229704db7f6d44e2cda699d5,2024-11-21T06:34:35.710000 @@ -246696,6 +246696,7 @@ CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb9 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000 CVE-2024-13735,0,0,5831f6a512bd98ee3e9e0b41a189da9a28ce9d6efc5226591d1a0439e0759ef9,2025-02-14T10:15:09.207000 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000 +CVE-2024-13741,1,1,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000 CVE-2024-13749,0,0,80f262ecaea974125eab2d55e54ea371d41d3a900599102c4f121cdbe4bfacc8,2025-02-12T04:15:09.793000 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000 @@ -279339,7 +279340,7 @@ CVE-2025-20055,0,0,2d78db23287090ae5d3190213b75b348c3d1d689e77c9b32372b6d83b934f CVE-2025-20058,0,0,af25661117d7a8f1ae52c2135ac2ae15c5889bbaee5a55db180a54f06b9f9e1f,2025-02-05T18:15:29.943000 CVE-2025-20061,0,0,e62e8a8fd4ab6d97299876ba25c6f346e45990a2a45061ca766da62571a8af24,2025-01-29T20:15:35.363000 CVE-2025-20072,0,0,b9e9cb3d894db8c29d56585c14d2cf06ce7800f36f472c346f2184b6fcf02e0f,2025-01-16T18:15:28.517000 -CVE-2025-20075,1,1,b30b32e2f08da502fea0698f2946161a425eb310144fa5e17bbcbe0fe4f71804,2025-02-18T00:15:21.107000 +CVE-2025-20075,0,0,b30b32e2f08da502fea0698f2946161a425eb310144fa5e17bbcbe0fe4f71804,2025-02-18T00:15:21.107000 CVE-2025-20086,0,0,c718ee138c5d706935ee7319c465eb1db60c32a8ee92f074be268892106cc0d1,2025-01-15T17:15:19.107000 CVE-2025-20088,0,0,d069a0a8d0e55448ae448cb2d1bba620f97cc6785542779fdc1ef2f2206cb89e,2025-01-15T17:15:19.243000 CVE-2025-20094,0,0,cc9826181bf1f83e2cac160833fefdc5cca091c7fe9a0c6abd476a3468c0bc65,2025-02-06T08:15:29.837000 @@ -281307,7 +281308,7 @@ CVE-2025-24980,0,0,93f5736ad811fe47d31660fba8d04da062656820cb9c23ad70329bc04caee CVE-2025-24981,0,0,53e7b164e1e8344d44125c41e4616160d5eab5393458f601a78911be7625504e,2025-02-06T18:15:32.847000 CVE-2025-24982,0,0,bb2e7ed21733f592bc39cfa057a56b08d6aa180f6c36351b70c6f04a2bffef43,2025-02-04T05:15:10.543000 CVE-2025-25039,0,0,2c724cd99b172314f0551d5e25be43761b6ee80f3cb5f750659e6bd374aa7b28,2025-02-04T19:15:33.977000 -CVE-2025-25055,1,1,7bdf77ab21026e12270a24a96ec203744f408d808d0439c316497fbe0f801ffc,2025-02-18T00:15:21.277000 +CVE-2025-25055,0,0,7bdf77ab21026e12270a24a96ec203744f408d808d0439c316497fbe0f801ffc,2025-02-18T00:15:21.277000 CVE-2025-25062,0,0,c25c343fff538b868333c18656ef24f68b7ac30942ec67bd9f1be9d92e00b2a9,2025-02-03T04:15:09.587000 CVE-2025-25063,0,0,fe8d3efef171b62a11b34e6bca9a7ce9094019d5a41cf3cdaf3675f4485dfea9,2025-02-03T04:15:09.760000 CVE-2025-25064,0,0,6dceec11fd59119aed7d408b3f6402c7bd962bb609f5c09b6f193840bd49f8e7,2025-02-06T20:15:41.190000 @@ -281397,6 +281398,10 @@ CVE-2025-25203,0,0,040b03b28fff3f91466e7eaa5a2d6143cc21f99e3d967437d45c81f30cd9c CVE-2025-25204,0,0,08e898f00cdd4836e5416642a3da9e96b59613851a80bcbfd14158c90e610a8f,2025-02-14T17:15:19.140000 CVE-2025-25205,0,0,53d346539ec5bb58856ce63a9d1fdca5438e2c859c2047a9cb707ece5a8bcbe8,2025-02-12T19:15:21.717000 CVE-2025-25206,0,0,e9846eb9edb5a629adfeda97812105c1d9509aaf2c4838d333e92f590466aefc,2025-02-14T17:15:19.327000 +CVE-2025-25221,1,1,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000 +CVE-2025-25222,1,1,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000 +CVE-2025-25223,1,1,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000 +CVE-2025-25224,1,1,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000 CVE-2025-25241,0,0,685093741c4cbeb4c7e856690722e80ea121ecc2a87182689308551a55f65cb8,2025-02-11T06:15:24.120000 CVE-2025-25243,0,0,899b55762ee14dd98936d3ff86efc1dbe88fe1088da4c8c1779e82f64331f15e,2025-02-11T06:15:24.330000 CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000