diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31014.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31014.json new file mode 100644 index 00000000000..1a624b20286 --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31014.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31014", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:17.407", + "lastModified": "2025-04-11T09:15:17.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-local-file-inclusion-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31015.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31015.json new file mode 100644 index 00000000000..18571f60341 --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31015.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31015", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:19.593", + "lastModified": "2025-04-11T09:15:19.593", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: from n/a through 1.3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mailhawk/vulnerability/wordpress-wordpress-smtp-service-email-delivery-solved-mailhawk-1-3-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31021.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31021.json new file mode 100644 index 00000000000..81447452c93 --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31021.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31021", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:19.820", + "lastModified": "2025-04-11T09:15:19.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mobile-smart/vulnerability/wordpress-mobile-smart-plugin-v1-3-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31028.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31028.json new file mode 100644 index 00000000000..9be9372d364 --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31028.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31028", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:20.237", + "lastModified": "2025-04-11T09:15:20.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-hide-categories/vulnerability/wordpress-wp-hide-categories-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31040.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31040.json new file mode 100644 index 00000000000..35af412e27b --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31040.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31040", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:20.420", + "lastModified": "2025-04-11T09:15:20.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-food/vulnerability/wordpress-wp-food-ordering-and-restaurant-menu-1-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-310xx/CVE-2025-31041.json b/CVE-2025/CVE-2025-310xx/CVE-2025-31041.json new file mode 100644 index 00000000000..0bf608a3fdc --- /dev/null +++ b/CVE-2025/CVE-2025-310xx/CVE-2025-31041.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31041", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:20.803", + "lastModified": "2025-04-11T09:15:20.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in NotFound AnyTrack Affiliate Link Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AnyTrack Affiliate Link Manager: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/anytrack-affiliate-link-manager/vulnerability/wordpress-anytrack-affiliate-link-manager-1-0-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31378.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31378.json new file mode 100644 index 00000000000..7ba8228acfc --- /dev/null +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31378.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31378", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:21.050", + "lastModified": "2025-04-11T09:15:21.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter allows Reflected XSS. This issue affects Oppso Unit Converter: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/oppso-unit-converter/vulnerability/wordpress-oppso-unit-converter-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31379.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31379.json new file mode 100644 index 00000000000..138c6d9345d --- /dev/null +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31379.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31379", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:21.313", + "lastModified": "2025-04-11T09:15:21.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here allows Reflected XSS. This issue affects Insert HTML Here: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/insert-html-here/vulnerability/wordpress-insert-html-here-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-315xx/CVE-2025-31565.json b/CVE-2025/CVE-2025-315xx/CVE-2025-31565.json new file mode 100644 index 00000000000..cb68617a956 --- /dev/null +++ b/CVE-2025/CVE-2025-315xx/CVE-2025-31565.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31565", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:21.643", + "lastModified": "2025-04-11T09:15:21.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-smart-contracts/vulnerability/wordpress-wpsmartcontracts-plugin-2-0-10-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-315xx/CVE-2025-31599.json b/CVE-2025/CVE-2025-315xx/CVE-2025-31599.json new file mode 100644 index 00000000000..2ba4b20615f --- /dev/null +++ b/CVE-2025/CVE-2025-315xx/CVE-2025-31599.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-31599", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:21.810", + "lastModified": "2025-04-11T09:15:21.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sync-wc-google/vulnerability/wordpress-bulk-product-sync-plugin-8-6-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-321xx/CVE-2025-32107.json b/CVE-2025/CVE-2025-321xx/CVE-2025-32107.json new file mode 100644 index 00000000000..daa0c6c2c82 --- /dev/null +++ b/CVE-2025/CVE-2025-321xx/CVE-2025-32107.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-32107", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-04-11T09:15:22.167", + "lastModified": "2025-04-11T09:15:22.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to \"Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123\". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94912671/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.tp-link.com/jp/support/download/deco-be65-pro/#Firmware", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-321xx/CVE-2025-32143.json b/CVE-2025/CVE-2025-321xx/CVE-2025-32143.json new file mode 100644 index 00000000000..13cc804ef32 --- /dev/null +++ b/CVE-2025/CVE-2025-321xx/CVE-2025-32143.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32143", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:22.453", + "lastModified": "2025-04-11T09:15:22.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/accordions/vulnerability/wordpress-accordion-plugin-2-3-10-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-321xx/CVE-2025-32144.json b/CVE-2025/CVE-2025-321xx/CVE-2025-32144.json new file mode 100644 index 00000000000..dddcbc4ca2f --- /dev/null +++ b/CVE-2025/CVE-2025-321xx/CVE-2025-32144.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32144", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:22.770", + "lastModified": "2025-04-11T09:15:22.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager allows Object Injection. This issue affects Job Board Manager: from n/a through 2.1.60." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/job-board-manager/vulnerability/wordpress-job-board-manager-plugin-2-1-60-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32491.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32491.json new file mode 100644 index 00000000000..5eb4c49ae1c --- /dev/null +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32491.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32491", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:23.063", + "lastModified": "2025-04-11T09:15:23.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rankology-seo-all-in-one-seo-analytics/vulnerability/wordpress-rankology-seo-on-site-seo-2-2-3-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32509.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32509.json new file mode 100644 index 00000000000..6a11d1d0f80 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32509.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32509", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:23.310", + "lastModified": "2025-04-11T09:15:23.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events allows Path Traversal. This issue affects Simple WP Events: from n/a through 1.8.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-wp-events/vulnerability/wordpress-simple-wp-events-plugin-1-8-17-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32517.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32517.json new file mode 100644 index 00000000000..ddc4b4491fa --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32517.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32517", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:23.760", + "lastModified": "2025-04-11T09:15:23.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer allows Reflected XSS. This issue affects MultiMailer: from n/a through 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/scand-multi-mailer/vulnerability/wordpress-multimailer-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32519.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32519.json new file mode 100644 index 00000000000..6ed3048442b --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32519.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32519", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:23.960", + "lastModified": "2025-04-11T09:15:23.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonate allows PHP Local File Inclusion. This issue affects IDonate: from n/a through 2.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/idonate/vulnerability/wordpress-idonate-plugin-2-1-8-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32523.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32523.json new file mode 100644 index 00000000000..7c5ca44c164 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32523.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32523", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:24.313", + "lastModified": "2025-04-11T09:15:24.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce \u2013 Payphone Gateway allows Reflected XSS. This issue affects WooCommerce \u2013 Payphone Gateway: from n/a through 3.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-payphone-gateway/vulnerability/wordpress-woocommerce-payphone-gateway-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32524.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32524.json new file mode 100644 index 00000000000..664d5208473 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32524.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32524", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:24.607", + "lastModified": "2025-04-11T09:15:24.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/myworks-woo-sync-for-quickbooks-online/vulnerability/wordpress-myworks-woocommerce-sync-for-quickbooks-online-plugin-2-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32525.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32525.json new file mode 100644 index 00000000000..7daf2f5f859 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32525.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32525", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:24.880", + "lastModified": "2025-04-11T09:15:24.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in interactivegeomaps Interactive Geo Maps allows Reflected XSS. This issue affects Interactive Geo Maps: from n/a through 1.6.24." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/interactive-geo-maps/vulnerability/wordpress-interactive-geo-maps-plugin-1-6-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32534.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32534.json new file mode 100644 index 00000000000..b99e69a9976 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32534.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32534", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:25.230", + "lastModified": "2025-04-11T09:15:25.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube allows Reflected XSS. This issue affects Workbox Video from Vimeo & Youtube: from n/a through 3.2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/workbox-video-from-vimeo-youtube-plugin/vulnerability/wordpress-workbox-video-from-vimeo-youtube-plugin-plugin-3-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32536.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32536.json new file mode 100644 index 00000000000..eaa03dd7e3e --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32536.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32536", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:25.397", + "lastModified": "2025-04-11T09:15:25.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist allows Reflected XSS. This issue affects HTML5 Video Player with Playlist: from n/a through 2.50." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/html5-video-player-with-playlist/vulnerability/wordpress-html5-video-player-with-playlist-plugin-2-50-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32537.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32537.json new file mode 100644 index 00000000000..6dae7f103c9 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32537.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32537", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:25.703", + "lastModified": "2025-04-11T09:15:25.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates allows Reflected XSS. This issue affects Lock Your Updates: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lock-your-updates/vulnerability/wordpress-lock-your-updates-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32538.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32538.json new file mode 100644 index 00000000000..6926f641c4c --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32538.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32538", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:26.007", + "lastModified": "2025-04-11T09:15:26.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator allows Reflected XSS. This issue affects Easy Post Duplicator: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-post-duplicator/vulnerability/wordpress-easy-post-duplicator-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32539.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32539.json new file mode 100644 index 00000000000..908d16200c4 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32539.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32539", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:26.247", + "lastModified": "2025-04-11T09:15:26.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach WooCommerce \u2013 Store Exporter allows Reflected XSS. This issue affects WooCommerce \u2013 Store Exporter: from n/a through 2.7.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-exporter/vulnerability/wordpress-woocommerce-store-exporter-plugin-2-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32541.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32541.json new file mode 100644 index 00000000000..e13cf434ec5 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32541.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32541", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:26.610", + "lastModified": "2025-04-11T09:15:26.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report allows Reflected XSS. This issue affects WooCommerce Sales MIS Report: from n/a through 4.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-mis-report/vulnerability/wordpress-woocommerce-sales-mis-report-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32542.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32542.json new file mode 100644 index 00000000000..17e6dd52786 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32542.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32542", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:26.807", + "lastModified": "2025-04-11T09:15:26.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/plugins-on-steroids/vulnerability/wordpress-eazy-plugin-manager-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32551.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32551.json new file mode 100644 index 00000000000..48d2b13b075 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32551.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32551", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:27.097", + "lastModified": "2025-04-11T09:15:27.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Reflected XSS. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32553.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32553.json new file mode 100644 index 00000000000..6fa85946221 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32553.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32553", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:27.413", + "lastModified": "2025-04-11T09:15:27.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/restropress/vulnerability/wordpress-restropres-plugin-3-1-8-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32558.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32558.json new file mode 100644 index 00000000000..409591ffb26 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32558.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32558", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:27.570", + "lastModified": "2025-04-11T09:15:27.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker allows Blind SQL Injection. This issue affects Duplicate Title Checker: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/duplicate-title-checker/vulnerability/wordpress-duplicate-title-checker-plugin-1-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32565.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32565.json new file mode 100644 index 00000000000..c01509f658c --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32565.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32565", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:27.937", + "lastModified": "2025-04-11T09:15:27.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer allows SQL Injection. This issue affects Neon Product Designer: from n/a through 2.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-unauthenticated-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32567.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32567.json new file mode 100644 index 00000000000..59d156c6917 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32567.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32567", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:28.210", + "lastModified": "2025-04-11T09:15:28.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator allows SQL Injection. This issue affects Easy Post Duplicator: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-post-duplicator/vulnerability/wordpress-easy-post-duplicator-plugin-1-0-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32568.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32568.json new file mode 100644 index 00000000000..7876c65fbc3 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32568.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32568", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:28.447", + "lastModified": "2025-04-11T09:15:28.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce allows Object Injection. This issue affects EmpikPlace for Woocommerce: from n/a through 1.4.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/empik-for-woocommerce/vulnerability/wordpress-empikplace-for-woocommerce-plugin-1-4-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32569.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32569.json new file mode 100644 index 00000000000..89dcbd163fe --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32569.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32569", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:28.827", + "lastModified": "2025-04-11T09:15:28.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in RealMag777 TableOn \u2013 WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn \u2013 WordPress Posts Table Filterable: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32577.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32577.json new file mode 100644 index 00000000000..9d9899cd552 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32577.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32577", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:29.000", + "lastModified": "2025-04-11T09:15:29.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32579.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32579.json new file mode 100644 index 00000000000..d198596e68c --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32579.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32579", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:29.270", + "lastModified": "2025-04-11T09:15:29.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sync-posts/vulnerability/wordpress-sync-posts-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32585.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32585.json new file mode 100644 index 00000000000..cdb2e59bf74 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32585.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32585", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:29.607", + "lastModified": "2025-04-11T09:15:29.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/trusty-woo-products-filter/vulnerability/wordpress-shop-products-filter-plugin-1-2-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32586.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32586.json new file mode 100644 index 00000000000..16a38d6b1cd --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32586.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32586", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:29.820", + "lastModified": "2025-04-11T09:15:29.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/aba-payway-woocommerce-payment-gateway/vulnerability/wordpress-aba-payway-payment-gateway-for-woocommerce-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32587.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32587.json new file mode 100644 index 00000000000..83cf5cde31d --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32587.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32587", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:30.190", + "lastModified": "2025-04-11T09:15:30.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp allows PHP Local File Inclusion. This issue affects WooCommerce Pickupp: from n/a through 2.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-pickupp/vulnerability/wordpress-woocommerce-pickupp-plugin-2-4-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32589.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32589.json new file mode 100644 index 00000000000..6df5b58586c --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32589.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32589", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:30.430", + "lastModified": "2025-04-11T09:15:30.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi \u2013 Guest Submit allows PHP Local File Inclusion. This issue affects Flexi \u2013 Guest Submit: from n/a through 4.28." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/flexi/vulnerability/wordpress-flexi-guest-submit-plugin-4-28-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32598.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32598.json new file mode 100644 index 00000000000..a2dbc4e814d --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32598.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32598", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:30.710", + "lastModified": "2025-04-11T09:15:30.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-table-builder/vulnerability/wordpress-wp-table-builder-plugin-2-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32599.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32599.json new file mode 100644 index 00000000000..d10a20c4678 --- /dev/null +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32599.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32599", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:31.090", + "lastModified": "2025-04-11T09:15:31.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/task-scheduler/vulnerability/wordpress-task-scheduler-plugin-1-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32600.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32600.json new file mode 100644 index 00000000000..021e1f4536d --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32600.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32600", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:31.247", + "lastModified": "2025-04-11T09:15:31.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tournamatch/vulnerability/wordpress-tournamatch-plugin-4-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32601.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32601.json new file mode 100644 index 00000000000..fa7536ee607 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32601.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32601", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:31.620", + "lastModified": "2025-04-11T09:15:31.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments allows Reflected XSS. This issue affects Twispay Credit Card Payments: from n/a through 2.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/twispay/vulnerability/wordpress-twispay-credit-card-payments-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32603.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32603.json new file mode 100644 index 00000000000..c419d757084 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32603.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32603", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:31.877", + "lastModified": "2025-04-11T09:15:31.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-online-users-stats/vulnerability/wordpress-wp-online-users-stats-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32607.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32607.json new file mode 100644 index 00000000000..6223f6a95c6 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32607.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32607", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:32.140", + "lastModified": "2025-04-11T09:15:32.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32614.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32614.json new file mode 100644 index 00000000000..2a125bf011e --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32614.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32614", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:32.497", + "lastModified": "2025-04-11T09:15:32.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32618.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32618.json new file mode 100644 index 00000000000..91b864887fc --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32618.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32618", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:32.667", + "lastModified": "2025-04-11T09:15:32.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-43-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32627.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32627.json new file mode 100644 index 00000000000..599cb072cd6 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32627.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32627", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:33.013", + "lastModified": "2025-04-11T09:15:33.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/js-jobs/vulnerability/wordpress-js-job-manager-plugin-2-0-2-local-file-inclusion-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32629.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32629.json new file mode 100644 index 00000000000..8ae6f0420b4 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32629.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32629", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:33.297", + "lastModified": "2025-04-11T09:15:33.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-businessdirectory/vulnerability/wordpress-wp-businessdirectory-plugin-3-1-2-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32631.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32631.json new file mode 100644 index 00000000000..3db144c5836 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32631.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32631", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:33.583", + "lastModified": "2025-04-11T09:15:33.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce allows Path Traversal. This issue affects Oxygen MyData for WooCommerce: from n/a through 1.0.63." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/oxygen-mydata/vulnerability/wordpress-oxygen-mydata-for-woocommerce-plugin-1-0-63-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32632.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32632.json new file mode 100644 index 00000000000..255e543e62d --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32632.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32632", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:33.953", + "lastModified": "2025-04-11T09:15:33.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP allows Reflected XSS. This issue affects Automatic Ban IP: from n/a through 1.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/automatic-ban-ip/vulnerability/wordpress-automatic-ban-ip-plugin-1-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32633.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32633.json new file mode 100644 index 00000000000..3cf81403ceb --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32633.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32633", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:34.130", + "lastModified": "2025-04-11T09:15:34.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset allows Path Traversal. This issue affects Database Toolset: from n/a through 1.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/database-toolset/vulnerability/wordpress-database-toolset-plugin-1-8-4-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32650.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32650.json new file mode 100644 index 00000000000..f9e6d7af318 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32650.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32650", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:34.340", + "lastModified": "2025-04-11T09:15:34.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite by Online ADA allows SQL Injection. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-17-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32654.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32654.json new file mode 100644 index 00000000000..9ddceb5c05b --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32654.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32654", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:34.707", + "lastModified": "2025-04-11T09:15:34.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-1-4-65-local-file-inclusion-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32656.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32656.json new file mode 100644 index 00000000000..ae6d52a3eae --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32656.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32656", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:34.907", + "lastModified": "2025-04-11T09:15:34.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Testimonial Slider And Showcase Pro allows PHP Local File Inclusion. This issue affects Testimonial Slider And Showcase Pro: from n/a through 2.3.15." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/testimonial-slider-showcase-pro/vulnerability/wordpress-testimonial-slider-and-showcase-pro-plugin-2-3-15-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32663.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32663.json new file mode 100644 index 00000000000..494fc53a02d --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32663.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32663", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:35.217", + "lastModified": "2025-04-11T09:15:35.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon allows PHP Local File Inclusion. This issue affects FAT Cooming Soon: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fat-coming-soon/vulnerability/wordpress-fat-cooming-soon-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32671.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32671.json new file mode 100644 index 00000000000..04aba44be5f --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32671.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32671", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:35.530", + "lastModified": "2025-04-11T09:15:35.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/print-science-designer/vulnerability/wordpress-print-science-designer-plugin-1-3-155-arbitrary-file-download-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32672.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32672.json new file mode 100644 index 00000000000..616b77f39af --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32672.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32672", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:35.727", + "lastModified": "2025-04-11T09:15:35.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-bootstrap-elements-for-elementor/vulnerability/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-9-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-326xx/CVE-2025-32681.json b/CVE-2025/CVE-2025-326xx/CVE-2025-32681.json new file mode 100644 index 00000000000..59e8daf8b42 --- /dev/null +++ b/CVE-2025/CVE-2025-326xx/CVE-2025-32681.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32681", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-11T09:15:36.080", + "lastModified": "2025-04-11T09:15:36.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer allows Blind SQL Injection. This issue affects Error Log Viewer: from n/a through 1.0.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/error-log-viewer-wp/vulnerability/wordpress-error-log-viewer-by-wp-guru-plugin-1-0-5-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3434.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3434.json new file mode 100644 index 00000000000..20b67e56fc1 --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3434.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-3434", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-11T09:15:36.320", + "lastModified": "2025-04-11T09:15:36.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Functions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Helper/Utils.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3270161/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/smtp-amazon-ses/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78ac91af-4d71-43f4-b9fc-cf5e6874e7de?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3512.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3512.json new file mode 100644 index 00000000000..8fbd361c599 --- /dev/null +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3512.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-3512", + "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", + "published": "2025-04-11T08:15:15.797", + "lastModified": "2025-04-11T08:15:15.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "CLEAR" + } + } + ] + }, + "weaknesses": [ + { + "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://codereview.qt-project.org/c/qt/qtbase/+/635546", + "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1a64d10ab66..0f5ea603ef1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-11T06:00:19.974194+00:00 +2025-04-11T10:00:20.789637+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-11T05:15:31.013000+00:00 +2025-04-11T09:15:36.320000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -289592 +289654 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `62` -- [CVE-2025-1386](CVE-2025/CVE-2025-13xx/CVE-2025-1386.json) (`2025-04-11T05:15:29.583`) -- [CVE-2025-2636](CVE-2025/CVE-2025-26xx/CVE-2025-2636.json) (`2025-04-11T05:15:31.013`) -- [CVE-2025-32816](CVE-2025/CVE-2025-328xx/CVE-2025-32816.json) (`2025-04-11T04:15:31.033`) +- [CVE-2025-32586](CVE-2025/CVE-2025-325xx/CVE-2025-32586.json) (`2025-04-11T09:15:29.820`) +- [CVE-2025-32587](CVE-2025/CVE-2025-325xx/CVE-2025-32587.json) (`2025-04-11T09:15:30.190`) +- [CVE-2025-32589](CVE-2025/CVE-2025-325xx/CVE-2025-32589.json) (`2025-04-11T09:15:30.430`) +- [CVE-2025-32598](CVE-2025/CVE-2025-325xx/CVE-2025-32598.json) (`2025-04-11T09:15:30.710`) +- [CVE-2025-32599](CVE-2025/CVE-2025-325xx/CVE-2025-32599.json) (`2025-04-11T09:15:31.090`) +- [CVE-2025-32600](CVE-2025/CVE-2025-326xx/CVE-2025-32600.json) (`2025-04-11T09:15:31.247`) +- [CVE-2025-32601](CVE-2025/CVE-2025-326xx/CVE-2025-32601.json) (`2025-04-11T09:15:31.620`) +- [CVE-2025-32603](CVE-2025/CVE-2025-326xx/CVE-2025-32603.json) (`2025-04-11T09:15:31.877`) +- [CVE-2025-32607](CVE-2025/CVE-2025-326xx/CVE-2025-32607.json) (`2025-04-11T09:15:32.140`) +- [CVE-2025-32614](CVE-2025/CVE-2025-326xx/CVE-2025-32614.json) (`2025-04-11T09:15:32.497`) +- [CVE-2025-32618](CVE-2025/CVE-2025-326xx/CVE-2025-32618.json) (`2025-04-11T09:15:32.667`) +- [CVE-2025-32627](CVE-2025/CVE-2025-326xx/CVE-2025-32627.json) (`2025-04-11T09:15:33.013`) +- [CVE-2025-32629](CVE-2025/CVE-2025-326xx/CVE-2025-32629.json) (`2025-04-11T09:15:33.297`) +- [CVE-2025-32631](CVE-2025/CVE-2025-326xx/CVE-2025-32631.json) (`2025-04-11T09:15:33.583`) +- [CVE-2025-32632](CVE-2025/CVE-2025-326xx/CVE-2025-32632.json) (`2025-04-11T09:15:33.953`) +- [CVE-2025-32633](CVE-2025/CVE-2025-326xx/CVE-2025-32633.json) (`2025-04-11T09:15:34.130`) +- [CVE-2025-32650](CVE-2025/CVE-2025-326xx/CVE-2025-32650.json) (`2025-04-11T09:15:34.340`) +- [CVE-2025-32654](CVE-2025/CVE-2025-326xx/CVE-2025-32654.json) (`2025-04-11T09:15:34.707`) +- [CVE-2025-32656](CVE-2025/CVE-2025-326xx/CVE-2025-32656.json) (`2025-04-11T09:15:34.907`) +- [CVE-2025-32663](CVE-2025/CVE-2025-326xx/CVE-2025-32663.json) (`2025-04-11T09:15:35.217`) +- [CVE-2025-32671](CVE-2025/CVE-2025-326xx/CVE-2025-32671.json) (`2025-04-11T09:15:35.530`) +- [CVE-2025-32672](CVE-2025/CVE-2025-326xx/CVE-2025-32672.json) (`2025-04-11T09:15:35.727`) +- [CVE-2025-32681](CVE-2025/CVE-2025-326xx/CVE-2025-32681.json) (`2025-04-11T09:15:36.080`) +- [CVE-2025-3434](CVE-2025/CVE-2025-34xx/CVE-2025-3434.json) (`2025-04-11T09:15:36.320`) +- [CVE-2025-3512](CVE-2025/CVE-2025-35xx/CVE-2025-3512.json) (`2025-04-11T08:15:15.797`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index efac99ab923..306a9dc090a 100644 --- a/_state.csv +++ b/_state.csv @@ -282140,7 +282140,7 @@ CVE-2025-1381,0,0,a7ba87fad7a72f1bffe925c9548fe9143d4d449a7f8ce12fa978a99f26accd CVE-2025-1382,0,0,f394f1bf08f0724fd105e399ff64ae7d15c16e18835cf062e0212ba4779b9249,2025-03-10T14:15:24.567000 CVE-2025-1383,0,0,c9fb1a308be655ba73427b329ae1663f0ab56dcb4706e7cabab9a87230c6ae97,2025-03-19T20:47:28.020000 CVE-2025-1385,0,0,cd0488ff01f383d9bed7e9dfcd438a68752b6f1d05d46ab0fe46ec06da7cead8,2025-03-20T08:15:11.723000 -CVE-2025-1386,1,1,abef772a9ec049c36ed97ce338701275a1cf7eb80e5fc2098429e7e499bc7452,2025-04-11T05:15:29.583000 +CVE-2025-1386,0,0,abef772a9ec049c36ed97ce338701275a1cf7eb80e5fc2098429e7e499bc7452,2025-04-11T05:15:29.583000 CVE-2025-1387,0,0,b80cfff8816a5a4c7344419c24985cf6849d91e56da599c269854d931b93688f,2025-02-17T04:15:08.807000 CVE-2025-1388,0,0,8e601c55f63d7c4a99175dca26ea6e765f5666baba3a63fcb66bd4e1e37a8c84,2025-02-17T04:15:08.960000 CVE-2025-1389,0,0,795a35efe21e6a34ebaee5d031621504f5de1cd150eb87bc8f92558df8e46474,2025-02-17T05:15:10.317000 @@ -286481,7 +286481,7 @@ CVE-2025-26356,0,0,a20407d143e37fe5c51b4c6379adf05afcc1c151aca9dc891fee402ab4049 CVE-2025-26357,0,0,299326568958356aaa260aca2749f13fc4457fae72782a12c908aed48531ffba,2025-02-12T14:15:36.160000 CVE-2025-26358,0,0,83420a1e22f31cd31f2c84aa941bb984380be680e3cb9e15cfda83509effc79d,2025-02-12T14:15:36.297000 CVE-2025-26359,0,0,5f59fb1823e88cda5cec69e49e3d35c67f1afcc3c84876bbc2a441ae9cc178dc,2025-02-12T14:15:36.437000 -CVE-2025-2636,1,1,179a17cd6ec527c567c0545e3730abb0d6b276f8cb93c430b543780fbef328cb,2025-04-11T05:15:31.013000 +CVE-2025-2636,0,0,179a17cd6ec527c567c0545e3730abb0d6b276f8cb93c430b543780fbef328cb,2025-04-11T05:15:31.013000 CVE-2025-26360,0,0,d2cb7a269786ac9f3b5870f5faaa1a840798a5c44bed9d70e893fa4999aed6b6,2025-02-12T14:15:36.577000 CVE-2025-26361,0,0,5030fc0069a0ace256928c38b9aece2d876e06760d6576de9cca3faf5d0b9449,2025-02-12T14:15:36.717000 CVE-2025-26362,0,0,8fc41c39e5438752edf355df74a87e2aab3e5a8557cd797ba063b4a92e27f26a,2025-02-12T14:15:36.847000 @@ -288465,13 +288465,17 @@ CVE-2025-31008,0,0,76d3aa622de53ca6dd0eb79a24c5fde85c488d10155b7a553e54a8b6cf7d3 CVE-2025-31009,0,0,e9b11ef91313e83a2c5f00146ae964456d89a3cb219ccff5c37419bfd5ba24d8,2025-04-09T20:02:41.860000 CVE-2025-31010,0,0,2eedda8f330a9beae819a4cd9d50315b7c3705aef34f39a70e86c91cbd492554,2025-03-28T18:11:40.180000 CVE-2025-31012,0,0,21f03eb3af6d9b3bb51a2a0fcf9624a753c1fc6babd21259e4b8c500780eb98c,2025-04-09T20:02:41.860000 +CVE-2025-31014,1,1,0573d2e2fd223f7c7767ad31a4af0609a80e200cbbf43fdaaee2074ae5322a2e,2025-04-11T09:15:17.407000 +CVE-2025-31015,1,1,0330da39128c7dcaa58dff35ab2a2fa0048cc34b022db551bb35fd9274e21f09,2025-04-11T09:15:19.593000 CVE-2025-31016,0,0,9f9353b55280d52026be79b202ae8bc2b442e0024607fdee2a6c539bec9857cb,2025-04-01T20:26:30.593000 CVE-2025-31017,0,0,b56a44652605d8eeed3d64b16f1dab34aa789f93a1221cc3bdf4b45f393886c0,2025-04-09T20:02:41.860000 CVE-2025-3102,0,0,bccf8eff8b40ef1bd77bee41b31cfae93692edd7c8d803415cbae18e80b9f57a,2025-04-10T05:15:38.990000 CVE-2025-31020,0,0,daa9e1981c03ac81dbf536cdee43874fa54a803f7000d9e16ed8ebb44cdf19dd,2025-04-09T20:02:41.860000 +CVE-2025-31021,1,1,f7b39322597a1d719b1d5bb951b3f7b53a3c9e0eecfa8ec921e26a94b36284ed,2025-04-11T09:15:19.820000 CVE-2025-31023,0,0,dfa96669063a1f3955fe0e1aab8c8bfa43477b027538a93d222fb97048f80625,2025-04-09T20:02:41.860000 CVE-2025-31024,0,0,f27fb13571b9dddbe1b515b7ab2184082954eb269d62d89f6a6c625e2c4c4385,2025-04-01T20:26:11.547000 CVE-2025-31026,0,0,110923d78d570a4dd4efff2a47da0efd3f170aac2374a5da2e6fd53e6d352a2d,2025-04-09T20:02:41.860000 +CVE-2025-31028,1,1,6cf0cbcbbbf4fcb2a5311f37458f3c2b58aaceae8a3c0f5369d8c2c84f81a460,2025-04-11T09:15:20.237000 CVE-2025-31031,0,0,168f44010a9f1d1f02e128d4aa188c4843365dadbda135ce003254626d8a07a2,2025-03-28T18:11:40.180000 CVE-2025-31032,0,0,6ee56cfbfa29ee841356b3cf210c65776fcfb1d107d1a9ba3f9a16bc11bd75d7,2025-04-09T20:02:41.860000 CVE-2025-31033,0,0,c794537ee0b5f69607f27e241596ab4e43a486acff4e1440b6412367d3c90c07,2025-04-09T20:02:41.860000 @@ -288479,6 +288483,8 @@ CVE-2025-31034,0,0,8c9adc6115c4b92fd480b9eaf53ae5796f65cf796d88440a46ea7968ae4b9 CVE-2025-31035,0,0,a43aa2d0e1ff08b29f133dbbdb5406bef17c4ec3bce3f996fc125f85cb494856,2025-04-09T20:02:41.860000 CVE-2025-31036,0,0,cc456760a875d1bf2c4e28d271430d48fc855351e73e4e33c11aab9d54f1974d,2025-04-09T20:02:41.860000 CVE-2025-31038,0,0,9fb6143bac9687c0ce18cf1b30e0c01f378e4d2f968ce8a3716360d9dca9e86d,2025-04-09T20:02:41.860000 +CVE-2025-31040,1,1,aff0f1759a1217cef99a3448641ac8b85ce4f5e32b695c549c13089940f13847,2025-04-11T09:15:20.420000 +CVE-2025-31041,1,1,f2863129808ced645dbd77a6948bbb20e146317a60e4be32e4b2ccdd91366629,2025-04-11T09:15:20.803000 CVE-2025-31042,0,0,246018d907231149fc29347b3eeb3029c728b92e6f229e944fea16da771e00ca,2025-04-09T20:02:41.860000 CVE-2025-31043,0,0,2b40a96fc4b8eaf20a7a30e77b072b27918475850ebb17c34a51d56b785169bd,2025-04-01T20:26:30.593000 CVE-2025-3105,0,0,7655f789901fca3e90cb57cc3d3b5f5846f175abac5b5dbf4ae81b8a278e336a,2025-04-07T14:18:15.560000 @@ -288605,6 +288611,8 @@ CVE-2025-31374,0,0,a0063074d97edd2d0b6a359f9337f2fbc025fc83f5ab0917de6d943a4c010 CVE-2025-31375,0,0,d40d58526a82fb163d06e606eb98cef9164c7aee4c60bf356c1ca3ba6396b825,2025-04-09T20:02:41.860000 CVE-2025-31376,0,0,b701b7ba661f1762215842f01eaab352e5cec0fffbde18b5aedc908f1c5af508,2025-04-01T20:26:30.593000 CVE-2025-31377,0,0,f0876c1370382f7938641dfce85161c18044561c007e6734f92876f9ff97935c,2025-04-09T20:02:41.860000 +CVE-2025-31378,1,1,5757a179c46dd95c4cf184ef43bbead44218a568ecb3c1e6580620c32cc2edd2,2025-04-11T09:15:21.050000 +CVE-2025-31379,1,1,42cec1a478e5ccf4b36c8866722683b851fc4aee7003b405617479e41a76a5ad,2025-04-11T09:15:21.313000 CVE-2025-3138,0,0,3a391b3973806b7c959b34db1fd6ebd0ddc97a57ffcf6e3917f0522b59cc1954,2025-04-09T20:17:06.037000 CVE-2025-31381,0,0,ef752b2c9c7c29a3c84fb86d4ef143cb9b4c68b6405ca16b3456144622287ed5,2025-04-07T14:18:15.560000 CVE-2025-31382,0,0,2129389b54b4c5fdf51b41c80cc79ed9dc6b314dee3b0f9848e2dd7f9952ce24,2025-04-09T20:02:41.860000 @@ -288770,6 +288778,7 @@ CVE-2025-31561,0,0,3491d1f7344c08c4ef3e0b71025b723d510b39b39ca933a00cd3e46db49b6 CVE-2025-31562,0,0,df119823e410a7a45f3a911427beaa496238dec20dff3dd6b501ec4e5cebad80,2025-04-01T20:26:30.593000 CVE-2025-31563,0,0,9dbeb566529f2bf77ed2ce1cded916c338efc12b79101caea2e49ffdbfd5b0e3,2025-04-02T14:58:07.527000 CVE-2025-31564,0,0,bc4b1a81b867062682ca17e864a021dc58720c6c9d5e6767e2d55a23490e9751,2025-04-02T14:58:07.527000 +CVE-2025-31565,1,1,b5af9e6b81024e646f37ad83a4feae59209c1f70914f0d860a0b7f7875026694,2025-04-11T09:15:21.643000 CVE-2025-31566,0,0,b73e751eaa24dec50a586ea1b2a436bd820fdbea10cd86a12b923f56028c09de,2025-04-01T20:26:30.593000 CVE-2025-31567,0,0,a0f102972e5777803c97da78037ca5f46e8d48b9c8158fcab03807afa37a6534,2025-04-01T20:26:30.593000 CVE-2025-31568,0,0,3f5a817fe75216aaf0a70f4856e44cd7a47f3999e7330e8e409ac9d0d885a70e,2025-04-02T14:58:07.527000 @@ -288806,6 +288815,7 @@ CVE-2025-31595,0,0,151880bf744232cbcbf1643421b37f666c4ea47688fec797419f5b8f81dc4 CVE-2025-31596,0,0,e896459fbdcc607dd555d455165e1dc79d5e3d571b33b64b433edb030b97db64,2025-04-01T20:26:30.593000 CVE-2025-31597,0,0,e106894e0dc3bf39aa4a6ca2be6508645bd2a0c5da98e3120e98f2075c99b617,2025-04-01T20:26:30.593000 CVE-2025-31598,0,0,7986254df2fa61506e3cfd84c1fcbf6530f4be8c2c1793a5e7b53f7eb1927a9d,2025-04-01T20:26:30.593000 +CVE-2025-31599,1,1,4fe34c395475e3a8d7de746cda3e10c8448e97729b0dbf2b42ee55e7bd2b9ad3,2025-04-11T09:15:21.810000 CVE-2025-3160,0,0,4464f8f76e84354c7af959c6e12663f048c590f7071bc6506e0245010bf2c7ca,2025-04-07T14:18:34.453000 CVE-2025-31600,0,0,cc30e80be704f71efea0f7d65959971d15abc8d300b195f8537623679874e2eb,2025-04-01T20:26:30.593000 CVE-2025-31601,0,0,d1204eb1e2da897f0e9c0df742ef423bbbd35a28b3b884fad892fc803b1a2f60,2025-04-01T20:26:30.593000 @@ -289127,6 +289137,7 @@ CVE-2025-3207,0,0,8c4a43b2a497a8aa9c548fe0056155548a5ad115021163d0bb4670d8373f61 CVE-2025-3208,0,0,467c67ee8369e3212684108818f80d158b2f4485a63647368e73220138caff6d,2025-04-08T17:48:42.087000 CVE-2025-3209,0,0,efaeccbde8dfc66e8697afeb5d539c2f695606dff80d7c548cff76ae6514c4e4,2025-04-07T14:18:15.560000 CVE-2025-3210,0,0,e3a6c98204c21b98a0522091394112cf3856887b7b64633cf1e308a0cb6727df,2025-04-08T17:43:12.840000 +CVE-2025-32107,1,1,62518316c720d49ecc10770e7d087e600f61f6b7c02b8ba54d8b518ef6870150,2025-04-11T09:15:22.167000 CVE-2025-3211,0,0,e2eebcc8ba292d8d3d123757d4623f49a37b0c48559fde3713cb0f540bc6af19,2025-04-07T14:18:15.560000 CVE-2025-32111,0,0,4216c6506d31334c8d23317eabe3bae930691d012b7febaea26a4964764ff3bb,2025-04-07T14:18:15.560000 CVE-2025-32112,0,0,29850bd9ee8dba8b635f085816eb647aeb59b0cfc0a9b386d683b23018a1f144,2025-04-07T14:18:15.560000 @@ -289161,6 +289172,8 @@ CVE-2025-3214,0,0,c59b9a8ccb9e5f739d71920e2831830a42ec3ae916fe405fc73cfa17cef8ed CVE-2025-32140,0,0,8233a330901b91c9e09335f12a635df93f823fd0c49521d82af812b495d550a9,2025-04-10T08:15:16.373000 CVE-2025-32141,0,0,5d668af87f3386a4a5d660f14f8f32c92664568fc7bb6c3b36eb9941569780e8,2025-04-07T14:18:15.560000 CVE-2025-32142,0,0,109ea6fc3bcc7701ebb6136225c0258557a4afb7485ca509e5e6716705334006,2025-04-07T14:18:15.560000 +CVE-2025-32143,1,1,3f5df114db028d4c27c033aa1ba4389d8c7e1f50862714f1aff5d6b2202318a3,2025-04-11T09:15:22.453000 +CVE-2025-32144,1,1,ad4b82f96b77191467f7ceeaf926f80d2f379cfa3038560d9996491c313ce436,2025-04-11T09:15:22.770000 CVE-2025-32145,0,0,37f1213c70bab67bc16e84b845922cc5d34cf1e1fca3910170c9af43092ffa31,2025-04-10T08:15:16.533000 CVE-2025-32146,0,0,23a28b7a439c244e19e823ba5e04a5c12d5684cb14f171d1e8db029579960ca8,2025-04-07T14:18:15.560000 CVE-2025-32147,0,0,bc6bdcdc6b195e20de1ce4c5bc0bce8ab3a0b7952ef599a4ede3802f263506b3,2025-04-07T14:18:15.560000 @@ -289359,6 +289372,7 @@ CVE-2025-32487,0,0,6c7e404f6c15f5cdf956927cb37117332e2b269da382e2ed0077d8185a63f CVE-2025-32488,0,0,aefa035fd17c341716a8c7e9d520f0198e450069edec2b49945c682ada9be9fb,2025-04-09T20:02:41.860000 CVE-2025-32489,0,0,fb078ca96e031d3703e1f27ddde042653dc6e6024daf7470ff250f3687b5a66d,2025-04-09T20:02:41.860000 CVE-2025-3249,0,0,733737203692403dc364c9398a90d84cb34e7925fec94f7c4725b719e6f271e1,2025-04-07T14:18:15.560000 +CVE-2025-32491,1,1,51ae3a699916589523771e392ef2f3acace765b8efe5f44067c8f16095f1e871,2025-04-11T09:15:23.063000 CVE-2025-32492,0,0,756f9d07d7543ee222468be0478471694a667ef162bcb28350837eb0c5457083,2025-04-09T20:02:41.860000 CVE-2025-32493,0,0,4053ee93b878da03862c6141a6281b14f478df2a009e97175cd70cb475f97b50,2025-04-09T20:02:41.860000 CVE-2025-32494,0,0,136b57298ca329f22955e29f943bd3b1cbc01a50d39c9f29352726f6fab0a369,2025-04-09T20:02:41.860000 @@ -289373,53 +289387,98 @@ CVE-2025-32501,0,0,07737988125e9e8f84b77b372f79992963b0761a09f5e541596fc263f6b01 CVE-2025-32502,0,0,768476dfa7328187554c7b85d7c9fe637dc8582e78ce1476481027c918967626,2025-04-09T20:02:41.860000 CVE-2025-32503,0,0,c150b47bddeebc4c8156e564db72d2f6acc04877f2b60e3a35be4348580d8520,2025-04-09T20:02:41.860000 CVE-2025-32505,0,0,e0b07056e3460165faf62951ad016097d119ec9fcd8c147e24c58e19a40af4a0,2025-04-09T20:02:41.860000 +CVE-2025-32509,1,1,e8d6af000d092c3894e6ffd0c6c740d256263af70186d349d2eadf6f5d5284f2,2025-04-11T09:15:23.310000 CVE-2025-3251,0,0,40d0b8ce477fd906963245c3f47c46ed7c4260a43feb20789c6a6db271395106,2025-04-07T14:18:15.560000 +CVE-2025-32517,1,1,7d751a723d6d1191e88d6eb9feb832df61d58af94f6b1a68885ba52078c0cd6b,2025-04-11T09:15:23.760000 CVE-2025-32518,0,0,614c71891568de0829ec63430eeb590167a08493c6cb7dac774f07bab3f9bdc2,2025-04-09T20:02:41.860000 +CVE-2025-32519,1,1,f2f1b324f978ab9e5759b8ee19f545d81df49b0b49131437ca68e75b446b6103,2025-04-11T09:15:23.960000 CVE-2025-3252,0,0,4c10de8b3cb60d5dfb9be1c6a515e4b2cff1e60b913ad0965a444629ee6bbad5,2025-04-07T14:17:50.220000 +CVE-2025-32523,1,1,1875ecb5b51193ce45dfcad25fbdb7014bdac53cb041d47c2262b200beaeffe6,2025-04-11T09:15:24.313000 +CVE-2025-32524,1,1,3c7e5b389ac40d58cd03495d73c1a3658791f107ac999369eed155f75d514ec4,2025-04-11T09:15:24.607000 +CVE-2025-32525,1,1,370be609661162212e430b609cffb337226098c4edfd0ba9f70ce9a05ed7b3db,2025-04-11T09:15:24.880000 CVE-2025-3253,0,0,d3540ac43febefad545d964abd58e6d161a99b9640be648524f895f9994fc100,2025-04-07T14:17:50.220000 +CVE-2025-32534,1,1,4304f81b3d3abff468bcaa0213e36b3a3b5b3aee9c450a05c48099805d9f1a14,2025-04-11T09:15:25.230000 +CVE-2025-32536,1,1,7f54e8529e5f521affd63ca226d055ef406132c04ef92dd67b23becca847818c,2025-04-11T09:15:25.397000 +CVE-2025-32537,1,1,e13643a329c5db173bafa618c859db0f5668a9c0bd0b2245605084d6d1dffc40,2025-04-11T09:15:25.703000 +CVE-2025-32538,1,1,dc926a5639b58f59d9c00c512f8f36c91046797c19ae7e5cb195712a8a440a4c,2025-04-11T09:15:26.007000 +CVE-2025-32539,1,1,441637151c7e9d968bab85635d87bf0a7d14998c3587d2901b58076efbee3a80,2025-04-11T09:15:26.247000 CVE-2025-3254,0,0,48928c45868aa81d54aac82548f85d57c79f7bb7f98d123408d27256cf914e0c,2025-04-07T14:17:50.220000 +CVE-2025-32541,1,1,1e736b71baa2321ace3f4a76f2596660d352e3034d6ec0a0a5985932726bde3a,2025-04-11T09:15:26.610000 +CVE-2025-32542,1,1,00434cf6b4b3d3daffc8ded0a0befb84ea741fc2764fdc9c75d40a074a8561e6,2025-04-11T09:15:26.807000 CVE-2025-32543,0,0,d050165252e86d2799dc53e2bbb81b0dbc85fef67b19a057fbeded735059c568,2025-04-09T20:02:41.860000 CVE-2025-32547,0,0,972184e533faca4526064acb0f983957804491440de409b5f8309b7935acb12d,2025-04-09T20:02:41.860000 CVE-2025-3255,0,0,d5353c58983edc47cfd68b6813d92152b05623ed0e06ed0dacfb65f3d812b06b,2025-04-07T14:17:50.220000 CVE-2025-32550,0,0,6aab19aaca5b164fcc7407dac1e301c7e2f368ae8071ceee7d76d49c266c8de3,2025-04-09T20:02:41.860000 +CVE-2025-32551,1,1,b907a5b9763107b3b35a859465459bd5563e3c5110feb4455cc0e746e283cdd4,2025-04-11T09:15:27.097000 +CVE-2025-32553,1,1,82ba38bba25799453cf479583df9adcafc8c36a2d8ffe720bcf201a56b130a50,2025-04-11T09:15:27.413000 CVE-2025-32555,0,0,7b60a026f07761c55d85498959f4cabb90b525fe6170c9e9d5a3be4d0a275575,2025-04-09T20:02:41.860000 CVE-2025-32556,0,0,03611315d89a49c9f0dc81909f7355075f5c2265ddd38852e3def659a3349a29,2025-04-09T20:02:41.860000 +CVE-2025-32558,1,1,fda8c5fff0c4b4a4516acba511ef5af81132ec34ddaf7d17841d0c9072a46e21,2025-04-11T09:15:27.570000 CVE-2025-32559,0,0,33ee8b4fb18181edb7883dffbe83974b2747e59c0f49de6506d018442da457b1,2025-04-09T20:02:41.860000 CVE-2025-3256,0,0,cba4962816ca9028f309f7d49dc62bb1e7562a0c6842a2b632328c7e8082b66d,2025-04-07T14:17:50.220000 CVE-2025-32563,0,0,264f345e68fed8749b434a4a100ada5d461e24ca5b313797841acb8034263428,2025-04-09T20:02:41.860000 +CVE-2025-32565,1,1,5304de385f772208b710d05e374af40318ebbb1044ee94153b72bca8324f9fd8,2025-04-11T09:15:27.937000 +CVE-2025-32567,1,1,7b020e556716c72eb8ed049cd91023c212dcdfced51aebd26e0b0f9461eb2494,2025-04-11T09:15:28.210000 +CVE-2025-32568,1,1,976cd5099d635cebb12eb48a3c10d58fbb937a455de92c6e9f6855dfe09e3992,2025-04-11T09:15:28.447000 +CVE-2025-32569,1,1,e33492f32fdb726c1915ae4e1a0ff7d5dc5073e52269b4a07da5988a1ff66458,2025-04-11T09:15:28.827000 CVE-2025-3257,0,0,d0dbe0934bee18c46d2eb221ac503819fe8076798dceb149ed2cab72d50f437a,2025-04-07T14:17:50.220000 CVE-2025-32570,0,0,d5b4bad5227b9367d571ddbd1949a2129504ddec547daadd7701c137e8cece46,2025-04-09T20:02:41.860000 CVE-2025-32575,0,0,d95070275bcada3e610fc9640cb9f32fd604c0f6173f8dd48dda009e662c3d47,2025-04-09T20:02:41.860000 CVE-2025-32576,0,0,c1d6c7191b747d748a6f450876322eab79ad2a3ef2f5dff3705a78cb7af3f3c1,2025-04-09T20:02:41.860000 +CVE-2025-32577,1,1,83f8301fadbcbcb68839db4cf2396e9a9c96dbfe6ed83f8b2cd7f1e737fa8660,2025-04-11T09:15:29 +CVE-2025-32579,1,1,716a7ba04e38ab199df68fa9a869479ba520979150548ffea17155f2cb3dbc6e,2025-04-11T09:15:29.270000 CVE-2025-3258,0,0,3615f8f7ebcf8c8b7786ba6b57f5dc9d63bf8e77b09fe3537a64410ab7050162,2025-04-07T14:17:50.220000 CVE-2025-32580,0,0,0779c4c7545a37afcd019dc542da5b02685fe4074b6ae465584500bd9c455251,2025-04-09T20:02:41.860000 CVE-2025-32581,0,0,0ff013e49ea00af2fc95f87c588af9630af6553a43356251b5a5af26809b4656,2025-04-09T20:02:41.860000 CVE-2025-32584,0,0,68bb00ee489509d942d41ed89905597661ec4f3a38d32988bef35836216f2de3,2025-04-09T20:02:41.860000 +CVE-2025-32585,1,1,68dfbef3f1c52b24a00f41fe8475f50ec38fc38c9f8c5650b2a6de1824a728db,2025-04-11T09:15:29.607000 +CVE-2025-32586,1,1,6469f4c7cbe48e6cceb8f11198ada9695a65d1778444da30a4e74a8d93ac1298,2025-04-11T09:15:29.820000 +CVE-2025-32587,1,1,6dcafdd632999569f7e044ec2923e5d5f742b5ffd1db99cb79983f1c5cf3e800,2025-04-11T09:15:30.190000 +CVE-2025-32589,1,1,5b2b1b45e52508b86204421f65592214408e2435482c9f2fce7a638c50b62ed2,2025-04-11T09:15:30.430000 CVE-2025-3259,0,0,e705e50caf2174f59dfb699e4aa759ceb69dcda3b3d546c93e1b05690cc687ca,2025-04-07T18:19:20.090000 CVE-2025-32591,0,0,fd8ba4bf1a72e360674a8fe6204340fb9d6c3440cb5ce780c7835f0636ef0487,2025-04-09T20:02:41.860000 CVE-2025-32597,0,0,96fc415ce2407738ed408ad01b04109f892c8ebeb7179dfc5cf7363ebc87d494,2025-04-09T20:02:41.860000 +CVE-2025-32598,1,1,d01ed446792a315817dbcf4077badf59e9e54c91bd531741949ac741a0bc490f,2025-04-11T09:15:30.710000 +CVE-2025-32599,1,1,6588b34e847ccb0a5d849dcad2c975ccfc8c99df9201e9c34858eaf61fc1d01d,2025-04-11T09:15:31.090000 +CVE-2025-32600,1,1,85303a5838cff5e739aa8ea08a9738b2a81db03f1147fe7301456bf55d166e56,2025-04-11T09:15:31.247000 +CVE-2025-32601,1,1,1640879264d0008b74edfd96a4c23a8a3635b389ea18b47fa163fb75348832c8,2025-04-11T09:15:31.620000 +CVE-2025-32603,1,1,680f39ad077f78f525913769cf1e60f230cbecd3b7ae43ac3e6222fab476d549,2025-04-11T09:15:31.877000 +CVE-2025-32607,1,1,b56a376df666c00a727f7c3bf9275fcc49a82aa700719d02875f05af9795a8a5,2025-04-11T09:15:32.140000 CVE-2025-32610,0,0,dc9fb659de83670c7c33be214fe09b7737ca428457ab3f71ece1458f518c12f6,2025-04-09T20:02:41.860000 CVE-2025-32612,0,0,2ca59969dacb02baf4d8154f1c272d9b1103df0b2ef0d4006fa6af5914c3c1a2,2025-04-09T20:02:41.860000 +CVE-2025-32614,1,1,2dda32815904c15b762614eec8507837768ea2a0d30a513ad0c2b5065f41f32f,2025-04-11T09:15:32.497000 CVE-2025-32616,0,0,2e563f58b0e6b0772785bac3eaa9ec9a78ae954484a2c3aa1fb02d6e868b4cb6,2025-04-09T20:02:41.860000 CVE-2025-32617,0,0,71d3ec745715f4618004af83a345c1e36da6cc1017adbb46f67d801506ef1931,2025-04-09T20:02:41.860000 +CVE-2025-32618,1,1,a88a0d51c0e525b91ce0e856abec29ffdec186a507dedb9d75bb93f49850f4ca,2025-04-11T09:15:32.667000 CVE-2025-32619,0,0,40a399def20506b990a5b9b8ca489d44c848da1caa4928159d10d8cdbf1d7bcc,2025-04-09T20:02:41.860000 CVE-2025-32621,0,0,9d88f036911502a4d01b04e887bdfff30790926c188434148672296f334eb2ce,2025-04-09T20:02:41.860000 CVE-2025-32623,0,0,9c4a61b53a0aad0c6b2024143a2f6f05bbee238508cc7a45df54750e9078afdf,2025-04-09T20:02:41.860000 CVE-2025-32624,0,0,bdf1e4504695fcf5573bf65f3a823ba2ad5adfc364b0a8a82084be8af29ad9d3,2025-04-09T20:02:41.860000 +CVE-2025-32627,1,1,56afedb0b6da935734ace0532066963fd065bff44256d8642aac6b4078884ded,2025-04-11T09:15:33.013000 +CVE-2025-32629,1,1,956ca41f3472f728265b3c7a016c2c1ddf28cdf70a760bc6b62f375d07d660ce,2025-04-11T09:15:33.297000 +CVE-2025-32631,1,1,b651645d2b393609401350d5b60a82dc345873f21146c2babf68b265b2fbf90d,2025-04-11T09:15:33.583000 +CVE-2025-32632,1,1,b9bbfd35a45238cb16a8d79274cdec2493e1d32d815267f7fc0ba97b3ed5701b,2025-04-11T09:15:33.953000 +CVE-2025-32633,1,1,ad6de8ad376de9f01a48fb1d85340e568ef6fb4d94e571001ecca23083c369bf,2025-04-11T09:15:34.130000 CVE-2025-32640,0,0,4faaa8e90e12217c66a4114327933133c6f08418147e1ef08f8b2d3b9f259249,2025-04-09T20:02:41.860000 CVE-2025-32641,0,0,a7e875658bf04002a0f0ff2d8ed205c3e62723306ba92b913fa8b3da4737f4b4,2025-04-09T20:02:41.860000 CVE-2025-32642,0,0,7ada1176e299944cf4984e04ec32597fcad8956fb8b07508c19b98987a43b7e5,2025-04-09T20:02:41.860000 CVE-2025-32644,0,0,8d77ffb90d6541e311c07c2f45ed6a06f20b0ee590798253e68c0a42396292a1,2025-04-09T20:02:41.860000 CVE-2025-32645,0,0,fb62da3f3a1988bda24134062715132c5261d9674bf6f1734f8b456b41a59035,2025-04-09T20:02:41.860000 CVE-2025-3265,0,0,1b08405cf7862a0d70f0211001bee004fe3d504e775eb888b6c2102dc0c554e7,2025-04-07T18:19:07.777000 +CVE-2025-32650,1,1,df118b6387775575711af45745c7085529af2d339c058af0182bd502c3ecaf13,2025-04-11T09:15:34.340000 +CVE-2025-32654,1,1,1ecaa49d7c3602a27be6ec721058b7af914d8c7a2b8dcbe26af14228696d0ed2,2025-04-11T09:15:34.707000 +CVE-2025-32656,1,1,acb5744ccebc6b033d02db29c559d4cde1dec78a89220dda105dae6cc494b169,2025-04-11T09:15:34.907000 CVE-2025-32659,0,0,717c5d0222a54fd481e76a076103445f1121d11434ddfac7ba32fd0a96b70d87,2025-04-09T20:02:41.860000 CVE-2025-3266,0,0,72c61d5f89eeb94b30f634ae19d189745b893dd05829140f6047e84fafa81bf8,2025-04-07T18:18:56.247000 CVE-2025-32661,0,0,9129275d86d90732365a50f1fd023acf25687ca6a30d36ee8767c87e6ef69f25,2025-04-09T20:02:41.860000 +CVE-2025-32663,1,1,f1ca8bb0218964127ebdd9808a787f05e0fc975feb672015fb61c6662ce9135b,2025-04-11T09:15:35.217000 CVE-2025-32664,0,0,2223730a60ed1fe558c38ad32fdbcf8b25e2266ff023b63d74e71a84be192208,2025-04-09T20:02:41.860000 CVE-2025-32667,0,0,67342f2d09edcff434d9d589fa729388e7a3fdaf31499c98da4542746ee22eef,2025-04-09T20:02:41.860000 CVE-2025-32668,0,0,4d54aefdff349f2e686e19d053071cb9bdd494c3189b630a5d2fe8521808e509,2025-04-10T08:15:21.190000 CVE-2025-32669,0,0,5ee4004046a9925c22bcdaa7275b534b428fe00ab9efd060f46d22bf87b484fd,2025-04-09T20:02:41.860000 CVE-2025-3267,0,0,5957e45c3f258189da3aec49a626cf5736069fd66df3c72b04267cdc97a2b74c,2025-04-07T18:18:41.523000 +CVE-2025-32671,1,1,4fe9308b2158b05b845f43ab48849f6135018eb46934ed063e3e4e98a447dcb3,2025-04-11T09:15:35.530000 +CVE-2025-32672,1,1,e52279e75005ab38481a6fc4fcb5041c942e865ae73153fb9b6d7b2b968f252c,2025-04-11T09:15:35.727000 CVE-2025-32673,0,0,e04e543b05b99f72995e2bef56793f9632a1f3cc90a21636a75204e2e23934f5,2025-04-09T20:02:41.860000 CVE-2025-32675,0,0,548891b87ee449854d51f60483cb5815736a358fddef98f05bd38028cd885ffe,2025-04-09T20:02:41.860000 CVE-2025-32676,0,0,b937d2c54242c8d4db371f528e52df43f1a969973b2fcf2bf1151a558909c315,2025-04-09T20:02:41.860000 @@ -289428,6 +289487,7 @@ CVE-2025-32678,0,0,f90148935e7dcdc424e798fece0ab3f8bdaea00a714a9915675ffbcdcf79c CVE-2025-32679,0,0,88e5b85177a720ee5de776ab05d453dd5eb26275ea535d4b5fa355cb9dc18099,2025-04-09T20:02:41.860000 CVE-2025-3268,0,0,13ebb75f155606fc18a6c469dfd2e1dc92481b7d2a4b4f437c20095a77a45083,2025-04-07T16:15:26.430000 CVE-2025-32680,0,0,7e83253b789e22794ff15c175ac5222320ee1d5aeead675a8299f4d4dd7a8e97,2025-04-09T20:02:41.860000 +CVE-2025-32681,1,1,243d12cfd74bb354d7c5b38f26a1f43b89d4655a805d978d212a6b995476b307,2025-04-11T09:15:36.080000 CVE-2025-32683,0,0,4737dc851cbc361679102d01731ea65b5abe3ae9073ec363ee786b4e1a2533bb,2025-04-09T20:02:41.860000 CVE-2025-32684,0,0,2dfb6a557da23140d893ceefbb39bc58555bc5e6d1a5fd6ac3c564f83604d2e7,2025-04-09T20:02:41.860000 CVE-2025-32685,0,0,e1edc9c0eeffd8569f1c3dee56fbb2ffc492f927f4ddc538006bdbf6674bc433,2025-04-09T20:02:41.860000 @@ -289468,7 +289528,7 @@ CVE-2025-32775,0,0,0fc8e60ca0e0a1e6b116ccd0b6b05a3155be0d53785b8ae060df538fffe53 CVE-2025-32807,0,0,d83e6e9996ad7bd901fe4f6805e9bb41615292e29fea6386dc07a351057e5ef8,2025-04-11T00:15:27.777000 CVE-2025-32808,0,0,33d10e8843d8b72681e25996b6488044584cb9afdfeadf80b845d87f7f10e343,2025-04-11T02:15:19.540000 CVE-2025-32809,0,0,85b7eef8485a081cdda7a118435e8a9a982136a9ab5a9db6044786dabe31cf75,2025-04-11T02:15:19.667000 -CVE-2025-32816,1,1,f88d5f083890e4392e146ebbf0ddb7ae2a8ef8e7d190ce7bee0a73d48b1b5f3b,2025-04-11T04:15:31.033000 +CVE-2025-32816,0,0,f88d5f083890e4392e146ebbf0ddb7ae2a8ef8e7d190ce7bee0a73d48b1b5f3b,2025-04-11T04:15:31.033000 CVE-2025-3285,0,0,e28a4e88da7ffb77ad01de08bcfd2b4a71d41180820a080f587b6350c35f9e48,2025-04-08T18:13:53.347000 CVE-2025-3286,0,0,c247e4e94cc04e66afe391d63c6254a128435a66f18dde665fe78a6cdb0ab317,2025-04-08T18:13:53.347000 CVE-2025-3287,0,0,bff258a343cd08a61757791ae0246a98daa5f12cd52be7d2e4f1314c24254af2,2025-04-08T18:13:53.347000 @@ -289584,6 +289644,7 @@ CVE-2025-3430,0,0,4108de5de28ea6ad3b283f6b1b4e124b53de0d34b577f3df5c6e6463ccd23b CVE-2025-3431,0,0,3268c065a33ed9c3e0d65730bc3852cbe02c3e2891ed1aaf906166836cdedba3,2025-04-08T18:13:53.347000 CVE-2025-3432,0,0,32b4909a605e3dc15d41b2069e1ead14c30bcbe2dfa78debc747a89be022e4ba,2025-04-08T18:13:53.347000 CVE-2025-3433,0,0,46dd66c57af291abbb1b77326145823e13d716692eb68902a18c25a048a17397,2025-04-08T18:13:53.347000 +CVE-2025-3434,1,1,a99b12b9609e959783fc784448d5cd4a8b979bd7bdef11452cc2ae9b32b76b1c,2025-04-11T09:15:36.320000 CVE-2025-3436,0,0,350fe0ab040ca88ca01e6b9c153bc7bb9c0c6c278cf5357b8d0cb98bb355f464,2025-04-08T18:13:53.347000 CVE-2025-3437,0,0,e73b4884af1e4c5b90938b61853540dd90f98780db8cdd9f4d702d9b75697db1,2025-04-08T18:13:53.347000 CVE-2025-3442,0,0,2a59e6aeb9a7ce85db231c9e4252568faabc9932311aa3489ec1af959c55a52f,2025-04-09T20:02:41.860000 @@ -289591,3 +289652,4 @@ CVE-2025-3469,0,0,278e76bbd646aecbb510c5b014c3d9dfd1c53ab79d44c1acf4b9154f5fe9ae CVE-2025-3474,0,0,f8e71c46703e14cca85d8e407ff995fe29213506f600ff4c3b6065d1079e537c,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,bb4bc227f15a0b277f9580dd5137093b362fd6a8b2970e4968b5dd8302443ad1,2025-04-09T20:02:41.860000 CVE-2025-3489,0,0,1a5a33b5d1c5526ee6b723da873c4e5449b2b19139fe87cb0f2ac9187018cb74,2025-04-10T16:15:29.580000 +CVE-2025-3512,1,1,f89ef4370695aa127adfa312507548344581abeaa76c70406e55e8cbf8660dc1,2025-04-11T08:15:15.797000