admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-04T22:00:19.622203+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-04 22:03:55 +00:00
parent 242c9cdfae
commit c86b4e5125
125 changed files with 6515 additions and 576 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-145xx/CVE-2020-14506.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-14506",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2020-09-18T18:15:16.583",
"lastModified": "2024-11-21T05:03:25.083",
"lastModified": "2025-06-04T20:15:21.540",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 3.4,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
@ -67,7 +87,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -103,6 +123,10 @@
"US Government Resource"
]
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"source": "af854a3a-2127-422b-91ae-364da2661108",

34
CVE-2020/CVE-2020-272xx/CVE-2020-27298.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-27298",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2021-01-26T18:15:45.990",
"lastModified": "2024-11-21T05:21:00.880",
"lastModified": "2025-06-04T20:15:21.807",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
@ -145,12 +165,12 @@
],
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01",

204
CVE-2022/CVE-2022-230xx/CVE-2022-23089.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23089",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.620",
"lastModified": "2025-03-13T22:15:12.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T21:11:31.653",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,214 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.3",
"matchCriteriaId": "21DD7BCE-A20E-4014-8E35-DB6EC1FB12B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.4",
"versionEndExcluding": "13.0",
"matchCriteriaId": "4ACD421D-AD3D-484B-9E8C-3FA32262B885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*",
"matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*",
"matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*",
"matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*",
"matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*",
"matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

176
CVE-2022/CVE-2022-230xx/CVE-2022-23090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23090",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.103",
"lastModified": "2025-03-29T00:15:15.963",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T21:59:04.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,186 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E231B24D-5CA9-4107-A819-57EE116AD644"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "620C23ED-400C-438C-8427-94437F12EDAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*",
"matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "FF1A096F-EC60-4C7D-AE40-D1DDAC9D4E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*",
"matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0007/",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0007/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-100xx/CVE-2024-10054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10054",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:32.370",
"lastModified": "2025-05-20T16:15:23.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:38:47.323",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -12,7 +12,7 @@
},
{
"lang": "es",
"value": "El complemento Happyforms para WordPress anterior a la versi\u00f3n 1.26.3 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
"value": "El complemento Happyforms para WordPress anterior a la versi\u00f3n 1.26.3 no depura ni escapa algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios).\n"
}
],
"metrics": {
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:happyforms:happyforms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.26.3",
"matchCriteriaId": "1A7A1AF5-494F-45E1-B207-596D878750B3"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-101xx/CVE-2024-10107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10107",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:32.707",
"lastModified": "2025-05-20T16:15:24.143",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:38:31.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seedprod:rafflepress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.12.17",
"matchCriteriaId": "D80F3635-BF28-443E-94F9-635791586C2F"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-101xx/CVE-2024-10144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10144",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:32.870",
"lastModified": "2025-05-20T16:15:24.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:46:48.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robosoft:robo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.22",
"matchCriteriaId": "43FD59BA-9D8A-4DC6-9F8D-DA91C952B93C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-101xx/CVE-2024-10145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10145",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:32.950",
"lastModified": "2025-05-20T16:15:24.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:35:56.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devpups:social_pug:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.34.4",
"matchCriteriaId": "034574A5-AE62-47F4-B3DD-237346AF3D7E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-105xx/CVE-2024-10504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10504",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:33.297",
"lastModified": "2025-05-20T16:15:24.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:35:34.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reputeinfosystems:arforms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "89F7E8A4-E457-4CF0-B176-654A846D4729"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9a22df11-0e24-4248-a8f3-da8f23ccb313/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/9a22df11-0e24-4248-a8f3-da8f23ccb313/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-111xx/CVE-2024-11109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11109",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:33.893",
"lastModified": "2025-05-20T16:15:25.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:35:19.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ljapps:wp_google_review_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "5E12A47C-3229-4E07-B634-DCE65FCB6959"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-118xx/CVE-2024-11831.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11831",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-10T16:15:37.080",
"lastModified": "2025-06-04T03:15:26.317",
"lastModified": "2025-06-04T21:15:35.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -76,6 +76,10 @@
"url": "https://access.redhat.com/errata/RHSA-2025:8479",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8544",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11831",
"source": "secalert@redhat.com"

72
CVE-2024/CVE-2024-136xx/CVE-2024-13613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13613",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-17T12:15:24.127",
"lastModified": "2025-05-19T13:35:20.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:14:35.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,6 +19,26 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -49,24 +69,64 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kainex:wise_chat:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.3",
"matchCriteriaId": "6AF061B8-BC63-4341-9A45-D6E575BC1C9B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wise-chat/trunk/src/services/WiseChatAttachmentsService.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3268074/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3288680/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f70dabb4-3ae6-43cf-86e2-62ac1454b697?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-204xx/CVE-2024-20498.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20498",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:13.870",
"lastModified": "2024-10-08T18:32:54.457",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:36.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-204xx/CVE-2024-20499.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20499",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:14.143",
"lastModified": "2024-10-08T18:27:16.110",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:36.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-205xx/CVE-2024-20500.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20500",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:14.350",
"lastModified": "2024-10-08T18:27:19.347",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:36.527",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-205xx/CVE-2024-20501.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20501",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:14.570",
"lastModified": "2024-10-08T18:28:51.753",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:36.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\n These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-205xx/CVE-2024-20502.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20502",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:14.780",
"lastModified": "2024-10-08T18:46:38.437",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:36.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\n This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\n\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-205xx/CVE-2024-20509.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20509",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:14.997",
"lastModified": "2024-10-08T18:45:52.513",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:37.017",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r\nThis vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device."
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-205xx/CVE-2024-20513.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20513",
"sourceIdentifier": "psirt@cisco.com",
"published": "2024-10-02T19:15:15.210",
"lastModified": "2024-10-08T21:16:54.820",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-04T21:15:37.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate."
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\n This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate."
},
{
"lang": "es",

42
CVE-2024/CVE-2024-217xx/CVE-2024-21728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21728",
"sourceIdentifier": "security@joomla.org",
"published": "2024-02-15T21:15:09.220",
"lastModified": "2024-12-03T16:15:21.030",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T21:08:56.977",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,16 +49,50 @@
"value": "CWE-601"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartcalc:osticky:*:*:*:*:*:joomla\\!:*:*",
"versionEndExcluding": "2.2.8",
"matchCriteriaId": "688E546D-B967-4476-9817-70044BE42350"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/solracsf/osTicky",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/solracsf/osTicky",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}

32
CVE-2024/CVE-2024-226xx/CVE-2024-22626.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22626",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T18:15:11.120",
"lastModified": "2024-11-21T08:56:29.730",
"lastModified": "2025-06-04T21:15:37.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-226xx/CVE-2024-22646.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22646",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.027",
"lastModified": "2024-11-21T08:56:32.110",
"lastModified": "2025-06-04T21:15:37.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-209"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"configurations": [

22
CVE-2024/CVE-2024-228xx/CVE-2024-22899.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22899",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.073",
"lastModified": "2024-11-21T08:56:45.913",
"lastModified": "2025-06-04T21:15:37.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

129
CVE-2024/CVE-2024-259xx/CVE-2024-25940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25940",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:11.100",
"lastModified": "2024-11-21T17:15:11.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T21:24:01.180",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,139 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.2",
"matchCriteriaId": "69125938-D4B2-43D0-AA23-1CCCEB114936"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.3",
"versionEndExcluding": "14.0",
"matchCriteriaId": "49A95FB1-562D-4804-ACB6-73193028DAE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*",
"matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "E9CAFF74-AD36-4D29-83F3-23E0417C485D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "E7A81663-047E-4328-BE3A-CF65AB55B29F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*",
"matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0004/",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0004/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

134
CVE-2024/CVE-2024-259xx/CVE-2024-25941.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25941",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:11.200",
"lastModified": "2024-11-21T09:01:37.113",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T21:55:22.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,144 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.2",
"matchCriteriaId": "69125938-D4B2-43D0-AA23-1CCCEB114936"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*",
"matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "E9CAFF74-AD36-4D29-83F3-23E0417C485D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "E7A81663-047E-4328-BE3A-CF65AB55B29F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*",
"matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240510-0003/",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240510-0003/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-271xx/CVE-2024-27184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27184",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.733",
"lastModified": "2024-11-04T21:35:04.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:59:33.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,58 @@
"value": "CWE-601"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*",
"versionStartIncluding": "3.4.6",
"versionEndExcluding": "3.10.17",
"matchCriteriaId": "47101733-5E37-42C0-A977-FC810D8894AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.7",
"matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/941-20240801-core-inadequate-validation-of-internal-urls.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-271xx/CVE-2024-27185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27185",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.840",
"lastModified": "2025-03-25T14:15:24.320",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:58:53.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.17",
"matchCriteriaId": "06872F7A-5955-47D8-8433-FD3339AAE5D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.7",
"matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-271xx/CVE-2024-27186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27186",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.893",
"lastModified": "2024-11-21T16:15:23.160",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:58:35.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,51 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.7",
"matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/944-20240803-core-xss-in-html-mail-templates.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-271xx/CVE-2024-27187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27187",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:10.983",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:58:17.973",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,51 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.7",
"matchCriteriaId": "8B56EE68-66B7-4D2E-8AF4-AB0EFEDF9006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-39xx/CVE-2024-3996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3996",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:53.950",
"lastModified": "2025-05-16T17:15:50.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:35:03.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shapedplugin:smart_post_show:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.28",
"matchCriteriaId": "2BD41A0E-14CB-4639-947A-ACC6EFB3C4E5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4035e3f9-89fe-49e1-8aa2-55ab3f1aa528/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-407xx/CVE-2024-40743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40743",
"sourceIdentifier": "security@joomla.org",
"published": "2024-08-20T16:15:11.457",
"lastModified": "2024-10-30T15:35:12.210",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:57:43.690",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,58 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.17",
"matchCriteriaId": "06872F7A-5955-47D8-8433-FD3339AAE5D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.6",
"matchCriteriaId": "039D1E9C-9564-41C8-8D02-77A9B9677540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E24C97A3-655B-4184-820A-F7D61BE668B3"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/946-20240805-core-xss-vectors-in-outputfilter-strip-methods.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

38
CVE-2024/CVE-2024-407xx/CVE-2024-40744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40744",
"sourceIdentifier": "security@joomla.org",
"published": "2024-12-04T15:15:11.057",
"lastModified": "2024-12-05T17:15:11.570",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:57:31.663",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,44 @@
"value": "CWE-434"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "4.4.8",
"matchCriteriaId": "8B5AA6F4-1B5D-47A8-969B-2933792C3A63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tassos.gr/joomla-extensions/convert-forms",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

38
CVE-2024/CVE-2024-407xx/CVE-2024-40745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40745",
"sourceIdentifier": "security@joomla.org",
"published": "2024-12-04T15:15:11.170",
"lastModified": "2024-12-04T17:15:14.097",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:57:19.143",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,44 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "4.4.8",
"matchCriteriaId": "8B5AA6F4-1B5D-47A8-969B-2933792C3A63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tassos.gr/joomla-extensions/convert-forms",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

45
CVE-2024/CVE-2024-407xx/CVE-2024-40747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40747",
"sourceIdentifier": "security@joomla.org",
"published": "2025-01-07T17:15:23.430",
"lastModified": "2025-01-07T17:15:23.430",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:56:25.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,51 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.10",
"matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.3",
"matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/954-20250101-core-xss-vectors-in-module-chromes.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-407xx/CVE-2024-40748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40748",
"sourceIdentifier": "security@joomla.org",
"published": "2025-01-07T17:15:23.587",
"lastModified": "2025-01-08T15:15:18.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:56:03.253",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,58 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.10.20",
"matchCriteriaId": "AA87EB4B-B4BC-4B95-8055-D071DDB4A27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.10",
"matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.3",
"matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-407xx/CVE-2024-40749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40749",
"sourceIdentifier": "security@joomla.org",
"published": "2025-01-07T17:15:23.683",
"lastModified": "2025-01-08T15:15:18.400",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:55:46.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,58 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:elts:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.10.20",
"matchCriteriaId": "AA87EB4B-B4BC-4B95-8055-D071DDB4A27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.10",
"matchCriteriaId": "1B186AC0-F7B8-412B-8ABE-8A22B2CA0058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.3",
"matchCriteriaId": "05E7F60E-50B2-4192-B0A8-86FD780321D2"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-46xx/CVE-2024-4665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4665",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:54.557",
"lastModified": "2025-05-16T16:15:28.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:10:05.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "904EB268-FD55-43C1-B179-685DEB2C0E27"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-514xx/CVE-2024-51475.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51475",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-05-16T01:15:51.673",
"lastModified": "2025-05-16T14:42:18.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:02:45.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,12 +69,52 @@
"value": "CWE-80"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C5624402-755C-4440-942C-3E7188A86858"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F64E261-4A3D-47ED-BF98-3267AE1786FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BC5208-069F-4A2C-BA41-004199E4B09D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7233695",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-66xx/CVE-2024-6668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6668",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:55.620",
"lastModified": "2025-05-20T20:15:37.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:10:22.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpproking:profilepro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "673749E9-E46D-4891-97BC-628BEA47B2E4"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8faf1409-44e6-4ebf-9a68-b5f93a5295e9/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/8faf1409-44e6-4ebf-9a68-b5f93a5295e9/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-67xx/CVE-2024-6708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6708",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:55.860",
"lastModified": "2025-05-20T20:15:38.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:09:28.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.12.2",
"matchCriteriaId": "27E42E76-49AD-41BC-BA6B-A8A6CD9FFA3E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-67xx/CVE-2024-6711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6711",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:55.940",
"lastModified": "2025-05-16T16:15:28.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:09:16.310",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vollstart:event_tickets_with_ticket_scanner:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.8",
"matchCriteriaId": "23A24BAB-72D0-466C-B3B3-D0ADF62E4A5F"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/bf431b81-2db9-4fcb-841c-9b51d1870bf8/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-77xx/CVE-2024-7758.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7758",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:56.747",
"lastModified": "2025-05-17T04:16:08.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:09:05.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylishpricelist:stylish_price_list:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.1.8",
"matchCriteriaId": "9680F68D-5E55-4A4F-A7A2-A33119259076"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0bf39a29-a605-407b-9ab0-a82437d16153/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-84xx/CVE-2024-8493.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8493",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:58.823",
"lastModified": "2025-05-17T04:16:13.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:55.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stellarwp:the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.6.4",
"matchCriteriaId": "694570FF-456F-44DB-8FEB-5CE1129DF575"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/561b3185-501a-4a75-b880-226b159c0431/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-85xx/CVE-2024-8542.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8542",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:58.903",
"lastModified": "2025-05-17T04:16:14.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:44.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeverest:everest_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.3.1",
"matchCriteriaId": "015FA013-2660-4C18-B999-8EFEDAD46345"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e5f94dcf-a6dc-4c4c-acb6-1a7ead701053/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-86xx/CVE-2024-8617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8617",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:58.990",
"lastModified": "2025-05-17T04:16:14.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:32.893",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.5.9.9",
"matchCriteriaId": "5BF588A7-5437-46C4-93F4-AEE70AFBADDB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-86xx/CVE-2024-8619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8619",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:59.147",
"lastModified": "2025-05-20T19:15:49.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:23.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*",
"versionEndExcluding": "4.12.3",
"matchCriteriaId": "8C7B9983-17F1-4D2C-A07D-2DECF9BD78FB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/84f6733e-028a-4288-b01a-7578a4a89dbe/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/84f6733e-028a-4288-b01a-7578a4a89dbe/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-86xx/CVE-2024-8620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8620",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:59.227",
"lastModified": "2025-05-20T19:15:49.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:11.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.93",
"matchCriteriaId": "CAEEB57F-7610-46B0-9C89-96AC7378DBE8"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d8b0ddd8-0380-4185-aa00-8437e2b617ad/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/d8b0ddd8-0380-4185-aa00-8437e2b617ad/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-86xx/CVE-2024-8670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8670",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:59.303",
"lastModified": "2025-05-20T19:15:49.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:08:00.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.29",
"matchCriteriaId": "39BD6724-4999-4E18-BAD9-7E4468389C5C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-87xx/CVE-2024-8700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8700",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:15:59.547",
"lastModified": "2025-05-20T20:15:40.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:07:46.120",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:total-soft:event_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.4",
"matchCriteriaId": "308BEF45-53E9-43C3-A67B-890F3D6B017A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-92xx/CVE-2024-9233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9233",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:00.307",
"lastModified": "2025-05-17T04:16:16.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:07:13.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gsplugins:logo_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.1",
"matchCriteriaId": "E0ED2BEF-BA51-492E-9791-DF41EE0BCC06"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a466cea4-0ae5-44a1-9e12-bd5dbecde2f2/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-93xx/CVE-2024-9390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9390",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:00.557",
"lastModified": "2025-05-17T04:16:17.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:07:00.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.0.2.1",
"matchCriteriaId": "8379D1D5-D25C-4666-81FC-7F0DD3A33F07"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6a5308fb-83bf-4f6a-a7ef-e3e1b69aa80f/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-94xx/CVE-2024-9450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9450",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:00.653",
"lastModified": "2025-05-16T21:15:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:06:46.927",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:syntactics:free_booking_plugin_for_hotels\\,_restaurant_and_car_rental:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.15",
"matchCriteriaId": "C643138C-E522-408D-BA63-764435D91060"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f4b9568a-af74-40df-89c1-550e8515ca0a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-95xx/CVE-2024-9599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9599",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:00.757",
"lastModified": "2025-05-16T21:15:33.633",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:06:33.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.8",
"matchCriteriaId": "9C54300A-2E08-43DD-9192-6F8546F92C71"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9e8a2659-7a6c-4528-b0b2-64d462485b43/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-96xx/CVE-2024-9645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9645",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:00.843",
"lastModified": "2025-05-16T21:15:33.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:06:25.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.93",
"matchCriteriaId": "2E801B2E-8C72-454C-8D6C-3309F2AACB3D"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/cfd6db83-5e7f-4631-87c3-fdcd4c64c4fe/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

41
CVE-2025/CVE-2025-11xx/CVE-2025-1138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1138",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-05-15T21:15:49.527",
"lastModified": "2025-05-16T14:42:18.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:02:53.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,47 @@
"value": "CWE-548"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCD0E05-A8D1-4F6E-B88C-A48CCE006EDB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7230295",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

46
CVE-2025/CVE-2025-12xx/CVE-2025-1289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1289",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:02.307",
"lastModified": "2025-05-20T19:15:49.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:06:11.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coffee-code:getnet_para_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.1",
"matchCriteriaId": "2A088B07-AC54-4F30-905C-FCA4AD542D1C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5a296b59-f305-49a2-88b8-fca998f2c43e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/5a296b59-f305-49a2-88b8-fca998f2c43e/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

46
CVE-2025/CVE-2025-13xx/CVE-2025-1303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1303",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:02.387",
"lastModified": "2025-05-20T18:15:44.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:05:45.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coffee-code:getnet_para_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.1",
"matchCriteriaId": "2A088B07-AC54-4F30-905C-FCA4AD542D1C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/35181798-4f21-4c8d-bb6e-61eb13683a74/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/35181798-4f21-4c8d-bb6e-61eb13683a74/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2025/CVE-2025-202xx/CVE-2025-20286.json
View File

@ -2,20 +2,20 @@
"id": "CVE-2025-20286",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-04T17:15:28.427",
"lastModified": "2025-06-04T17:15:28.427",
"lastModified": "2025-06-04T21:15:37.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r\nThis vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\nNote: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected."
"value": "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.\r\n\r Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
@ -38,7 +38,7 @@
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

37
CVE-2025/CVE-2025-222xx/CVE-2025-22204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22204",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-04T08:15:32.563",
"lastModified": "2025-02-04T18:15:35.247",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:53:36.077",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,43 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:regularlabs:sourcerer:*:*:*:*:*:joomla\\!:*:*",
"versionEndExcluding": "11.0.0",
"matchCriteriaId": "3AD75750-509E-4AC5-B670-FDAD8E8838B5"
}
]
}
]
}
],
"references": [
{
"url": "https://regularlabs.com/sourcerer",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

38
CVE-2025/CVE-2025-222xx/CVE-2025-22205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22205",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-04T08:15:32.703",
"lastModified": "2025-02-05T18:15:30.803",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:52:47.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,44 @@
"value": "CWE-35"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:admiror-design-studio:admiror_gallery:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.5.0",
"matchCriteriaId": "8A692976-C89D-4F39-B136-1691F7967E22"
}
]
}
]
}
],
"references": [
{
"url": "http://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-gallery",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

44
CVE-2025/CVE-2025-222xx/CVE-2025-22206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22206",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-04T15:15:19.797",
"lastModified": "2025-02-06T11:15:10.797",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:52:00.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,16 +49,52 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.1.5",
"versionEndIncluding": "1.4.2",
"matchCriteriaId": "569BE38F-D2FA-46A7-9AAA-4C206021E258"
}
]
}
]
}
],
"references": [
{
"url": "https://decrypt.locker/obtaining-my-first-cve/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://joomsky.com/js-jobs-joomla/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

44
CVE-2025/CVE-2025-222xx/CVE-2025-22208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22208",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-15T09:15:11.043",
"lastModified": "2025-02-21T13:15:11.400",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:51:47.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,16 +49,52 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.1.5",
"versionEndIncluding": "1.4.3",
"matchCriteriaId": "25174DBB-4C98-42D4-ABA8-6FF49E5B471D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://joomsky.com/js-jobs-joomla/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

44
CVE-2025/CVE-2025-222xx/CVE-2025-22209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22209",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-15T09:15:11.237",
"lastModified": "2025-02-21T13:15:11.553",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:51:31.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,16 +49,52 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomsky:js_jobs:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.1.5",
"versionEndIncluding": "1.4.3",
"matchCriteriaId": "25174DBB-4C98-42D4-ABA8-6FF49E5B471D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://joomsky.com/js-jobs-joomla/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
}
]
}

50
CVE-2025/CVE-2025-222xx/CVE-2025-22210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22210",
"sourceIdentifier": "security@joomla.org",
"published": "2025-02-25T06:15:23.343",
"lastModified": "2025-04-03T14:15:28.573",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:51:12.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,20 +49,60 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "3.3.0",
"versionEndIncluding": "5.1.4",
"matchCriteriaId": "6572CC1C-AA19-44E5-8498-B3A8005B9E7B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22210",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Third Party Advisory",
"Exploit"
]
},
{
"url": "https://www.hikashop.com/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22210",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory",
"Exploit"
]
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22243.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22243",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-04T20:15:22.120",
"lastModified": "2025-06-04T20:15:22.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738",
"source": "security@vmware.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22244.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22244",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-04T20:15:22.263",
"lastModified": "2025-06-04T20:15:22.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738",
"source": "security@vmware.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22245.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22245",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-04T20:15:22.400",
"lastModified": "2025-06-04T20:15:22.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738",
"source": "security@vmware.com"
}
]
}

40
CVE-2025/CVE-2025-22xx/CVE-2025-2247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2247",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:05.980",
"lastModified": "2025-05-16T21:15:34.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:04:13.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mantus667:wp-pmanager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "9F48C16A-0C7F-45BE-B7A9-18D50CD99EEF"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3974c5c3-887e-46bd-aad7-4f3169bff6de/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2025/CVE-2025-22xx/CVE-2025-2248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2248",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-05-15T20:16:06.067",
"lastModified": "2025-05-16T21:15:34.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:03:58.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mantus667:wp-pmanager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "9F48C16A-0C7F-45BE-B7A9-18D50CD99EEF"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b470a277-f5ad-49ff-97dd-4d3ee0269e5a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2025/CVE-2025-230xx/CVE-2025-23095.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-23095",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T15:15:23.760",
"lastModified": "2025-06-04T15:15:23.760",
"lastModified": "2025-06-04T21:15:38.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

39
CVE-2025/CVE-2025-230xx/CVE-2025-23096.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-23096",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T15:15:23.860",
"lastModified": "2025-06-04T15:15:23.860",
"lastModified": "2025-06-04T21:15:38.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

39
CVE-2025/CVE-2025-231xx/CVE-2025-23101.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-23101",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T15:15:23.960",
"lastModified": "2025-06-04T15:15:23.960",
"lastModified": "2025-06-04T21:15:38.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

39
CVE-2025/CVE-2025-231xx/CVE-2025-23106.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-23106",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T16:15:35.457",
"lastModified": "2025-06-04T16:15:35.457",
"lastModified": "2025-06-04T21:15:38.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

4
CVE-2025/CVE-2025-240xx/CVE-2025-24015.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-24015",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-03T23:15:20.633",
"lastModified": "2025-06-04T14:54:33.783",
"lastModified": "2025-06-04T20:15:22.543",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue."
"value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue."
},
{
"lang": "es",

45
CVE-2025/CVE-2025-252xx/CVE-2025-25226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25226",
"sourceIdentifier": "security@joomla.org",
"published": "2025-04-08T17:15:35.453",
"lastModified": "2025-04-09T15:16:01.923",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:50:08.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,51 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "C69B50FF-AD2E-4F47-BBB9-D6FAA51D0872"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.4.0",
"matchCriteriaId": "D89B0522-E39C-4031-994C-27E6C6AB69AA"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2025/CVE-2025-252xx/CVE-2025-25227.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25227",
"sourceIdentifier": "security@joomla.org",
"published": "2025-04-08T17:15:35.610",
"lastModified": "2025-04-08T19:15:47.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:49:45.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,51 @@
"value": "CWE-287"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.13",
"matchCriteriaId": "AFCB1A48-AFE1-458D-8179-74814FE4EBB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.6",
"matchCriteriaId": "55CFCA35-829E-4EF5-A55E-64BBD4EB1A3F"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.joomla.org/security-centre/964-20250402-core-mfa-authentication-bypass.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2025/CVE-2025-290xx/CVE-2025-29093.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-29093",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T16:15:36.087",
"lastModified": "2025-06-04T16:15:36.087",
"lastModified": "2025-06-04T21:15:38.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/FraMarcuccio/CVE-2025-29093-Arbitrary-File-Upload/blob/main/README.md",

86
CVE-2025/CVE-2025-311xx/CVE-2025-31134.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-31134",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T20:15:22.657",
"lastModified": "2025-06-04T20:15:22.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

64
CVE-2025/CVE-2025-311xx/CVE-2025-31136.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-31136",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T20:15:22.843",
"lastModified": "2025-06-04T21:15:38.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page.\nThis occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren't sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox=\"allow-scripts allow-same-origin\"` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/commit/426e3054c237c2b98667ebeacbbdb5caa88e7b1f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-f6r4-jrvc-cfmr",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-f6r4-jrvc-cfmr",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

56
CVE-2025/CVE-2025-314xx/CVE-2025-31482.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-31482",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T20:15:23.013",
"lastModified": "2025-06-04T20:15:23.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-vpmc-3fv2-jmgp",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2025/CVE-2025-320xx/CVE-2025-32015.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-32015",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T20:15:23.163",
"lastModified": "2025-06-04T20:15:23.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/commit/54e2f9107d03c5b3bb260f38fdb2736bce449fd4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-wgrq-mcwc-8f8v",
"source": "security-advisories@github.com"
}
]
}

78
CVE-2025/CVE-2025-331xx/CVE-2025-33103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-33103",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-05-17T16:15:18.953",
"lastModified": "2025-05-19T13:35:20.460",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:12:06.793",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,62 @@
"value": "CWE-250"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFF96C2-7E0F-4DF9-AF51-3EE357D51095"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7233799",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

54
CVE-2025/CVE-2025-35xx/CVE-2025-3527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3527",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-17T12:15:24.810",
"lastModified": "2025-05-19T13:35:20.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:10:33.153",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.9.6",
"matchCriteriaId": "F7BA38FE-D0DF-4433-8184-E0CD618C2C00"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/eventon-wordpress-event-calendar-plugin/1211017#item-description__change-log",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/549ca9cf-0183-4c19-9bd5-b6d55a69df31?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2025/CVE-2025-38xx/CVE-2025-3888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3888",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-17T12:15:24.950",
"lastModified": "2025-05-19T13:35:20.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:10:15.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,18 +71,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.8.12",
"matchCriteriaId": "794701BD-F6F5-49FC-BF07-C7EB83C16D56"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/inline-svg/widgets/inline-svg.php#L304",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3292376/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f36f1ea5-62f7-48f0-a8d3-a56e0c9915d7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2025/CVE-2025-439xx/CVE-2025-43923.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-43923",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-03T15:15:58.767",
"lastModified": "2025-06-04T14:54:33.783",
"lastModified": "2025-06-04T21:15:39.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se detect\u00f3 un problema en ReportController en Unicom Focal Point 7.6.1. Un usuario con privilegios administrativos en Focal Point puede realizar una inyecci\u00f3n SQL mediante el par\u00e1metro de imagen durante la eliminaci\u00f3n de una imagen de informe."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.unicomsi.com/products/focal-point/",

39
CVE-2025/CVE-2025-439xx/CVE-2025-43924.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-43924",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-03T15:15:58.883",
"lastModified": "2025-06-04T14:54:33.783",
"lastModified": "2025-06-04T21:15:39.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 una vulnerabilidad de Cross-Site Scripting en Unicom Focal Point 7.6.1. El par\u00e1metro val en SettingController (para /fp/admin/settings/loginpage) y el par\u00e1metro rootserviceurl en FriendsController (para /fp/admin/settings/friends), introducidos por un administrador, permiten XSS Almacenado. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.unicomsi.com/products/focal-point/",

8
CVE-2025/CVE-2025-43xx/CVE-2025-4352.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-4352",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-06T12:15:30.513",
"lastModified": "2025-05-07T14:13:20.483",
"lastModified": "2025-06-04T21:15:40.690",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -111,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

8
CVE-2025/CVE-2025-43xx/CVE-2025-4353.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-4353",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-06T12:15:30.683",
"lastModified": "2025-05-07T14:13:20.483",
"lastModified": "2025-06-04T21:15:40.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
"value": "A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -111,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

40
CVE-2025/CVE-2025-45xx/CVE-2025-4578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4578",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-06-04T06:15:21.673",
"lastModified": "2025-06-04T14:54:33.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:07:45.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dimdavid:file_provider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.3",
"matchCriteriaId": "8B2F1A8B-DC16-4747-AF55-6410D9AE4611"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3aa76b96-40b7-4bde-a39c-c1aa6f8278fc/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2025/CVE-2025-45xx/CVE-2025-4580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4580",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-06-04T06:15:21.800",
"lastModified": "2025-06-04T14:54:33.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:04:21.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dimdavid:file_provider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.3",
"matchCriteriaId": "8B2F1A8B-DC16-4747-AF55-6410D9AE4611"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8741353a-2a7f-4dee-b62d-7f5fe435f1a1/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2025/CVE-2025-460xx/CVE-2025-46011.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-46011",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T20:15:23.313",
"lastModified": "2025-06-04T21:15:39.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/kevinroleke/security/tree/main/CVE-2025-46011",
"source": "cve@mitre.org"
}
]
}

60
CVE-2025/CVE-2025-462xx/CVE-2025-46203.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-46203",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T20:15:23.473",
"lastModified": "2025-06-04T21:15:39.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://github.com/changeweb/Unifiedtransform",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/spbavarva/CVE-2025-46203",
"source": "cve@mitre.org"
}
]
}

60
CVE-2025/CVE-2025-462xx/CVE-2025-46204.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-46204",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-04T20:15:23.647",
"lastModified": "2025-06-04T21:15:39.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://github.com/changeweb/Unifiedtransform",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/spbavarva/CVE-2025-46204",
"source": "cve@mitre.org"
}
]
}

60
CVE-2025/CVE-2025-463xx/CVE-2025-46339.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-46339",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T20:15:23.817",
"lastModified": "2025-06-04T20:15:23.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it's possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-349"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/commit/3776e1e48f33e80eb4b674bb64b419caf3b5a4e2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-8f79-3q3w-43c4",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2025/CVE-2025-463xx/CVE-2025-46341.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-46341",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-04T21:15:39.937",
"lastModified": "2025-06-04T21:15:39.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/FreshRSS/FreshRSS/commit/6bb8680ae0051b9a2ff344f17814f4fa5d844628",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-w3m8-wcf4-h8vm",
"source": "security-advisories@github.com"
}
]
}

27
CVE-2025/CVE-2025-465xx/CVE-2025-46548.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-46548",
"sourceIdentifier": "security@apache.org",
"published": "2025-06-03T15:15:59.110",
"lastModified": "2025-06-04T14:54:33.783",
"lastModified": "2025-06-04T21:15:40.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Si habilita la autenticaci\u00f3n b\u00e1sica en Pekko Management mediante el DSL de Java, es posible que el autenticador no se aplique correctamente. Se recomienda a los usuarios que dependen de la autenticaci\u00f3n en lugar de asegurarse de que los puertos de la API de administraci\u00f3n solo est\u00e9n disponibles para usuarios de confianza que actualicen a la versi\u00f3n 1.1.1, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

74
CVE-2025/CVE-2025-46xx/CVE-2025-4669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4669",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-17T12:15:25.097",
"lastModified": "2025-05-19T13:35:20.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-04T20:10:00.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,30 +71,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpbookingcalendar:wp_booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "10.11.1",
"matchCriteriaId": "E503A89C-537D-419F-8D44-270114C3F070"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/booking/trunk/core/lib/wpdev-booking-class.php#L248",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/booking/trunk/core/lib/wpdev-booking-class.php#L445",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/booking/trunk/core/lib/wpdev-booking-class.php#L789",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3293836/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/booking/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e43d66-04f4-4adb-93da-75e02d1c714e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2025/CVE-2025-471xx/CVE-2025-47161.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-47161",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-05-15T20:16:08.590",
"lastModified": "2025-05-16T14:42:18.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:03:05.893",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,12 +49,43 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "101.25022.0002",
"matchCriteriaId": "97C8D32F-539E-403C-A3A0-0DFEBCC6B477"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2025/CVE-2025-481xx/CVE-2025-48174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-48174",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-05-16T05:15:37.213",
"lastModified": "2025-05-16T14:42:18.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-04T20:02:37.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.4,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
@ -49,24 +69,65 @@
"value": "CWE-190"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aomedia:libavif:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "401B7089-C028-4344-AC58-DB1CF4C8401C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/AOMediaCodec/libavif/pull/2768",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

10
CVE-2025/CVE-2025-488xx/CVE-2025-48881.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-48881",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-05-30T06:15:28.327",
"lastModified": "2025-05-30T16:31:03.107",
"lastModified": "2025-06-04T21:15:40.263",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. At time of publication, no known patches exist. A workaround for this issue involves overriding the endpoint security as defined in ObjectenApiHttpSecurityConfigurer and ObjectManagementHttpSecurityConfigurer. Depending on the implementation, this could result in loss of functionality."
"value": "Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. This issue has been patched in version 12.13.0.RELEASE. A workaround for this issue involves overriding the endpoint security as defined in ObjectenApiHttpSecurityConfigurer and ObjectManagementHttpSecurityConfigurer. Depending on the implementation, this could result in loss of functionality."
},
{
"lang": "es",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://github.com/valtimo-platform/valtimo-backend-libraries/commit/6ab04b30d3dab816bfea32d40ba50e5dd4517272",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/valtimo-platform/valtimo-backend-libraries/security/advisories/GHSA-965r-9cg9-g42p",
"source": "security-advisories@github.com"

Some files were not shown because too many files have changed in this diff Show More