diff --git a/CVE-2020/CVE-2020-145xx/CVE-2020-14506.json b/CVE-2020/CVE-2020-145xx/CVE-2020-14506.json index 20ba224de90..ab90930d0a2 100644 --- a/CVE-2020/CVE-2020-145xx/CVE-2020-14506.json +++ b/CVE-2020/CVE-2020-145xx/CVE-2020-14506.json @@ -2,7 +2,7 @@ "id": "CVE-2020-14506", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2020-09-18T18:15:16.583", - "lastModified": "2024-11-21T05:03:25.083", + "lastModified": "2025-06-04T20:15:21.540", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 3.4, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 2.5 + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -67,7 +87,7 @@ "weaknesses": [ { "source": "ics-cert@hq.dhs.gov", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -103,6 +123,10 @@ "US Government Resource" ] }, + { + "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive", + "source": "ics-cert@hq.dhs.gov" + }, { "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2020/CVE-2020-272xx/CVE-2020-27298.json b/CVE-2020/CVE-2020-272xx/CVE-2020-27298.json index 6890eaa670e..40069568dca 100644 --- a/CVE-2020/CVE-2020-272xx/CVE-2020-27298.json +++ b/CVE-2020/CVE-2020-272xx/CVE-2020-27298.json @@ -2,7 +2,7 @@ "id": "CVE-2020-27298", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2021-01-26T18:15:45.990", - "lastModified": "2024-11-21T05:21:00.880", + "lastModified": "2025-06-04T20:15:21.807", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -145,12 +165,12 @@ ], "references": [ { - "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01", - "source": "ics-cert@hq.dhs.gov", - "tags": [ - "Third Party Advisory", - "US Government Resource" - ] + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive", + "source": "ics-cert@hq.dhs.gov" }, { "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01", diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23089.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23089.json index aacb35fefae..7cd644cca5e 100644 --- a/CVE-2022/CVE-2022-230xx/CVE-2022-23089.json +++ b/CVE-2022/CVE-2022-230xx/CVE-2022-23089.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23089", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-02-15T05:15:09.620", - "lastModified": "2025-03-13T22:15:12.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T21:11:31.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,214 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.3", + "matchCriteriaId": "21DD7BCE-A20E-4014-8E35-DB6EC1FB12B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.4", + "versionEndExcluding": "13.0", + "matchCriteriaId": "4ACD421D-AD3D-484B-9E8C-3FA32262B885" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*", + "matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*", + "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*", + "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*", + "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*", + "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*", + "matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", + "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*", + "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", + "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*", + "matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*", + "matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*", + "matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0006/", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0006/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23090.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23090.json index 4485f5c1fa7..92426af2fe4 100644 --- a/CVE-2022/CVE-2022-230xx/CVE-2022-23090.json +++ b/CVE-2022/CVE-2022-230xx/CVE-2022-23090.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23090", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-02-15T06:15:45.103", - "lastModified": "2025-03-29T00:15:15.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T21:59:04.990", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,186 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*", + "matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*", + "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*", + "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*", + "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*", + "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*", + "matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", + "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*", + "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", + "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0007/", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0007/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10054.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10054.json index bab8ba15088..c70bddb7362 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10054.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10054.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10054", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:32.370", - "lastModified": "2025-05-20T16:15:23.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:38:47.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "El complemento Happyforms para WordPress anterior a la versi\u00f3n 1.26.3 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." + "value": "El complemento Happyforms para WordPress anterior a la versi\u00f3n 1.26.3 no depura ni escapa algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios).\n" } ], "metrics": { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:happyforms:happyforms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.26.3", + "matchCriteriaId": "1A7A1AF5-494F-45E1-B207-596D878750B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10107.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10107.json index 83274d609c8..9803d991486 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10107.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10107.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10107", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:32.707", - "lastModified": "2025-05-20T16:15:24.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:38:31.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seedprod:rafflepress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.12.17", + "matchCriteriaId": "D80F3635-BF28-443E-94F9-635791586C2F" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10144.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10144.json index 5593836eca6..715a359ea38 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10144.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10144.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10144", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:32.870", - "lastModified": "2025-05-20T16:15:24.420", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:46:48.890", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:robosoft:robo_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.22", + "matchCriteriaId": "43FD59BA-9D8A-4DC6-9F8D-DA91C952B93C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10145.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10145.json index 0a26b9e8b08..4998d2ab974 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10145.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10145.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10145", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:32.950", - "lastModified": "2025-05-20T16:15:24.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:35:56.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devpups:social_pug:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.34.4", + "matchCriteriaId": "034574A5-AE62-47F4-B3DD-237346AF3D7E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10504.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10504.json index a71139bfe5a..82103fb71aa 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10504.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10504.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10504", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:33.297", - "lastModified": "2025-05-20T16:15:24.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:35:34.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reputeinfosystems:arforms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.1", + "matchCriteriaId": "89F7E8A4-E457-4CF0-B176-654A846D4729" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/9a22df11-0e24-4248-a8f3-da8f23ccb313/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/9a22df11-0e24-4248-a8f3-da8f23ccb313/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11109.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11109.json index 487a2592a32..69d1a11d0d5 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11109.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11109.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11109", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:33.893", - "lastModified": "2025-05-20T16:15:25.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:35:19.280", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ljapps:wp_google_review_slider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "15.6", + "matchCriteriaId": "5E12A47C-3229-4E07-B634-DCE65FCB6959" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11831.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11831.json index 817f16e5714..62bd27bd6fe 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11831.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11831.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11831", "sourceIdentifier": "secalert@redhat.com", "published": "2025-02-10T16:15:37.080", - "lastModified": "2025-06-04T03:15:26.317", + "lastModified": "2025-06-04T21:15:35.177", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -76,6 +76,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:8479", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:8544", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-11831", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13613.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13613.json index 4d48570a887..4b0b5286386 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13613.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13613.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13613", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-17T12:15:24.127", - "lastModified": "2025-05-19T13:35:20.460", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:14:35.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,6 +19,26 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -49,24 +69,64 @@ "value": "CWE-200" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kainex:wise_chat:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.3", + "matchCriteriaId": "6AF061B8-BC63-4341-9A45-D6E575BC1C9B" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wise-chat/trunk/src/services/WiseChatAttachmentsService.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3268074/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3288680/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f70dabb4-3ae6-43cf-86e2-62ac1454b697?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20498.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20498.json index 1ede5ddf028..ffe185065f8 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20498.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20498.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20498", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:13.870", - "lastModified": "2024-10-08T18:32:54.457", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:36.207", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." + "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20499.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20499.json index 52cd228fa96..d67cfea3ffd 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20499.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20499.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20499", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:14.143", - "lastModified": "2024-10-08T18:27:16.110", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:36.380", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." + "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20500.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20500.json index b08ed40796a..77c063a55ae 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20500.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20500.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20500", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:14.350", - "lastModified": "2024-10-08T18:27:19.347", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:36.527", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." + "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20501.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20501.json index 5d3672de550..c6cf3c3eb51 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20501.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20501.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20501", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:14.570", - "lastModified": "2024-10-08T18:28:51.753", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:36.680", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." + "value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20502.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20502.json index 5fea008e0ed..878c517b123 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20502.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20502.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20502", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:14.780", - "lastModified": "2024-10-08T18:46:38.437", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:36.843", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." + "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\n This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20509.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20509.json index ab4a3573c29..1389965a56e 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20509.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20509.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20509", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:14.997", - "lastModified": "2024-10-08T18:45:52.513", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:37.017", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r\nThis vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device." + "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20513.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20513.json index 8456ee4b7d4..aafd9b343b4 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20513.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20513.json @@ -2,13 +2,13 @@ "id": "CVE-2024-20513", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T19:15:15.210", - "lastModified": "2024-10-08T21:16:54.820", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-04T21:15:37.183", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate." + "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\n This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21728.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21728.json index 47f520bb641..4661efbcd27 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21728.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21728.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21728", "sourceIdentifier": "security@joomla.org", "published": "2024-02-15T21:15:09.220", - "lastModified": "2024-12-03T16:15:21.030", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T21:08:56.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,50 @@ "value": "CWE-601" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartcalc:osticky:*:*:*:*:*:joomla\\!:*:*", + "versionEndExcluding": "2.2.8", + "matchCriteriaId": "688E546D-B967-4476-9817-70044BE42350" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/solracsf/osTicky", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/solracsf/osTicky", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22626.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22626.json index 1255f032f33..37e88f05f63 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22626.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22626.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22626", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T18:15:11.120", - "lastModified": "2024-11-21T08:56:29.730", + "lastModified": "2025-06-04T21:15:37.340", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json index 4fc036adc38..f2fba7e047e 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22646", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.027", - "lastModified": "2024-11-21T08:56:32.110", + "lastModified": "2025-06-04T21:15:37.543", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-209" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json index abca5f51499..0eef29e61d1 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22899", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.073", - "lastModified": "2024-11-21T08:56:45.913", + "lastModified": "2025-06-04T21:15:37.730", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25940.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25940.json index 92c159656d5..6b9e493f5cd 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25940.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25940.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25940", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-02-15T05:15:11.100", - "lastModified": "2024-11-21T17:15:11.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T21:24:01.180", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,139 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.2", + "matchCriteriaId": "69125938-D4B2-43D0-AA23-1CCCEB114936" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.3", + "versionEndExcluding": "14.0", + "matchCriteriaId": "49A95FB1-562D-4804-ACB6-73193028DAE7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*", + "matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*", + "matchCriteriaId": "E9CAFF74-AD36-4D29-83F3-23E0417C485D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*", + "matchCriteriaId": "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*", + "matchCriteriaId": "E7A81663-047E-4328-BE3A-CF65AB55B29F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", + "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240419-0004/", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240419-0004/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json index 8e315e72f23..7032979e9ef 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25941", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-02-15T05:15:11.200", - "lastModified": "2024-11-21T09:01:37.113", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T21:55:22.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,144 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.2", + "matchCriteriaId": "69125938-D4B2-43D0-AA23-1CCCEB114936" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*", + "matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*", + "matchCriteriaId": "E9CAFF74-AD36-4D29-83F3-23E0417C485D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*", + "matchCriteriaId": "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*", + "matchCriteriaId": "E7A81663-047E-4328-BE3A-CF65AB55B29F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", + "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240510-0003/", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240510-0003/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-271xx/CVE-2024-27184.json b/CVE-2024/CVE-2024-271xx/CVE-2024-27184.json index ce638b897d5..0f1136b79b8 100644 --- a/CVE-2024/CVE-2024-271xx/CVE-2024-27184.json +++ b/CVE-2024/CVE-2024-271xx/CVE-2024-27184.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27184", "sourceIdentifier": "security@joomla.org", "published": "2024-08-20T16:15:10.733", - "lastModified": "2024-11-04T21:35:04.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:59:33.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,58 @@ "value": "CWE-601" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "3.4.6", + "versionEndExcluding": "3.10.17", + "matchCriteriaId": "47101733-5E37-42C0-A977-FC810D8894AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.7", + "matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/941-20240801-core-inadequate-validation-of-internal-urls.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-271xx/CVE-2024-27185.json b/CVE-2024/CVE-2024-271xx/CVE-2024-27185.json index 30de30ad4cc..5d918d4248c 100644 --- a/CVE-2024/CVE-2024-271xx/CVE-2024-27185.json +++ b/CVE-2024/CVE-2024-271xx/CVE-2024-27185.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27185", "sourceIdentifier": "security@joomla.org", "published": "2024-08-20T16:15:10.840", - "lastModified": "2025-03-25T14:15:24.320", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:58:53.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.10.17", + "matchCriteriaId": "06872F7A-5955-47D8-8433-FD3339AAE5D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.7", + "matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-271xx/CVE-2024-27186.json b/CVE-2024/CVE-2024-271xx/CVE-2024-27186.json index dfb4405872e..13cdff9b599 100644 --- a/CVE-2024/CVE-2024-271xx/CVE-2024-27186.json +++ b/CVE-2024/CVE-2024-271xx/CVE-2024-27186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27186", "sourceIdentifier": "security@joomla.org", "published": "2024-08-20T16:15:10.893", - "lastModified": "2024-11-21T16:15:23.160", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:58:35.960", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,51 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.7", + "matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/944-20240803-core-xss-in-html-mail-templates.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-271xx/CVE-2024-27187.json b/CVE-2024/CVE-2024-271xx/CVE-2024-27187.json index c70935f8fab..5c529a15c22 100644 --- a/CVE-2024/CVE-2024-271xx/CVE-2024-27187.json +++ b/CVE-2024/CVE-2024-271xx/CVE-2024-27187.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27187", "sourceIdentifier": "security@joomla.org", "published": "2024-08-20T16:15:10.983", - "lastModified": "2024-08-21T12:30:33.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:58:17.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,51 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.7", + "matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3996.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3996.json index ea71e60a504..739ed6b153c 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3996.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3996.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3996", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:53.950", - "lastModified": "2025-05-16T17:15:50.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:35:03.570", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shapedplugin:smart_post_show:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.28", + "matchCriteriaId": "2BD41A0E-14CB-4639-947A-ACC6EFB3C4E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/4035e3f9-89fe-49e1-8aa2-55ab3f1aa528/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40743.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40743.json index 996f39d3867..ea5c5f22473 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40743.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40743", "sourceIdentifier": "security@joomla.org", "published": "2024-08-20T16:15:11.457", - "lastModified": "2024-10-30T15:35:12.210", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:57:43.690", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,58 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.10.17", + "matchCriteriaId": "06872F7A-5955-47D8-8433-FD3339AAE5D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.6", + "matchCriteriaId": "039D1E9C-9564-41C8-8D02-77A9B9677540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.3", + "matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/946-20240805-core-xss-vectors-in-outputfilter-strip-methods.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json index 9c07806ee03..2ee64262f8c 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40744.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40744", "sourceIdentifier": "security@joomla.org", "published": "2024-12-04T15:15:11.057", - "lastModified": "2024-12-05T17:15:11.570", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:57:31.663", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,44 @@ "value": "CWE-434" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "4.4.8", + "matchCriteriaId": "8B5AA6F4-1B5D-47A8-969B-2933792C3A63" + } + ] + } + ] } ], "references": [ { "url": "https://www.tassos.gr/joomla-extensions/convert-forms", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40745.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40745.json index 2fc887b0ef3..8550a870b76 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40745.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40745.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40745", "sourceIdentifier": "security@joomla.org", "published": "2024-12-04T15:15:11.170", - "lastModified": "2024-12-04T17:15:14.097", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:57:19.143", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,44 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "4.4.8", + "matchCriteriaId": "8B5AA6F4-1B5D-47A8-969B-2933792C3A63" + } + ] + } + ] } ], "references": [ { "url": "https://www.tassos.gr/joomla-extensions/convert-forms", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40747.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40747.json index 5e637a3c33f..b1f73e9db21 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40747.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40747.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40747", "sourceIdentifier": "security@joomla.org", "published": "2025-01-07T17:15:23.430", - "lastModified": "2025-01-07T17:15:23.430", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:56:25.670", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,51 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.10", + "matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.3", + "matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/954-20250101-core-xss-vectors-in-module-chromes.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40748.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40748.json index 1a96ccba7ce..162e3368412 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40748.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40748.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40748", "sourceIdentifier": "security@joomla.org", "published": "2025-01-07T17:15:23.587", - "lastModified": "2025-01-08T15:15:18.110", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:56:03.253", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,58 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.10.20", + "matchCriteriaId": "AA87EB4B-B4BC-4B95-8055-D071DDB4A27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.10", + "matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.3", + "matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40749.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40749.json index f16ad0d817e..92e580a33d4 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40749.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40749", "sourceIdentifier": "security@joomla.org", "published": "2025-01-07T17:15:23.683", - "lastModified": "2025-01-08T15:15:18.400", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:55:46.570", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,58 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.10.20", + "matchCriteriaId": "AA87EB4B-B4BC-4B95-8055-D071DDB4A27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.10", + "matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.3", + "matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4665.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4665.json index 379e4e8f7bd..f014a190996 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4665.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4665.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4665", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:54.557", - "lastModified": "2025-05-16T16:15:28.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:10:05.613", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.5.0", + "matchCriteriaId": "904EB268-FD55-43C1-B179-685DEB2C0E27" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51475.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51475.json index d219c42a324..00b2fdf47ab 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51475.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51475.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51475", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-16T01:15:51.673", - "lastModified": "2025-05-16T14:42:18.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:02:45.390", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "psirt@us.ibm.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,12 +69,52 @@ "value": "CWE-80" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "C5624402-755C-4440-942C-3E7188A86858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*", + "matchCriteriaId": "3F64E261-4A3D-47ED-BF98-3267AE1786FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D9BC5208-069F-4A2C-BA41-004199E4B09D" + } + ] + } + ] } ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7233695", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6668.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6668.json index b3c29a22338..a2659920b68 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6668.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6668.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6668", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:55.620", - "lastModified": "2025-05-20T20:15:37.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:10:22.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpproking:profilepro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "673749E9-E46D-4891-97BC-628BEA47B2E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8faf1409-44e6-4ebf-9a68-b5f93a5295e9/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/8faf1409-44e6-4ebf-9a68-b5f93a5295e9/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6708.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6708.json index ed3ee8844db..b45cfaa4482 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6708.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6708.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6708", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:55.860", - "lastModified": "2025-05-20T20:15:38.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:09:28.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.12.2", + "matchCriteriaId": "27E42E76-49AD-41BC-BA6B-A8A6CD9FFA3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6711.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6711.json index c0fc71574ae..886820fc395 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6711.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6711.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6711", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:55.940", - "lastModified": "2025-05-16T16:15:28.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:09:16.310", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vollstart:event_tickets_with_ticket_scanner:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.8", + "matchCriteriaId": "23A24BAB-72D0-466C-B3B3-D0ADF62E4A5F" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/bf431b81-2db9-4fcb-841c-9b51d1870bf8/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7758.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7758.json index ff1c75eec7a..026022cf4b8 100644 --- a/CVE-2024/CVE-2024-77xx/CVE-2024-7758.json +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7758.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7758", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:56.747", - "lastModified": "2025-05-17T04:16:08.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:09:05.957", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stylishpricelist:stylish_price_list:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.1.8", + "matchCriteriaId": "9680F68D-5E55-4A4F-A7A2-A33119259076" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0bf39a29-a605-407b-9ab0-a82437d16153/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8493.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8493.json index fde052bbe42..68087d7322d 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8493.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8493.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8493", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:58.823", - "lastModified": "2025-05-17T04:16:13.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:55.440", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stellarwp:the_events_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.6.4", + "matchCriteriaId": "694570FF-456F-44DB-8FEB-5CE1129DF575" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/561b3185-501a-4a75-b880-226b159c0431/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8542.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8542.json index 85b00eb439b..896ce240d1d 100644 --- a/CVE-2024/CVE-2024-85xx/CVE-2024-8542.json +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8542.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8542", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:58.903", - "lastModified": "2025-05-17T04:16:14.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:44.297", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeverest:everest_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.3.1", + "matchCriteriaId": "015FA013-2660-4C18-B999-8EFEDAD46345" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/e5f94dcf-a6dc-4c4c-acb6-1a7ead701053/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8617.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8617.json index 0a753a0935d..61d53cc017a 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8617.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8617.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8617", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:58.990", - "lastModified": "2025-05-17T04:16:14.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:32.893", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.5.9.9", + "matchCriteriaId": "5BF588A7-5437-46C4-93F4-AEE70AFBADDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8619.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8619.json index 4152c00dcd5..8662515e921 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8619.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8619.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8619", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:59.147", - "lastModified": "2025-05-20T19:15:49.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:23.630", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*", + "versionEndExcluding": "4.12.3", + "matchCriteriaId": "8C7B9983-17F1-4D2C-A07D-2DECF9BD78FB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/84f6733e-028a-4288-b01a-7578a4a89dbe/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/84f6733e-028a-4288-b01a-7578a4a89dbe/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8620.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8620.json index 28b1e01145c..247f2c6392b 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8620.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8620.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8620", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:59.227", - "lastModified": "2025-05-20T19:15:49.487", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:11.127", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "2.93", + "matchCriteriaId": "CAEEB57F-7610-46B0-9C89-96AC7378DBE8" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d8b0ddd8-0380-4185-aa00-8437e2b617ad/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/d8b0ddd8-0380-4185-aa00-8437e2b617ad/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8670.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8670.json index 001c996ca96..2128db05c2c 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8670.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8670.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8670", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:59.303", - "lastModified": "2025-05-20T19:15:49.627", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:08:00.993", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.29", + "matchCriteriaId": "39BD6724-4999-4E18-BAD9-7E4468389C5C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8700.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8700.json index 8ec844b5b9c..263516ac9de 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8700.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8700.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8700", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:59.547", - "lastModified": "2025-05-20T20:15:40.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:07:46.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:total-soft:event_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.4", + "matchCriteriaId": "308BEF45-53E9-43C3-A67B-890F3D6B017A" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9233.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9233.json index e11cd30b645..f1ffc0f215e 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9233.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9233.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9233", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:00.307", - "lastModified": "2025-05-17T04:16:16.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:07:13.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gsplugins:logo_slider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.7.1", + "matchCriteriaId": "E0ED2BEF-BA51-492E-9791-DF41EE0BCC06" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/a466cea4-0ae5-44a1-9e12-bd5dbecde2f2/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9390.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9390.json index 28eb8f90262..013f12affa9 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9390.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9390.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9390", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:00.557", - "lastModified": "2025-05-17T04:16:17.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:07:00.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.0.2.1", + "matchCriteriaId": "8379D1D5-D25C-4666-81FC-7F0DD3A33F07" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6a5308fb-83bf-4f6a-a7ef-e3e1b69aa80f/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9450.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9450.json index 3f89972a22a..7e48df3f639 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9450.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9450.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9450", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:00.653", - "lastModified": "2025-05-16T21:15:33.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:06:46.927", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:syntactics:free_booking_plugin_for_hotels\\,_restaurant_and_car_rental:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.15", + "matchCriteriaId": "C643138C-E522-408D-BA63-764435D91060" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/f4b9568a-af74-40df-89c1-550e8515ca0a/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9599.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9599.json index 2ec352fab3b..9108e449b6f 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9599.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9599.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9599", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:00.757", - "lastModified": "2025-05-16T21:15:33.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:06:33.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.7.8", + "matchCriteriaId": "9C54300A-2E08-43DD-9192-6F8546F92C71" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/9e8a2659-7a6c-4528-b0b2-64d462485b43/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9645.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9645.json index 3ce4a973300..2756d670f1f 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9645.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9645.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9645", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:00.843", - "lastModified": "2025-05-16T21:15:33.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:06:25.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.93", + "matchCriteriaId": "2E801B2E-8C72-454C-8D6C-3309F2AACB3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/cfd6db83-5e7f-4631-87c3-fdcd4c64c4fe/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-11xx/CVE-2025-1138.json b/CVE-2025/CVE-2025-11xx/CVE-2025-1138.json index 047acff303a..7707ace8aeb 100644 --- a/CVE-2025/CVE-2025-11xx/CVE-2025-1138.json +++ b/CVE-2025/CVE-2025-11xx/CVE-2025-1138.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1138", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-15T21:15:49.527", - "lastModified": "2025-05-16T14:42:18.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:02:53.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,47 @@ "value": "CWE-548" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", + "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.7:*:*:*:*:*:*:*", + "matchCriteriaId": "7BCD0E05-A8D1-4F6E-B88C-A48CCE006EDB" + } + ] + } + ] } ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7230295", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1289.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1289.json index 00ae1185c59..5578946bdba 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1289.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1289.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1289", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:02.307", - "lastModified": "2025-05-20T19:15:49.907", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:06:11.680", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coffee-code:getnet_para_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.1", + "matchCriteriaId": "2A088B07-AC54-4F30-905C-FCA4AD542D1C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/5a296b59-f305-49a2-88b8-fca998f2c43e/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/5a296b59-f305-49a2-88b8-fca998f2c43e/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1303.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1303.json index 6621469e8fb..3f997e92ad5 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1303.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1303.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1303", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:02.387", - "lastModified": "2025-05-20T18:15:44.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:05:45.313", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coffee-code:getnet_para_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.1", + "matchCriteriaId": "2A088B07-AC54-4F30-905C-FCA4AD542D1C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/35181798-4f21-4c8d-bb6e-61eb13683a74/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/35181798-4f21-4c8d-bb6e-61eb13683a74/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-202xx/CVE-2025-20286.json b/CVE-2025/CVE-2025-202xx/CVE-2025-20286.json index 36cd000cddb..ec797dc3cc9 100644 --- a/CVE-2025/CVE-2025-202xx/CVE-2025-20286.json +++ b/CVE-2025/CVE-2025-202xx/CVE-2025-20286.json @@ -2,20 +2,20 @@ "id": "CVE-2025-20286", "sourceIdentifier": "psirt@cisco.com", "published": "2025-06-04T17:15:28.427", - "lastModified": "2025-06-04T17:15:28.427", + "lastModified": "2025-06-04T21:15:37.940", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected." + "value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@cisco.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", @@ -38,7 +38,7 @@ "weaknesses": [ { "source": "psirt@cisco.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json index c6ed9210d50..464fe66a1bc 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22204", "sourceIdentifier": "security@joomla.org", "published": "2025-02-04T08:15:32.563", - "lastModified": "2025-02-04T18:15:35.247", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:53:36.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,43 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:regularlabs:sourcerer:*:*:*:*:*:joomla\\!:*:*", + "versionEndExcluding": "11.0.0", + "matchCriteriaId": "3AD75750-509E-4AC5-B670-FDAD8E8838B5" + } + ] + } + ] } ], "references": [ { "url": "https://regularlabs.com/sourcerer", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json index 11ba3710a91..5de89a33010 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22205", "sourceIdentifier": "security@joomla.org", "published": "2025-02-04T08:15:32.703", - "lastModified": "2025-02-05T18:15:30.803", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:52:47.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,44 @@ "value": "CWE-35" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admiror-design-studio:admiror_gallery:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.5.0", + "matchCriteriaId": "8A692976-C89D-4F39-B136-1691F7967E22" + } + ] + } + ] } ], "references": [ { "url": "http://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-gallery", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22206.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22206.json index d5782a8514d..75eadb13293 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22206.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22206.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22206", "sourceIdentifier": "security@joomla.org", "published": "2025-02-04T15:15:19.797", - "lastModified": "2025-02-06T11:15:10.797", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:52:00.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.1.5", + "versionEndIncluding": "1.4.2", + "matchCriteriaId": "569BE38F-D2FA-46A7-9AAA-4C206021E258" + } + ] + } + ] } ], "references": [ { "url": "https://decrypt.locker/obtaining-my-first-cve/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://joomsky.com/js-jobs-joomla/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22208.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22208.json index 70b06b7ef63..a7e7ff86733 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22208.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22208.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22208", "sourceIdentifier": "security@joomla.org", "published": "2025-02-15T09:15:11.043", - "lastModified": "2025-02-21T13:15:11.400", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:51:47.783", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.1.5", + "versionEndIncluding": "1.4.3", + "matchCriteriaId": "25174DBB-4C98-42D4-ABA8-6FF49E5B471D" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://joomsky.com/js-jobs-joomla/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22209.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22209.json index d39b603a3c6..5d024b3b11e 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22209.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22209.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22209", "sourceIdentifier": "security@joomla.org", "published": "2025-02-15T09:15:11.237", - "lastModified": "2025-02-21T13:15:11.553", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:51:31.390", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "1.1.5", + "versionEndIncluding": "1.4.3", + "matchCriteriaId": "25174DBB-4C98-42D4-ABA8-6FF49E5B471D" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://joomsky.com/js-jobs-joomla/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22210.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22210.json index 34e548f58bc..5c5eea0776e 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22210.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22210.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22210", "sourceIdentifier": "security@joomla.org", "published": "2025-02-25T06:15:23.343", - "lastModified": "2025-04-03T14:15:28.573", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:51:12.953", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,20 +49,60 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "3.3.0", + "versionEndIncluding": "5.1.4", + "matchCriteriaId": "6572CC1C-AA19-44E5-8498-B3A8005B9E7B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22210", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Third Party Advisory", + "Exploit" + ] }, { "url": "https://www.hikashop.com/", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22210", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22243.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22243.json new file mode 100644 index 00000000000..ed6052f0c33 --- /dev/null +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22243.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22243", + "sourceIdentifier": "security@vmware.com", + "published": "2025-06-04T20:15:22.120", + "lastModified": "2025-06-04T20:15:22.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22244.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22244.json new file mode 100644 index 00000000000..54751d7e6c4 --- /dev/null +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22244.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22244", + "sourceIdentifier": "security@vmware.com", + "published": "2025-06-04T20:15:22.263", + "lastModified": "2025-06-04T20:15:22.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22245.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22245.json new file mode 100644 index 00000000000..d17f8d65cfd --- /dev/null +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22245.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-22245", + "sourceIdentifier": "security@vmware.com", + "published": "2025-06-04T20:15:22.400", + "lastModified": "2025-06-04T20:15:22.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2247.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2247.json index b9be78af9f1..71ee2bcfd17 100644 --- a/CVE-2025/CVE-2025-22xx/CVE-2025-2247.json +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2247.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2247", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:05.980", - "lastModified": "2025-05-16T21:15:34.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:04:13.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mantus667:wp-pmanager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "9F48C16A-0C7F-45BE-B7A9-18D50CD99EEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/3974c5c3-887e-46bd-aad7-4f3169bff6de/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2248.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2248.json index 7ca95f24e19..2846c67e490 100644 --- a/CVE-2025/CVE-2025-22xx/CVE-2025-2248.json +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2248.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2248", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:16:06.067", - "lastModified": "2025-05-16T21:15:34.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-04T20:03:58.247", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mantus667:wp-pmanager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "9F48C16A-0C7F-45BE-B7A9-18D50CD99EEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/b470a277-f5ad-49ff-97dd-4d3ee0269e5a/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23095.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23095.json index c1abae4eddb..5cec0981b73 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23095.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23095.json @@ -2,7 +2,7 @@ "id": "CVE-2025-23095", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-04T15:15:23.760", - "lastModified": "2025-06-04T15:15:23.760", + "lastModified": "2025-06-04T21:15:38.050", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23096.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23096.json index f4a1351b58b..ec73aa0bdff 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23096.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23096.json @@ -2,7 +2,7 @@ "id": "CVE-2025-23096", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-04T15:15:23.860", - "lastModified": "2025-06-04T15:15:23.860", + "lastModified": "2025-06-04T21:15:38.210", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23101.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23101.json index 508d2ca546c..0a7c37711ce 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23101.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23101.json @@ -2,7 +2,7 @@ "id": "CVE-2025-23101", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-04T15:15:23.960", - "lastModified": "2025-06-04T15:15:23.960", + "lastModified": "2025-06-04T21:15:38.367", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23106.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23106.json index 6ec44eee15e..16f3014aa13 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23106.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23106.json @@ -2,7 +2,7 @@ "id": "CVE-2025-23106", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-04T16:15:35.457", - "lastModified": "2025-06-04T16:15:35.457", + "lastModified": "2025-06-04T21:15:38.527", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24015.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24015.json index 28eb9335def..a629213549e 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24015.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24015.json @@ -2,13 +2,13 @@ "id": "CVE-2025-24015", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-03T23:15:20.633", - "lastModified": "2025-06-04T14:54:33.783", + "lastModified": "2025-06-04T20:15:22.543", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue." + "value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue." }, { "lang": "es", diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25226.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25226.json index f6e87aff308..1f197e7407d 100644 --- a/CVE-2025/CVE-2025-252xx/CVE-2025-25226.json +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25226.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25226", "sourceIdentifier": "security@joomla.org", "published": "2025-04-08T17:15:35.453", - "lastModified": "2025-04-09T15:16:01.923", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:50:08.840", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,51 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "2.2.0", + "matchCriteriaId": "C69B50FF-AD2E-4F47-BBB9-D6FAA51D0872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.4.0", + "matchCriteriaId": "D89B0522-E39C-4031-994C-27E6C6AB69AA" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25227.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25227.json index 652b3e46131..96c02343ed0 100644 --- a/CVE-2025/CVE-2025-252xx/CVE-2025-25227.json +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25227.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25227", "sourceIdentifier": "security@joomla.org", "published": "2025-04-08T17:15:35.610", - "lastModified": "2025-04-08T19:15:47.290", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-04T20:49:45.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,51 @@ "value": "CWE-287" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.4.13", + "matchCriteriaId": "AFCB1A48-AFE1-458D-8179-74814FE4EBB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.6", + "matchCriteriaId": "55CFCA35-829E-4EF5-A55E-64BBD4EB1A3F" + } + ] + } + ] } ], "references": [ { "url": "https://developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.html", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29093.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29093.json index 57451648452..218ba10169f 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29093.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29093.json @@ -2,7 +2,7 @@ "id": "CVE-2025-29093", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-04T16:15:36.087", - "lastModified": "2025-06-04T16:15:36.087", + "lastModified": "2025-06-04T21:15:38.687", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], "references": [ { "url": "https://github.com/FraMarcuccio/CVE-2025-29093-Arbitrary-File-Upload/blob/main/README.md", diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31134.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31134.json new file mode 100644 index 00000000000..b5bd89e7d3c --- /dev/null +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31134.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-31134", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-04T20:15:22.657", + "lastModified": "2025-06-04T20:15:22.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31136.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31136.json new file mode 100644 index 00000000000..23931e8ae9c --- /dev/null +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31136.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-31136", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-04T20:15:22.843", + "lastModified": "2025-06-04T21:15:38.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page.\nThis occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `