Auto-Update: 2025-03-15T09:00:19.407672+00:00

2025-06-19 17:31:42 +00:00 · 2025-03-15 09:03:48 +00:00 · 2025-03-15 09:03:48 +00:00 · b58cf5727c
commit b58cf5727c
parent f99c11703f
5 changed files with 202 additions and 12 deletions
--- a/CVE-2019/CVE-2019-252xx/CVE-2019-25222.json
+++ b/CVE-2019/CVE-2019-252xx/CVE-2019-25222.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2019-25222",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-15T07:15:33.523",
+  "lastModified": "2025-03-15T07:15:33.523",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-thumbnail-slider/tags/1.0.4/wp-responsive-images-thumbnail-slider.php#L1326",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-thumbnail-slider/tags/1.0.5/wp-responsive-images-thumbnail-slider.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/wp-responsive-thumbnail-slider",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6023483-3fa5-4b85-9422-7d395abcfbd8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-21xx/CVE-2025-2157.json
+++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2157.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-2157",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2025-03-15T07:15:34.930",
+  "lastModified": "2025-03-15T07:15:34.930",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-922"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2025-2157",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351092",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-23xx/CVE-2025-2325.json
+++ b/CVE-2025/CVE-2025-23xx/CVE-2025-2325.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-2325",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-03-15T07:15:35.107",
+  "lastModified": "2025-03-15T07:15:35.107",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3251086%40wp-test-email&new=3251086%40wp-test-email&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a0a9ff8-ed93-4de9-ba49-730b2253c6a4?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-15T07:00:21.825115+00:00
+2025-03-15T09:00:19.407672+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-15T06:15:12.193000+00:00
+2025-03-15T07:15:35.107000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-285297
+285300
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `3`

- [CVE-2024-13497](CVE-2024/CVE-2024-134xx/CVE-2024-13497.json) (`2025-03-15T05:15:45.713`)
- [CVE-2025-1771](CVE-2025/CVE-2025-17xx/CVE-2025-1771.json) (`2025-03-15T05:15:47.253`)
- [CVE-2025-1773](CVE-2025/CVE-2025-17xx/CVE-2025-1773.json) (`2025-03-15T05:15:47.403`)
- [CVE-2025-30066](CVE-2025/CVE-2025-300xx/CVE-2025-30066.json) (`2025-03-15T06:15:12.193`)
+- [CVE-2019-25222](CVE-2019/CVE-2019-252xx/CVE-2019-25222.json) (`2025-03-15T07:15:33.523`)
+- [CVE-2025-2157](CVE-2025/CVE-2025-21xx/CVE-2025-2157.json) (`2025-03-15T07:15:34.930`)
+- [CVE-2025-2325](CVE-2025/CVE-2025-23xx/CVE-2025-2325.json) (`2025-03-15T07:15:35.107`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -138577,6 +138577,7 @@ CVE-2019-25219,0,0,1cb37836ebcc5b11769d9904fbdfa2fec545979ad1eccec7a99d4f7ebed29
 CVE-2019-2522,0,0,638737140f258e11051ee5bbdf0348d4d75583dff335dd9bacaf5548d0e7c058,2024-11-21T04:41:02.287000
 CVE-2019-25220,0,0,d816e7498110be9fdee3cfe309ef71779578ebdc0da778db7a8c501d80ff8668,2024-11-18T17:35:01.780000
 CVE-2019-25221,0,0,1df42d22725f30b375d9fa95a2ea36f97268cbdd206d333006cebd98ba4f48ba,2024-12-13T04:15:04.713000
+CVE-2019-25222,1,1,e48f512b72d147eb90f82048a82961bc399ff454a090ea1b4ad9e93c426e7278,2025-03-15T07:15:33.523000
 CVE-2019-2523,0,0,8dbf09cc09a9d36d5d379aecf44a233c56df498cda1cca6ed13442ba59e0191b,2024-11-21T04:41:02.417000
 CVE-2019-2524,0,0,e78029c84d578c9195f9dc77e1bc1d99a41eb834e1b9ea40680656159ff29559,2024-11-21T04:41:02.543000
 CVE-2019-2525,0,0,45bc199935b7701dbac60abc55ae16ce2ad0edb17c245390c2e47faaca8aac93,2024-11-21T04:41:02.660000
@ -247530,7 +247531,7 @@ CVE-2024-13493,0,0,42ff21ae6aacbec92978e0ea28bdc61ddb564d9f2d81f25e9d1e5dfa73ff8
 CVE-2024-13494,0,0,df89de1c8df07248517af2290bff81bf7153aa4d140a9b389da9d1731435daec,2025-02-28T01:30:32.830000
 CVE-2024-13495,0,0,7a8bc062291cac2ab3dfb8a0fb7feeecd31abf131df44b7d6a18b1140227b207,2025-01-24T20:46:53.307000
 CVE-2024-13496,0,0,192a8533534e044b339576d96e9cea7e19a2bbd248a7b183889cec35656a4f79,2025-01-24T20:45:57.463000
-CVE-2024-13497,1,1,ca5e47ae7c2dc1ee03040b1f35f13791be034da2df8526c0c9339f0e6b63b540,2025-03-15T05:15:45.713000
+CVE-2024-13497,0,0,ca5e47ae7c2dc1ee03040b1f35f13791be034da2df8526c0c9339f0e6b63b540,2025-03-15T05:15:45.713000
 CVE-2024-13498,0,0,77e6a8cf4d81104f905c38f77c45b2cd90487f916b046fcb4e6b362664e5c3fc,2025-03-12T06:15:21.360000
 CVE-2024-13499,0,0,6d635dc5b8c51f2804fa43df8b3beb018f4524a3b4ba54f25865b62cf92ed7dc,2025-01-24T20:37:12.533000
 CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a81697f,2024-11-21T08:50:23.313000
@ -281365,8 +281366,8 @@ CVE-2025-1757,0,0,dc2ff923c8c3145193c6561db00b356fb8535b7d409d9e1ae9c89572d47684
 CVE-2025-1764,0,0,a0772d13ae7c80ed5a68a77c5e9e29582c4c3cb8221fdf31ef9438995646ffb7,2025-03-14T06:15:24.860000
 CVE-2025-1767,0,0,2d7a67a49e2d8224d71f3f81db0cee88468897d8d69262d33481730c6124ca91,2025-03-13T21:15:43.127000
 CVE-2025-1768,0,0,c05b89cadd612720776009e6e0d5cd82f5ad65495c19a7bd41a71ec158195a94,2025-03-07T11:15:15.653000
-CVE-2025-1771,1,1,c171ed55fed0a4a64976e6e8eeb1698997415eae3c2cf608015436b6fb242c77,2025-03-15T05:15:47.253000
-CVE-2025-1773,1,1,795daaa3f258262b445a3a99a79426a4cfa2d8aa55ca3c162cbe1a93dbd5c998,2025-03-15T05:15:47.403000
+CVE-2025-1771,0,0,c171ed55fed0a4a64976e6e8eeb1698997415eae3c2cf608015436b6fb242c77,2025-03-15T05:15:47.253000
+CVE-2025-1773,0,0,795daaa3f258262b445a3a99a79426a4cfa2d8aa55ca3c162cbe1a93dbd5c998,2025-03-15T05:15:47.403000
 CVE-2025-1776,0,0,9f5910c7138c13ec1de71b228a6c2b4d183ead70b893aab7547c66452e55fc54,2025-02-28T14:15:35.943000
 CVE-2025-1780,0,0,3f45bedc6155c2b8b2fa77d1259dea132c1de7996dc227477ece460ea93a3593,2025-03-01T04:15:09.713000
 CVE-2025-1783,0,0,7fcaf339289a48edd534e2424306b8cd911988b21bbe826dd21f100c86d4c9de,2025-03-08T10:15:11.647000
@ -282136,6 +282137,7 @@ CVE-2025-21566,0,0,82ec7fdf226cb80f776cd09a3b71e56b532d0f963e7ee3118ba6bb781b798
 CVE-2025-21567,0,0,ccd02f620841a055b7609434758122e81dae08bf571c2d34cc808d0e73dc219d,2025-02-04T17:15:21.167000
 CVE-2025-21568,0,0,fec47b6b9ef3349c1b6b471d918fb557c8f63b9953ba47a2a0e04d801fa6804d,2025-02-04T17:15:21.297000
 CVE-2025-21569,0,0,5df0154e36384276f1807ec7f051b457b9528fd8420a266b3a9f61e681a5ef4f,2025-02-04T17:15:21.423000
+CVE-2025-2157,1,1,de2d77a143a9726a8c0cdeb1112b3114a0d09708174b91e160daba34d5d4aa2c,2025-03-15T07:15:34.930000
 CVE-2025-21570,0,0,ace167949078eb846cc68a40950678bfa282af3d76d61bcddefc7d830cafe3ca,2025-02-04T17:15:21.550000
 CVE-2025-21571,0,0,bdb8c4caf4103cfe30d360ecbf83480841b6726b170ed756d9f8b563b72e6029,2025-02-04T19:15:33.230000
 CVE-2025-21590,0,0,b36ae92dc904bf55dc4028b2cedf584a24120b0d6e0ef4bd06450d9ddd9f9379,2025-03-14T20:35:13.207000
@ -283079,6 +283081,7 @@ CVE-2025-23239,0,0,73761053f1cf486225f31cfbe2c5d7282e449e2379e63bc42bc6b88358fef
 CVE-2025-23240,0,0,cc75ce891b393f48204ae1bee9d1c6ebb0570ce0b6fca2a588e96d25da4e228c,2025-03-04T17:12:06.513000
 CVE-2025-23242,0,0,621adf07512b57c6883dcee811f463a1068addd9387d1e7204c7b4c588c8f36c,2025-03-11T20:15:16.280000
 CVE-2025-23243,0,0,bffe529ed1b92c248ffa538f9f7e54859081f3c5f5cb97e035c66ab1dd8d6e9d,2025-03-11T20:15:16.463000
+CVE-2025-2325,1,1,3c6b219229dc76a33d78d2ccb8fd1f767d78355c555f30961ca2b7b219af14fc,2025-03-15T07:15:35.107000
 CVE-2025-23359,0,0,078a2b254b9542e7cfbdc0b2539045b6c597acb96680d65380627cec160e1602,2025-02-12T01:15:09.230000
 CVE-2025-23360,0,0,64786cc83cb60a45ca607edefa61a189dcb38008ee28945d3e238c33bc7c5f9c,2025-03-11T20:15:16.633000
 CVE-2025-23362,0,0,f1b04109bb5a53f0fa12693fb841988a838f82d29d11cab82e724120097242c3,2025-01-29T02:15:27.910000
@ -285295,4 +285298,4 @@ CVE-2025-29996,0,0,04d5b171307dc2b30ea5eb5f28181e2f5299e6abd99f684b2064e258a3b5d
 CVE-2025-29997,0,0,3e1c88fa2147bd225e112b8448984cfa69ba6bc439375d110bf8e47fa9f5f226,2025-03-13T12:15:14.127000
 CVE-2025-29998,0,0,5dddfef1e1ef55af54ca138ece8d3523cffbfaa8a6942b2f0faa38d3ba4d474f,2025-03-13T12:15:14.277000
 CVE-2025-30022,0,0,18459892879519497629792b4e249dfce13486f819d766c4e46ea46420ba454e,2025-03-14T03:15:45.257000
-CVE-2025-30066,1,1,3262b27a19e1009341116d03848f2987c8add299a187f932bae911f0dc8ddaf6,2025-03-15T06:15:12.193000
+CVE-2025-30066,0,0,3262b27a19e1009341116d03848f2987c8add299a187f932bae911f0dc8ddaf6,2025-03-15T06:15:12.193000