From ace3cf1099ff785878f906fb66a1d7a505f2e02c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 26 Jun 2025 04:03:59 +0000 Subject: [PATCH] Auto-Update: 2025-06-26T04:00:19.741831+00:00 --- CVE-2025/CVE-2025-38xx/CVE-2025-3863.json | 68 +++++++++++++++++++++++ CVE-2025/CVE-2025-43xx/CVE-2025-4334.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-52xx/CVE-2025-5275.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-54xx/CVE-2025-5488.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5535.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5540.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5559.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5564.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5588.json | 68 +++++++++++++++++++++++ CVE-2025/CVE-2025-55xx/CVE-2025-5590.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-58xx/CVE-2025-5812.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-58xx/CVE-2025-5813.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-59xx/CVE-2025-5929.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-59xx/CVE-2025-5932.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-62xx/CVE-2025-6258.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-62xx/CVE-2025-6290.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-63xx/CVE-2025-6378.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-63xx/CVE-2025-6383.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-65xx/CVE-2025-6537.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-65xx/CVE-2025-6538.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-65xx/CVE-2025-6540.json | 60 ++++++++++++++++++++ CVE-2025/CVE-2025-65xx/CVE-2025-6546.json | 60 ++++++++++++++++++++ README.md | 36 +++++++++--- _state.csv | 30 ++++++++-- 24 files changed, 1401 insertions(+), 13 deletions(-) create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3863.json create mode 100644 CVE-2025/CVE-2025-43xx/CVE-2025-4334.json create mode 100644 CVE-2025/CVE-2025-52xx/CVE-2025-5275.json create mode 100644 CVE-2025/CVE-2025-54xx/CVE-2025-5488.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5535.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5540.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5559.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5564.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5588.json create mode 100644 CVE-2025/CVE-2025-55xx/CVE-2025-5590.json create mode 100644 CVE-2025/CVE-2025-58xx/CVE-2025-5812.json create mode 100644 CVE-2025/CVE-2025-58xx/CVE-2025-5813.json create mode 100644 CVE-2025/CVE-2025-59xx/CVE-2025-5929.json create mode 100644 CVE-2025/CVE-2025-59xx/CVE-2025-5932.json create mode 100644 CVE-2025/CVE-2025-62xx/CVE-2025-6258.json create mode 100644 CVE-2025/CVE-2025-62xx/CVE-2025-6290.json create mode 100644 CVE-2025/CVE-2025-63xx/CVE-2025-6378.json create mode 100644 CVE-2025/CVE-2025-63xx/CVE-2025-6383.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6537.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6538.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6540.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6546.json diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3863.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3863.json new file mode 100644 index 00000000000..f911ebf339a --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3863.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-3863", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:20.200", + "lastModified": "2025-06-26T02:15:20.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin\u2019s support\u2010form handler to send arbitrary emails to the site\u2019s support address." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/post-carousel-slider-for-elementor/tags/1.5.0/support-page/class-support-page.php#L28", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3316424%40post-carousel-slider-for-elementor&new=3316424%40post-carousel-slider-for-elementor&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/post-carousel-slider-for-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b92afdf-51e0-4cf5-9f2b-997b9ff98b23?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4334.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4334.json new file mode 100644 index 00000000000..7c51f0932f2 --- /dev/null +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4334.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4334", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.173", + "lastModified": "2025-06-26T02:15:21.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/class.register.php#L135", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-52xx/CVE-2025-5275.json b/CVE-2025/CVE-2025-52xx/CVE-2025-5275.json new file mode 100644 index 00000000000..4f04fcc8f99 --- /dev/null +++ b/CVE-2025/CVE-2025-52xx/CVE-2025-5275.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5275", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:23.860", + "lastModified": "2025-06-26T03:15:23.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\r\nThis issue was partially fixed in version 1.8.6.1 and fully fixed in version 1.8.6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.5.3/templates/form-fields/checkbox.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/453d8918-32dc-43d6-8969-71f719536891?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-54xx/CVE-2025-5488.json b/CVE-2025/CVE-2025-54xx/CVE-2025-5488.json new file mode 100644 index 00000000000..234abe7d889 --- /dev/null +++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5488.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5488", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.333", + "lastModified": "2025-06-26T02:15:21.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-masonry-infinite-scroll/trunk/includes/functions.php#L227", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3314905%40wp-masonry-infinite-scroll&new=3314905%40wp-masonry-infinite-scroll&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/656c6236-55e6-4989-8f3d-2d2f81ab0093?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5535.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5535.json new file mode 100644 index 00000000000..bce9474f06d --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5535.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5535", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.493", + "lastModified": "2025-06-26T02:15:21.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/enigma-buttons/trunk/enigma-buttons.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c570533-1a67-46ad-9d29-35f70ae3bb6a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5540.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5540.json new file mode 100644 index 00000000000..ede281eb6be --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5540.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5540", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.650", + "lastModified": "2025-06-26T02:15:21.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-easy-events/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f09ffc02-bfed-4aa3-a3d3-58e188b3e147?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5559.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5559.json new file mode 100644 index 00000000000..c4abf239479 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5559.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5559", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.807", + "lastModified": "2025-06-26T02:15:21.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'timezonecalculator_output' shortcode in all versions up to, and including, 3.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/timezonecalculator/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e1a9ab-9ba9-45ff-aecd-b8953abc653a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5564.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5564.json new file mode 100644 index 00000000000..0a612c67657 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5564.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5564", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:21.957", + "lastModified": "2025-06-26T02:15:21.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gc_social_wall' shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/gc-social-wall/trunk/GCSocialWall.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe548ce-5dc9-4073-b755-d28e37720808?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5588.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5588.json new file mode 100644 index 00000000000..8048fe95f9d --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5588.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-5588", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.107", + "lastModified": "2025-06-26T02:15:22.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018download\u2019 parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/image-editor-by-pixo/trunk/frontend.php#L42", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3315303/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/image-editor-by-pixo/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1036a34d-ec03-4bec-8455-02c83fdb8b36?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-55xx/CVE-2025-5590.json b/CVE-2025/CVE-2025-55xx/CVE-2025-5590.json new file mode 100644 index 00000000000..327468e6513 --- /dev/null +++ b/CVE-2025/CVE-2025-55xx/CVE-2025-5590.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5590", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.260", + "lastModified": "2025-06-26T02:15:22.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/responsive-owl-carousel/trunk/query/db_gallery.php#L57", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/responsive-owl-carousel/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1f230f5-d40c-43b2-82f2-c920dca9707f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-58xx/CVE-2025-5812.json b/CVE-2025/CVE-2025-58xx/CVE-2025-5812.json new file mode 100644 index 00000000000..ea0a77c950b --- /dev/null +++ b/CVE-2025/CVE-2025-58xx/CVE-2025-5812.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5812", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.420", + "lastModified": "2025-06-26T02:15:22.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/vgw-metis/trunk/classes/admin.php#L422", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9edcbdc-5b01-4880-95ec-57d87ccbb472?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-58xx/CVE-2025-5813.json b/CVE-2025/CVE-2025-58xx/CVE-2025-5813.json new file mode 100644 index 00000000000..0041e426736 --- /dev/null +++ b/CVE-2025/CVE-2025-58xx/CVE-2025-5813.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5813", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:24.800", + "lastModified": "2025-06-26T03:15:24.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/import-products-to-wc/trunk/inc/functions.php#L266", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5929.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5929.json new file mode 100644 index 00000000000..2df0d51d4e7 --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5929.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5929", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:24.953", + "lastModified": "2025-06-26T03:15:24.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018clientId\u2019 parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/the-countdown/tags/2.0.1/the-countdown.php#L95", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/the-countdown/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34578df8-661c-4c54-b06c-e1d787ca3c55?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5932.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5932.json new file mode 100644 index 00000000000..002e2878a7d --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5932.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5932", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:25.110", + "lastModified": "2025-06-26T03:15:25.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/homerunner-smartcheckout/tags/1.0.29/classes/class-settings.php#L319", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36eaff34-50cd-4399-8314-19ae4f50d017?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-62xx/CVE-2025-6258.json b/CVE-2025/CVE-2025-62xx/CVE-2025-6258.json new file mode 100644 index 00000000000..a4332c04258 --- /dev/null +++ b/CVE-2025/CVE-2025-62xx/CVE-2025-6258.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6258", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.573", + "lastModified": "2025-06-26T02:15:22.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-soundsystem/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f027626a-471c-48aa-add6-7597254dcfa9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-62xx/CVE-2025-6290.json b/CVE-2025/CVE-2025-62xx/CVE-2025-6290.json new file mode 100644 index 00000000000..5ba5c4b1c09 --- /dev/null +++ b/CVE-2025/CVE-2025-62xx/CVE-2025-6290.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6290", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.733", + "lastModified": "2025-06-26T02:15:22.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/tournament-bracket-generator/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdde01aa-2d38-4085-b11a-ef8633ee928a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-63xx/CVE-2025-6378.json b/CVE-2025/CVE-2025-63xx/CVE-2025-6378.json new file mode 100644 index 00000000000..a9c00894df9 --- /dev/null +++ b/CVE-2025/CVE-2025-63xx/CVE-2025-6378.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6378", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:22.887", + "lastModified": "2025-06-26T02:15:22.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/responsive-food-and-drink-menu/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/342ccae4-2e77-4a4f-963f-689b882eb7f0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-63xx/CVE-2025-6383.json b/CVE-2025/CVE-2025-63xx/CVE-2025-6383.json new file mode 100644 index 00000000000..cb235caf9f0 --- /dev/null +++ b/CVE-2025/CVE-2025-63xx/CVE-2025-6383.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6383", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:23.040", + "lastModified": "2025-06-26T02:15:23.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's photonav shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-photonav/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c07054e1-b6c9-4e70-aece-09f81bb418ef?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6537.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6537.json new file mode 100644 index 00000000000..7d99dd39728 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6537.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6537", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:25.277", + "lastModified": "2025-06-26T03:15:25.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018playicon_title\u2019 parameter in all versions up to, and including, 1.2.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/namasha-by-mdesign/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f7616d0-7b42-4b2e-8378-18c24c7bf22b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6538.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6538.json new file mode 100644 index 00000000000..10e5e2d62f9 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6538.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6538", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T02:15:23.190", + "lastModified": "2025-06-26T02:15:23.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/post-rating-and-review/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12a89b8f-554c-4d92-adb2-ec84138d568d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6540.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6540.json new file mode 100644 index 00000000000..0c31f6fcb39 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6540.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6540", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:25.430", + "lastModified": "2025-06-26T03:15:25.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018slug\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/web-cam/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d2954c-762c-4bdc-8469-7fe19f4e980d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-65xx/CVE-2025-6546.json b/CVE-2025/CVE-2025-65xx/CVE-2025-6546.json new file mode 100644 index 00000000000..23461f94a82 --- /dev/null +++ b/CVE-2025/CVE-2025-65xx/CVE-2025-6546.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-6546", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-26T03:15:25.587", + "lastModified": "2025-06-26T03:15:25.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tablecssclass\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/drive-folder-embeder/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86b21472-6a76-4d7b-84ff-f8b79c052aba?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 339d9593a22..d2111c60e54 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-26T02:00:19.383283+00:00 +2025-06-26T04:00:19.741831+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-26T01:15:20.083000+00:00 +2025-06-26T03:15:25.587000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -299378 +299400 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `22` +- [CVE-2025-3863](CVE-2025/CVE-2025-38xx/CVE-2025-3863.json) (`2025-06-26T02:15:20.200`) +- [CVE-2025-4334](CVE-2025/CVE-2025-43xx/CVE-2025-4334.json) (`2025-06-26T02:15:21.173`) +- [CVE-2025-5275](CVE-2025/CVE-2025-52xx/CVE-2025-5275.json) (`2025-06-26T03:15:23.860`) +- [CVE-2025-5488](CVE-2025/CVE-2025-54xx/CVE-2025-5488.json) (`2025-06-26T02:15:21.333`) +- [CVE-2025-5535](CVE-2025/CVE-2025-55xx/CVE-2025-5535.json) (`2025-06-26T02:15:21.493`) +- [CVE-2025-5540](CVE-2025/CVE-2025-55xx/CVE-2025-5540.json) (`2025-06-26T02:15:21.650`) +- [CVE-2025-5559](CVE-2025/CVE-2025-55xx/CVE-2025-5559.json) (`2025-06-26T02:15:21.807`) +- [CVE-2025-5564](CVE-2025/CVE-2025-55xx/CVE-2025-5564.json) (`2025-06-26T02:15:21.957`) +- [CVE-2025-5588](CVE-2025/CVE-2025-55xx/CVE-2025-5588.json) (`2025-06-26T02:15:22.107`) +- [CVE-2025-5590](CVE-2025/CVE-2025-55xx/CVE-2025-5590.json) (`2025-06-26T02:15:22.260`) +- [CVE-2025-5812](CVE-2025/CVE-2025-58xx/CVE-2025-5812.json) (`2025-06-26T02:15:22.420`) +- [CVE-2025-5813](CVE-2025/CVE-2025-58xx/CVE-2025-5813.json) (`2025-06-26T03:15:24.800`) +- [CVE-2025-5929](CVE-2025/CVE-2025-59xx/CVE-2025-5929.json) (`2025-06-26T03:15:24.953`) +- [CVE-2025-5932](CVE-2025/CVE-2025-59xx/CVE-2025-5932.json) (`2025-06-26T03:15:25.110`) +- [CVE-2025-6258](CVE-2025/CVE-2025-62xx/CVE-2025-6258.json) (`2025-06-26T02:15:22.573`) +- [CVE-2025-6290](CVE-2025/CVE-2025-62xx/CVE-2025-6290.json) (`2025-06-26T02:15:22.733`) +- [CVE-2025-6378](CVE-2025/CVE-2025-63xx/CVE-2025-6378.json) (`2025-06-26T02:15:22.887`) +- [CVE-2025-6383](CVE-2025/CVE-2025-63xx/CVE-2025-6383.json) (`2025-06-26T02:15:23.040`) +- [CVE-2025-6537](CVE-2025/CVE-2025-65xx/CVE-2025-6537.json) (`2025-06-26T03:15:25.277`) +- [CVE-2025-6538](CVE-2025/CVE-2025-65xx/CVE-2025-6538.json) (`2025-06-26T02:15:23.190`) +- [CVE-2025-6540](CVE-2025/CVE-2025-65xx/CVE-2025-6540.json) (`2025-06-26T03:15:25.430`) +- [CVE-2025-6546](CVE-2025/CVE-2025-65xx/CVE-2025-6546.json) (`2025-06-26T03:15:25.587`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `0` -- [CVE-2019-6693](CVE-2019/CVE-2019-66xx/CVE-2019-6693.json) (`2025-06-26T01:00:02.147`) -- [CVE-2024-0769](CVE-2024/CVE-2024-07xx/CVE-2024-0769.json) (`2025-06-26T01:00:02.147`) -- [CVE-2024-45497](CVE-2024/CVE-2024-454xx/CVE-2024-45497.json) (`2025-06-26T01:15:20.083`) -- [CVE-2024-54085](CVE-2024/CVE-2024-540xx/CVE-2024-54085.json) (`2025-06-26T01:00:02.147`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 856555aacdd..c1c641eb8c5 100644 --- a/_state.csv +++ b/_state.csv @@ -141655,7 +141655,7 @@ CVE-2019-6689,0,0,33653f4885b2c487576adc6be2c41b0913486fec5c0f86a3fbfb189c1b52ff CVE-2019-6690,0,0,24841054c9c4d39a7f42c16ffeccfe4f602ed4cc12db97d5b9d3e695b6f796c6,2024-11-21T04:46:57.777000 CVE-2019-6691,0,0,9c1e2ddef2996e1f0fb57bdfa5ff34a0f4f4f8fc06c2750be580076bfe1cbc67,2024-11-21T04:46:57.947000 CVE-2019-6692,0,0,c83d1d50fe9e3ea13be08e666bbaabb816719df64e41ca182df3073131b01bfd,2024-11-21T04:46:58.077000 -CVE-2019-6693,0,1,d8c230d03d93c7c5f53c48b01992969c34ac30c28bd3be0d657bf8bcb057f1f9,2025-06-26T01:00:02.147000 +CVE-2019-6693,0,0,d8c230d03d93c7c5f53c48b01992969c34ac30c28bd3be0d657bf8bcb057f1f9,2025-06-26T01:00:02.147000 CVE-2019-6695,0,0,fc502f1b40596ca611edc216601ae543e662cbd59fe73e51f3b186e669ce96b1,2024-11-21T04:46:58.287000 CVE-2019-6696,0,0,69eed40a4a0cae512f578bd58c40d9921b883eb5441c5059e04af319e29f1622,2024-11-21T04:46:58.393000 CVE-2019-6697,0,0,79a8f4c2b14c846241f673482acf41dfdf355f1fa9f1b5c450606989c2c6a4bd,2025-03-17T14:15:16.567000 @@ -245174,7 +245174,7 @@ CVE-2024-0765,0,0,147924df3c2a99e28ac84acf5407b5a7987726a2c64f3e2adccb459d5985f3 CVE-2024-0766,0,0,8d8b47eb35ac4fbeaf262a06f0eddbbba34c1a2755f916cda469cbece9f642de,2025-01-08T18:43:16.317000 CVE-2024-0767,0,0,a7ee481ab1c66b7c498da64ae1084c6748849512829a473ad9f194f786a0f5bb,2025-01-08T18:42:46.573000 CVE-2024-0768,0,0,91bcda62ea828832b073b37c60b407aec931c03659bedab78b2dbf7b33dc45cb,2025-01-08T18:42:05.587000 -CVE-2024-0769,0,1,c7297b06751c619100363f70be7c1ce52d1a3c64cbb68ebbc5e9f81d5b526fa4,2025-06-26T01:00:02.147000 +CVE-2024-0769,0,0,c7297b06751c619100363f70be7c1ce52d1a3c64cbb68ebbc5e9f81d5b526fa4,2025-06-26T01:00:02.147000 CVE-2024-0770,0,0,aa612333eb176e6028f7918ce18a4aa38bcb21688669aa13f59c2d5bff87865a,2024-11-21T08:47:20.020000 CVE-2024-0771,0,0,787c709b50080c9e3e387feda8598650487f948af1881a094925b288f94ee3c4,2024-11-21T08:47:20.167000 CVE-2024-0772,0,0,11c44bbc7d313553d3abc0d43a5d3567962f2383088d45c3a3c23d148c3e5d5b,2024-11-21T08:47:20.320000 @@ -269987,7 +269987,7 @@ CVE-2024-45493,0,0,63ded12e1cce66753793ae82bef6c61efd91f10fe98a5bd1c054c3ddfbe0b CVE-2024-45494,0,0,e62b8176d74731dfdb1c9ebc3d4575fcabd14aac12deeb9776633eac1b50aecb,2024-12-17T19:15:06.497000 CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000 CVE-2024-45496,0,0,f647c5447ed213c353caf91ddf707bc78331ddddcd98c233146cc0a0d9ee301a,2025-01-09T09:15:07.600000 -CVE-2024-45497,0,1,15a69b199522691c8781b1273e413826a6ff0aa74ebc9b35334fa99141f1eb3d,2025-06-26T01:15:20.083000 +CVE-2024-45497,0,0,15a69b199522691c8781b1273e413826a6ff0aa74ebc9b35334fa99141f1eb3d,2025-06-26T01:15:20.083000 CVE-2024-45498,0,0,1b37b8abea607b55d06bdeca0f52a798741defd10e0d0992aaa1892048a4a705,2025-06-03T21:12:43.280000 CVE-2024-4550,0,0,d020c2baa57a4c8c78c6437cdbbe1c555a0bddf99dab5627801ef1d8b20c6e80,2024-09-14T11:47:14.677000 CVE-2024-45504,0,0,117e3b0ea98f4e26734959281e27af071785e94eccc716f5288207bae003b1cf,2024-11-04T21:35:09.173000 @@ -276341,7 +276341,7 @@ CVE-2024-5408,0,0,fa6b3cfb5fa0c30106c5ac3ea6add5195e2bf0919853555e00f52962c2a69b CVE-2024-54082,0,0,65aa9ae45e1268a98d7772f17453032df41f59a165b23f820cdeaede4b477a68,2024-12-23T01:15:07.840000 CVE-2024-54083,0,0,5fd9cfa9d541ec1d140263f1195469b624b1e1b6173ea5643199f37a0fe69372,2024-12-16T08:15:05.317000 CVE-2024-54084,0,0,c1aee3e143998bbdc982177558f44486e207fe61fab43f3469a59c234690bf0a,2025-03-11T14:15:22.730000 -CVE-2024-54085,0,1,8b13a638f704c8dce87a036d48dd0f5160f3ecf9111ea4536d9d68c5ba5b9e77,2025-06-26T01:00:02.147000 +CVE-2024-54085,0,0,8b13a638f704c8dce87a036d48dd0f5160f3ecf9111ea4536d9d68c5ba5b9e77,2025-06-26T01:00:02.147000 CVE-2024-54089,0,0,efd2198ce361ea992eb01ea5caf6a93dad81fb83e8cf416236617bce8d42af11,2025-02-11T11:15:15.423000 CVE-2024-5409,0,0,e57e1ade9406d6824e9de4b5fb59a028c0cc0d3b407f2e5791339282678e1347,2025-06-05T15:31:08.950000 CVE-2024-54090,0,0,66ce7fba27ae90aef333be57d6145501dc74f76ec68d084b34f2e2ffb0d19de5,2025-02-11T11:15:15.647000 @@ -294514,6 +294514,7 @@ CVE-2025-3859,0,0,a29a57ac270a67a8a80d7a27d65d1908e1a6341184cc826f13ca8a179d89bf CVE-2025-3860,0,0,fca8c022ec9b8f06256fbd6a7ef809d716eebdf10997075b00d5c8b65a08bd5e,2025-05-07T14:13:20.483000 CVE-2025-3861,0,0,814eb53ad48b43f5db92e3f7ea50ed6f51b228179421c817444bf02a986a6f31,2025-04-29T13:52:28.490000 CVE-2025-3862,0,0,d676afb0370748c9bc07d4c1748785041cfa500a37f539792fa3e468cbee2ce9,2025-06-04T22:57:04.867000 +CVE-2025-3863,1,1,051743fb7901f678ad274e5cad844d9f6ab749cf33ee2244323514fab760867d,2025-06-26T02:15:20.200000 CVE-2025-38637,0,0,8e0b7e01cf5cda931d029a9556a083a2937b1ed905193fce11df065c9e8763f0,2025-04-21T14:23:45.950000 CVE-2025-3864,0,0,444a554174f3a166bd8cf43652805e71b133026b842d6829548d5a78647f68f0,2025-05-28T15:01:30.720000 CVE-2025-3866,0,0,0e2c2da6f7c5d300ded32bf87bd65ab48909f1dbdb45bd4cb4a0436c226bf428,2025-04-29T13:52:28.490000 @@ -295374,6 +295375,7 @@ CVE-2025-4330,0,0,5d9f2f2e94c28a255aef99ed9b2622d78e58d1ab200918355adc9207ccd7a5 CVE-2025-4331,0,0,620e0da85354d81a367a41b7f2e39eeaeb31d846f9c0b35d1175b07ed628b224,2025-05-17T15:15:46.090000 CVE-2025-4332,0,0,f51566d2c2117f4ce873997a23ff694b3ee5f9b5aad203a2e1da6e04a305fea2,2025-06-05T06:15:26.503000 CVE-2025-4333,0,0,df346cc767abe9739cdcb38e3128deec2b82a2cef52e4ce255a43a7764d0a6a8,2025-05-07T14:13:20.483000 +CVE-2025-4334,1,1,a286c8ed1280bc37f7dfd503f06a37cb37637a6d6585bc7ed1d61715dab85cbe,2025-06-26T02:15:21.173000 CVE-2025-4335,0,0,ab91d891d4885edde448eb60f8fb4e6853bc982358f87a0b04b64a0f12c1f76e,2025-05-07T14:13:20.483000 CVE-2025-4336,0,0,2e09e9c7f36f335133de8594c5c6fd52aee442ec37ac35149b98164c79dc716d,2025-05-28T14:58:52.920000 CVE-2025-4337,0,0,4522348444d62dbf38c10428a5add541d62bce2e026e5fb205cdcb7ae118d727,2025-05-07T14:13:35.980000 @@ -298381,6 +298383,7 @@ CVE-2025-52719,0,0,5255f49aee70f7be6419c1cdeb90569664f1a4ea7bb1bbf43ecce1b8104cc CVE-2025-5272,0,0,b1d0c7e19ac36597fb989e72bcee09751441797b45636fb052ca12e726df56d9,2025-06-11T12:15:28.840000 CVE-2025-5273,0,0,7a172885547dbfa68292354132d6eab77847bfdd0e0f37bfe0a33c637c28685a,2025-05-29T14:29:50.247000 CVE-2025-52733,0,0,7b459b7ccea847e17c1de3d7bfd534831df085ed8c830c3122c8262c5439f0d8,2025-06-23T20:16:40.143000 +CVE-2025-5275,1,1,04321eb09ec4e72dff93de1f0cf16bdbb1c823d01c136d823f8510035ed011ab,2025-06-26T03:15:23.860000 CVE-2025-5276,0,0,39d67915dab7ad2300f3ccd3a288fcee1075e32b914c45ad140eb6b7725be52b,2025-05-29T14:29:50.247000 CVE-2025-5277,0,0,ba5aa3a145e9e2e34ac18c63e7fe60e94ac49ba4d7121cc0bc36eebe3309abbf,2025-05-28T15:01:30.720000 CVE-2025-52772,0,0,deb02b2d983c296f8b89a2559d4d4f189f1c6c676131c9feadcc246a08a5cc14,2025-06-23T20:16:40.143000 @@ -298578,6 +298581,7 @@ CVE-2025-5484,0,0,ff712dd03f32af2310b571323993d06900491354a9de82d92a7ba8f6cd5858 CVE-2025-5485,0,0,2e860e2d57c553742a7a4058b06e9ead83d36be7b50569039a067969f103feac,2025-06-16T12:32:18.840000 CVE-2025-5486,0,0,403a5f3fdf24114225af88123fd5df41b3fe4d4616779e15f6218229399593fb,2025-06-06T14:07:28.330000 CVE-2025-5487,0,0,a2325d70b19f1faa0bb78067f87ae57fb5952acc710d0b21151f32c03c4f828a,2025-06-16T12:32:18.840000 +CVE-2025-5488,1,1,7c6f4a8e66c3e6329b60c68d1d0c25842d0e742eb9b1087e52a93734e96da8de,2025-06-26T02:15:21.333000 CVE-2025-5490,0,0,ae0db7563bfaffe8e884eaa92f842e80befdab4bd604a8d298dc725c53842b04,2025-06-23T20:16:59.783000 CVE-2025-5491,0,0,bde4a3997792f29e78b23bdff62128712428eb2913e7a1e844f896d042cfe900,2025-06-16T12:32:18.840000 CVE-2025-5492,0,0,5239a7cb50dec6b348e683d7a6c48897854a921e0d403f100d8eaef90a706bbd,2025-06-04T14:54:33.783000 @@ -298613,9 +298617,11 @@ CVE-2025-5531,0,0,6d27f31038761ad0a1ccad441f88039d5d4e8afb6e2422d32c208713130619 CVE-2025-5532,0,0,d307f7aa5ca0395a7c8a1bde45bdc53cca6e2426e0b9fc80212fdc7f65c5fbe7,2025-06-04T14:54:33.783000 CVE-2025-5533,0,0,2dfcccaae175c59c944126a99e8f6d8f65e21d5c385b8c2ddbbe92c2ba47ee00,2025-06-06T14:07:28.330000 CVE-2025-5534,0,0,d8177fc111cd48f21043a561bc59a4a7b9cde04803cd4201428282cfb06e0a32,2025-06-06T14:07:28.330000 +CVE-2025-5535,1,1,c0ab4ca7ccdb995a5bf18384d4a3ad00bdefc9d2a5cbb26b31d3545b146bcbe8,2025-06-26T02:15:21.493000 CVE-2025-5536,0,0,7df71d1dab0ddadc1cf40e48870e67453a2cbb15d8332fa14fab505e504c5a57,2025-06-06T14:07:28.330000 CVE-2025-5538,0,0,762f67a9ba2152c03c8ac60e588d19c417662c15009fd5c6802487e853ce4da9,2025-06-06T14:07:28.330000 CVE-2025-5539,0,0,298ac745dff309bfc9c32d271927b52132f95cd6835d223a8ca6e238897e44d1,2025-06-04T14:54:33.783000 +CVE-2025-5540,1,1,ddd9027c60ca8bddb793755da646b45d405b5d8e47b98a87d3eb0ff6244e3a54,2025-06-26T02:15:21.650000 CVE-2025-5541,0,0,391135ebadea81125a316a68624bd1db152869e9dddfca42493d694df648dd89,2025-06-06T14:07:28.330000 CVE-2025-5542,0,0,3ecc2ef85a02a09c9be7e6dbf30040d86ff640f6ba754495a5d8dbf30a0806ed,2025-06-06T18:47:37.757000 CVE-2025-5543,0,0,1ff545b0787bdb2f415332be5f3786ca673df4cb409c2ec190778560a2d9b13a,2025-06-06T18:47:47.150000 @@ -298633,10 +298639,12 @@ CVE-2025-5554,0,0,bb973700fe34126bf117ec751e38d204eccbaefe0d39d643366a25cffb57f4 CVE-2025-5556,0,0,1f63a7f5a7a91cd0b5f15f9dd5246b4bb97c1dcec71534f8a57046e817922924,2025-06-10T15:16:25.960000 CVE-2025-5557,0,0,fd128465c0bc90cacbb5b3b2d601b7eb1c9da01523b98b89dfee1d497f1d2b1a,2025-06-10T15:16:34.460000 CVE-2025-5558,0,0,8898e8aec84c9da1e1a971bfb5f9893e56cc9688fb9183de0f88cf551a2dfd4a,2025-06-10T15:16:47.660000 +CVE-2025-5559,1,1,1d6e55650d5543f262e71745ca74dd8ecfca13df1ef1f8a91f86b2e0bc6749b6,2025-06-26T02:15:21.807000 CVE-2025-5560,0,0,21018256a4a41226bbfdbee889a1ff65b3ac04e2a1b78f1fe7522235e9af56b5,2025-06-10T15:10:58.590000 CVE-2025-5561,0,0,37d583178eab41cfcaf572a9f55ac9ee56d529a81129a4bd0f0e52ba8e1b98bf,2025-06-10T15:10:51.040000 CVE-2025-5562,0,0,6240bc0a7dbaa1de6ee01e8085c281ab501398cc54d049e3ba52ef12d9151257,2025-06-10T15:10:36.680000 CVE-2025-5563,0,0,abd05332a66da82c0a84bbcebb55ce866c616ee358de4033b1bc944eee92c5bd,2025-06-06T14:07:28.330000 +CVE-2025-5564,1,1,5b1d77553cd5a1530739143ecb431d9f707863589140246dbf73bc8b7999e694,2025-06-26T02:15:21.957000 CVE-2025-5565,0,0,69057d9fcda3a9d391a6fdd2d36028e43e46d962e75d2a96d0e0e06e8f6deb95,2025-06-06T14:07:28.330000 CVE-2025-5566,0,0,779c860a161eb64dc6f40dd7f0ca399f4546b6e4ee22bf38748c51ae144c439c,2025-06-10T15:10:27.370000 CVE-2025-5568,0,0,3985b2b3c56041cfacfc47ea29b5076a771839690445a0941918b66a37c31945,2025-06-09T12:15:47.880000 @@ -298657,7 +298665,9 @@ CVE-2025-5583,0,0,b2ce656eeaab700a8a0873a3d565fbebe88a85c216d85c69e76524b9646991 CVE-2025-5584,0,0,554122312ccf631b36ad0ef789707a593ded0bc038e2cac6c090436b66fd53f2,2025-06-10T15:10:06.207000 CVE-2025-5585,0,0,a4b85e7f335ebebadeca6227d4a2158131bdc84c9a2d7b4b046eba3dd8869dc4,2025-06-25T03:15:27.853000 CVE-2025-5586,0,0,b91049de82efb55ef679cf10931aa4f56290c24a8f2fbf45be0281fcede07341,2025-06-06T14:07:28.330000 +CVE-2025-5588,1,1,5626172a29251dee94f65d38cf4f1de29e07cc45a9d9c73780c7b106a578e27c,2025-06-26T02:15:22.107000 CVE-2025-5589,0,0,6c79a04993e971b42452f3a0ae16618b76eb63bb362b0f3291c861226ed4734d,2025-06-16T12:32:18.840000 +CVE-2025-5590,1,1,4c9a0f1f06abc99afa9b7dc22d1d5cfce989ab08cfe9ad3abfc9b5156b26643c,2025-06-26T02:15:22.260000 CVE-2025-5592,0,0,36c388f33c323490a93ebd79d5f124d5f4fdc10d946cc1144d6e587fb6694158,2025-06-09T15:02:45.030000 CVE-2025-5593,0,0,6df395e5fe3476beb67761792da6574eda83b6d9a337db7d77d384194417b8ee,2025-06-13T01:00:11.693000 CVE-2025-5594,0,0,83e7fdcfac2ba201d4fe551d7608819296af218dfeb5718bd91a2cdb5f7cbdd0,2025-06-13T00:58:21.617000 @@ -298838,6 +298848,8 @@ CVE-2025-5797,0,0,ad9498e0c73f384fe58beb22ad071a4cb6570505f608f86f63afaab5c549b9 CVE-2025-5798,0,0,8b03aec99638c4fd5212301f04bb1a503506bf58d26bd5e5a5acb0c1110a52f9,2025-06-09T19:08:05.903000 CVE-2025-5799,0,0,50ad513413ffdd2c3157967aae0c57c4edcf2bbf0ff1ea794ba25c05cfcc425b,2025-06-09T19:07:59.197000 CVE-2025-5806,0,0,eced74af9a3bd847a96fe591b592713a189dcd85d66bd43936ab31bd4aa88aea,2025-06-09T12:15:47.880000 +CVE-2025-5812,1,1,397e5cb662e975a44c32b7c6b25044a893e71c9148bb71c73ada71636d8079cb,2025-06-26T02:15:22.420000 +CVE-2025-5813,1,1,589083b1e19960758d0640f940a9d3ef1fc847382ec343fb5d265702bb463fdc,2025-06-26T03:15:24.800000 CVE-2025-5814,0,0,a167867f53c6fadb9d3db3d4ef4e109f1fea46d1abeb35216542db72110fa696,2025-06-09T12:15:47.880000 CVE-2025-5815,0,0,3c63e526b28352a674f2d0faaef2707920143cb75a4277d3e7f975593f6cf816,2025-06-16T12:32:18.840000 CVE-2025-5820,0,0,b9ca733f7fe3ed3e4755dc87c7962fd7e35b781d4f99707bb6e28495b55dd7d0,2025-06-23T20:16:21.633000 @@ -298933,7 +298945,9 @@ CVE-2025-5925,0,0,74cb0f740f96269546a558716b8983e19baddafe2aff8e369ed86d426f6297 CVE-2025-5926,0,0,d101bf01d3fcfe0cdb9553376422f17ca8d863b6b3e856d7675080f3ca9408fd,2025-06-16T12:32:18.840000 CVE-2025-5927,0,0,cf3c733b39e9f1a3d73cd1694eb8e5bdf0dfa3a9dc6dd79673163c714eb1c6a3,2025-06-25T10:15:23.090000 CVE-2025-5928,0,0,bf8e560b30d16961d3816817e86769462398f4dfd1c11ce3fc0a5a6f046bebeb,2025-06-16T12:32:18.840000 +CVE-2025-5929,1,1,0846817d8701755360ffe4f201e55cce9ef8f0f3e797611fd6aeba6e25d75722,2025-06-26T03:15:24.953000 CVE-2025-5930,0,0,f247db24f36bcbf2f7d81e18a82d068f64b444dc019b1b0b868d92f5ff3fa36b,2025-06-16T12:32:18.840000 +CVE-2025-5932,1,1,120fc767c01f8f83911c198a47ca09f06c1fa58f79b43ef6f616e0fde004cc06,2025-06-26T03:15:25.110000 CVE-2025-5934,0,0,2b04aea49be1b2e817d664c8d52ff126b146b95757a60bd9875f5715a4755cac,2025-06-20T13:11:11.560000 CVE-2025-5935,0,0,c15a5d20553ffc7a7c30ae68f0e5f38be384091a8a588ccb546a6d6a87a9c526,2025-06-12T16:06:39.330000 CVE-2025-5938,0,0,de6ba49470711279279f27a904465957f8293ec15c3176c20b2597289d4c7b40,2025-06-16T12:32:18.840000 @@ -299096,6 +299110,7 @@ CVE-2025-6218,0,0,0c57dc44b918f69aa41dfa2cd45995e68693308920cd967c81e00d12734bb1 CVE-2025-6220,0,0,5f7d83b19f9a74deb42015750f7b5335a45a31dba8653fadb3cf8eaf78a671be,2025-06-18T13:47:40.833000 CVE-2025-6240,0,0,ba4da5fd605eca3c919532cf0a8a1661ebda5a87c35d4010c4dddeaa23d93e9a,2025-06-23T20:16:59.783000 CVE-2025-6257,0,0,cc91b7557b526c88672e08add1b684bde89a65ab4dd7fa052a99a1c1c9c823b5,2025-06-23T20:16:40.143000 +CVE-2025-6258,1,1,c1d8edec7d468e92f3e9dc85f27e051734880f1782e660281dd3399a60a45c48,2025-06-26T02:15:22.573000 CVE-2025-6264,0,0,f32dcf95c634dc2f1ab86702d3943727ebae8018b2fa6b536fe8be4f7c817392,2025-06-23T20:16:40.143000 CVE-2025-6266,0,0,83020883d3aae1b262b30700af6ace7e5c0118a4b262e735a3268c83525b299f,2025-06-23T20:16:59.783000 CVE-2025-6267,0,0,f67fce7007c3c00cf880637b4dba7c946432602560144eb3304995260da703c2,2025-06-23T20:16:59.783000 @@ -299120,6 +299135,7 @@ CVE-2025-6285,0,0,f8f105593a1c0a7dbe61c92b05ab2b4fa84eac49b6aca449cf8fcc6261594d CVE-2025-6286,0,0,0986e442b62971a42e733069c69f2b535595029d77fbaa4fa93e52b8d99f5a8f,2025-06-23T20:16:40.143000 CVE-2025-6287,0,0,1f0442e805994dfa210a8eb3aa304f70a76a3d031c0d44f5ffd1b0d3dde5756c,2025-06-23T20:16:40.143000 CVE-2025-6288,0,0,9ce149ad42505ec2b4ca64cb24a668e9a7b4bbe84cfa5abc98150f3205f4a2c1,2025-06-23T20:16:40.143000 +CVE-2025-6290,1,1,fd5137afaf81f121f32b5fb857c9bd0fbd66061602c501bf3307842726132473,2025-06-26T02:15:22.733000 CVE-2025-6291,0,0,d55175acbacd88914c9be973fe6f91be8167aa92b1c93ae033cdffad235834e1,2025-06-23T20:16:40.143000 CVE-2025-6292,0,0,ff04dbdfad10a3b13607f775be002341c1f09a7a43bda27cdc2a017c4c5d4f1d,2025-06-23T20:16:40.143000 CVE-2025-6293,0,0,51c953c2806e51616f5a3280e43a32ce3c0eb07cbfb8381ded97a6c641ce5cdc,2025-06-23T20:16:40.143000 @@ -299194,6 +299210,8 @@ CVE-2025-6372,0,0,57bd725e58155b22002b2fe27e5ef880df740adaf81477b1018fce26c7c218 CVE-2025-6373,0,0,fc3916a56b7bebb7f4afd8db9623b0c0b7ca6d04a407f196c28a44bfa23b9548,2025-06-25T20:10:16.027000 CVE-2025-6374,0,0,52c2a3762c3febff3f7133c40521ec4205f6d9bad96026808a9cc8ac3a049376,2025-06-25T20:10:23.920000 CVE-2025-6375,0,0,c5c7694dc72a40d77b42ca7bdac2085f0219ee2826ef00eb4a9804c963c5103e,2025-06-23T20:16:21.633000 +CVE-2025-6378,1,1,4bae6533b266242fb807bc0a127cda222645f947c6a6165e762e08dab1c919bb,2025-06-26T02:15:22.887000 +CVE-2025-6383,1,1,923abd40d7defc44a064873e16bfacdd6b268663910f7e0a8f9021f4030b3033,2025-06-26T02:15:23.040000 CVE-2025-6384,0,0,97aa0c1b3518730f2ff1ac0c6e40e6df53f12abb019ae8c41f191d17b86f6691,2025-06-23T20:16:40.143000 CVE-2025-6393,0,0,32247b5db96e134f65a8c77173062a4edd972dbb6c0ac396c8f0bf9ce435cde7,2025-06-23T20:16:21.633000 CVE-2025-6394,0,0,a6663654d9b1668d091d362eee2cdb7e6cb13133cb16bf86aada9168ce7b98ea,2025-06-25T20:12:10.560000 @@ -299306,8 +299324,12 @@ CVE-2025-6533,0,0,d492ee571eaee5df043f384c635c6ac246fddd4934afdb55035bafe65d55de CVE-2025-6534,0,0,4aaa4dbea2d1e21bce858b4566e1e92b835724c6fd1a3385ad07ba3ba2aacaa6,2025-06-25T13:15:27.137000 CVE-2025-6535,0,0,e42f1a6543dbf0ee5c229c993281b53636fa2406c8182d5b8ffaa7f8f3686b13,2025-06-24T14:15:31.237000 CVE-2025-6536,0,0,d013adec60ee7bce984765f553f00621206bf7b36426e84a34c5c79dd02e790d,2025-06-24T02:15:22.967000 +CVE-2025-6537,1,1,ff1e02454492e3a3242fcb4e59ec3fce144f672e062069dfa5e9266f582eff4f,2025-06-26T03:15:25.277000 +CVE-2025-6538,1,1,7bba3c14c2785d52af24c99e60ac079f7a141c76f0aa69aa013a97a3ef69dc50,2025-06-26T02:15:23.190000 +CVE-2025-6540,1,1,1e3b9bfa4edc5c0ae6fbd9d997a22ec00f49bd813e7b42df33fb652634c81dea,2025-06-26T03:15:25.430000 CVE-2025-6543,0,0,9aaa2725da776ce785d24f0dd5eecc89432fc6f7cf3f4439ec7f3a38a63ef19f,2025-06-25T13:15:27.293000 CVE-2025-6545,0,0,4a2e9a49fc7908d94e6672d7a2b53a6f95fca2e09b0d849d624a1d4044dc33c8,2025-06-23T20:16:21.633000 +CVE-2025-6546,1,1,7f4fed601cdb578810dd1a5cedbed6eeb0f6925914143ccccd7f3f890dcfc6cb,2025-06-26T03:15:25.587000 CVE-2025-6547,0,0,308fc321cf1c1a3e1d4bfaae0194d79b5c51460bd5056b984e695544d81bad19,2025-06-23T20:16:21.633000 CVE-2025-6551,0,0,28b300bbd8c144f51c63879310dc12af5cc8cc1da1c90b362d6276ed1d7f06a4,2025-06-24T14:15:31.390000 CVE-2025-6552,0,0,803ee4a1ec8be82f7a7266a0e0782f249d6c01547f2c273254ca519cada86f3d,2025-06-24T03:15:35.520000