diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11636.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11636.json new file mode 100644 index 00000000000..b447934501e --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11636.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-11636", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-13T06:15:08.693", + "lastModified": "2025-01-13T06:15:08.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/da616c20-3d74-4d3a-95f5-2d71d9ada094/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12274.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12274.json new file mode 100644 index 00000000000..7c355a41dbc --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12274.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-12274", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-13T06:15:10.000", + "lastModified": "2025-01-13T06:15:10.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12566.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12566.json new file mode 100644 index 00000000000..213ee537bd5 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12566.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-12566", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-13T06:15:10.130", + "lastModified": "2025-01-13T06:15:10.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/9206064a-d54e-44ad-9670-65520ee166a6/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12567.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12567.json new file mode 100644 index 00000000000..8a74e01ade4 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12567.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-12567", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-13T06:15:10.260", + "lastModified": "2025-01-13T06:15:10.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/82051ccc-c528-4ff3-900a-3b8e8ad34145/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12568.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12568.json new file mode 100644 index 00000000000..f3a7fb1197f --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12568.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-12568", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-13T06:15:10.380", + "lastModified": "2025-01-13T06:15:10.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/0ce9075a-754b-474e-9620-17da8ee29b56/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 078cd65ac45..2cce9f827e8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-13T05:00:19.247073+00:00 +2025-01-13T07:00:21.953711+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-13T04:15:06.477000+00:00 +2025-01-13T06:15:10.380000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276820 +276825 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -- [CVE-2025-0409](CVE-2025/CVE-2025-04xx/CVE-2025-0409.json) (`2025-01-13T03:15:06.667`) -- [CVE-2025-0410](CVE-2025/CVE-2025-04xx/CVE-2025-0410.json) (`2025-01-13T03:15:06.847`) -- [CVE-2025-0412](CVE-2025/CVE-2025-04xx/CVE-2025-0412.json) (`2025-01-13T04:15:06.477`) +- [CVE-2024-11636](CVE-2024/CVE-2024-116xx/CVE-2024-11636.json) (`2025-01-13T06:15:08.693`) +- [CVE-2024-12274](CVE-2024/CVE-2024-122xx/CVE-2024-12274.json) (`2025-01-13T06:15:10.000`) +- [CVE-2024-12566](CVE-2024/CVE-2024-125xx/CVE-2024-12566.json) (`2025-01-13T06:15:10.130`) +- [CVE-2024-12567](CVE-2024/CVE-2024-125xx/CVE-2024-12567.json) (`2025-01-13T06:15:10.260`) +- [CVE-2024-12568](CVE-2024/CVE-2024-125xx/CVE-2024-12568.json) (`2025-01-13T06:15:10.380`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e7b3c6f434d..a45adf583b5 100644 --- a/_state.csv +++ b/_state.csv @@ -244580,6 +244580,7 @@ CVE-2024-11632,0,0,de73f7ca209ed3887af097dcd8d60cda4bdd27816f354a861b8ba50b3a9bc CVE-2024-11633,0,0,ec2ee5d42526708d0c247f1efcfef18b7ca46f7d0173b75ddfcc1ac75afc9e99,2024-12-10T19:15:19.443000 CVE-2024-11634,0,0,e0423804dbaae41000eefac776623fcebb674fb7c1dc8b9d22b613f3f40aa1e7,2024-12-10T19:15:19.570000 CVE-2024-11635,0,0,ffacee27dce2a3419b3aa106b350e83d5585d5dcfe645774b0023dac2c389ee8,2025-01-08T08:15:24.117000 +CVE-2024-11636,1,1,08f2b1951fb5310e3b20f77f712e99d5e6fcde80301071f3129868f937fbf1eb,2025-01-13T06:15:08.693000 CVE-2024-11639,0,0,0210e46589d8e363ac9b295eb4432d5b1bb6755405d9d65212946ea82705ab83,2024-12-10T19:15:19.690000 CVE-2024-1164,0,0,ea75a9ac84fb05bc5899ed5764c236687fb5121f662769fb6e46971a20a2f34a,2024-11-21T08:49:56.530000 CVE-2024-11642,0,0,e083dfd7b8388b09206f810c50ef0061b39601a9804b6746591b0dd89f756ab4,2025-01-09T11:15:10.187000 @@ -245104,6 +245105,7 @@ CVE-2024-1227,0,0,2b74966c63acb4b53db9100814c0ea98b900c2b18de594c13a326b21bfb265 CVE-2024-12270,0,0,a59b36ad08a62409fa966fc5cef53e6796ba20371cadd9c7e001162bc2771bae,2024-12-07T10:15:06.200000 CVE-2024-12271,0,0,e756524ee3996486f46fc9dfb0848744c8a90daec55e50296545ffd31d194dcb,2024-12-12T13:15:07.570000 CVE-2024-12272,0,0,cbbb238a5fc49c4ada4f96dbd5ec3bf6a1bab33a6ad37ef5b0235e516631a83b,2024-12-25T04:15:06.457000 +CVE-2024-12274,1,1,5b8650cf888d87403d3fdc4ecb2aa7e0bfbd23a56a9654e337d742a1173cebf6,2025-01-13T06:15:10 CVE-2024-12279,0,0,28f926ab6f57c2b10bee59d6914cc0152fa6a23fa0d172ad6d11e3d9d407b5c2,2025-01-04T12:15:24.453000 CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44ef,2024-11-21T08:50:06.280000 CVE-2024-12283,0,0,27e00fa0bc574ce5113c52cfd02ee2100414eb1f36a7d99001797949356bf37d,2024-12-11T09:15:05.697000 @@ -245315,6 +245317,9 @@ CVE-2024-12559,0,0,57ab0e0bbf049179f4bb043a31125569183e3823c6e0814b5b25df137c49e CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 CVE-2024-12560,0,0,d33290fc3e54f51dd78cb0afaf9a18e8538f72db9dd0f598ab5a68b55bfe89a1,2024-12-19T07:15:13.507000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 +CVE-2024-12566,1,1,d5a99af79f9f09fe2b81f8d4098ecb332e256b2007da72d1df5e53e36b3b1191,2025-01-13T06:15:10.130000 +CVE-2024-12567,1,1,178ed845f04f437f42c6cadcee74c95f82a0c29926c2403289c3d15d1656e72a,2025-01-13T06:15:10.260000 +CVE-2024-12568,1,1,8b8ea8d0c910a0053ab8bf3425ca9863311ac1fd011be1a1d8524135b9d0286c,2025-01-13T06:15:10.380000 CVE-2024-12569,0,0,f75ddc9e99d18c4cfddc5b909f2c374e6db9e2363680671699b7fc90362d5ccd,2025-01-07T10:15:06.757000 CVE-2024-1257,0,0,7cc030c8f0ebfb33a80da788a5513945114551aaaa2999db4fa614a5f6b08a9b,2024-11-21T08:50:10.443000 CVE-2024-12570,0,0,be94920192af405ec932f38181a462713be2ef7292a21e90f93bf4238cc63d84,2024-12-12T12:15:22.660000 @@ -276571,9 +276576,9 @@ CVE-2025-0405,0,0,fa7310491d9b035f03a92a039aa8a0993082233b0ddec8e7ad737235e8a8c9 CVE-2025-0406,0,0,2f78f472395c39528e55d8c1dfd0c163afdde35d888fe98333c6795188428f15,2025-01-13T02:15:07.490000 CVE-2025-0407,0,0,20407171783d37a0839404a22bdf916745f5250cb3a37c45186573bc29163052,2025-01-13T02:15:07.667000 CVE-2025-0408,0,0,67cb553ef2c4b7288311b574900a3763fb63fba59f3c7a7a7d129bc8a401d949,2025-01-13T02:15:07.840000 -CVE-2025-0409,1,1,5977f456246a3df58d5394ce85d10ffca63f6aba373f8079aa72161dded830de,2025-01-13T03:15:06.667000 -CVE-2025-0410,1,1,a8e3c0bff0c859e1514d3e3cb3c44d0409eb1b446e65a182236a181d1b90191b,2025-01-13T03:15:06.847000 -CVE-2025-0412,1,1,bfbf47e0956b1bfccce4c3a829b70c8095a189edb5636c3ef3ebd81177784d3c,2025-01-13T04:15:06.477000 +CVE-2025-0409,0,0,5977f456246a3df58d5394ce85d10ffca63f6aba373f8079aa72161dded830de,2025-01-13T03:15:06.667000 +CVE-2025-0410,0,0,a8e3c0bff0c859e1514d3e3cb3c44d0409eb1b446e65a182236a181d1b90191b,2025-01-13T03:15:06.847000 +CVE-2025-0412,0,0,bfbf47e0956b1bfccce4c3a829b70c8095a189edb5636c3ef3ebd81177784d3c,2025-01-13T04:15:06.477000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20123,0,0,54512af23f890abd1fef44213c66523a0b62c1420699fcab5bda08e37f5f4455,2025-01-08T16:15:38.150000 CVE-2025-20126,0,0,0fcc9383f8a59c5e0d551ae3c2ee7933f9c74701d79731c282030a0992412e7d,2025-01-08T19:15:38.553000