diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json new file mode 100644 index 00000000000..38493b2e4b5 --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9017", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-03T07:15:21.860", + "lastModified": "2025-07-03T07:15:21.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.peepso.com/changelog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/32ac79f4-ada7-4c14-8675-53f8375912d8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-61xx/CVE-2025-6151.json b/CVE-2025/CVE-2025-61xx/CVE-2025-6151.json index ec36878679d..06eb056ee11 100644 --- a/CVE-2025/CVE-2025-61xx/CVE-2025-6151.json +++ b/CVE-2025/CVE-2025-61xx/CVE-2025-6151.json @@ -2,13 +2,20 @@ "id": "CVE-2025-6151", "sourceIdentifier": "cna@vuldb.com", "published": "2025-06-17T01:15:23.313", - "lastModified": "2025-06-19T01:20:04.247", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2025-07-03T06:15:21.047", + "vulnStatus": "Modified", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." }, { "lang": "es", @@ -169,8 +176,8 @@ "source": "cna@vuldb.com", "tags": [ "Exploit", - "Third Party Advisory", - "Issue Tracking" + "Issue Tracking", + "Third Party Advisory" ] }, { @@ -209,8 +216,8 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": [ "Exploit", - "Third Party Advisory", - "Issue Tracking" + "Issue Tracking", + "Third Party Advisory" ] } ] diff --git a/README.md b/README.md index dd7875ab431..2c8a03b5a8e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-03T06:00:12.114093+00:00 +2025-07-03T08:00:11.125581+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-03T05:15:25.330000+00:00 +2025-07-03T07:15:21.860000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300104 +300105 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2025-5944](CVE-2025/CVE-2025-59xx/CVE-2025-5944.json) (`2025-07-03T05:15:25.330`) +- [CVE-2024-9017](CVE-2024/CVE-2024-90xx/CVE-2024-9017.json) (`2025-07-03T07:15:21.860`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-6151](CVE-2025/CVE-2025-61xx/CVE-2025-6151.json) (`2025-07-03T06:15:21.047`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 55e2f9f3c64..30e1959bd5c 100644 --- a/_state.csv +++ b/_state.csv @@ -281925,6 +281925,7 @@ CVE-2024-9011,0,0,24ced7d06552bc9d1dd30636af61f2f64e910b6c47eefac677c31a4765d5a4 CVE-2024-9014,0,0,220003038e0ed1cc49a0befe3090135c41cd16a5f829c2d65bd6cc8f984c0497,2024-09-26T13:32:55.343000 CVE-2024-9015,0,0,70610f66e2554a4ae6806b1835adece9ecbb77c46846bbc910eff47baf4dabd3,2025-02-11T02:15:36.640000 CVE-2024-9016,0,0,4433e8aa830f673f06363371194ce7f1e194c18475143eaf030c41e8abd4610f,2025-04-15T16:15:47.550000 +CVE-2024-9017,1,1,413a2f833956f2c1688737fbb2dd6454d3974bd7e932fc745d7dc0685e55aa07,2025-07-03T07:15:21.860000 CVE-2024-9018,0,0,9d5f9a71065cb5737c3eb97e3b8fce2545d7a7505edc442df3224ec9cdcd8b15,2024-10-07T19:20:48.293000 CVE-2024-9019,0,0,e7c280dd9795175417ea8024bce5f2c9bffae51a9cc95a1fdc27d7cf05fb48a9,2025-03-06T17:43:48.203000 CVE-2024-9020,0,0,5ce246caccb2c0203fb4c1f8ed5d7f546d3c9f2ea8a37ba7d826dd6d43e54b11,2025-05-13T21:23:17.843000 @@ -299456,7 +299457,7 @@ CVE-2025-5938,0,0,de6ba49470711279279f27a904465957f8293ec15c3176c20b2597289d4c7b CVE-2025-5939,0,0,fae4e42cb7ec096d2eda48ac42042deaadc4d81bda29462ec7008261e2cabbf5,2025-06-16T12:32:18.840000 CVE-2025-5940,0,0,12f5ab38c06b65e778613d0d51aa6f11358e4f8612cc24f4f82cb80affac2e7b,2025-06-30T18:38:48.477000 CVE-2025-5943,0,0,35b1a03e31f4997e71998954ee281c02ada0936b00fc64cfacb7aa84cfa29429,2025-06-12T16:06:29.520000 -CVE-2025-5944,1,1,0cfbdd7d7a70c1d816fe8f6235d46ece7906d106888041a45680f2fcd51ae772,2025-07-03T05:15:25.330000 +CVE-2025-5944,0,0,0cfbdd7d7a70c1d816fe8f6235d46ece7906d106888041a45680f2fcd51ae772,2025-07-03T05:15:25.330000 CVE-2025-5945,0,0,c7e4d5fd43d260b09c3d268ba39649757ca6834ec123b67f85c953ef50c7c56d,2025-06-10T09:15:25.930000 CVE-2025-5950,0,0,760fa6d42f3c866c98b5e3438e6c6f00bd5fd5520537943b3e544b07838ccbee,2025-06-16T12:32:18.840000 CVE-2025-5951,0,0,8284d36183b5c5a20ce1ccc5cb7415a68b49193aca2a0e8df993129c1d1d98e3,2025-06-28T23:15:21.963000 @@ -299584,7 +299585,7 @@ CVE-2025-6147,0,0,59ecbde0789a8203b15ce4d192e855bbe9b1cda317ee7c6c058f57ec910107 CVE-2025-6148,0,0,1d80dfd65e83b1c0094d1738353bddfce30f1ccddcddac7fd512e97214056b99,2025-06-23T19:28:33.990000 CVE-2025-6149,0,0,bfa9b70c74b833d4b13edc2b8c0deb75557d095959799446cbc897b529f45341,2025-06-23T19:28:26.243000 CVE-2025-6150,0,0,1c1c8c9840248db413992659480d6a0621f81bf1fb34376aa4877ba8e62a64a5,2025-06-23T19:28:18.330000 -CVE-2025-6151,0,0,66f985d955d28732cb3e20742ce5c2b75d056fdf6e0c0fd5329b3e2551fd465e,2025-06-19T01:20:04.247000 +CVE-2025-6151,0,1,1391683b3575957e896133fcca7f5f323d73d40b9e6178c928c6711a0a97e152,2025-07-03T06:15:21.047000 CVE-2025-6152,0,0,32d4186f036cfff413fb083fa82eb785e9512523c1a40900c862dc16e87a29b7,2025-07-02T19:47:02.363000 CVE-2025-6153,0,0,9cb391bc0c728a51d1642ebf8a165fb9af8fa2212048ca86e4445e0b055258b3,2025-06-24T15:53:37.673000 CVE-2025-6154,0,0,95060072831785f3ed57ae597e6cc6e6409b897d7a65ff870ebacbcf6fb1f450,2025-06-24T15:53:35.847000