From c8074ed379b38535f74f8b1c1d3c2207bc1bf630 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 4 Jul 2025 10:03:49 +0000 Subject: [PATCH] Auto-Update: 2025-07-04T10:00:13.676023+00:00 --- CVE-2024/CVE-2024-119xx/CVE-2024-11937.json | 60 ++++++++++++++++ CVE-2024/CVE-2024-94xx/CVE-2024-9453.json | 60 ++++++++++++++++ CVE-2025/CVE-2025-239xx/CVE-2025-23972.json | 56 +++++++++++++++ CVE-2025/CVE-2025-247xx/CVE-2025-24735.json | 56 +++++++++++++++ CVE-2025/CVE-2025-247xx/CVE-2025-24748.json | 56 +++++++++++++++ CVE-2025/CVE-2025-247xx/CVE-2025-24757.json | 56 +++++++++++++++ CVE-2025/CVE-2025-247xx/CVE-2025-24764.json | 56 +++++++++++++++ CVE-2025/CVE-2025-265xx/CVE-2025-26591.json | 56 +++++++++++++++ CVE-2025/CVE-2025-273xx/CVE-2025-27326.json | 56 +++++++++++++++ CVE-2025/CVE-2025-273xx/CVE-2025-27358.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28951.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28957.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28963.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28967.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28969.json | 56 +++++++++++++++ CVE-2025/CVE-2025-289xx/CVE-2025-28971.json | 56 +++++++++++++++ CVE-2025/CVE-2025-290xx/CVE-2025-29001.json | 56 +++++++++++++++ CVE-2025/CVE-2025-290xx/CVE-2025-29007.json | 56 +++++++++++++++ CVE-2025/CVE-2025-290xx/CVE-2025-29012.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30929.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30943.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30947.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30969.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30979.json | 56 +++++++++++++++ CVE-2025/CVE-2025-309xx/CVE-2025-30983.json | 56 +++++++++++++++ CVE-2025/CVE-2025-329xx/CVE-2025-32918.json | 78 +++++++++++++++++++++ CVE-2025/CVE-2025-535xx/CVE-2025-53566.json | 56 +++++++++++++++ CVE-2025/CVE-2025-535xx/CVE-2025-53568.json | 56 +++++++++++++++ CVE-2025/CVE-2025-535xx/CVE-2025-53569.json | 56 +++++++++++++++ CVE-2025/CVE-2025-535xx/CVE-2025-53599.json | 33 +++++++++ CVE-2025/CVE-2025-536xx/CVE-2025-53600.json | 33 +++++++++ CVE-2025/CVE-2025-53xx/CVE-2025-5351.json | 60 ++++++++++++++++ CVE-2025/CVE-2025-66xx/CVE-2025-6673.json | 64 +++++++++++++++++ README.md | 35 +++++++-- _state.csv | 37 +++++++++- 35 files changed, 1908 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-119xx/CVE-2024-11937.json create mode 100644 CVE-2024/CVE-2024-94xx/CVE-2024-9453.json create mode 100644 CVE-2025/CVE-2025-239xx/CVE-2025-23972.json create mode 100644 CVE-2025/CVE-2025-247xx/CVE-2025-24735.json create mode 100644 CVE-2025/CVE-2025-247xx/CVE-2025-24748.json create mode 100644 CVE-2025/CVE-2025-247xx/CVE-2025-24757.json create mode 100644 CVE-2025/CVE-2025-247xx/CVE-2025-24764.json create mode 100644 CVE-2025/CVE-2025-265xx/CVE-2025-26591.json create mode 100644 CVE-2025/CVE-2025-273xx/CVE-2025-27326.json create mode 100644 CVE-2025/CVE-2025-273xx/CVE-2025-27358.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28951.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28957.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28963.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28967.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28969.json create mode 100644 CVE-2025/CVE-2025-289xx/CVE-2025-28971.json create mode 100644 CVE-2025/CVE-2025-290xx/CVE-2025-29001.json create mode 100644 CVE-2025/CVE-2025-290xx/CVE-2025-29007.json create mode 100644 CVE-2025/CVE-2025-290xx/CVE-2025-29012.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30929.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30943.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30947.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30969.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30979.json create mode 100644 CVE-2025/CVE-2025-309xx/CVE-2025-30983.json create mode 100644 CVE-2025/CVE-2025-329xx/CVE-2025-32918.json create mode 100644 CVE-2025/CVE-2025-535xx/CVE-2025-53566.json create mode 100644 CVE-2025/CVE-2025-535xx/CVE-2025-53568.json create mode 100644 CVE-2025/CVE-2025-535xx/CVE-2025-53569.json create mode 100644 CVE-2025/CVE-2025-535xx/CVE-2025-53599.json create mode 100644 CVE-2025/CVE-2025-536xx/CVE-2025-53600.json create mode 100644 CVE-2025/CVE-2025-53xx/CVE-2025-5351.json create mode 100644 CVE-2025/CVE-2025-66xx/CVE-2025-6673.json diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json new file mode 100644 index 00000000000..26d28f62c99 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11937", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-04T08:15:24.900", + "lastModified": "2025-07-04T08:15:24.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3210517%40premium-addons-for-elementor%2Ftrunk&old=3208033%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26337385-646f-4129-99be-7fa020f67f8e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json new file mode 100644 index 00000000000..6bb091d5be6 --- /dev/null +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9453", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-07-04T09:15:24.537", + "lastModified": "2025-07-04T09:15:24.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-9453", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json new file mode 100644 index 00000000000..9d561b5f25b --- /dev/null +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23972", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:25.540", + "lastModified": "2025-07-04T09:15:25.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-form-7-recaptcha/vulnerability/wordpress-contact-form-7-recaptcha-plugin-1-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json new file mode 100644 index 00000000000..991b388dc3c --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24735", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:26.210", + "lastModified": "2025-07-04T09:15:26.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live Chat + ChatBot + Cart Saver: from n/a through 1.0.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/chatra-live-chat/vulnerability/wordpress-chatra-live-chat-chatbot-cart-saver-plugin-1-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json new file mode 100644 index 00000000000..a05f8947fff --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24748", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:26.970", + "lastModified": "2025-07-04T09:15:26.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This issue affects All In One Slider Responsive: from n/a through 3.7.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/all_in_one_carousel/vulnerability/wordpress-all-in-one-slider-responsive-plugin-3-7-9-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json new file mode 100644 index 00000000000..803fe193714 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24757", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:27.197", + "lastModified": "2025-07-04T09:15:27.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This issue affects MyRewards: from n/a through 5.4.13.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woorewards/vulnerability/wordpress-myrewards-plugin-5-4-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json new file mode 100644 index 00000000000..09bd99546b0 --- /dev/null +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24764", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:27.870", + "lastModified": "2025-07-04T09:15:27.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones (Simply) Guest Author Name allows DOM-Based XSS. This issue affects (Simply) Guest Author Name: from n/a through 4.36." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/guest-author-name/vulnerability/wordpress-simply-guest-author-name-plugin-4-36-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json new file mode 100644 index 00000000000..a2c5dc2008e --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-26591", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:28.517", + "lastModified": "2025-07-04T09:15:28.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox allows Stored XSS. This issue affects WP fancybox: from n/a through 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-fancybox/vulnerability/wordpress-wp-fancybox-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json new file mode 100644 index 00000000000..7e248be9472 --- /dev/null +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27326", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:28.727", + "lastModified": "2025-07-04T09:15:28.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Video Gallery Block \u2013 Display your videos as a gallery in a professional way allows Stored XSS. This issue affects Video Gallery Block \u2013 Display your videos as a gallery in a professional way: from n/a through 1.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/video-gallery-block/vulnerability/wordpress-video-gallery-block-display-your-videos-as-a-gallery-in-a-professional-way-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json new file mode 100644 index 00000000000..0a3336aee5f --- /dev/null +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27358", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:29.277", + "lastModified": "2025-07-04T09:15:29.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code Injection. This issue affects Frontend File Manager: from n/a through 23.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-file-manager/vulnerability/wordpress-frontend-file-manager-plugin-23-2-content-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json new file mode 100644 index 00000000000..f49ba153b89 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28951", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:29.500", + "lastModified": "2025-07-04T09:15:29.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bulk-featured-image/vulnerability/wordpress-bulk-featured-image-plugin-1-2-1-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json new file mode 100644 index 00000000000..f5c7d74b1c2 --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28957", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:30.007", + "lastModified": "2025-07-04T09:15:30.007", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OwnerRez OwnerRez allows Stored XSS. This issue affects OwnerRez: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ownerrez/vulnerability/wordpress-ownerrez-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json new file mode 100644 index 00000000000..0cca3169a6c --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28963", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:30.260", + "lastModified": "2025-07-04T09:15:30.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/exact-links/vulnerability/wordpress-url-shortener-plugin-3-0-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json new file mode 100644 index 00000000000..ef55b7814bb --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28967", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:30.760", + "lastModified": "2025-07-04T09:15:30.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/contact-us-page-contact-people/vulnerability/wordpress-contact-us-page-contact-people-lite-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json new file mode 100644 index 00000000000..3b9d9eee96a --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28969", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:31.183", + "lastModified": "2025-07-04T09:15:31.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/gallery-widget/vulnerability/wordpress-gallery-widget-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json new file mode 100644 index 00000000000..0b69e1e033c --- /dev/null +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-28971", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:31.507", + "lastModified": "2025-07-04T09:15:31.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider allows Stored XSS. This issue affects Easy Elements Hider: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/easy-elements-hider/vulnerability/wordpress-easy-elements-hider-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json new file mode 100644 index 00000000000..196fc430d40 --- /dev/null +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-29001", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:32.110", + "lastModified": "2025-07-04T09:15:32.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dzs-wootable/vulnerability/wordpress-woocommerce-shop-page-builder-plugin-2-27-7-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json new file mode 100644 index 00000000000..14c7da732b1 --- /dev/null +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-29007", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:32.653", + "lastModified": "2025-07-04T09:15:32.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lmsace-connect/vulnerability/wordpress-lmsace-connect-plugin-3-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json new file mode 100644 index 00000000000..66a8070b7c2 --- /dev/null +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-29012", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:32.900", + "lastModified": "2025-07-04T09:15:32.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 7 Mailchimp Add-on: from n/a through 2.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cf7-mailchimp-addon/vulnerability/wordpress-cf7-7-mailchimp-add-on-plugin-2-2-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json new file mode 100644 index 00000000000..642f76b9083 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30929", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:33.450", + "lastModified": "2025-07-04T09:15:33.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fluxtore/vulnerability/wordpress-fluxtore-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json new file mode 100644 index 00000000000..2dac1b366f7 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30943", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:33.673", + "lastModified": "2025-07-04T09:15:33.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Posts Slider Shortcode allows DOM-Based XSS. This issue affects Posts Slider Shortcode: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/posts-slider-shortcode/vulnerability/wordpress-posts-slider-shortcode-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json new file mode 100644 index 00000000000..ed8f2d2d32a --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30947", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:34.167", + "lastModified": "2025-07-04T09:15:34.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup allows Blind SQL Injection. This issue affects Cool fade popup: from n/a through 10.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cool-fade-popup/vulnerability/wordpress-cool-fade-popup-plugin-10-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json new file mode 100644 index 00000000000..a18a3f332af --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30969", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:34.417", + "lastModified": "2025-07-04T09:15:34.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery allows SQL Injection. This issue affects iFrame Images Gallery: from n/a through 9.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-iframe-images-gallery/vulnerability/wordpress-iframe-images-gallery-plugin-9-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json new file mode 100644 index 00000000000..62e90450ad3 --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30979", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:34.877", + "lastModified": "2025-07-04T09:15:34.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/pixelating-image-slideshow-gallery/vulnerability/wordpress-pixelating-image-slideshow-gallery-plugin-8-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json new file mode 100644 index 00000000000..584a71351fe --- /dev/null +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-30983", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:35.120", + "lastModified": "2025-07-04T09:15:35.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Card flip image slideshow allows DOM-Based XSS. This issue affects Card flip image slideshow: from n/a through 1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/card-flip-image-slideshow/vulnerability/wordpress-card-flip-image-slideshow-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json new file mode 100644 index 00000000000..a5922dc32a3 --- /dev/null +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-32918", + "sourceIdentifier": "security@checkmk.com", + "published": "2025-07-04T08:15:25.520", + "lastModified": "2025-07-04T08:15:25.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-140" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/17987", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-535xx/CVE-2025-53566.json b/CVE-2025/CVE-2025-535xx/CVE-2025-53566.json new file mode 100644 index 00000000000..6cf7ba12f65 --- /dev/null +++ b/CVE-2025/CVE-2025-535xx/CVE-2025-53566.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-53566", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:35.737", + "lastModified": "2025-07-04T09:15:35.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-535xx/CVE-2025-53568.json b/CVE-2025/CVE-2025-535xx/CVE-2025-53568.json new file mode 100644 index 00000000000..c99ea7de771 --- /dev/null +++ b/CVE-2025/CVE-2025-535xx/CVE-2025-53568.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-53568", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:36.370", + "lastModified": "2025-07-04T09:15:36.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station allows Cross Site Request Forgery. This issue affects Radio Station: from n/a through 2.5.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/radio-station/vulnerability/wordpress-radio-station-plugin-2-5-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-535xx/CVE-2025-53569.json b/CVE-2025/CVE-2025-535xx/CVE-2025-53569.json new file mode 100644 index 00000000000..6a553f145ac --- /dev/null +++ b/CVE-2025/CVE-2025-535xx/CVE-2025-53569.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-53569", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-07-04T09:15:36.560", + "lastModified": "2025-07-04T09:15:36.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) allows Cross Site Request Forgery. This issue affects Trust Payments Gateway for WooCommerce (JavaScript Library): from n/a through 1.3.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/trust-payments-gateway-3ds2/vulnerability/wordpress-trust-payments-gateway-for-woocommerce-javascript-library-plugin-1-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-535xx/CVE-2025-53599.json b/CVE-2025/CVE-2025-535xx/CVE-2025-53599.json new file mode 100644 index 00000000000..aad294cdb1c --- /dev/null +++ b/CVE-2025/CVE-2025-535xx/CVE-2025-53599.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-53599", + "sourceIdentifier": "cve@navercorp.com", + "published": "2025-07-04T08:15:25.687", + "lastModified": "2025-07-04T08:15:25.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve@navercorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://cve.naver.com/detail/cve-2025-53599.html", + "source": "cve@navercorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-536xx/CVE-2025-53600.json b/CVE-2025/CVE-2025-536xx/CVE-2025-53600.json new file mode 100644 index 00000000000..99fe8c94010 --- /dev/null +++ b/CVE-2025/CVE-2025-536xx/CVE-2025-53600.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-53600", + "sourceIdentifier": "cve@navercorp.com", + "published": "2025-07-04T08:15:25.823", + "lastModified": "2025-07-04T08:15:25.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve@navercorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://cve.naver.com/detail/cve-2025-53600.html", + "source": "cve@navercorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-53xx/CVE-2025-5351.json b/CVE-2025/CVE-2025-53xx/CVE-2025-5351.json new file mode 100644 index 00000000000..a1870421e81 --- /dev/null +++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5351.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-5351", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-07-04T09:15:37.100", + "lastModified": "2025-07-04T09:15:37.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-5351", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369367", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-66xx/CVE-2025-6673.json b/CVE-2025/CVE-2025-66xx/CVE-2025-6673.json new file mode 100644 index 00000000000..6f5f193ad4f --- /dev/null +++ b/CVE-2025/CVE-2025-66xx/CVE-2025-6673.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-6673", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-07-04T08:15:25.950", + "lastModified": "2025-07-04T08:15:25.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsc_eprm_menu_link shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/easy-pdf-restaurant-menu-upload/tags/2.0.0/class/class_admin_easy_pdf_restaurant_menu.php#L68", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3318491/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/382de43a-a714-4538-be12-76e74ad77327?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d0491be091b..4477dbe7dcf 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-04T08:00:11.550231+00:00 +2025-07-04T10:00:13.676023+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-04T06:15:25.203000+00:00 +2025-07-04T09:15:37.100000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300270 +300303 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `33` -- [CVE-2025-5372](CVE-2025/CVE-2025-53xx/CVE-2025-5372.json) (`2025-07-04T06:15:24.930`) -- [CVE-2025-6944](CVE-2025/CVE-2025-69xx/CVE-2025-6944.json) (`2025-07-04T06:15:25.203`) +- [CVE-2025-27326](CVE-2025/CVE-2025-273xx/CVE-2025-27326.json) (`2025-07-04T09:15:28.727`) +- [CVE-2025-27358](CVE-2025/CVE-2025-273xx/CVE-2025-27358.json) (`2025-07-04T09:15:29.277`) +- [CVE-2025-28951](CVE-2025/CVE-2025-289xx/CVE-2025-28951.json) (`2025-07-04T09:15:29.500`) +- [CVE-2025-28957](CVE-2025/CVE-2025-289xx/CVE-2025-28957.json) (`2025-07-04T09:15:30.007`) +- [CVE-2025-28963](CVE-2025/CVE-2025-289xx/CVE-2025-28963.json) (`2025-07-04T09:15:30.260`) +- [CVE-2025-28967](CVE-2025/CVE-2025-289xx/CVE-2025-28967.json) (`2025-07-04T09:15:30.760`) +- [CVE-2025-28969](CVE-2025/CVE-2025-289xx/CVE-2025-28969.json) (`2025-07-04T09:15:31.183`) +- [CVE-2025-28971](CVE-2025/CVE-2025-289xx/CVE-2025-28971.json) (`2025-07-04T09:15:31.507`) +- [CVE-2025-29001](CVE-2025/CVE-2025-290xx/CVE-2025-29001.json) (`2025-07-04T09:15:32.110`) +- [CVE-2025-29007](CVE-2025/CVE-2025-290xx/CVE-2025-29007.json) (`2025-07-04T09:15:32.653`) +- [CVE-2025-29012](CVE-2025/CVE-2025-290xx/CVE-2025-29012.json) (`2025-07-04T09:15:32.900`) +- [CVE-2025-30929](CVE-2025/CVE-2025-309xx/CVE-2025-30929.json) (`2025-07-04T09:15:33.450`) +- [CVE-2025-30943](CVE-2025/CVE-2025-309xx/CVE-2025-30943.json) (`2025-07-04T09:15:33.673`) +- [CVE-2025-30947](CVE-2025/CVE-2025-309xx/CVE-2025-30947.json) (`2025-07-04T09:15:34.167`) +- [CVE-2025-30969](CVE-2025/CVE-2025-309xx/CVE-2025-30969.json) (`2025-07-04T09:15:34.417`) +- [CVE-2025-30979](CVE-2025/CVE-2025-309xx/CVE-2025-30979.json) (`2025-07-04T09:15:34.877`) +- [CVE-2025-30983](CVE-2025/CVE-2025-309xx/CVE-2025-30983.json) (`2025-07-04T09:15:35.120`) +- [CVE-2025-32918](CVE-2025/CVE-2025-329xx/CVE-2025-32918.json) (`2025-07-04T08:15:25.520`) +- [CVE-2025-5351](CVE-2025/CVE-2025-53xx/CVE-2025-5351.json) (`2025-07-04T09:15:37.100`) +- [CVE-2025-53566](CVE-2025/CVE-2025-535xx/CVE-2025-53566.json) (`2025-07-04T09:15:35.737`) +- [CVE-2025-53568](CVE-2025/CVE-2025-535xx/CVE-2025-53568.json) (`2025-07-04T09:15:36.370`) +- [CVE-2025-53569](CVE-2025/CVE-2025-535xx/CVE-2025-53569.json) (`2025-07-04T09:15:36.560`) +- [CVE-2025-53599](CVE-2025/CVE-2025-535xx/CVE-2025-53599.json) (`2025-07-04T08:15:25.687`) +- [CVE-2025-53600](CVE-2025/CVE-2025-536xx/CVE-2025-53600.json) (`2025-07-04T08:15:25.823`) +- [CVE-2025-6673](CVE-2025/CVE-2025-66xx/CVE-2025-6673.json) (`2025-07-04T08:15:25.950`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a29ed9e8e1e..4df05caf264 100644 --- a/_state.csv +++ b/_state.csv @@ -247409,6 +247409,7 @@ CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e880 CVE-2024-11934,0,0,744a72b875229eda9af00bf8cde59d77110b18803c7442665bf58299c9e4d643,2025-01-07T04:15:07.520000 CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000 CVE-2024-11936,0,0,fabef096981e2f550c40dfe0d9724622960b49b3a39badb80025ebed8208ae38,2025-02-04T19:39:02.087000 +CVE-2024-11937,1,1,b20ff0dff20768900074bc6cbcdf78595371d97d68b689886fe5e76cbd5b30ed,2025-07-04T08:15:24.900000 CVE-2024-11938,0,0,6867b7d1c50742be481431f973c83467fcdb9442488abece06649b31c7a1e61f,2024-12-21T07:15:08.453000 CVE-2024-11939,0,0,6345ccf177226852fd504f0bbd480483116e863a5c5b707e8b4952ffc0b3c45f,2025-01-08T09:15:06.630000 CVE-2024-1194,0,0,2ad6fa2abb4bb109947132f87b19e7c09219cf51535c19102f3cbbfcba6ba405,2024-11-21T08:50:00.573000 @@ -282330,6 +282331,7 @@ CVE-2024-9449,0,0,2a3228e9059253e1a1bfcfc05cb787fa2d46cff95eac90562166618dea81a0 CVE-2024-9450,0,0,2661da4f486d2ba51950537d763e8f7bfc0038f8d91059640be3d9f2fc346337,2025-06-04T20:06:46.927000 CVE-2024-9451,0,0,2239eaaf3fd7789edad40c5525852bb325176f712e20628bfdfd3b25e7c703fb,2024-10-10T12:51:56.987000 CVE-2024-9452,0,0,1b70a258cdd4589c43f41f7bb65ef24a7987fea2fd0819044bb17b6cb999203c,2024-10-22T16:23:59.420000 +CVE-2024-9453,1,1,9843ca39bbcb137bc27f9e44e3600c334a152c9001ed9d104b279dc51c7f4113,2025-07-04T09:15:24.537000 CVE-2024-9454,0,0,4cfd8c9859408ba78039f10d28df6e1d2294fdb1d97b8a1f2d893fd722a84bdc,2024-10-28T13:58:09.230000 CVE-2024-9455,0,0,70eeb7921ee78f299c01776fe53c55197cf0553da95f449adab4e5d1eea63401,2024-10-07T17:48:28.117000 CVE-2024-9456,0,0,b03c9a73b6e647ff0388281429dea3f2c132c7dea689a2671a1020405e57dd58,2024-10-28T13:58:09.230000 @@ -287587,6 +287589,7 @@ CVE-2025-23968,0,0,955f5380954e813c7e88fece29af528205d4507019306da5a36ed36068521 CVE-2025-23969,0,0,487de04033365abaa60e5ffa75aa91d7c86b6db89eb8475ac28535f85fa6cbae,2025-06-06T14:06:58.193000 CVE-2025-2397,0,0,1d9d522b7da574d99450a0c926cba6b95d7f81a170fb089caa03fceac1350b83,2025-03-18T15:16:01.257000 CVE-2025-23971,0,0,b92b26502e7bf23962c464265b1f8680f1f27660b2e187da01a8acb71a6d5407,2025-06-06T14:06:58.193000 +CVE-2025-23972,1,1,c6feb141178185be5ee89fd0f163b49db0609e63f67bcc15dd9bfffbe8445c82,2025-07-04T09:15:25.540000 CVE-2025-23973,0,0,b03f07955cb4b8a1b76e7d2c342eec64764547fed2e7c9db7f01a8a71cd682f4,2025-06-30T18:38:48.477000 CVE-2025-23974,0,0,a5334512eb7b36e0cdd2f467f3cfd98d4a8e5f19afdeefafc45f76677608bc17,2025-06-12T16:06:47.857000 CVE-2025-23975,0,0,e8001c46a9ccc486b1a86f3be17fa5f6b3ce26422e7bdcae0080fc4ebd4b6ef7,2025-02-16T23:15:10.477000 @@ -288268,6 +288271,7 @@ CVE-2025-24731,0,0,49b9d87fe50843eb1bd58d4e2d6c6d09038a230901783130e84ac391da7f3 CVE-2025-24732,0,0,c415d1fd5de8703d180e448901772f07d2bcadd6548313af1a4bf127cb6f5bdc,2025-01-24T18:15:47.530000 CVE-2025-24733,0,0,19623b8cddec9bd678ab21a0a6434a55dd6a2c946e1fd89b1c0ab50c79e730db,2025-06-09T18:56:58.550000 CVE-2025-24734,0,0,d7ca2e9810757851f82f80aff63b50dafd3642d61fd1c2dc810bbf398284d5d2,2025-01-27T15:15:16.390000 +CVE-2025-24735,1,1,d86b4b054185aacc5a8e575a814e761568b70846b69e95097c47e6c577d93bae,2025-07-04T09:15:26.210000 CVE-2025-24736,0,0,1e8a96652fc2162e5783360265a8d95c57b803a595f82f3425468a4e8170b686,2025-06-09T19:00:07.100000 CVE-2025-24737,0,0,9483d129977b5a55aa4e0fc4b6924a76dadd8b2c82251145da31eab6c37c7862,2025-04-17T20:21:48.243000 CVE-2025-24738,0,0,ff824e93f081ca47b8768807ed6baf0479ca4ae475620ff9b3eabc39fddae9c1,2025-01-24T18:15:48.017000 @@ -288281,6 +288285,7 @@ CVE-2025-24744,0,0,bc8bbe894f88fed69b4bb24f69d681e27c01e6147c3768ca6f1adf789040a CVE-2025-24745,0,0,96360b19bb6d9efc61374d5ed9ad7e685cab245a4cf3d9cd634354575d9b39df,2025-04-17T20:21:48.243000 CVE-2025-24746,0,0,e640d68193c997efe97249e6f1cee0e9ce9f97ddc69dd52467ca15646a5683b0,2025-03-28T19:15:14.553000 CVE-2025-24747,0,0,d8d5879f141d02ac440b19c8b796e44b06e3fcae6bfd445bce644f72bd561c9d,2025-01-27T15:15:17.253000 +CVE-2025-24748,1,1,6113f8876e20d9ede9f30a78dbda0ee5a3284c2dd16b65b0c484ac1ffb4b6612,2025-07-04T09:15:26.970000 CVE-2025-24749,0,0,7e56b04f2f502be4c647ffa52a0c1f2e91f2bc25e979a1ff629db670a4b544fb,2025-01-31T09:15:11.760000 CVE-2025-2475,0,0,c0a0336fb403efb898458fa5072cfe904fb815c7e89b5030a20878b1fe124799,2025-04-15T18:39:27.967000 CVE-2025-24750,0,0,6398f7b1e29d3519e65e0864494e38f2a68b8317a82c560542e0c4814ca79359,2025-01-24T18:15:48.663000 @@ -288290,12 +288295,14 @@ CVE-2025-24753,0,0,a2c1331499f1ee93474d032a5492134141c22dfbef3d88782211f0652176f CVE-2025-24754,0,0,df5b30a971ad3afa753fa5100ea4ce4a8eeffe0cded00f62df24aa224b1825d8,2025-01-27T14:15:29.477000 CVE-2025-24755,0,0,817a6f4676c47a1165c3ef71cf774d5099a4b3fffe7ab21f2fd661b2cbf35fed,2025-01-24T18:15:49.160000 CVE-2025-24756,0,0,00090c21b036cb18f500635475c1d0d07432c00656603d0706e690db1dac0d4c,2025-01-24T18:15:49.307000 +CVE-2025-24757,1,1,6b2ea28d5670779099dcdb720fc4cc548d4523815daa69462dd5c9849cac0644,2025-07-04T09:15:27.197000 CVE-2025-24758,0,0,32f18f9fde7b9c98057db303ccb0ef7fae2b4bd1295433bfb8994fab92023627,2025-03-03T14:15:49.300000 CVE-2025-2476,0,0,cb20178503f5107240f603d37b12152fa4cba62b4b4f5e2e6646619a7113db65,2025-04-01T20:37:56.963000 CVE-2025-24760,0,0,4f7029ae86dd7b9516532a3040ecf94ac1644b5cc9f3d543e67b3757fddeda98,2025-06-30T18:38:48.477000 CVE-2025-24761,0,0,bfd9a3bfd9f2aaa49e2578444f78aae9b7b0d47f9afa6cdd690af464d5534216,2025-06-17T20:50:23.507000 CVE-2025-24762,0,0,894e659a1a178aa9d531cd7df56fa726ae70cf96ed97a3663ab30f3dfab73a43,2025-06-06T14:06:58.193000 CVE-2025-24763,0,0,79f7b62e2c27806e3f9461410effa35fd2516a997202c5333c9106a47a7186ce,2025-06-06T14:06:58.193000 +CVE-2025-24764,1,1,5d8fdfd8b7c6e7acdd0a7605d3d65f794f04ceb51cd3df064cd406bbe4f0fa4d,2025-07-04T09:15:27.870000 CVE-2025-24765,0,0,2c464ba99c0db5b9ed9e3455db336fd30cfe6a1835271dc633e71b22ff07151d,2025-06-30T18:38:48.477000 CVE-2025-24767,0,0,1c214db83a47e8769c514849bbcc4d5986d7655cf1c36824fb9639640f04fe8e,2025-06-12T16:06:47.857000 CVE-2025-24768,0,0,9189c2bd9d601f25f78d69a9ed75ee394b9e6a5a348dad3498cc8567cf03accd,2025-06-12T16:06:47.857000 @@ -289326,6 +289333,7 @@ CVE-2025-26588,0,0,bd02ba233979579f3c8028618005b5c036f8e9bb2db4aabcd7a57c2127440 CVE-2025-26589,0,0,bed434e05d708700c2c5a6b977f599fcc267a2dd10919cb423bc182a13c41191,2025-03-03T14:15:56.067000 CVE-2025-2659,0,0,fbf6b7428f5a2f31e77711a0c7541da7a333822ab93a6dd7f8fe575092acea75,2025-03-23T19:15:14.570000 CVE-2025-26590,0,0,69dd689006c8d139480f0d2fd99f2d72ce2fbb4e8fd019cab6563b501809f90a,2025-06-06T14:06:58.193000 +CVE-2025-26591,1,1,fc236e71744ebf9b644ac50ba3b1cdc371bbc3445eeb7a1aa6a15988af0b48ee,2025-07-04T09:15:28.517000 CVE-2025-26592,0,0,1d78fdd090f1632b4ac4877f1ba3074af999e759435239a029d6b26bcc5060e7,2025-06-12T16:06:47.857000 CVE-2025-26593,0,0,f00c14abd006c9bae0f9bfa6b117ba98ac52839993ee2e7665ea503409204f77,2025-06-06T14:06:58.193000 CVE-2025-26594,0,0,22b96a2f1606784ee6fa3dff98a3dcda4cc907d5203050d8c08fb783b91d57b4,2025-05-13T20:15:26.200000 @@ -289915,6 +289923,7 @@ CVE-2025-27322,0,0,db12c06a727330268000c00c2bbfad285b50b188e497a32257bdc6bd9bd31 CVE-2025-27323,0,0,6b3c8bfca9a52e8e86879d19ce880fdf9f7a54b902cbc68d3d2a6df3d91b39a9,2025-02-24T15:15:17.887000 CVE-2025-27324,0,0,9fa25b81329be966f05fcc8a182a319715337d9882a4c6aa33c0a191fba7880d,2025-04-17T20:21:05.203000 CVE-2025-27325,0,0,2feca2633771fc2778abc5f38ebcc551352c349ceee670498f95fc6c1e87006f,2025-02-24T15:15:18.033000 +CVE-2025-27326,1,1,0dcc379de01710526fb21434eda7c34fada1a9fe4494c19c664e9f81172050e3,2025-07-04T09:15:28.727000 CVE-2025-27327,0,0,73e4ff5d75ca094725c80bbb276cee17166e5d6bda85688614f42774de023689,2025-02-24T15:15:18.180000 CVE-2025-27328,0,0,9ac63c0efda7e823e787a6bf7f7ca2b667f253a4b196d2b6272f78f509f1a1e3,2025-02-24T15:15:18.337000 CVE-2025-27329,0,0,51db9506be60f1f1c2fbcc8e8f746a383d6521e8d2aaa63590ca71230efadc21,2025-02-24T15:15:18.493000 @@ -289949,6 +289958,7 @@ CVE-2025-27354,0,0,1ce044a1079e0d294750814be6f1c0954b6a5514512ac17e37801e1c88cfd CVE-2025-27355,0,0,caa62ce9bbf1bb76cf121e6e89f446abe3d40a89991436a920bab478df84b04e,2025-02-24T15:15:20.917000 CVE-2025-27356,0,0,c6532ae1cc5e3e40abfb75187df6e9c621394ebd78da8fba75994511b24c76a9,2025-02-24T15:15:21.077000 CVE-2025-27357,0,0,906169a569eb5a8ab170c576da5f537f983e8f3b76fbc6f0db581847c8ddd5b6,2025-02-24T15:15:21.233000 +CVE-2025-27358,1,1,557ce2cfdaa26caf46b0a51d49ce6dc2ab2a4963b193306d711a986ddaa4300d,2025-07-04T09:15:29.277000 CVE-2025-27359,0,0,bc075bb86fca4f63cce935506a3dbbf1e76155fbe5cec01080355e7b3cf26a58,2025-06-06T14:06:58.193000 CVE-2025-2736,0,0,33c3006167b33de591f1a27264763826544e0569703dfd7d13e6e1e623d6c471,2025-05-15T19:29:57.387000 CVE-2025-27360,0,0,fc7c10146447c977dacf60af6e89aa6249adc1ba87fdcfe0e5e9aa04faaa557f,2025-06-06T14:06:58.193000 @@ -290688,15 +290698,21 @@ CVE-2025-28947,0,0,6d0d6ab5ae15515974f9a464af832e86c3273828eb252445a9e56524ceae6 CVE-2025-28948,0,0,4d297b75c70e34b4f1f934c39f9e9a15f431eb4dd554bce73695cd2e9278acd1,2025-06-06T14:06:58.193000 CVE-2025-2895,0,0,2050fc6a5d50e470ab9225998fe69e84f44db9771314ca29fe142652674f53e9,2025-06-30T18:38:23.493000 CVE-2025-28950,0,0,95165f9c1a939415b93ab4b82b6c9d0ac3c413eca61b0efe3dd2ef6e35397ed6,2025-06-06T14:06:58.193000 +CVE-2025-28951,1,1,26195b3e3cf18d6e3f642317680f610d5025a4814db4ad6ea93033474e966338,2025-07-04T09:15:29.500000 CVE-2025-28952,0,0,36a2d7e90e0ea02d7a032d500231cfdd2aabec1fc4b51f58a9dcb0a5dc7dfaf2,2025-06-06T14:06:58.193000 CVE-2025-28954,0,0,5e1648f3e4f3b4c2a3d29f98809dccb3c28ca26ee065ae7467a201e3a5a261fd,2025-06-06T14:06:58.193000 CVE-2025-28956,0,0,c65daa2f3b934be4b73db85bd78ce38beea4797c7b3913097ef918a694d7e252,2025-06-30T18:38:48.477000 +CVE-2025-28957,1,1,cf458307535fd52d013de8cc5d88f4dfcaeefc7bc4e9b3829622a0e0094358ce,2025-07-04T09:15:30.007000 CVE-2025-28958,0,0,d9eebea06aebd4f4602b4099a0e69e3b14141e06d1b195456acb942884339933,2025-06-06T14:06:58.193000 CVE-2025-2896,0,0,4558970bb5260d917e5a373371764eb8c9ff16148bd2cda59741f4495076314c,2025-06-09T18:08:36.257000 CVE-2025-28960,0,0,b650c6fd48bfb07947d0ccd4bb08b75f2fe53ec909e6194ffcc5d1a95f2f82e0,2025-06-30T18:38:48.477000 +CVE-2025-28963,1,1,492635525da6d93121db7df236cc641283bff0fcc38e699d41e719d56125a039,2025-07-04T09:15:30.260000 CVE-2025-28964,0,0,5941c6471c783811f736b1cd6a2de0d6e846c0f5ab5d7f88d39ac0e5c46376df,2025-06-06T14:06:58.193000 CVE-2025-28966,0,0,a9a888da79337c47e1f2f230b623b8e1e6b96aab7deecf98c76f3f9f345b2049,2025-06-06T14:06:58.193000 +CVE-2025-28967,1,1,8d61b8faed1e495539244f436a0e941cc255d5cbfc4f6a09c60b49cdc064b470,2025-07-04T09:15:30.760000 +CVE-2025-28969,1,1,d8571d342ae6a1e70e2ed662cacad663e51e62993ea4923fe828b9719d25c322,2025-07-04T09:15:31.183000 CVE-2025-28970,0,0,92881b56e6fe23586d7f4f080215a9212037d5cb3eec1d1c40819fe922f76f18,2025-06-30T18:38:48.477000 +CVE-2025-28971,1,1,416d7bdfcc223a43beb11fd2a19095bda9448dc204067b8031e0e2ad965308a5,2025-07-04T09:15:31.507000 CVE-2025-28972,0,0,ceb2fdbef9f785f49da61607523e4567ff2674a64e5cbd6022403b56031ab79d,2025-06-17T20:50:23.507000 CVE-2025-28974,0,0,e17e6dc9b84000fcffa09ada9585e56145630617cef399b7f12d810b2629175f,2025-06-06T14:06:58.193000 CVE-2025-2898,0,0,47f67442cb55ba411e4669d13ef4529f1239e4e6ba72061becfb6f7e592e31cd,2025-05-16T20:02:07.950000 @@ -290716,14 +290732,17 @@ CVE-2025-28996,0,0,a3c81f0844ae31cf1718dfeab90e32c3f1e46bce363be53a0629b3286d456 CVE-2025-28997,0,0,201cbfd0ddb9fce280a7e07e55636b02e759e63e03e9f9c18fe553768df5e39d,2025-06-06T14:06:58.193000 CVE-2025-28998,0,0,dafd274ccd6b46521982d913f4adaad5cdb06f7ba5ffb020e958fbe2ae03dadd,2025-06-30T18:38:48.477000 CVE-2025-2900,0,0,7fae831f047ecd7346a160d93b21af917548a04e8f5cc7bcbad0aaded0bb8d22,2025-05-16T14:43:56.797000 +CVE-2025-29001,1,1,014705602ea2a23026f8f70ba9c31034fee9f526fe2e8bc739946c19e5a31277,2025-07-04T09:15:32.110000 CVE-2025-29002,0,0,2a3126cdaab012e22d907568d3924f7f8675b2f5613f35dcde20a809cb0a17c1,2025-06-17T20:50:23.507000 CVE-2025-29003,0,0,ac4e6c10cc78a574f687bbb129b00b12f05050f35ac2c9c265488283397963d9,2025-06-06T14:06:58.193000 CVE-2025-29005,0,0,c9f8dbfedc641b5548bf37c246299e6accbd08e55b091ed72183877cf47bcc48,2025-06-06T14:06:58.193000 CVE-2025-29006,0,0,4d1d38cd7a0c468226e8aca886cb106ca62c5b00f9e00f7f812545f9eaf5dd09,2025-06-06T14:06:58.193000 +CVE-2025-29007,1,1,acedaf2b25749d0bf2418064eedc18e8987304258f86822b8f1cea13c81d921c,2025-07-04T09:15:32.653000 CVE-2025-29008,0,0,3b3ab06273da56c69a0fb2483c56df3fa9f5064413b83eea18a740c113bcd8c7,2025-06-06T14:06:58.193000 CVE-2025-2901,0,0,692b7d4a80d8571564de4afe3e8a8fdc6532e8e3f67037d3bd7472bf570ebf4c,2025-06-20T12:15:21.010000 CVE-2025-29010,0,0,2e9f5293886bf5addf72b3ca5c7cabe4b8562b76040594b809db668966e61926,2025-06-06T14:06:58.193000 CVE-2025-29011,0,0,aba5b1495d441572d1adfbb50603eeeadd62a30cda9cc6bdfe85d38ffce67aa1,2025-06-06T14:06:58.193000 +CVE-2025-29012,1,1,932ebebbb48fa7db27c5a9e118410b4b0c4bb7e1206952a47f54022912ef3e63,2025-07-04T09:15:32.900000 CVE-2025-29013,0,0,8f57011cf53e8e7ea010a2914057553d82b531c5316817362a5957e50cd4e927,2025-06-06T14:06:58.193000 CVE-2025-29015,0,0,2c89624cc8d923634cb63c498a89bf9957e35c30cdd388a3e6553d139f4ea18c,2025-04-21T18:30:44.360000 CVE-2025-29017,0,0,89557f97009e1a426e4e78f346a03a71796c3409077c7515d19e8a31f7fd2d62,2025-04-30T16:40:09.547000 @@ -291913,6 +291932,7 @@ CVE-2025-30925,0,0,303059a0519907d0c47140322e242ea05b7024546a805d0c164e0f0e362aa CVE-2025-30926,0,0,b661a84f99652a2821e7ff3d11c13e4069bdece4b97608c23c3ec387d8764f48,2025-04-01T20:26:11.547000 CVE-2025-30927,0,0,85246bcc22eea831eb2cabc1fa58fdf25aaaf04360b5f835cd7b0130652f5f28,2025-06-06T14:06:58.193000 CVE-2025-30928,0,0,6fc8019320e88e92e60f8d9ded425ef8244dae75b933caefa05d6b876de0d4fb,2025-06-06T14:06:58.193000 +CVE-2025-30929,1,1,c88b9e1679ed61da4510f8138d576badebf813a72006d5c21c8fe44a2d3c4183,2025-07-04T09:15:33.450000 CVE-2025-30930,0,0,9bf542b9de63233fd9f5d85ed07f76a70f9c52a5e16db28223227969773c9c4a,2025-06-06T14:06:58.193000 CVE-2025-30931,0,0,b875c8d500ba8afd6309c2581a84310affe8927efa1570fe516c4e65530e3e61,2025-06-06T14:06:58.193000 CVE-2025-30932,0,0,bd2f98f1d0e502b0ec1e90cccecfa714cd49fae8e66f1ef0acebbfeeed36e7dd,2025-06-06T14:06:58.193000 @@ -291924,8 +291944,10 @@ CVE-2025-30939,0,0,f55cc50971147f961c205232cd0306a2050d800120966d84116d6c1cfb042 CVE-2025-30940,0,0,42cc8020b187c2f949cd6ca6d60c91abf4e2645d02b7d6662331d5fba5cd1b31,2025-06-06T14:06:58.193000 CVE-2025-30941,0,0,1c2966e356bddf3fcb845bb906443c5988ec06a31097f9dedb5132243f5cfd10,2025-06-06T14:06:58.193000 CVE-2025-30942,0,0,dde98355d7ce6340be6dc8c110c67875471abfc9f14a5688f6740ac71c8ecf81,2025-06-06T14:06:58.193000 +CVE-2025-30943,1,1,fbc2868f7addc737d9cd29da4944529a02f71ffee17fd811111983a2f0c8449c,2025-07-04T09:15:33.673000 CVE-2025-30945,0,0,ebf61fa52f5c4ae178ace28182f9812657771e01a723955d70da59b3eae4def5,2025-06-06T14:06:58.193000 CVE-2025-30946,0,0,2d6503706b8d5d9272b6eacd8d3449f9294370663691a3eb20d6635679bda2c5,2025-06-06T14:06:58.193000 +CVE-2025-30947,1,1,edf9261a5793d57de8dbd60c38c4ed1b845d4abdf841627acf9da3461782fa32,2025-07-04T09:15:34.167000 CVE-2025-30948,0,0,81b46d446fe61fdd74ecee95046d8905435dfd26a3a66c51a475db70caec0f7b,2025-06-06T14:06:58.193000 CVE-2025-30950,0,0,ce142b199bd53944d0b37149265fe63a8d5ef324387b60d9be5434545c561251,2025-06-06T14:06:58.193000 CVE-2025-30951,0,0,b3804ceb08862f1e40a4b90d8854b4650d322cc0add1802a4921cd98124a21b7,2025-06-06T14:06:58.193000 @@ -291945,6 +291967,7 @@ CVE-2025-30965,0,0,31f9d1c6c6f596ab0f9465779010e3a4ab6304c7d82005590ba9afd9a3d02 CVE-2025-30966,0,0,ac009a6da52419c0270aa04ca81abc4fa5f318078fe3f9441908971cf101d5af,2025-04-16T13:25:37.340000 CVE-2025-30967,0,0,0c0b96e53b9cde9ad2bb3f71987232b57aa50bd6a24c6758752eb95376072a25,2025-04-16T13:25:37.340000 CVE-2025-30968,0,0,4942f6133733c0ddce430f0d6dc938c90008237c0010d8b395295fc1dc006a90,2025-06-06T14:06:58.193000 +CVE-2025-30969,1,1,5523c8c7fc9083592bcad40492e8c2c8147fd7b0006f25fbd78ef6f068d37baa,2025-07-04T09:15:34.417000 CVE-2025-3097,0,0,a56f46f6ab586feb1d3c504e3ae22e548d2acd2889f7f29233e79a32e7240220,2025-04-02T14:58:07.527000 CVE-2025-30970,0,0,0383c09158983a94697a54299bf3565b5884c0a46522c56908d558692c246209,2025-04-16T13:25:37.340000 CVE-2025-30971,0,0,bdaa81d5f90f891b35dfd2da44198cf771c61350682b9305a17f8bc2d53e966d,2025-04-01T20:26:11.547000 @@ -291953,10 +291976,12 @@ CVE-2025-30974,0,0,270ff5ae321eaf381312745d2453ca8ba421e2c52150d2c2759071c771de9 CVE-2025-30976,0,0,e305772f271bf5b9639627a467b70709bf0677558a54adb084f239e6182fb20a,2025-06-06T14:06:58.193000 CVE-2025-30977,0,0,0f384b592ea7d49d38cf172ba61071dd2f79b1646bf53550bc464c43bf7983b5,2025-06-06T14:06:58.193000 CVE-2025-30978,0,0,c549c9fd3c57f8b610c3f00ba61db1906f3d727e04f6668a2badb8b7cd0f0ae8,2025-06-06T14:06:58.193000 +CVE-2025-30979,1,1,c08cb60599008c3bde06465d1a54bd92b0cd5fcb320f2ea7902a4c7c418e64e7,2025-07-04T09:15:34.877000 CVE-2025-3098,0,0,64e3da7989169613fb4eaf552a0f5621059a5a42e666f32ff39d3d155f26ca41,2025-04-02T14:58:07.527000 CVE-2025-30980,0,0,de5f7bb0442449cfdb874d155c049b50d5ea7272b9dddf2b5e48dfed15312b78,2025-06-06T14:06:58.193000 CVE-2025-30981,0,0,f589aa7b19dfdf2f14d19fb642cecac61c4148f50d56de2d3b14c9f8038dda7b,2025-06-06T14:06:58.193000 CVE-2025-30982,0,0,59b15597be0361f08e3ea3f80591cb7c60a45abff0964752a18bb3c57220d42d,2025-04-16T13:25:37.340000 +CVE-2025-30983,1,1,a544eff66ea6504f46f145004d6771cb81c136d213df32255206485e1ce98c01,2025-07-04T09:15:35.120000 CVE-2025-30984,0,0,034a74e0caa7bd14ced17a5c80bc778777c5654b7ca69176fb0d7f7ebaf75688,2025-04-16T13:25:37.340000 CVE-2025-30985,0,0,ca9a8afa18a1db635c78d3851e268c038dfdb21f929339aade64c19290b707f9,2025-04-15T18:39:27.967000 CVE-2025-30986,0,0,89cc7ea8131810f7d73ab3e657854dd73f775377299662852ec1f5270e30b06e,2025-06-06T14:06:58.193000 @@ -293613,6 +293638,7 @@ CVE-2025-32913,0,0,e1927d0860bc1d6760527c56e49e831eec072989d1ced890c45db58ff9e96 CVE-2025-32914,0,0,3af3067d70bd81f91455998b87224657ddcf7d162a47d749db58a95e606833a2,2025-06-17T12:15:25.657000 CVE-2025-32915,0,0,2d5afa660948b242629afd805b42088f6d76764cd20288c422f89dd9fe02bb30,2025-05-23T15:55:02.040000 CVE-2025-32917,0,0,621a83e4e955a5402f378188c4f01b4aff8a0585cec439fee69248f2294167f0,2025-05-13T19:35:18.080000 +CVE-2025-32918,1,1,ee60cbca4a52755eb3c430ae1586cb768e7b13aab93d361068f2144535e0fa58,2025-07-04T08:15:25.520000 CVE-2025-3292,0,0,118c173f186dcc5720366632802764bcff206cc9d545c82cefbfbd5ae3208b31,2025-04-15T18:39:27.967000 CVE-2025-32920,0,0,7e212ccae54e7de68d6b49d615b9e74e6cf3cb23588850cf6230b262d708bae7,2025-06-17T10:15:22.177000 CVE-2025-32921,0,0,7c798e84a120c09e79aa61f0d66dd4a5e84ea134e24a6f6fea02a374ca1d5b0e,2025-04-29T13:52:47.470000 @@ -299112,12 +299138,18 @@ CVE-2025-53494,0,0,208fc72eecce6b5a15d2bab2c5d282523f9dc3860f6acdfd211e204b9a94e CVE-2025-53500,0,0,4e600160e0338af8f29e334cc4de18af82b5375f94d3896f9cbf3cc874d5159e,2025-07-03T18:15:22.140000 CVE-2025-53501,0,0,21c335a8cee7517960e84f19187025efcea385227ba1fb22ef8cc3a8c10a8e56,2025-07-03T18:15:22.300000 CVE-2025-53502,0,0,8620e1fa54158c5ea47ec511c9a4e70659635a1ba5079b6185bdce67f385eae0,2025-07-03T18:15:22.530000 +CVE-2025-5351,1,1,850069ba9822256aa25cac01a05a2fcfbbcd3d3ed240d3b9e5704de846bc4735,2025-07-04T09:15:37.100000 CVE-2025-5353,0,0,a9d9e9f405a59eeaccd7ee5466c700cdd9eae2ba20f2bc9c98c5c42953abdf75,2025-06-12T16:06:39.330000 CVE-2025-5356,0,0,230423e916dccb3eed4f4eea6b8b3a9d8afef34a102c6f9d5aed25dc46913046,2025-06-24T15:20:27.113000 +CVE-2025-53566,1,1,8f5babf510fcd94da9441b406df99485ca570ad5d277e709e898225a7fc9fadf,2025-07-04T09:15:35.737000 +CVE-2025-53568,1,1,930d408909b95b185802439a8c0013bcd6a543d5eaf750b0562761dfc404e207,2025-07-04T09:15:36.370000 +CVE-2025-53569,1,1,32e9ceb01da0a8d0c4c1462317b962c6b45b587a2f7aaabb3532443bfd4bb4d8,2025-07-04T09:15:36.560000 CVE-2025-5357,0,0,907468d4a23bb292098ec30159d44f17f5a58704c8b53f5a961af7ce379d277f,2025-06-16T16:26:46.080000 CVE-2025-5358,0,0,8d1b1a598434ecad4f0ae411fcaa51446d90f020f8729fd93cc9901ead4d16c2,2025-06-10T15:14:21.980000 CVE-2025-5359,0,0,fbaee83932976cabc2c375b7182ecd49a378426f554e3965400f3dd72ff93c16,2025-06-10T15:14:30.460000 +CVE-2025-53599,1,1,111b60ab172be48052b423c979314dcd8f917153e5cc0bf41e87ee1416b2bca6,2025-07-04T08:15:25.687000 CVE-2025-5360,0,0,f6f6f0a68bcc88f729faa5e7b6e62c265dbe0f87de895580450e0ebfdb395bd6,2025-06-03T15:35:19.237000 +CVE-2025-53600,1,1,45e4b949bc6405088d1f4c8d66b4b394a5ccae231bce59e0ab096930b3dbdb3b,2025-07-04T08:15:25.823000 CVE-2025-5361,0,0,63ed55da0a8819c3072e9ae5cbf20f6ad96bd8fa3415071144a15d946aef0cb0,2025-06-03T15:35:09.950000 CVE-2025-5362,0,0,33b74730f9e7ac14985e93de797c2da60e582983293fbae692e330f50a44162c,2025-06-03T15:34:57.473000 CVE-2025-5363,0,0,d48d3a878cc2187658148b214cb6829e36972108c01dfa0cb86b9cac54da6616,2025-06-03T15:34:39.567000 @@ -299129,7 +299161,7 @@ CVE-2025-5368,0,0,9330ec771717069f27ceda5473a12198f97847c6ad28dab99e3c2364851c8d CVE-2025-5369,0,0,8c4e55fbb8d45d713061ee556ffa7273cbb4542497249daf924357fd6840ed9e,2025-06-09T18:59:49.330000 CVE-2025-5370,0,0,d7c535f6840fb8738b07147f1830fce26e5802820d60a561b6d2888f8dde3788,2025-06-09T18:59:58.197000 CVE-2025-5371,0,0,16f45a240979d3e28a1f7ae1c207a37bd22e9e5d64cb4ee381668bed7ebf71f7,2025-06-04T14:31:41.573000 -CVE-2025-5372,1,1,fe392af2649fcf4754aaa0f40f9ad2e50de41c062d9414f859ca6f33d04d1690,2025-07-04T06:15:24.930000 +CVE-2025-5372,0,0,fe392af2649fcf4754aaa0f40f9ad2e50de41c062d9414f859ca6f33d04d1690,2025-07-04T06:15:24.930000 CVE-2025-5373,0,0,c749a6b1c61526825a3ec95e76f4d6286fc94a99723ecde6b20b472fbeaf94ea,2025-06-03T15:31:55.267000 CVE-2025-5374,0,0,08ec0fbe437c75568e797a6883653990f3916903b217127f6e162f78c26a7157,2025-06-03T15:31:45.257000 CVE-2025-5375,0,0,79ab6f61d55d13152e6cea237408e960f1fbc5f1ab43084ee7b9d3d96e5ce6a0,2025-06-03T15:31:34.527000 @@ -300084,6 +300116,7 @@ CVE-2025-6665,0,0,819e0fbbba720c6c224657e5e3d234dfe09f50d6f19ea31a4a8557c46f9ecf CVE-2025-6667,0,0,f7249d0ce2242cc1fb55502e78a9d1851a88aea1d56705388779a71c32d97776,2025-06-30T21:15:32.063000 CVE-2025-6668,0,0,2c668ab21380ad28d26e4a71eb753799465f7ccb1ef8018c5159319921192efe,2025-06-27T17:49:20.193000 CVE-2025-6669,0,0,910a314b076194cb451db40c00cbeb61d557257d78d120caf65549dfd156af45,2025-06-27T11:15:25.547000 +CVE-2025-6673,1,1,35a93bc36a24afd2183bb8a18d412128180900b8dff8f9c8d7ddcd4f6b578af3,2025-07-04T08:15:25.950000 CVE-2025-6674,0,0,2a96b77d18a3ed5a15d1217808f66635d48de16e05f22c39a4ae455ffcadc0f2,2025-06-26T18:57:43.670000 CVE-2025-6675,0,0,da67a1c2004e5cc5e54b7c0644d8650536b661cde378d828659935fe26d9ab2b,2025-06-26T18:57:43.670000 CVE-2025-6676,0,0,bd087b07cf4f670b55016364756fd99233a6c207f4660c77a1d02dfb21e7e185,2025-06-26T18:57:43.670000 @@ -300253,7 +300286,7 @@ CVE-2025-6939,0,0,88798c3d963670243713a0ba5ca35f233cc5d10cbb487d7cbe8eda500e16e1 CVE-2025-6940,0,0,5e23b0d4f8a1050b47fd2b84d2b10d2ba8310488bfa7bf1732cf9979fb868ffa,2025-07-03T15:14:12.767000 CVE-2025-6942,0,0,ce17090e9af93141dbee0b9e4a07d73c52cfd336a45382f6ec1d10b523f6b0dd,2025-07-03T15:13:53.147000 CVE-2025-6943,0,0,5dcd978aca60bde8e7659603a9d3b22fafdd87d6a11934f15fec14a78f7c69d4,2025-07-03T15:13:53.147000 -CVE-2025-6944,1,1,5622a8b0f0ed0a0c6aeead544dcb013113469a5cbf530b54dbb3bfa6b3b7f182,2025-07-04T06:15:25.203000 +CVE-2025-6944,0,0,5622a8b0f0ed0a0c6aeead544dcb013113469a5cbf530b54dbb3bfa6b3b7f182,2025-07-04T06:15:25.203000 CVE-2025-6951,0,0,5a3caa7d073f89ca081c6926241b422cc722827fe163f031d9790b1237798b83,2025-07-03T15:14:12.767000 CVE-2025-6952,0,0,709bf298cd3a7382a18a3723dc3d183c8c753d6d79ec97c33ee461f9719c03c2,2025-07-03T15:14:12.767000 CVE-2025-6953,0,0,6b5bad17fb026212a3c70664d625cd833ff98c83e37e4a357495294125c531f9,2025-07-03T15:14:12.767000