Auto-Update: 2025-06-17T12:00:18.963019+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-17 12:03:57 +00:00 · 2025-06-17 12:03:57 +00:00 · ce24f2b02d
commit ce24f2b02d
parent 16300dafcf
7 changed files with 179 additions and 18 deletions
--- a/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json
+++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32920.json
@ -2,13 +2,13 @@
  "id": "CVE-2025-32920",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2025-05-19T16:15:29.363",
-  "lastModified": "2025-05-21T20:25:16.407",
+  "lastModified": "2025-06-17T10:15:22.177",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2."
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0."
    },
    {
      "lang": "es",
@ -42,7 +42,7 @@
  "weaknesses": [
    {
      "source": "audit@patchstack.com",
-      "type": "Primary",
+      "type": "Secondary",
      "description": [
        {
          "lang": "en",
--- a/CVE-2025/CVE-2025-35xx/CVE-2025-3515.json
+++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3515.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-3515",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-17T10:15:23.507",
+  "lastModified": "2025-06-17T10:15:23.507",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento Drag and Drop Multiple File Upload for Contact Form 7 de WordPress es vulnerable a la carga de archivos arbitrarios debido a una validaci\u00f3n insuficiente del tipo de archivo en todas las versiones hasta la 1.3.8.9 incluida. Esto permite a atacantes no autenticados eludir la lista negra del complemento y subir archivos .phar u otros tipos de archivo peligrosos al servidor del sitio afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo en servidores configurados para controlar archivos .phar como scripts PHP ejecutables, especialmente en configuraciones predeterminadas de Apache+mod_php, donde la extensi\u00f3n del archivo no se valida estrictamente antes de pasarla al int\u00e9rprete de PHP."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.8.8/inc/dnd-upload-cf7.php#L845",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3310153/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1298242-61d2-495e-bae7-96b5e12bd03d?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json
+++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48797.json
@ -2,7 +2,7 @@
  "id": "CVE-2025-48797",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2025-05-27T14:15:24.140",
-  "lastModified": "2025-06-17T09:15:24.120",
+  "lastModified": "2025-06-17T10:15:23.827",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -56,6 +56,10 @@
      "url": "https://access.redhat.com/errata/RHSA-2025:9162",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2025:9165",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2025-48797",
      "source": "secalert@redhat.com"
--- a/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json
+++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json
@ -2,7 +2,7 @@
  "id": "CVE-2025-48798",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2025-05-27T14:15:24.307",
-  "lastModified": "2025-06-17T09:15:24.280",
+  "lastModified": "2025-06-17T10:15:23.967",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -56,6 +56,10 @@
      "url": "https://access.redhat.com/errata/RHSA-2025:9162",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2025:9165",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2025-48798",
      "source": "secalert@redhat.com"
--- a/CVE-2025/CVE-2025-60xx/CVE-2025-6050.json
+++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6050.json
@ -0,0 +1,82 @@
+{
+  "id": "CVE-2025-6050",
+  "sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
+  "published": "2025-06-17T11:15:22.400",
+  "lastModified": "2025-06-17T11:15:22.400",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the \"displayable_links_js\" function, which fails to properly sanitize blog post titles before including them in JSON responses served via \"/admin/displayable_links.js\". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the \"/admin/displayable_links.js\" endpoint, causing the malicious script to execute in their browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "PASSIVE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "LOW",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/stephenmcd/mezzanine/discussions/2080",
+      "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
+    },
+    {
+      "url": "https://https://github.com/stephenmcd/mezzanine/commit/898630d8df48cf3ddb8b9942f59168b93216e3f8",
+      "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-06-17T10:00:20.509125+00:00
+2025-06-17T12:00:18.963019+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-06-17T09:15:24.280000+00:00
+2025-06-17T11:15:22.400000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-298109
+298111
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2025-40674](CVE-2025/CVE-2025-406xx/CVE-2025-40674.json) (`2025-06-17T09:15:23.650`)
+- [CVE-2025-3515](CVE-2025/CVE-2025-35xx/CVE-2025-3515.json) (`2025-06-17T10:15:23.507`)
+- [CVE-2025-6050](CVE-2025/CVE-2025-60xx/CVE-2025-6050.json) (`2025-06-17T11:15:22.400`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `3`

- [CVE-2024-47196](CVE-2024/CVE-2024-471xx/CVE-2024-47196.json) (`2025-06-17T09:15:22.873`)
- [CVE-2025-48797](CVE-2025/CVE-2025-487xx/CVE-2025-48797.json) (`2025-06-17T09:15:24.120`)
- [CVE-2025-48798](CVE-2025/CVE-2025-487xx/CVE-2025-48798.json) (`2025-06-17T09:15:24.280`)
+- [CVE-2025-32920](CVE-2025/CVE-2025-329xx/CVE-2025-32920.json) (`2025-06-17T10:15:22.177`)
+- [CVE-2025-48797](CVE-2025/CVE-2025-487xx/CVE-2025-48797.json) (`2025-06-17T10:15:23.827`)
+- [CVE-2025-48798](CVE-2025/CVE-2025-487xx/CVE-2025-48798.json) (`2025-06-17T10:15:23.967`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -270828,7 +270828,7 @@ CVE-2024-47191,0,0,8931a18420d43e304a3461682789339ad25e6278b3ea12df6b09841677348
 CVE-2024-47193,0,0,5c2413eb39773bf152714d520922b599c22790d53f81cf61dbd60e83893a1e2c,2024-11-29T18:15:09.090000
 CVE-2024-47194,0,0,4741597631024ca20381e200badaa4b9c33ffa3bf5de9a3c53086275667b7635,2024-10-16T18:15:04.043000
 CVE-2024-47195,0,0,d2929e17d0fd654f4ec79cc2b70c1157856ae43b02d1a856ce444c7d190677a0,2024-10-16T18:11:29.990000
-CVE-2024-47196,0,1,949ac6a573b1699df8bc7b97c95fc71cd1d93320a448f65921cab22bef036f04,2025-06-17T09:15:22.873000
+CVE-2024-47196,0,0,949ac6a573b1699df8bc7b97c95fc71cd1d93320a448f65921cab22bef036f04,2025-06-17T09:15:22.873000
 CVE-2024-47197,0,0,00ca8e5c189a394fbe03c26b57f2be0f93f318d55a08c2e0f86596fe62491b55,2025-03-17T18:15:18.883000
 CVE-2024-4720,0,0,8d235bb8e292bd686ae088d90cd0e6890265203019e38c38b3c2506606baf464,2025-02-20T20:23:38.033000
 CVE-2024-47208,0,0,5bc7842af09d178c24d95c055c13b33b237ccb6628ceeb20517578a7cc1b088c,2024-11-21T09:39:31.100000
@ -293053,7 +293053,7 @@ CVE-2025-32914,0,0,f111116292642a8d9075af57c1ff7064ec7337a57bd531d01793342b33c9f
 CVE-2025-32915,0,0,2d5afa660948b242629afd805b42088f6d76764cd20288c422f89dd9fe02bb30,2025-05-23T15:55:02.040000
 CVE-2025-32917,0,0,621a83e4e955a5402f378188c4f01b4aff8a0585cec439fee69248f2294167f0,2025-05-13T19:35:18.080000
 CVE-2025-3292,0,0,118c173f186dcc5720366632802764bcff206cc9d545c82cefbfbd5ae3208b31,2025-04-15T18:39:27.967000
-CVE-2025-32920,0,0,eb38b25eee4967dc973c5acc3a33a641baba844f1ae8fbd47b1144d8344fc288,2025-05-21T20:25:16.407000
+CVE-2025-32920,0,1,7e212ccae54e7de68d6b49d615b9e74e6cf3cb23588850cf6230b262d708bae7,2025-06-17T10:15:22.177000
 CVE-2025-32921,0,0,7c798e84a120c09e79aa61f0d66dd4a5e84ea134e24a6f6fea02a374ca1d5b0e,2025-04-29T13:52:47.470000
 CVE-2025-32922,0,0,dd2fa7743096c0ae961ecc41cbe765ffa285523c06483f9df72c6611b9ab1dab,2025-05-16T14:43:26.160000
 CVE-2025-32923,0,0,a52facaf2e37400983e8c03a1ceeca22c3067be9be025a531236fb3ed36caeda,2025-04-16T13:25:37.340000
@ -293364,6 +293364,7 @@ CVE-2025-3511,0,0,2581a75036be8d737bc9c5afcbd1a9fd25ea23392ab1ff727e244646bbc80f
 CVE-2025-3512,0,0,20d5b7a0c651482d59ceef752919a6e419c7dc684bf79b235343ded68357dd77,2025-04-25T18:15:26.103000
 CVE-2025-3513,0,0,30697186a140035be04a508cb924b9ecf131ebffede275cea415703e58a2343a,2025-05-28T16:02:00.560000
 CVE-2025-3514,0,0,c86807ed5e4a9fbddc1ff156b508ea32337a1a14e6f5794c2a643d10915e3635,2025-05-28T16:01:47.180000
+CVE-2025-3515,1,1,9cb0da5ac32bc54ba8096e84919be59f07816d81250d2794ed30b9d4e01f9064,2025-06-17T10:15:23.507000
 CVE-2025-3516,0,0,a2df3bab698f4cdb6459b7ab07371b26a8ad28a7c62a1c7ac29ca859a1d3cf58,2025-05-22T17:03:25.230000
 CVE-2025-3517,0,0,b833d94ab9d25f1395ed59764d2646b6bfd238c131bbe071db47d2fa76a973c3,2025-05-02T13:52:51.693000
 CVE-2025-3518,0,0,7497563947f75b629887a4413d991889fb74f762947f73f77cc72069a35bed4e,2025-04-24T15:15:58.393000
@ -294463,7 +294464,7 @@ CVE-2025-40670,0,0,b1d70447d302709ed16a75a865e7ebd1d2076947821b2210ebfec6a8b2f08
 CVE-2025-40671,0,0,434fcb0f85fca3f9d859442da381d4e1454f2c968132e3a6b8db7392906ce4f0,2025-05-28T15:01:30.720000
 CVE-2025-40672,0,0,16bc6b87ff9caf15184dbd8991107d7b17c5beb8ff9d9c80bdf9b979ca591b75,2025-05-28T15:01:30.720000
 CVE-2025-40673,0,0,b579e57f63d588753084335ab891fb47997b91677321939dfff9acbc408e6ab4,2025-05-28T15:01:30.720000
-CVE-2025-40674,1,1,167e1904a76e7b9cf9cc87925749c6154412d4f66ebf7533a041aa06eb62b1ce,2025-06-17T09:15:23.650000
+CVE-2025-40674,0,0,167e1904a76e7b9cf9cc87925749c6154412d4f66ebf7533a041aa06eb62b1ce,2025-06-17T09:15:23.650000
 CVE-2025-40675,0,0,654293ef1440eaa459ce9cb8c09f3edfd6a9e09aa98cb712b7c0ab443f6d7b48,2025-06-09T12:15:47.880000
 CVE-2025-4068,0,0,3e3326c67789178a2e89dd2c7182f86f8b00ff853809cd66d0d99e3251986e87,2025-05-28T17:27:28.983000
 CVE-2025-4069,0,0,72c3e148c8cf8c4d5070733c3b3e33573ee47e1d4dc46e158ed5117d25968f25,2025-05-28T17:26:13.450000
@ -296877,8 +296878,8 @@ CVE-2025-48792,0,0,2c0b02c33ee81c6b1c7f3bc9767aecae1b833af65e4351c0dd81998c4a119
 CVE-2025-48793,0,0,c894ec9ed8b3b5d1fda9891ce2808a0fb7689dd63eec3c7bb7e9e649736a365c,2025-05-27T04:15:41.090000
 CVE-2025-48794,0,0,0f60a10fd5bbac90e9e184a916afa3ee1c6a6178325620c93725d026aac184ad,2025-05-27T04:15:41.160000
 CVE-2025-48796,0,0,5c467d1a2669d77ceb69e55cea05d09cde2aaa034119240321683e5490565638,2025-05-28T15:01:30.720000
-CVE-2025-48797,0,1,c6c91127b66799676d199b306b52029cb4f299e8840c6f831f77b66f1718c614,2025-06-17T09:15:24.120000
-CVE-2025-48798,0,1,fbfe22056ef53bb55ecd872f68aa24c36df95c4b87b1cb11dd59160d244dee2b,2025-06-17T09:15:24.280000
+CVE-2025-48797,0,1,6c9c3a5fcc126f616b38114ac2fb651b6d32c1af461fa9f7572c4b11e946a5c3,2025-06-17T10:15:23.827000
+CVE-2025-48798,0,1,ff65f5121c0e0cda96784e173e6217bb4bf6c6642cebd0c35f064bd9a2b602ed,2025-06-17T10:15:23.967000
 CVE-2025-4880,0,0,e66433f376d95dc941d17745f27a53d60427f87111077aee793bacaa1dd21351,2025-05-21T17:33:42.373000
 CVE-2025-4881,0,0,3fdda22eaf1afa96c9c6bfb121fd7cc7da116831a6f494c0b7df343d1eed58c4,2025-05-21T19:38:39.660000
 CVE-2025-4882,0,0,9ae533a1d17c0bc7b22051d58510b828885d48326cbc794d7bf23ceba43e10c0,2025-05-21T19:38:24.990000
@ -298012,6 +298013,7 @@ CVE-2025-6030,0,0,e2d083f85b4980fab673be25fe64ff6c58fe5f2e84e15893b8c80d92f1561a
 CVE-2025-6031,0,0,8862006220262f75545734fb5f034c6db29d3c4cbd11030b12e4d70636f9f9cc,2025-06-16T12:32:18.840000
 CVE-2025-6035,0,0,b71b50bc0c235c19b2d078bb69ae3921b820489d58f8688dea7a7bdd7515f125,2025-06-16T12:32:18.840000
 CVE-2025-6040,0,0,76a8c143b5834b0cf93cda3bf80ab595e40b144f2532ce0d72ddcf42d08934bb,2025-06-16T12:32:18.840000
+CVE-2025-6050,1,1,4160fbf34cb6f235169f679400d6fd080b6cdc16d27847510197ce99aa0f5916,2025-06-17T11:15:22.400000
 CVE-2025-6052,0,0,f7b8f6bed96346c732cfe3c58915aaa99b04704580ca581c3769d9ac03c1036c,2025-06-16T12:32:18.840000
 CVE-2025-6055,0,0,a1414c05d6a8565eece9cbd85c74aae5128e8846318652e194e65bb36ec8b3a2,2025-06-16T12:32:18.840000
 CVE-2025-6059,0,0,84d0ce35ead1515ece8397572c27c6a293b39d090719f8fde70ea6fa5e96acd4,2025-06-16T12:32:18.840000