Auto-Update: 2024-10-10T04:00:16.934414+00:00

CVE-2024/CVE-2024-281xx/CVE-2024-28125.json

@@ -2,13 +2,20 @@
   "id": "CVE-2024-28125",
   "sourceIdentifier": "vultures@jpcert.or.jp",
   "published": "2024-03-18T08:15:06.347",
-  "lastModified": "2024-08-28T16:35:19.333",
+  "lastModified": "2024-10-10T02:15:02.830",
   "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
+  "cveTags": [
+    {
+      "sourceIdentifier": "vultures@jpcert.or.jp",
+      "tags": [
+        "disputed"
+      ]
+    }
+  ],
   "descriptions": [
     {
       "lang": "en",
-      "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands."
+      "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation."
     },
     {
       "lang": "es",
@@ -40,6 +47,16 @@
     ]
   },
   "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    },
     {
       "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
       "type": "Secondary",

CVE-2024/CVE-2024-489xx/CVE-2024-48957.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-48957",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-10-10T02:15:02.990",
+  "lastModified": "2024-10-10T02:15:02.990",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libarchive/libarchive/pull/2149",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-489xx/CVE-2024-48958.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-48958",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-10-10T02:15:03.057",
+  "lastModified": "2024-10-10T02:15:03.057",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libarchive/libarchive/pull/2148",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-70xx/CVE-2024-7048.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-7048",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-10-10T02:15:03.113",
+  "lastModified": "2024-10-10T02:15:03.113",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560",
+      "source": "security@huntr.dev"
+    }
+  ]
+}

CVE-2024/CVE-2024-84xx/CVE-2024-8477.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8477",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T03:15:02.300",
+  "lastModified": "2024-10-10T03:15:02.300",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3165451/mailin/tags/3.1.88/page/page-home.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e070b422-9036-4362-832b-43fd4838f394?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-85xx/CVE-2024-8513.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8513",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:03.323",
+  "lastModified": "2024-10-10T02:15:03.323",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/qa-heatmap-analytics/trunk/class-qahm-admin-page-config.php#L801",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-87xx/CVE-2024-8729.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8729",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:03.550",
+  "lastModified": "2024-10-10T02:15:03.550",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/easy-social-share-buttons/trunk/includes/class-easy-social-share-buttons-settings.php#L271",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-89xx/CVE-2024-8987.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-8987",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:03.757",
+  "lastModified": "2024-10-10T02:15:03.757",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.0/includes/public/core/functions/general/youzify-profile-functions.php#L910",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/youzify/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9022.json

@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-9022",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T03:15:02.523",
+  "lastModified": "2024-10-10T03:15:02.523",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/capture0x/Poll-Plugin-SQL-Injection-",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://packetstormsecurity.com/files/179414/WordPress-Poll-2.3.6-SQL-Injection.html",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://total-soft.com/wp-poll/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/poll-wp/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9057.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9057",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:03.960",
+  "lastModified": "2024-10-10T02:15:03.960",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018feed_id\u2019 attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/curatorio/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/953d64f2-a514-48e9-9ab3-f9a793ad953a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9064.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9064",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:04.163",
+  "lastModified": "2024-10-10T02:15:04.163",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/inline-svg-elementor/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9065.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9065",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:04.363",
+  "lastModified": "2024-10-10T02:15:04.363",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9066.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9066",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:04.567",
+  "lastModified": "2024-10-10T02:15:04.567",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/marketing-and-seo-booster/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52144ff6-0617-496c-8159-ec5d7bc86f60?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9067.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9067",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T03:15:02.740",
+  "lastModified": "2024-10-10T03:15:02.740",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-attachments.php#L1183",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9072.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9072",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:04.773",
+  "lastModified": "2024-10-10T02:15:04.773",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The GDPR-Extensions-com \u2013 Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/gdpr-consent-manager/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-90xx/CVE-2024-9074.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9074",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T03:15:02.963",
+  "lastModified": "2024-10-10T03:15:02.963",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/advanced-blocks-pro/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f419d14a-90d1-445a-b629-c2e978c3ab81?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-92xx/CVE-2024-9205.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9205",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:04.980",
+  "lastModified": "2024-10-10T02:15:04.980",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/maximum-products-per-user-for-woocommerce/tags/4.2.8/includes/class-alg-wc-mppu-users.php#L836",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3164534/maximum-products-per-user-for-woocommerce/tags/4.2.9/includes/class-alg-wc-mppu-users.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-93xx/CVE-2024-9377.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-9377",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:05.183",
+  "lastModified": "2024-10-10T02:15:05.183",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L216",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L220",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3164996/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-94xx/CVE-2024-9457.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9457",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:05.390",
+  "lastModified": "2024-10-10T02:15:05.390",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wordpress.org/plugins/cssjockey-add-ons/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-95xx/CVE-2024-9518.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9518",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:05.590",
+  "lastModified": "2024-10-10T02:15:05.590",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/functions/user-functions.php?rev=1604604#L47",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-95xx/CVE-2024-9519.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9519",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:05.787",
+  "lastModified": "2024-10-10T02:15:05.787",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-266"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-post-metaboxes.php?rev=1627771#L62",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-95xx/CVE-2024-9520.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-9520",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T03:15:03.177",
+  "lastModified": "2024-10-10T03:15:03.177",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L186",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L216",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L225",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-95xx/CVE-2024-9522.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9522",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:06.013",
+  "lastModified": "2024-10-10T02:15:06.013",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-users-masquerade/trunk/masquerade.php?rev=1703860#L162",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-95xx/CVE-2024-9581.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9581",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:06.227",
+  "lastModified": "2024-10-10T02:15:06.227",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/shortcodes-anywhere/trunk/core/shortcodeEverywhere.class.php#L15",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-96xx/CVE-2024-9685.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-9685",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-10T02:15:06.440",
+  "lastModified": "2024-10-10T02:15:06.440",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.3/index.php#L202",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3165615/notification-for-telegram",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-10-10T02:00:17.130034+00:00
+2024-10-10T04:00:16.934414+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-10-10T01:15:11.127000+00:00
+2024-10-10T03:15:03.177000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,26 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-265167
+265191
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `24`
 
-- [CVE-2024-48941](CVE-2024/CVE-2024-489xx/CVE-2024-48941.json) (`2024-10-10T00:15:02.673`)
+- [CVE-2024-48957](CVE-2024/CVE-2024-489xx/CVE-2024-48957.json) (`2024-10-10T02:15:02.990`)
-- [CVE-2024-48942](CVE-2024/CVE-2024-489xx/CVE-2024-48942.json) (`2024-10-10T00:15:02.737`)
+- [CVE-2024-48958](CVE-2024/CVE-2024-489xx/CVE-2024-48958.json) (`2024-10-10T02:15:03.057`)
-- [CVE-2024-48949](CVE-2024/CVE-2024-489xx/CVE-2024-48949.json) (`2024-10-10T01:15:11.127`)
+- [CVE-2024-7048](CVE-2024/CVE-2024-70xx/CVE-2024-7048.json) (`2024-10-10T02:15:03.113`)
+- [CVE-2024-8477](CVE-2024/CVE-2024-84xx/CVE-2024-8477.json) (`2024-10-10T03:15:02.300`)
+- [CVE-2024-8513](CVE-2024/CVE-2024-85xx/CVE-2024-8513.json) (`2024-10-10T02:15:03.323`)
+- [CVE-2024-8729](CVE-2024/CVE-2024-87xx/CVE-2024-8729.json) (`2024-10-10T02:15:03.550`)
+- [CVE-2024-8987](CVE-2024/CVE-2024-89xx/CVE-2024-8987.json) (`2024-10-10T02:15:03.757`)
+- [CVE-2024-9022](CVE-2024/CVE-2024-90xx/CVE-2024-9022.json) (`2024-10-10T03:15:02.523`)
+- [CVE-2024-9057](CVE-2024/CVE-2024-90xx/CVE-2024-9057.json) (`2024-10-10T02:15:03.960`)
+- [CVE-2024-9064](CVE-2024/CVE-2024-90xx/CVE-2024-9064.json) (`2024-10-10T02:15:04.163`)
+- [CVE-2024-9065](CVE-2024/CVE-2024-90xx/CVE-2024-9065.json) (`2024-10-10T02:15:04.363`)
+- [CVE-2024-9066](CVE-2024/CVE-2024-90xx/CVE-2024-9066.json) (`2024-10-10T02:15:04.567`)
+- [CVE-2024-9067](CVE-2024/CVE-2024-90xx/CVE-2024-9067.json) (`2024-10-10T03:15:02.740`)
+- [CVE-2024-9072](CVE-2024/CVE-2024-90xx/CVE-2024-9072.json) (`2024-10-10T02:15:04.773`)
+- [CVE-2024-9074](CVE-2024/CVE-2024-90xx/CVE-2024-9074.json) (`2024-10-10T03:15:02.963`)
+- [CVE-2024-9205](CVE-2024/CVE-2024-92xx/CVE-2024-9205.json) (`2024-10-10T02:15:04.980`)
+- [CVE-2024-9377](CVE-2024/CVE-2024-93xx/CVE-2024-9377.json) (`2024-10-10T02:15:05.183`)
+- [CVE-2024-9457](CVE-2024/CVE-2024-94xx/CVE-2024-9457.json) (`2024-10-10T02:15:05.390`)
+- [CVE-2024-9518](CVE-2024/CVE-2024-95xx/CVE-2024-9518.json) (`2024-10-10T02:15:05.590`)
+- [CVE-2024-9519](CVE-2024/CVE-2024-95xx/CVE-2024-9519.json) (`2024-10-10T02:15:05.787`)
+- [CVE-2024-9520](CVE-2024/CVE-2024-95xx/CVE-2024-9520.json) (`2024-10-10T03:15:03.177`)
+- [CVE-2024-9522](CVE-2024/CVE-2024-95xx/CVE-2024-9522.json) (`2024-10-10T02:15:06.013`)
+- [CVE-2024-9581](CVE-2024/CVE-2024-95xx/CVE-2024-9581.json) (`2024-10-10T02:15:06.227`)
+- [CVE-2024-9685](CVE-2024/CVE-2024-96xx/CVE-2024-9685.json) (`2024-10-10T02:15:06.440`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `4`
+Recently modified CVEs: `1`
 
-- [CVE-2024-23113](CVE-2024/CVE-2024-231xx/CVE-2024-23113.json) (`2024-10-10T01:00:01.433`)
+- [CVE-2024-28125](CVE-2024/CVE-2024-281xx/CVE-2024-28125.json) (`2024-10-10T02:15:02.830`)
-- [CVE-2024-47823](CVE-2024/CVE-2024-478xx/CVE-2024-47823.json) (`2024-10-10T00:15:02.553`)
-- [CVE-2024-9379](CVE-2024/CVE-2024-93xx/CVE-2024-9379.json) (`2024-10-10T01:00:01.433`)
-- [CVE-2024-9380](CVE-2024/CVE-2024-93xx/CVE-2024-9380.json) (`2024-10-10T01:00:01.433`)
 
 
 ## Download and Usage

_state.csv

@@ -245236,7 +245236,7 @@ CVE-2024-2311,0,0,4aac7ca25d4746b431ed7ccd5e7d3d99df50290a301a85fe7466f2339700b1
 CVE-2024-23110,0,0,1ac4a7144e9209f9a89949f05fe1e7cc8c377744b32bfb607f177f1a970f34e1,2024-08-23T02:45:28.487000
 CVE-2024-23111,0,0,752974f238ed1f3e5e428baa91d031d0aceea7be33f8a58b9a2a43bae855557c,2024-08-23T02:47:13.560000
 CVE-2024-23112,0,0,95e5175d7388e29c67df9af8c672941dd9e221ee4e0a1ee87f756c639ee8dad2,2024-03-15T14:51:58.497000
-CVE-2024-23113,0,1,e4a22a572f804e3f962d65a633155804365118f9caaa4bc464f5658928aefd90,2024-10-10T01:00:01.433000
+CVE-2024-23113,0,0,e4a22a572f804e3f962d65a633155804365118f9caaa4bc464f5658928aefd90,2024-10-10T01:00:01.433000
 CVE-2024-23114,0,0,7252a5a302093b43221ea76f9a6a29eda61311bf101ae44cd86a63862ce26956,2024-08-28T20:35:06.210000
 CVE-2024-23115,0,0,7b60c057c6ecb2992362930744ce2990e40a5ef55d9da25b0609baa5f284fa28,2024-04-02T12:50:42.233000
 CVE-2024-23116,0,0,b697b868738862e20bfb62cd043729402a6443f2a45a0bdae976d2a021726d27,2024-04-02T12:50:42.233000
@@ -249025,7 +249025,7 @@ CVE-2024-28120,0,0,31f0663194c3ae59508b649362ee2d5539147691a5912e9e045c000f7246f
 CVE-2024-28121,0,0,5d765bddd1522ef772672d7c5b7d192742701db6f681e7efbb273dbd45669d62,2024-03-13T21:16:00.460000
 CVE-2024-28122,0,0,84073f6c96d7936717c065299f48850cb9a25df36eb3f8060c8dc4aa02997344,2024-03-11T01:32:39.697000
 CVE-2024-28123,0,0,1f90dd93aca0d11a73a18e1eb6b5cda27a407eb4db9e34eaa0e325666a8f1c24,2024-03-21T12:58:51.093000
-CVE-2024-28125,0,0,7f0b2ff4edc64bb38a0ae0fa981d34a256be95c3adc6334cd99f96a6d79e27a8,2024-08-28T16:35:19.333000
+CVE-2024-28125,0,1,953399dc0066c168955135fde5f2c9781211fd2f93c7a22d357352e45ea3bb13,2024-10-10T02:15:02.830000
 CVE-2024-28126,0,0,81385e85c5a93c53bb47fe916edfff61f701ac34a4427a9e5bf459631bdea34d,2024-03-26T12:55:05.010000
 CVE-2024-28128,0,0,ff9121c55a5d465f19f3056b6278dc961489b664c0de60bae39143ce763e9dc9,2024-03-18T12:38:25.490000
 CVE-2024-2813,0,0,d92b59c3edc51ec01f06a151ea9186c3488c58069c0b5769bb5f8edad6a74d59,2024-05-17T02:38:31.770000
@@ -261582,7 +261582,7 @@ CVE-2024-47817,0,0,a8978e2cff17b63ee249f998983f4eff08d98ca0b11639ba8434d107030ba
 CVE-2024-47818,0,0,598d35845d5c9531ef399cca4570ef2326935f542cd6df2c80239a96fe7c21e2,2024-10-07T22:15:04.037000
 CVE-2024-4782,0,0,37dcdb14f7d23ae467b62646ac8eb504448e2a7781e3c175892c72dc54d3aebf,2024-08-19T13:00:23.117000
 CVE-2024-47822,0,0,1bb3c8fcad68cf5925eb2c4b3afc1ce650c6df3f807783d5dffddd106c4ce49b,2024-10-08T18:15:31.170000
-CVE-2024-47823,0,1,8320742a660378f6a01ad741722ead2a09f9e6be07616ac2e9eda6ddd367cc9a,2024-10-10T00:15:02.553000
+CVE-2024-47823,0,0,8320742a660378f6a01ad741722ead2a09f9e6be07616ac2e9eda6ddd367cc9a,2024-10-10T00:15:02.553000
 CVE-2024-47828,0,0,2ab43236050d709c1d1b37224db30aa1be8862c0e60a6ee5d60152971174cbfd,2024-10-09T19:15:14.423000
 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000
 CVE-2024-47832,0,0,b7e56eeac131fe4fefd7e3116d02da42a2ff171d36975cc192ba07793c3dca42,2024-10-09T19:15:14.647000
@@ -261709,10 +261709,12 @@ CVE-2024-4892,0,0,86d55410ceaf3ecac0b7906bf27b918d65f0ae499a5475505564f001e752da
 CVE-2024-4893,0,0,c4900f559bdc4a1c952ec15ffc0a407a7d0fc758594c29af597940962bf437f6,2024-05-15T16:40:19.330000
 CVE-2024-48933,0,0,7de0f4bfffca5deb1c74453cbef6b33cc0a48f7c75ec32bb2f0f5296d55482aa,2024-10-09T23:15:11.017000
 CVE-2024-4894,0,0,1906244d072f236ffca4e7ab82222b86cb7f201e42e01d4517f3ab933ca907f5,2024-05-15T16:40:19.330000
-CVE-2024-48941,1,1,a478a010fad052d976d7fee743b5553216cec10ffc9e36f57c76bed30d76a955,2024-10-10T00:15:02.673000
+CVE-2024-48941,0,0,a478a010fad052d976d7fee743b5553216cec10ffc9e36f57c76bed30d76a955,2024-10-10T00:15:02.673000
-CVE-2024-48942,1,1,afe00b24b361f1a17ca816956fa863245c8abdb1171f93cd4cfff531d632fd84,2024-10-10T00:15:02.737000
+CVE-2024-48942,0,0,afe00b24b361f1a17ca816956fa863245c8abdb1171f93cd4cfff531d632fd84,2024-10-10T00:15:02.737000
-CVE-2024-48949,1,1,a1844289d41db918a877296bf4ef92d8aa4561ffb6581c981df85622e133061c,2024-10-10T01:15:11.127000
+CVE-2024-48949,0,0,a1844289d41db918a877296bf4ef92d8aa4561ffb6581c981df85622e133061c,2024-10-10T01:15:11.127000
 CVE-2024-4895,0,0,f6b1e62d3b5bd64aea52e6768b6c469e049c941759a77bf99aa3b85ad7e20caa,2024-05-24T01:15:30.977000
+CVE-2024-48957,1,1,73839f04a6a96165341d199482994aebc143de5e587bd601cbca83d8cc83ad7e,2024-10-10T02:15:02.990000
+CVE-2024-48958,1,1,22f78a57ccd420052c6be988d1a59561d6af96249b350c2e358e9eab60208ea4,2024-10-10T02:15:03.057000
 CVE-2024-4896,0,0,20cc2dc19f323150528d4fb3a23b846b2e602fa65e075afe5dc2b86cb95d9c94,2024-05-22T12:46:53.887000
 CVE-2024-4897,0,0,b80483aa02f533d1f5c4695afa1f7ec5dae4ecfa8b472cf561efa5d05f8ff11d,2024-07-02T17:44:45.700000
 CVE-2024-4898,0,0,a64ada88476e7dbd5dca1f8ed9406bed15a3acb87fadbe7d9a4f3102502b7a67,2024-07-23T17:50:44.033000
@@ -263539,6 +263541,7 @@ CVE-2024-7037,0,0,b73ec5870d03d8f66bb84fbbe932020abb08e6efb8f99dbf4e1f1ab7eaa215
 CVE-2024-7038,0,0,182f910a9ab2ef469a30f74b37ebb0cc91121622585133274525ddf4bf610a6c,2024-10-09T19:15:14.930000
 CVE-2024-7041,0,0,688ed132bbfb1befffc795f35ed82a14fecd87e0cf303674c9fedf4eb1b11763,2024-10-09T20:15:09.683000
 CVE-2024-7047,0,0,21985a71701c23251b30e756f6f2c4f75baa147c34a8c282b34b811aa42e2336,2024-08-26T16:07:27.837000
+CVE-2024-7048,1,1,12f3403896e9a4059ff750f1971d744793a0e26cafaae7be39b178ed44bc9bc4,2024-10-10T02:15:03.113000
 CVE-2024-7050,0,0,f402c0a89ba2917236fe6639793bd54ee4751807250eba7a4dde84d4a362ffd7,2024-07-29T14:12:08.783000
 CVE-2024-7051,0,0,d0158d1d3b2cdd12dcaf8ff0c61b0f7cdef559e08a0a05011bfe1940648c764c,2024-08-30T16:15:10.960000
 CVE-2024-7054,0,0,c2f192d88d8b2a817d17540b8fda16fcd38e463cdb3b6d5e52e3cf243830add6,2024-08-20T15:44:20.567000
@@ -264618,6 +264621,7 @@ CVE-2024-8471,0,0,d4cac4daadf018326a13905f788e8fc27e503497a3cff6ab0ea980773a6f76
 CVE-2024-8472,0,0,a896e0fd54ff62d16feed47be0f08dd27e23a8a4def269ca8073766b75918cef,2024-09-06T11:44:34.543000
 CVE-2024-8473,0,0,0d318dfea88475fed5cabdbe761e188358c3ae35cd6d226ef3fe46f2f9041c00,2024-09-06T11:44:45.017000
 CVE-2024-8476,0,0,092ef960d66528d11d9417cebbf68782d16f414858b72459c24698ae73498ac1,2024-10-02T17:31:00.583000
+CVE-2024-8477,1,1,ff7de7984dd1ad3081b0134262dcabab579701effecde74fd9bcafce3cebade4,2024-10-10T03:15:02.300000
 CVE-2024-8478,0,0,175c7b9f94662d755813fa2228cd0539f44691d1180c4633af22a35129eb9a32,2024-09-26T15:53:44.297000
 CVE-2024-8479,0,0,895a7d94fd595e323b99eff6522688473ca450b242af8c3d5ea382e2a282a9b2,2024-09-27T16:12:10.427000
 CVE-2024-8480,0,0,73de76891190d432c360d36e1da93720f2abf11adbca08499bebf4ffb87eb2bd,2024-09-26T18:13:58.470000
@@ -264636,6 +264640,7 @@ CVE-2024-8504,0,0,8357da8291f04353fac31874868f2eb40b31e26be1555ef771437bf9554e80
 CVE-2024-8505,0,0,1c04e90354babae2df3035dc354852183330b8445c04d1f2331a89a32b3e4a48,2024-10-07T19:26:53
 CVE-2024-8508,0,0,095cff01fb00165e2108ed0a6b3f940edeffb7916515f1cc0f2ea48f2031a7c8,2024-10-04T13:50:43.727000
 CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000
+CVE-2024-8513,1,1,d98435b2706063c11b28bf88842139d7c4c98cc86f2c1c46faa85dba552c7ef6,2024-10-10T02:15:03.323000
 CVE-2024-8514,0,0,c58a76f0057441ba23f8e2f32e326770fb9d4e75db425aee0ab9e343556d5997,2024-10-02T19:59:17.080000
 CVE-2024-8515,0,0,2860d4fc2403ef731ebb5d2e3d51ef0155fe3387c99bac76ffcaa85980c8d253,2024-10-02T19:22:00.953000
 CVE-2024-8516,0,0,4c7cc8475226568ec7dcbebdfbb30107ff8998ef4ef82c2cfacac984d895c7fe,2024-10-02T19:22:44.933000
@@ -264774,6 +264779,7 @@ CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c496
 CVE-2024-8725,0,0,bda4a6515a704fa51f2d759f535270e57676d8c1b87d3a5cc5dc6f9e3d99ebf6,2024-10-01T14:16:42.727000
 CVE-2024-8727,0,0,cb79e2fb4f4e8ddff2e3cdbb1cbb30b7c8fce0689b3d497e10ebbff2e74dd2da,2024-10-04T13:51:25.567000
 CVE-2024-8728,0,0,d061a0a3e4a793bdc334c9b032908af2152405a24e9b06b2723d960e58ba5c92,2024-10-04T13:51:25.567000
+CVE-2024-8729,1,1,fc477b37b149e5719e375aedbd4c7c226e72d87402cf56cd4225e50bcacb4fe8,2024-10-10T02:15:03.550000
 CVE-2024-8730,0,0,ff380ede7d530472d7457d72280d0377e58fe499631b78029fd0dcbdd667a7f4,2024-09-26T19:58:33.353000
 CVE-2024-8731,0,0,17c6adda5eb698d4c05886ce56b7c8d24eb85ac20af08445719f350b3f8c3e38,2024-09-26T19:43:33.110000
 CVE-2024-8732,0,0,fdb5356750581bee2cd15ce9454648108e6d01424f144ebcf561e47c2245eaa8,2024-09-26T20:01:02.290000
@@ -264890,6 +264896,7 @@ CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b
 CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000
 CVE-2024-8983,0,0,b5ad10e9e9fe7aabd9cdc2054c7af15f8a7e59c36886f8fb214efeae5019cab1,2024-10-09T16:35:09.290000
 CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000
+CVE-2024-8987,1,1,20679c7ee3bd75b4c00ee0e75d48234984a160ba55ab32d39f91c1f49d4bcfe0,2024-10-10T02:15:03.757000
 CVE-2024-8989,0,0,caae46233d26ee2b67df93becf3adf518208e6bbacfb542b8b2dd6d9f605994c,2024-10-04T13:51:25.567000
 CVE-2024-8990,0,0,ebe58ed4a084d59384bf44303a373b31562e7163a1320c584d218212811f287c,2024-10-04T13:51:25.567000
 CVE-2024-8991,0,0,36ea31132f642cce3da65bf6a2c52220b14f1ba567442136b19c870ca92cc82c,2024-10-04T18:56:30.583000
@@ -264906,6 +264913,7 @@ CVE-2024-9011,0,0,31757df34dd4fee90035c8c1e734eec12ab6ab10926115bc714ff7e9ad5eea
 CVE-2024-9014,0,0,a8e29b928e7c02e09a31b50dee33eaa8cea5cb50c9cc022c5089f67468915a88,2024-09-26T13:32:55.343000
 CVE-2024-9018,0,0,e176c873e94bd3e2c4b29c05a28da23ed581266b7e7463040882baa285f3a6c4,2024-10-07T19:20:48.293000
 CVE-2024-9021,0,0,93698023032d4eb246e479be9f6d24aecd12130762d8d7646a36600ee90ad452,2024-10-09T16:35:09.457000
+CVE-2024-9022,1,1,6a59c8133caa2bc019becd023a05070174808d767645fdcdc68735523f5830ee,2024-10-10T03:15:02.523000
 CVE-2024-9023,0,0,8856d7ffdca739d2c0d1b85fb1ee05faeaf6947167077ac20feaa24f6c509db2,2024-10-01T14:39:38.370000
 CVE-2024-9024,0,0,29f2f073ee82aef300cee3fd954ac6dc4243aa67d5082fca2a65737992da04c1,2024-10-02T18:02:59.683000
 CVE-2024-9025,0,0,8c34a0621e4e149deefb96042ae2c7c0174789fb7b5db2c9c1ef1c4077be46cb,2024-10-01T13:44:23.667000
@@ -264929,12 +264937,19 @@ CVE-2024-9043,0,0,585c2a6b7b38dff44f8f31bab3e4cca50893ebff20d4d599fedd4ef31bc82e
 CVE-2024-9048,0,0,f4eeb8fc17937a04134cb85e4ff1d8e798c7887dad672c6adf3a86ffdd0c5d34,2024-09-30T13:00:48.613000
 CVE-2024-9049,0,0,43c64cc2e53580aadfacb0d92c10ebf9c72fa78495b0a90bf4d0f0f029260a77,2024-10-04T18:53:10.910000
 CVE-2024-9054,0,0,0d14c343d616ebc19e493649349714efeb90a8268a2c04aa86a752fc9f9af719,2024-10-07T17:48:28.117000
+CVE-2024-9057,1,1,169ed92c5ff8863dc5040febb079ff6f502559a8d506f1187777931e7a4f2cb8,2024-10-10T02:15:03.960000
 CVE-2024-9060,0,0,362dff7d92c4f79cdb773c7965db43bbd7eb0923ce5f0445c06b15d2c9fc0e79,2024-10-04T13:51:25.567000
 CVE-2024-9063,0,0,df96d256cb802a721004c9ac9223f80a26c192f9136fb3599130ecff1f9d6c94,2024-09-25T01:15:48.670000
+CVE-2024-9064,1,1,b57dbda2d8b6e6e2613e0a67e5e06b2eac08677d047933c3ac819b27eebfd0bc,2024-10-10T02:15:04.163000
+CVE-2024-9065,1,1,b8a922350a4a838c9e0d83d782af52166b937204fb0c86c038ebe16331853fbb,2024-10-10T02:15:04.363000
+CVE-2024-9066,1,1,7153219b99c051f0df9d026aca0db4258cfb089d3a5e6d69ce38a15936d134bf,2024-10-10T02:15:04.567000
+CVE-2024-9067,1,1,474e0176cbb3073b56ad556d89f71dcfb33318f7ce1c709c99fd2bbaaf9f7ac0,2024-10-10T03:15:02.740000
 CVE-2024-9068,0,0,01b6ceee3583b3b207ab2eeaf4c2684cbe8e9990b1a6178aa8ad730654493f98,2024-10-02T19:55:50.547000
 CVE-2024-9069,0,0,904bb0393747d55de1840c322bbad7ae9d27b3e14c3398a0999f4d003e7be886,2024-10-02T19:37:49.777000
 CVE-2024-9071,0,0,6a3b91964e28255133515a40cea9164b7d6e82b1113f289183d17f39a22489d5,2024-10-08T16:21:04.180000
+CVE-2024-9072,1,1,890808fe8f9a61e1feaf10dbc487db17380ddfd871219ec1ad57e516b1a84eff,2024-10-10T02:15:04.773000
 CVE-2024-9073,0,0,e1a3718934b1c8aa8070be1e5efd6407ed841e421f9f505c84906bd05d8d4d7e,2024-10-02T19:32:43.047000
+CVE-2024-9074,1,1,ef714e4c7a3d893c1a0e98bda98af9ba77482a2249f9ee1796de6f1a797a3b67,2024-10-10T03:15:02.963000
 CVE-2024-9075,0,0,3b33ab99769a9c852230df8e8b6083f862011911d6a5bcadbdc727ad6f83ab66,2024-09-30T15:27:39.313000
 CVE-2024-9076,0,0,8c57021a64484b6edbf7ffabe5a971516c1732fccafbf97d4089a67e7015212f,2024-09-27T16:14:04.977000
 CVE-2024-9077,0,0,b59a81d09978bed17f369329899086dd9d16ca13d3114e4823b03c2ad7c75c03,2024-09-27T16:31:52.923000
@@ -264995,6 +265010,7 @@ CVE-2024-9199,0,0,0d70434db3b8e5067294d8da03c36e695141f2bf7d8322fbb68a3bc3177abf
 CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000
 CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000
 CVE-2024-9204,0,0,8709d8f31d12084fc2eba23d41169bb9ba345e1a3d3bed7d676463fdbec26c9b,2024-10-04T13:50:43.727000
+CVE-2024-9205,1,1,8f5042f553febf92ff6071e329e5e704407918673ce8e329d989f95eb94a9cfe,2024-10-10T02:15:04.980000
 CVE-2024-9207,0,0,5836b45f1e3b6f3c0b90cd0a57c81bf3d815110bb015ec2874126aceaef92c8b,2024-10-08T11:15:13.870000
 CVE-2024-9209,0,0,02f8d10156b55c480185cf79dd6fdc61c3ca58517fd3619bf848f85895c40b93,2024-10-07T19:20:32.777000
 CVE-2024-9210,0,0,3a96d77d31ae9d7d03fb36944bbc08403b6a23f29847ff9570c75435783fa55d,2024-10-08T15:34:42.060000
@@ -265071,9 +265087,10 @@ CVE-2024-9360,0,0,9328fb4e6135929e3835e5c835fd869b8491fb46bae32eb4c5f02c6fc86a74
 CVE-2024-9368,0,0,e7a9c605e0cbf9cdb1d319aa8ea22e93a6f5e80855432922ca5e53112d3a4bc4,2024-10-04T13:50:43.727000
 CVE-2024-9372,0,0,10044aa8051896e85376f9c9a7c998e54b899918a5f49add6f2a59ddb1044af6,2024-10-04T13:50:43.727000
 CVE-2024-9375,0,0,a9c3ca594e219c636214fd2ce314e67161e6c9af25ea164279fc4bb791df9806,2024-10-04T13:50:43.727000
+CVE-2024-9377,1,1,4a89ac4c83337a7a9ccaf558b0409650e99efa90268cc0ac164076d6155ed4f2,2024-10-10T02:15:05.183000
 CVE-2024-9378,0,0,ced37e1766b174eaa8afe905f70c6bc3776421764713e21471018e4984150c99,2024-10-07T20:15:08.697000
-CVE-2024-9379,0,1,703ba59f46c27b4c9a81634b7ffa6a16d24f7bdc67c63aab96b4a5148055591a,2024-10-10T01:00:01.433000
+CVE-2024-9379,0,0,703ba59f46c27b4c9a81634b7ffa6a16d24f7bdc67c63aab96b4a5148055591a,2024-10-10T01:00:01.433000
-CVE-2024-9380,0,1,2037d2a4a238cf512644b0219683af760fbe6f206c09635b8a946c319ea8a207,2024-10-10T01:00:01.433000
+CVE-2024-9380,0,0,2037d2a4a238cf512644b0219683af760fbe6f206c09635b8a946c319ea8a207,2024-10-10T01:00:01.433000
 CVE-2024-9381,0,0,cc48b0c94354735826bd90917d8a4f1bd25f02a01e3be77523bffb72c1d63efa,2024-10-08T17:15:57.183000
 CVE-2024-9384,0,0,4f253b4f2066223670f6dee57b053f19faa6b05364caf5542c3a801535a8dd5a,2024-10-04T13:50:43.727000
 CVE-2024-9385,0,0,d5290e9b463ce80e3cb0a2758c2b2174c3a3323b0c1b53b476f1fa2df6ded1c1,2024-10-07T17:48:28.117000
@@ -265106,6 +265123,7 @@ CVE-2024-9445,0,0,0c93ce7f42df628ab9963b0c4991253722d7526551714beaaf6a06be3b0d53
 CVE-2024-9449,0,0,a97c6d10c8b04c0b2ba9306e37a8440eda5112028d07f60f30bea1d9431c3f84,2024-10-09T07:15:09.833000
 CVE-2024-9451,0,0,61aa4f71fe0ab792c97d101a7739a4f3bc5141915892cc9a79adc1735531429e,2024-10-09T08:15:05.160000
 CVE-2024-9455,0,0,ca7310e762dfcd09cbb5f1358b0e3644684d54725bcf9d8ec53a1dfcee667610,2024-10-07T17:48:28.117000
+CVE-2024-9457,1,1,a3f81fbef1dd7d1dbff3e68c1be3f38dbcfd9e33811950a5188886c9a9173cce,2024-10-10T02:15:05.390000
 CVE-2024-9460,0,0,d6ff22c922d7573d861145a9f9c7a3aa2a44b6806bef76282f2615732b02479a,2024-10-08T14:33:42.703000
 CVE-2024-9463,0,0,f13497b8f0b60e6e27c9901c2789e15050e4fdbc20807f021c8855b382953be1,2024-10-09T23:15:11.290000
 CVE-2024-9464,0,0,99a593d9b1195cd84d5c7e8c5dc3bbb5dc83cf53b5dd3defc462e16b4dd2a56e,2024-10-09T23:15:11.457000
@@ -265124,6 +265142,10 @@ CVE-2024-9484,0,0,09a6a45178e5434bfb1cb0415a67ebc11284aea03e94bd83c401b848478b5c
 CVE-2024-9513,0,0,8bf69fcd896ef2c6d740d4e3fb7359c13bcd3037f3f5c5ca172d72ee575fdaa7,2024-10-07T21:15:19.450000
 CVE-2024-9514,0,0,a0c385c9cad31170054b57880ea14385102aa94e9ee1a9b5619f4982b4ac92e4,2024-10-09T11:19:25.577000
 CVE-2024-9515,0,0,b319f60f83e92c55aa0a25714009b76d6e0da4210ce3c744b2eab53a0f6a8b5b,2024-10-09T11:19:00.897000
+CVE-2024-9518,1,1,12cf0bbbe97993dd60c18f4d19afa6b8cc84a5b6c06f21e0b53a100caa362576,2024-10-10T02:15:05.590000
+CVE-2024-9519,1,1,921de206056af820936bb74b3effaaf734fd6f653f2b085bcdfda79d009a0057,2024-10-10T02:15:05.787000
+CVE-2024-9520,1,1,c1c09f899eebf7c90772b78752ca6c33c9376395ddfcda172125a827cbf882b2,2024-10-10T03:15:03.177000
+CVE-2024-9522,1,1,900d9df82fccd7b2eaab46f9f611ccf58726137620e69b26363e3d18819e0003,2024-10-10T02:15:06.013000
 CVE-2024-9528,0,0,d6fcaf4387a113a292c5be1e6315aa1024df0cc79a828aebf7bc2fe429a4bc75,2024-10-07T17:48:28.117000
 CVE-2024-9532,0,0,b7f2aba05edad35ecf41f43ec9640effe332d3189a3ed38d97f2bf49866ac50d,2024-10-09T11:18:49.027000
 CVE-2024-9533,0,0,483ea201fb3f13623de51b6a803ec3c9d4b4a9f8d222ab5b1546c8a9a88ca771,2024-10-09T11:18:34.560000
@@ -265158,6 +265180,7 @@ CVE-2024-9573,0,0,58c75dd5695e86f3dd5971604e3d0b5f4fa9518dd900d56e54c2dcc37c5c33
 CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df72,2024-10-08T18:45:13.147000
 CVE-2024-9575,0,0,5319fb13c91be15843abb76d87e6d17457d37aebb68186f1a71e2b47b9eefe17,2024-10-09T14:35:13.220000
 CVE-2024-9576,0,0,349b41d5d275d2b69494dd85fe115130849861d9cddaab63cccbcfe5be8a03f5,2024-10-07T17:47:48.410000
+CVE-2024-9581,1,1,ef6b4fcb9791fefb373c8eb2076fff904758b37ce78821eb9f889a1bd5051ed7,2024-10-10T02:15:06.227000
 CVE-2024-9602,0,0,13c5133d85587ec02f04ab3df6b135286d0f9133ef132335e7faeadbfb7036e6,2024-10-09T17:35:16.980000
 CVE-2024-9603,0,0,5064a175167ae9dbaab5d5f0ba6b6e0d26b4de70a429a695addd7ebd760abbdf,2024-10-09T16:35:09.623000
 CVE-2024-9620,0,0,0379fb1d0864218f96bae79eafc674616cceed6a1d6b1c374718286d73008692,2024-10-08T17:15:57.357000
@@ -265166,3 +265189,4 @@ CVE-2024-9622,0,0,c63b888866eff50e6fa5697d58bf1e64edc668dfb35cefc907fc3210c84ae5
 CVE-2024-9671,0,0,f49c886ce75776b8468067e0383f68033c06188472cd5b55ea14fd7e423e32a2,2024-10-09T15:15:17.513000
 CVE-2024-9675,0,0,32e8840bd27965b8df5e5b7176aa0ce26bda0a9f22dcbac8c66cb0601f52b1b1,2024-10-09T15:15:17.837000
 CVE-2024-9680,0,0,1073a61fe81991e41ed256928cc5d8d5bc03a3ffd6b7dabd943fe9be59020a5c,2024-10-09T16:35:10.390000
+CVE-2024-9685,1,1,587a16c28fef49a7c446d42e2f8c2399f7acfb5c44d717d8aa46528c6e160880,2024-10-10T02:15:06.440000