From ce24f2b02d9a33b9cf8252c5a9c5f49e7fe137e4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 17 Jun 2025 12:03:57 +0000 Subject: [PATCH] Auto-Update: 2025-06-17T12:00:18.963019+00:00 --- CVE-2025/CVE-2025-329xx/CVE-2025-32920.json | 6 +- CVE-2025/CVE-2025-35xx/CVE-2025-3515.json | 68 +++++++++++++++++ CVE-2025/CVE-2025-487xx/CVE-2025-48797.json | 6 +- CVE-2025/CVE-2025-487xx/CVE-2025-48798.json | 6 +- CVE-2025/CVE-2025-60xx/CVE-2025-6050.json | 82 +++++++++++++++++++++ README.md | 17 +++-- _state.csv | 12 +-- 7 files changed, 179 insertions(+), 18 deletions(-) create mode 100644 CVE-2025/CVE-2025-35xx/CVE-2025-3515.json create mode 100644 CVE-2025/CVE-2025-60xx/CVE-2025-6050.json diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json index 3fdecb6e490..9c65d682938 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json @@ -2,13 +2,13 @@ "id": "CVE-2025-32920", "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-19T16:15:29.363", - "lastModified": "2025-05-21T20:25:16.407", + "lastModified": "2025-06-17T10:15:22.177", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0." }, { "lang": "es", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "audit@patchstack.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3515.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3515.json new file mode 100644 index 00000000000..100c762207d --- /dev/null +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3515.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2025-3515", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-17T10:15:23.507", + "lastModified": "2025-06-17T10:15:23.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter." + }, + { + "lang": "es", + "value": "El complemento Drag and Drop Multiple File Upload for Contact Form 7 de WordPress es vulnerable a la carga de archivos arbitrarios debido a una validaci\u00f3n insuficiente del tipo de archivo en todas las versiones hasta la 1.3.8.9 incluida. Esto permite a atacantes no autenticados eludir la lista negra del complemento y subir archivos .phar u otros tipos de archivo peligrosos al servidor del sitio afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo en servidores configurados para controlar archivos .phar como scripts PHP ejecutables, especialmente en configuraciones predeterminadas de Apache+mod_php, donde la extensi\u00f3n del archivo no se valida estrictamente antes de pasarla al int\u00e9rprete de PHP." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.8.8/inc/dnd-upload-cf7.php#L845", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3310153/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1298242-61d2-495e-bae7-96b5e12bd03d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json index 0d6ba2719bf..64c39791425 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json @@ -2,7 +2,7 @@ "id": "CVE-2025-48797", "sourceIdentifier": "secalert@redhat.com", "published": "2025-05-27T14:15:24.140", - "lastModified": "2025-06-17T09:15:24.120", + "lastModified": "2025-06-17T10:15:23.827", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -56,6 +56,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9162", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9165", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-48797", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json index cf1325284d6..0503ceeb5b2 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json @@ -2,7 +2,7 @@ "id": "CVE-2025-48798", "sourceIdentifier": "secalert@redhat.com", "published": "2025-05-27T14:15:24.307", - "lastModified": "2025-06-17T09:15:24.280", + "lastModified": "2025-06-17T10:15:23.967", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -56,6 +56,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9162", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9165", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-48798", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6050.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6050.json new file mode 100644 index 00000000000..0c1bb0f7cbb --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6050.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-6050", + "sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "published": "2025-06-17T11:15:22.400", + "lastModified": "2025-06-17T11:15:22.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the \"displayable_links_js\" function, which fails to properly sanitize blog post titles before including them in JSON responses served via \"/admin/displayable_links.js\". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the \"/admin/displayable_links.js\" endpoint, causing the malicious script to execute in their browser." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/stephenmcd/mezzanine/discussions/2080", + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" + }, + { + "url": "https://https://github.com/stephenmcd/mezzanine/commit/898630d8df48cf3ddb8b9942f59168b93216e3f8", + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 994fae9c22f..c064993b431 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-17T10:00:20.509125+00:00 +2025-06-17T12:00:18.963019+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-17T09:15:24.280000+00:00 +2025-06-17T11:15:22.400000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298109 +298111 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-40674](CVE-2025/CVE-2025-406xx/CVE-2025-40674.json) (`2025-06-17T09:15:23.650`) +- [CVE-2025-3515](CVE-2025/CVE-2025-35xx/CVE-2025-3515.json) (`2025-06-17T10:15:23.507`) +- [CVE-2025-6050](CVE-2025/CVE-2025-60xx/CVE-2025-6050.json) (`2025-06-17T11:15:22.400`) ### CVEs modified in the last Commit Recently modified CVEs: `3` -- [CVE-2024-47196](CVE-2024/CVE-2024-471xx/CVE-2024-47196.json) (`2025-06-17T09:15:22.873`) -- [CVE-2025-48797](CVE-2025/CVE-2025-487xx/CVE-2025-48797.json) (`2025-06-17T09:15:24.120`) -- [CVE-2025-48798](CVE-2025/CVE-2025-487xx/CVE-2025-48798.json) (`2025-06-17T09:15:24.280`) +- [CVE-2025-32920](CVE-2025/CVE-2025-329xx/CVE-2025-32920.json) (`2025-06-17T10:15:22.177`) +- [CVE-2025-48797](CVE-2025/CVE-2025-487xx/CVE-2025-48797.json) (`2025-06-17T10:15:23.827`) +- [CVE-2025-48798](CVE-2025/CVE-2025-487xx/CVE-2025-48798.json) (`2025-06-17T10:15:23.967`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 47be166cc24..29c1016d7b3 100644 --- a/_state.csv +++ b/_state.csv @@ -270828,7 +270828,7 @@ CVE-2024-47191,0,0,8931a18420d43e304a3461682789339ad25e6278b3ea12df6b09841677348 CVE-2024-47193,0,0,5c2413eb39773bf152714d520922b599c22790d53f81cf61dbd60e83893a1e2c,2024-11-29T18:15:09.090000 CVE-2024-47194,0,0,4741597631024ca20381e200badaa4b9c33ffa3bf5de9a3c53086275667b7635,2024-10-16T18:15:04.043000 CVE-2024-47195,0,0,d2929e17d0fd654f4ec79cc2b70c1157856ae43b02d1a856ce444c7d190677a0,2024-10-16T18:11:29.990000 -CVE-2024-47196,0,1,949ac6a573b1699df8bc7b97c95fc71cd1d93320a448f65921cab22bef036f04,2025-06-17T09:15:22.873000 +CVE-2024-47196,0,0,949ac6a573b1699df8bc7b97c95fc71cd1d93320a448f65921cab22bef036f04,2025-06-17T09:15:22.873000 CVE-2024-47197,0,0,00ca8e5c189a394fbe03c26b57f2be0f93f318d55a08c2e0f86596fe62491b55,2025-03-17T18:15:18.883000 CVE-2024-4720,0,0,8d235bb8e292bd686ae088d90cd0e6890265203019e38c38b3c2506606baf464,2025-02-20T20:23:38.033000 CVE-2024-47208,0,0,5bc7842af09d178c24d95c055c13b33b237ccb6628ceeb20517578a7cc1b088c,2024-11-21T09:39:31.100000 @@ -293053,7 +293053,7 @@ CVE-2025-32914,0,0,f111116292642a8d9075af57c1ff7064ec7337a57bd531d01793342b33c9f CVE-2025-32915,0,0,2d5afa660948b242629afd805b42088f6d76764cd20288c422f89dd9fe02bb30,2025-05-23T15:55:02.040000 CVE-2025-32917,0,0,621a83e4e955a5402f378188c4f01b4aff8a0585cec439fee69248f2294167f0,2025-05-13T19:35:18.080000 CVE-2025-3292,0,0,118c173f186dcc5720366632802764bcff206cc9d545c82cefbfbd5ae3208b31,2025-04-15T18:39:27.967000 -CVE-2025-32920,0,0,eb38b25eee4967dc973c5acc3a33a641baba844f1ae8fbd47b1144d8344fc288,2025-05-21T20:25:16.407000 +CVE-2025-32920,0,1,7e212ccae54e7de68d6b49d615b9e74e6cf3cb23588850cf6230b262d708bae7,2025-06-17T10:15:22.177000 CVE-2025-32921,0,0,7c798e84a120c09e79aa61f0d66dd4a5e84ea134e24a6f6fea02a374ca1d5b0e,2025-04-29T13:52:47.470000 CVE-2025-32922,0,0,dd2fa7743096c0ae961ecc41cbe765ffa285523c06483f9df72c6611b9ab1dab,2025-05-16T14:43:26.160000 CVE-2025-32923,0,0,a52facaf2e37400983e8c03a1ceeca22c3067be9be025a531236fb3ed36caeda,2025-04-16T13:25:37.340000 @@ -293364,6 +293364,7 @@ CVE-2025-3511,0,0,2581a75036be8d737bc9c5afcbd1a9fd25ea23392ab1ff727e244646bbc80f CVE-2025-3512,0,0,20d5b7a0c651482d59ceef752919a6e419c7dc684bf79b235343ded68357dd77,2025-04-25T18:15:26.103000 CVE-2025-3513,0,0,30697186a140035be04a508cb924b9ecf131ebffede275cea415703e58a2343a,2025-05-28T16:02:00.560000 CVE-2025-3514,0,0,c86807ed5e4a9fbddc1ff156b508ea32337a1a14e6f5794c2a643d10915e3635,2025-05-28T16:01:47.180000 +CVE-2025-3515,1,1,9cb0da5ac32bc54ba8096e84919be59f07816d81250d2794ed30b9d4e01f9064,2025-06-17T10:15:23.507000 CVE-2025-3516,0,0,a2df3bab698f4cdb6459b7ab07371b26a8ad28a7c62a1c7ac29ca859a1d3cf58,2025-05-22T17:03:25.230000 CVE-2025-3517,0,0,b833d94ab9d25f1395ed59764d2646b6bfd238c131bbe071db47d2fa76a973c3,2025-05-02T13:52:51.693000 CVE-2025-3518,0,0,7497563947f75b629887a4413d991889fb74f762947f73f77cc72069a35bed4e,2025-04-24T15:15:58.393000 @@ -294463,7 +294464,7 @@ CVE-2025-40670,0,0,b1d70447d302709ed16a75a865e7ebd1d2076947821b2210ebfec6a8b2f08 CVE-2025-40671,0,0,434fcb0f85fca3f9d859442da381d4e1454f2c968132e3a6b8db7392906ce4f0,2025-05-28T15:01:30.720000 CVE-2025-40672,0,0,16bc6b87ff9caf15184dbd8991107d7b17c5beb8ff9d9c80bdf9b979ca591b75,2025-05-28T15:01:30.720000 CVE-2025-40673,0,0,b579e57f63d588753084335ab891fb47997b91677321939dfff9acbc408e6ab4,2025-05-28T15:01:30.720000 -CVE-2025-40674,1,1,167e1904a76e7b9cf9cc87925749c6154412d4f66ebf7533a041aa06eb62b1ce,2025-06-17T09:15:23.650000 +CVE-2025-40674,0,0,167e1904a76e7b9cf9cc87925749c6154412d4f66ebf7533a041aa06eb62b1ce,2025-06-17T09:15:23.650000 CVE-2025-40675,0,0,654293ef1440eaa459ce9cb8c09f3edfd6a9e09aa98cb712b7c0ab443f6d7b48,2025-06-09T12:15:47.880000 CVE-2025-4068,0,0,3e3326c67789178a2e89dd2c7182f86f8b00ff853809cd66d0d99e3251986e87,2025-05-28T17:27:28.983000 CVE-2025-4069,0,0,72c3e148c8cf8c4d5070733c3b3e33573ee47e1d4dc46e158ed5117d25968f25,2025-05-28T17:26:13.450000 @@ -296877,8 +296878,8 @@ CVE-2025-48792,0,0,2c0b02c33ee81c6b1c7f3bc9767aecae1b833af65e4351c0dd81998c4a119 CVE-2025-48793,0,0,c894ec9ed8b3b5d1fda9891ce2808a0fb7689dd63eec3c7bb7e9e649736a365c,2025-05-27T04:15:41.090000 CVE-2025-48794,0,0,0f60a10fd5bbac90e9e184a916afa3ee1c6a6178325620c93725d026aac184ad,2025-05-27T04:15:41.160000 CVE-2025-48796,0,0,5c467d1a2669d77ceb69e55cea05d09cde2aaa034119240321683e5490565638,2025-05-28T15:01:30.720000 -CVE-2025-48797,0,1,c6c91127b66799676d199b306b52029cb4f299e8840c6f831f77b66f1718c614,2025-06-17T09:15:24.120000 -CVE-2025-48798,0,1,fbfe22056ef53bb55ecd872f68aa24c36df95c4b87b1cb11dd59160d244dee2b,2025-06-17T09:15:24.280000 +CVE-2025-48797,0,1,6c9c3a5fcc126f616b38114ac2fb651b6d32c1af461fa9f7572c4b11e946a5c3,2025-06-17T10:15:23.827000 +CVE-2025-48798,0,1,ff65f5121c0e0cda96784e173e6217bb4bf6c6642cebd0c35f064bd9a2b602ed,2025-06-17T10:15:23.967000 CVE-2025-4880,0,0,e66433f376d95dc941d17745f27a53d60427f87111077aee793bacaa1dd21351,2025-05-21T17:33:42.373000 CVE-2025-4881,0,0,3fdda22eaf1afa96c9c6bfb121fd7cc7da116831a6f494c0b7df343d1eed58c4,2025-05-21T19:38:39.660000 CVE-2025-4882,0,0,9ae533a1d17c0bc7b22051d58510b828885d48326cbc794d7bf23ceba43e10c0,2025-05-21T19:38:24.990000 @@ -298012,6 +298013,7 @@ CVE-2025-6030,0,0,e2d083f85b4980fab673be25fe64ff6c58fe5f2e84e15893b8c80d92f1561a CVE-2025-6031,0,0,8862006220262f75545734fb5f034c6db29d3c4cbd11030b12e4d70636f9f9cc,2025-06-16T12:32:18.840000 CVE-2025-6035,0,0,b71b50bc0c235c19b2d078bb69ae3921b820489d58f8688dea7a7bdd7515f125,2025-06-16T12:32:18.840000 CVE-2025-6040,0,0,76a8c143b5834b0cf93cda3bf80ab595e40b144f2532ce0d72ddcf42d08934bb,2025-06-16T12:32:18.840000 +CVE-2025-6050,1,1,4160fbf34cb6f235169f679400d6fd080b6cdc16d27847510197ce99aa0f5916,2025-06-17T11:15:22.400000 CVE-2025-6052,0,0,f7b8f6bed96346c732cfe3c58915aaa99b04704580ca581c3769d9ac03c1036c,2025-06-16T12:32:18.840000 CVE-2025-6055,0,0,a1414c05d6a8565eece9cbd85c74aae5128e8846318652e194e65bb36ec8b3a2,2025-06-16T12:32:18.840000 CVE-2025-6059,0,0,84d0ce35ead1515ece8397572c27c6a293b39d090719f8fde70ea6fa5e96acd4,2025-06-16T12:32:18.840000