admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-07T14:00:19.897652+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-07 14:03:56 +00:00
parent 0968731229
commit c8c7779359
6 changed files with 262 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-99xx/CVE-2024-9993.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9993",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-07T12:15:21.360",
"lastModified": "2025-06-07T12:15:21.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.0.7/includes/Elements/Event_Calendar.php#L3079",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8de8a0b-0b70-4e8a-8cc4-06cc50d06a02?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-99xx/CVE-2024-9994.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9994",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-07T12:15:22.963",
"lastModified": "2025-06-07T12:15:22.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.0.7/includes/Elements/Pricing_Table.php#L2164",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/855ae993-d887-4416-9b3c-8274a90dce5f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2025/CVE-2025-55xx/CVE-2025-5528.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-5528",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-07T12:15:23.157",
"lastModified": "2025-06-07T12:15:23.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.75/public/class-sassy-social-share-public.php#L1481",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99e922ec-d40a-47e7-a10f-d966a351d182?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2025/CVE-2025-55xx/CVE-2025-5568.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-5568",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-07T12:15:23.370",
"lastModified": "2025-06-07T12:15:23.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/magepeopleteam/mage-eventpress/commit/c6f8d3233087881d3eb7ed3ebe9a6ebc7795f144",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3307484",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/mage-eventpress/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3659c4d-3a19-4f74-9f6d-26d7b24ebe56?source=cve",
"source": "security@wordfence.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-07T10:00:19.695590+00:00
2025-06-07T14:00:19.897652+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-07T09:15:22.007000+00:00
2025-06-07T12:15:23.370000+00:00
```
### Last Data Feed Release
@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
296962
296966
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `4`
- [CVE-2025-5303](CVE-2025/CVE-2025-53xx/CVE-2025-5303.json) (`2025-06-07T09:15:22.007`)
- [CVE-2025-5399](CVE-2025/CVE-2025-53xx/CVE-2025-5399.json) (`2025-06-07T08:15:20.687`)
- [CVE-2024-9993](CVE-2024/CVE-2024-99xx/CVE-2024-9993.json) (`2025-06-07T12:15:21.360`)
- [CVE-2024-9994](CVE-2024/CVE-2024-99xx/CVE-2024-9994.json) (`2025-06-07T12:15:22.963`)
- [CVE-2025-5528](CVE-2025/CVE-2025-55xx/CVE-2025-5528.json) (`2025-06-07T12:15:23.157`)
- [CVE-2025-5568](CVE-2025/CVE-2025-55xx/CVE-2025-5568.json) (`2025-06-07T12:15:23.370`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -282389,6 +282389,8 @@ CVE-2024-9988,0,0,3a57a3bd1e1ea4f8d09bc695c1d0c77c1048ce16774434f3ccd260190d6620
CVE-2024-9989,0,0,618b83ec3907f65a51fa013819dfb2ad0168aaafe2f1ce04204110fa9825808c,2024-11-07T17:00:56.337000
CVE-2024-9990,0,0,242153fdd1e5955fd6e7a309b2c58cf53a3438553f63cd46d750d9018c4da6a2,2024-11-06T23:11:42.037000
CVE-2024-9991,0,0,d52f7f0e4baa2d457c00639209b566401d8bb298d0ede1bbcb21455e0c81280d,2024-10-28T13:58:09.230000
CVE-2024-9993,1,1,95c1040cd57eee6b06a91fe2322ddc9ed17b93d1827961082f34f8f17a98eb56,2025-06-07T12:15:21.360000
CVE-2024-9994,1,1,4f421cd3ba4fc6f7f5daa890c3cd2d4f2d22be29613fbef6ace9bdec75749782,2025-06-07T12:15:22.963000
CVE-2024-9996,0,0,188a485776485f9e8dc9179367e7d7a07cab50fec958b227455a8676b5858255,2025-02-10T21:15:21.700000
CVE-2024-9997,0,0,51821db7d21cbb0538794082049a61caa9f4a383f155309224dbe8f2cd1118b1,2025-04-04T15:15:46.203000
CVE-2024-9998,0,0,0419a3dad23ae850906f2650ca4d40b180999b4a5d360bcc1b838f8893ae2af5,2024-11-12T11:15:03.840000
@ -296617,7 +296619,7 @@ CVE-2025-5295,0,0,86992e97da5db3e66123dc758ac5a1f83b74ab998ea61bbd2f95d3d081833d
CVE-2025-5297,0,0,87f5c2ea55786c8b81963baa725b45d00523179cb7524fec69b00cb83e8c752e,2025-05-28T15:01:30.720000
CVE-2025-5298,0,0,db5fe80cdf57c0cc24fb51e7a48139d5b1b81a3a48561037cf1b32b8be34d74f,2025-05-28T20:37:48.440000
CVE-2025-5299,0,0,2c75e790822eb43ea8892b1d4769ffefef855c8d85079d6be37a9a0e02c6ddb1,2025-05-28T15:01:30.720000
CVE-2025-5303,1,1,d8fc5a6e51ef2a9d12e6771e9a0416eb43a9a46de25baf135fa9f6a284d65a56,2025-06-07T09:15:22.007000
CVE-2025-5303,0,0,d8fc5a6e51ef2a9d12e6771e9a0416eb43a9a46de25baf135fa9f6a284d65a56,2025-06-07T09:15:22.007000
CVE-2025-5307,0,0,7244ff154b85c92ca09019f8de869bb0541c220b74776be3851e4cfba38a0ca8,2025-05-30T16:31:03.107000
CVE-2025-5320,0,0,772070621ad15a70df6397a0142dc45fe5fca6b991b5410b5c6912332a34a15a,2025-06-01T05:15:19.883000
CVE-2025-5321,0,0,31d96e00ea1024b8084a7837ef9bf0b4fd55d789d529b1f4fae375684c451003,2025-06-01T05:15:20.947000
@ -296666,7 +296668,7 @@ CVE-2025-5387,0,0,67c063fa0aa8e78fe72ce8fb2808f65a9f1699e0a69507ee7a7e2cc276f432
CVE-2025-5388,0,0,704011a1b4dcb0cdd9ec2d34beaa834c04dacb60a86d587f2653e924febc3992,2025-06-02T17:32:17.397000
CVE-2025-5389,0,0,8aed18925806e84c75170ad2760b1c0d25854e094a7e1b95d4b307dbf824ecc1,2025-06-02T17:32:17.397000
CVE-2025-5390,0,0,00c8952fb6387a3318dc8c0c729ad01c9f85d358d42813026e2eaf5af44dbf76,2025-06-02T17:32:17.397000
CVE-2025-5399,1,1,2760b717b030d03c7627cf67ecc731e4ba767e47a97334843123a895120dcc29,2025-06-07T08:15:20.687000
CVE-2025-5399,0,0,2760b717b030d03c7627cf67ecc731e4ba767e47a97334843123a895120dcc29,2025-06-07T08:15:20.687000
CVE-2025-5400,0,0,da671ae8c2d66fc5c6bdf456b7568c47c14a63e2eaec6f212e8c3bf343de80d1,2025-06-02T17:32:17.397000
CVE-2025-5401,0,0,4245aa491f1bcfc9fb02f8eb51cc6e6ebc19d4b47d7be55d9a852ceb2088c9b4,2025-06-02T17:32:17.397000
CVE-2025-5402,0,0,d16efdcac5178a3a5fe41cd948ab906ef973bb6b51fe229ec95b16357a3b77a9,2025-06-02T17:32:17.397000
@ -296743,6 +296745,7 @@ CVE-2025-5522,0,0,a6f0feb7c3dd1459fe736f4f5982460ecbcab99d78d309661631c0ee8cbfc4
CVE-2025-5523,0,0,3d6f767d22c6db3d901c9fe460993f574c4cc4a691383d638625efefbfde064b,2025-06-04T14:54:33.783000
CVE-2025-5525,0,0,8a6fda70c73f8d7caf337b44e8088af73f34b5d808b601ef429b01e524913c40,2025-06-06T17:27:21.350000
CVE-2025-5527,0,0,5dead2f90bfa336b299d2790c248c3e2b665e86fc2c3c9c7ff0f4ee35f1af83c,2025-06-04T14:54:33.783000
CVE-2025-5528,1,1,6361ca8ed5a8d00c711f415cb8430cc9f7678ed6bf73cc3ee4aabca88fed903b,2025-06-07T12:15:23.157000
CVE-2025-5531,0,0,6d27f31038761ad0a1ccad441f88039d5d4e8afb6e2422d32c208713130619d5,2025-06-04T14:54:33.783000
CVE-2025-5532,0,0,d307f7aa5ca0395a7c8a1bde45bdc53cca6e2426e0b9fc80212fdc7f65c5fbe7,2025-06-04T14:54:33.783000
CVE-2025-5533,0,0,2dfcccaae175c59c944126a99e8f6d8f65e21d5c385b8c2ddbbe92c2ba47ee00,2025-06-06T14:07:28.330000
@ -296773,6 +296776,7 @@ CVE-2025-5562,0,0,343add22f2528d1ab365d74b6c653aeb153b343601b0ebacf12124363f3af2
CVE-2025-5563,0,0,abd05332a66da82c0a84bbcebb55ce866c616ee358de4033b1bc944eee92c5bd,2025-06-06T14:07:28.330000
CVE-2025-5565,0,0,69057d9fcda3a9d391a6fdd2d36028e43e46d962e75d2a96d0e0e06e8f6deb95,2025-06-06T14:07:28.330000
CVE-2025-5566,0,0,6cd1b19db0a2abdf35ae21538de449c05d1cecfb40c37f0b82d89c2ca9b4dcf9,2025-06-04T14:54:33.783000
CVE-2025-5568,1,1,86d8458bbc8c612953258965305ee470fe4a8242c54b5ca07e27dc9d04bcf917,2025-06-07T12:15:23.370000
CVE-2025-5569,0,0,4c30b6740d26360ebc0aa84c2a25fe04c9749eefc6a71facbba872eca1a65c71,2025-06-04T14:54:33.783000
CVE-2025-5571,0,0,88815a4b21737d58e162800981d93fa4afd05c1cd7a98afd3597a0eeba47b636,2025-06-04T14:54:33.783000
CVE-2025-5572,0,0,f58a8b0d677b3b1e3374f5b4bd151cd210da95aa5b9dd2a74ae8e59ebb8e1e16,2025-06-06T18:48:37.333000

Can't render this file because it is too large.