admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-30T05:00:19.837850+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-30 05:03:20 +00:00
parent 617faa95b5
commit aaf376c897
13 changed files with 893 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2023/CVE-2023-58xx/CVE-2023-5816.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-5816",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:03.090",
"lastModified": "2024-10-30T03:15:03.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/code-explorer/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42ecc4e5-d660-472f-823d-a29b84cdf041?source=cve",
"source": "security@wordfence.com"
}
]
}

8
CVE-2024/CVE-2024-100xx/CVE-2024-10033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10033",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-16T17:15:13.267",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-30T03:15:03.337",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:8534",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-10033",
"source": "secalert@redhat.com"

141
CVE-2024/CVE-2024-105xx/CVE-2024-10506.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-10506",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.490",
"lastModified": "2024-10-30T03:15:03.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/xxx-www/cve/blob/main/sql8.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282447",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282447",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432688",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-105xx/CVE-2024-10507.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-10507",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.777",
"lastModified": "2024-10-30T03:15:03.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/26",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282448",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282448",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432719",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-105xx/CVE-2024-10509.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-10509",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:04.060",
"lastModified": "2024-10-30T03:15:04.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/27",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282449",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282449",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.432720",
"source": "cna@vuldb.com"
}
]
}

60
CVE-2024/CVE-2024-86xx/CVE-2024-8627.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8627",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:04.360",
"lastModified": "2024-10-30T03:15:04.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-tinymce/trunk/admin_functions.php#L81",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ddd9cab-f381-4343-a2e6-ef8a1be2ed4e?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-87xx/CVE-2024-8792.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8792",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:04.583",
"lastModified": "2024-10-30T03:15:04.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/subscribe-to-comments/trunk/subscribe-to-comments.php#L1470",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3177660%40subscribe-to-comments%2Ftrunk&old=1198281%40subscribe-to-comments%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7566ac1-9ae2-44d2-8ad1-029957870992?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-98xx/CVE-2024-9846.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9846",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:04.820",
"lastModified": "2024-10-30T03:15:04.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/enable-shortcodes-inside-widgetscomments-and-experts/trunk/enable-shortcodes-inside-widgets-comments-experts.php#L19",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/enable-shortcodes-inside-widgetscomments-and-experts/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ac2544-f96b-4859-96de-795753a94264?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-98xx/CVE-2024-9884.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9884",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:05.067",
"lastModified": "2024-10-30T03:15:05.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/t-countdown/trunk/t-countdown.php#L810",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/t-countdown/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23a0dcdf-e98f-4e24-9900-49ca522b8038?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-98xx/CVE-2024-9885.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9885",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:05.283",
"lastModified": "2024-10-30T03:15:05.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/widget-or-sidebar-per-shortcode/trunk/class-widget-or-sidebar-per-shortcode.php#L89",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/widget-or-sidebar-per-shortcode/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20584675-0d4a-4215-8132-e9ea95bee09b?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-98xx/CVE-2024-9886.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9886",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:05.507",
"lastModified": "2024-10-30T03:15:05.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-baidu-map/trunk/wp-baidu-map.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wp-baidu-map/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd917ae-3fa2-47b5-ace7-1462647e2352?source=cve",
"source": "security@wordfence.com"
}
]
}

26
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-30T03:00:23.996701+00:00
2024-10-30T05:00:19.837850+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-30T02:15:02.430000+00:00
2024-10-30T03:15:05.507000+00:00
```
### Last Data Feed Release
@ -33,24 +33,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
267611
267621
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `10`
- [CVE-2024-10500](CVE-2024/CVE-2024-105xx/CVE-2024-10500.json) (`2024-10-30T01:15:02.803`)
- [CVE-2024-10501](CVE-2024/CVE-2024-105xx/CVE-2024-10501.json) (`2024-10-30T01:15:03.107`)
- [CVE-2024-10502](CVE-2024/CVE-2024-105xx/CVE-2024-10502.json) (`2024-10-30T01:15:03.377`)
- [CVE-2024-10503](CVE-2024/CVE-2024-105xx/CVE-2024-10503.json) (`2024-10-30T01:15:03.653`)
- [CVE-2024-10505](CVE-2024/CVE-2024-105xx/CVE-2024-10505.json) (`2024-10-30T02:15:02.430`)
- [CVE-2023-5816](CVE-2023/CVE-2023-58xx/CVE-2023-5816.json) (`2024-10-30T03:15:03.090`)
- [CVE-2024-10506](CVE-2024/CVE-2024-105xx/CVE-2024-10506.json) (`2024-10-30T03:15:03.490`)
- [CVE-2024-10507](CVE-2024/CVE-2024-105xx/CVE-2024-10507.json) (`2024-10-30T03:15:03.777`)
- [CVE-2024-10509](CVE-2024/CVE-2024-105xx/CVE-2024-10509.json) (`2024-10-30T03:15:04.060`)
- [CVE-2024-8627](CVE-2024/CVE-2024-86xx/CVE-2024-8627.json) (`2024-10-30T03:15:04.360`)
- [CVE-2024-8792](CVE-2024/CVE-2024-87xx/CVE-2024-8792.json) (`2024-10-30T03:15:04.583`)
- [CVE-2024-9846](CVE-2024/CVE-2024-98xx/CVE-2024-9846.json) (`2024-10-30T03:15:04.820`)
- [CVE-2024-9884](CVE-2024/CVE-2024-98xx/CVE-2024-9884.json) (`2024-10-30T03:15:05.067`)
- [CVE-2024-9885](CVE-2024/CVE-2024-98xx/CVE-2024-9885.json) (`2024-10-30T03:15:05.283`)
- [CVE-2024-9886](CVE-2024/CVE-2024-98xx/CVE-2024-9886.json) (`2024-10-30T03:15:05.507`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-10033](CVE-2024/CVE-2024-100xx/CVE-2024-10033.json) (`2024-10-30T03:15:03.337`)
## Download and Usage

22
_state.csv
View File

@ -240141,6 +240141,7 @@ CVE-2023-5812,0,0,4574994fad5fc8adf8973438c394722f96f6011ae4790ce56c0fd06c977858
CVE-2023-5813,0,0,93b6b31c7ba02e3fd393040f54983c5b40f9009771b580feacfa12ef95641b11,2024-05-17T02:33:19.730000
CVE-2023-5814,0,0,9244fc7bd6855dc1490ac1430f496e34117935a90c9798c5ab2d28932e509bb3,2024-05-17T02:33:19.837000
CVE-2023-5815,0,0,defbb5df33ca806dbebb6606fd88458847ce0bcf3a5ef6c7d974da18bd26609d,2023-11-29T19:15:40.353000
CVE-2023-5816,1,1,42f98d95bddfad7d36458aa6812dcaa60af44a517e282489aa2608b95063f49c,2024-10-30T03:15:03.090000
CVE-2023-5817,0,0,00c66bc0b6d0a953b3d2afbc6f7fd9f3524090fbae0f380848cb5690ac6f4dae,2023-11-07T21:16:59.943000
CVE-2023-5818,0,0,6a5ffd8673156ac79a2d58f03f35c20465bc4b549e34561533ec3670cca05fa6,2023-11-15T15:38:21.693000
CVE-2023-5819,0,0,14ae9d8f0c3976c72e001ddb723606877cb5966a66cb8e428e779c8e71f422d2,2023-11-15T15:38:07.557000
@ -242364,7 +242365,7 @@ CVE-2024-10023,0,0,fb7a2d87c1d01f1c0f753ee2a4448f391382353000e2526f44469dfe5432a
CVE-2024-10024,0,0,341fb3a51358c0d5f83894d8ffa34bc8830630ac4903510ed67f09db34646b2e,2024-10-21T13:15:01.730000
CVE-2024-10025,0,0,19a46c25128674d2a3df76dfa6881dd0177e057f9e034fa6abc2c0a4e8bba033,2024-10-18T12:52:33.507000
CVE-2024-1003,0,0,5577a6ad54fba7e1e984add6f75aca7e6ad73817623f9ed150fa33b583cd3fae,2024-05-17T02:35:09.147000
CVE-2024-10033,0,0,c0a9b2336bab3102cd006cc0abae51c59fa7520aa657f85607505772ed524766,2024-10-18T12:53:04.627000
CVE-2024-10033,0,1,acdf5074f0a65571bb13fd536474d2e55d1aca0ec9686906dc29923cd27bb029,2024-10-30T03:15:03.337000
CVE-2024-1004,0,0,be9a3a60f238fd673f4d3f1f166af1f9400f4582d193359c16f232ef2b1c02fa,2024-05-17T02:35:09.263000
CVE-2024-10040,0,0,e60010f49ca3103740274faae9ff6204ef5e8179ea2561631dfe21b2ee350ec3,2024-10-18T12:52:33.507000
CVE-2024-10041,0,0,d3a5fc70054a78d48c6ae937cda2967a3e628fbc08e88f2a331a6962f073bdec,2024-10-23T15:12:34.673000
@ -242628,11 +242629,14 @@ CVE-2024-10488,0,0,7346b6eaf332ef0f3d30192e4578058fcf0f40274edc042ffd9fdc443715a
CVE-2024-1049,0,0,bd86fa3ef2f3a9c880f8a662bf41f8b013cc8d0ec2ff1efa897f3a7402b5b977,2024-03-25T01:51:01.223000
CVE-2024-10491,0,0,bcf9eb04580934858978db75a48b33b2b8a0e47c12b6f521cfeb7a488154906e,2024-10-29T17:15:03.853000
CVE-2024-1050,0,0,f9f89980ca3ef0ce2f5e1044207260b8a92a6effafa867ba6315fdcbfcd0b749,2024-05-06T12:44:56.377000
CVE-2024-10500,1,1,81d535dbac4df1837877526cfdf7548c2eaa3351dc6d64106701c6037a0c7933,2024-10-30T01:15:02.803000
CVE-2024-10501,1,1,292e0c63886751f2ccd49ef4c3d140301e1a7cbb898ebc15583b8b8e00402acf,2024-10-30T01:15:03.107000
CVE-2024-10502,1,1,d6ffb011626f1c1dbbc8d4622abdedb7e203e8935c0db5d35bf55464e9cbd02d,2024-10-30T01:15:03.377000
CVE-2024-10503,1,1,53bb49dade9742e3a0f1152f6578f325c27b8ddb13655063a5f4afecc489b9c5,2024-10-30T01:15:03.653000
CVE-2024-10505,1,1,6d6e100b25c60406edea8f47c5d2549af8d11bf1c28e0482a6a4b39d84219591,2024-10-30T02:15:02.430000
CVE-2024-10500,0,0,81d535dbac4df1837877526cfdf7548c2eaa3351dc6d64106701c6037a0c7933,2024-10-30T01:15:02.803000
CVE-2024-10501,0,0,292e0c63886751f2ccd49ef4c3d140301e1a7cbb898ebc15583b8b8e00402acf,2024-10-30T01:15:03.107000
CVE-2024-10502,0,0,d6ffb011626f1c1dbbc8d4622abdedb7e203e8935c0db5d35bf55464e9cbd02d,2024-10-30T01:15:03.377000
CVE-2024-10503,0,0,53bb49dade9742e3a0f1152f6578f325c27b8ddb13655063a5f4afecc489b9c5,2024-10-30T01:15:03.653000
CVE-2024-10505,0,0,6d6e100b25c60406edea8f47c5d2549af8d11bf1c28e0482a6a4b39d84219591,2024-10-30T02:15:02.430000
CVE-2024-10506,1,1,b6bcdd833738fb873edd61b4251e2f14923ebc95b84b24021d0301b0654d76fd,2024-10-30T03:15:03.490000
CVE-2024-10507,1,1,f0d511f24f84b9e0af273e44e1eadb29e82d53fc80607d0bb45b0fad15f5c994,2024-10-30T03:15:03.777000
CVE-2024-10509,1,1,a617a52391f6a05c8db7614b66d9896a1a6ac7734326993025e7a689a1eda8b8,2024-10-30T03:15:04.060000
CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000
CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000
CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000
@ -266821,6 +266825,7 @@ CVE-2024-8623,0,0,b38d11e5ea040f7d1c1df76eb8b329847342918d3746a88d315f2eac790411
CVE-2024-8624,0,0,1732629a73b0f7a73256425937c92b86f35ca441eabdeb398d592189eec06617,2024-09-26T16:45:40.470000
CVE-2024-8625,0,0,f79ace646c1451369693b1b55d98f664dd2f063ae53ec6e9cd8ea8f5cea7ce35,2024-10-24T13:56:29.230000
CVE-2024-8626,0,0,0a3a6a067accd62c7f1e4362c07a97c5507716edc2a0ef32e9c35b5c51ec20a4,2024-10-10T12:56:30.817000
CVE-2024-8627,1,1,2742a6efa451b45c28d6643275d527fe01f9196c77200c91fcabcbf65528712c,2024-10-30T03:15:04.360000
CVE-2024-8628,0,0,eae51dc9330e4c3449bbbf5b2aafba06ad0db1b999ee8c88380618befb3102be,2024-09-26T16:42:16.700000
CVE-2024-8629,0,0,6c9063bb86e9be09fbe263c2afa91e0d043c7779d47db076384be2da04357d8a,2024-10-10T12:56:30.817000
CVE-2024-8630,0,0,c5e92ea3475e7fdf4ce18793c10b7cc1fb102a32792867098f992a914ab99d4c,2024-10-16T13:15:59.997000
@ -266940,6 +266945,7 @@ CVE-2024-8787,0,0,697959dd00ebdc9b4d866bc462eeca4254ff62268820b8cc5f18a9f4531e0e
CVE-2024-8788,0,0,109bf9bb3aa314390f1c0b3dee4d54ea5d0e02bbb648b956ffff0a9dad06b2f6,2024-10-03T17:25:41.467000
CVE-2024-8790,0,0,c35e20798e104d347809d26eec2137cb82ecdc52b92a3f74d2215cdbc40f5b61,2024-10-29T14:44:59.497000
CVE-2024-8791,0,0,fb5b0ac36efac34bc9b2b46a1f471f8bc629f8b19dafbbe4161ffb4834ecffd5,2024-09-26T16:25:34.120000
CVE-2024-8792,1,1,74e5a132063a8e877d62f04206c399f8620c3aa8ad04865f02910ca59a5a9340,2024-10-30T03:15:04.583000
CVE-2024-8793,0,0,959b266c850b42df4ff44733c3776bf7c1d0fcf64b78d7cab419106b5de40dbb,2024-10-07T16:04:08.490000
CVE-2024-8794,0,0,71d6f226610d884ee512fa4051f8594e0cafa29b4878c9ac672c3de2ccd4c022,2024-09-26T16:23:46.740000
CVE-2024-8795,0,0,f7b3fc89482c22947a1a26e63d2f04d7dee1f77ad827021897b332709b04072d,2024-09-26T16:46:55.587000
@ -267510,6 +267516,7 @@ CVE-2024-9826,0,0,f055ba36c13c64a3425af7e05687af44ba51a02833bdf92ca35753b6555971
CVE-2024-9827,0,0,0ce926864705d882b9206f44ad5850e01c01381e4edb18a7c9d371fbfbb84269,2024-10-29T22:15:09.100000
CVE-2024-9829,0,0,ea980a1e481fc86407edeb6f0040d6f4a6ff2d17edcbe8d18dd95381292ad49b,2024-10-25T16:30:44.520000
CVE-2024-9837,0,0,bb6af129df538114e71c369a037f26903d10504dcd81ada4fc7f4b05786c12dd,2024-10-15T12:57:46.880000
CVE-2024-9846,1,1,4cda348acaf5217ad89446643756920fc691c3a328063ad1ca6c9a149040f6ee,2024-10-30T03:15:04.820000
CVE-2024-9848,0,0,b402d34d635014e43cf3d9b875728458bb9e45308a715285ac01e2036b42d252,2024-10-22T16:42:25.867000
CVE-2024-9853,0,0,b003ea260222d309866f9bc6bcac4c0549c1930cf36d8d49eac92c8d99d9053c,2024-10-28T13:58:09.230000
CVE-2024-9855,0,0,f4067d5f9739a4a46f27ed071acd023bca1d9a27db9968d98f329af2e8d70e8b,2024-10-15T12:58:51.050000
@ -267524,6 +267531,9 @@ CVE-2024-9864,0,0,ecd679b570a8abacc1db8d694db02ae1ea10c97942981b05302fe359da1cbf
CVE-2024-9865,0,0,767ca346f0a1ff11496989a87fd401620d0792dff4b8ce54d6dd2bc8cbb6f984,2024-10-25T12:56:07.750000
CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000
CVE-2024-9873,0,0,54e1b937a83aa8c512a9ce3ab381594073150b73716fb01cf60c5f6e4db0c415,2024-10-16T16:38:14.557000
CVE-2024-9884,1,1,417fcaeff665ce444be5271328c7156afe396eff19491d0c993e59dfd89fa283,2024-10-30T03:15:05.067000
CVE-2024-9885,1,1,41e036b784dfedf39935804874e04e659e2fc01345a78ac0bc53175e7144eee8,2024-10-30T03:15:05.283000
CVE-2024-9886,1,1,c545b419b55e23b8837eadde37947a09b52060fa1f2d86998305777359f737c7,2024-10-30T03:15:05.507000
CVE-2024-9888,0,0,de5de1e3177c72ea1d0a5d19aa48b1693390bd1baf1f85524c962ffa2c18433f,2024-10-16T16:38:14.557000
CVE-2024-9889,0,0,ae2d8b3ae5ea45b7bf6ef4fc45ab8d1cf63876d506d81aa02cc186300793ec67,2024-10-21T17:10:22.857000
CVE-2024-9890,0,0,d7f68ba62671a34c8b89dcbd3c5c40cfcc4d5decfd7c261059a9e135d650d182,2024-10-28T13:58:09.230000

Can't render this file because it is too large.