admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-15T17:00:20.500240+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-15 17:03:49 +00:00
parent 01438f655a
commit dd407d2ab0
5 changed files with 159 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-138xx/CVE-2024-13834.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13834",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-15T15:15:23.423",
"lastModified": "2025-02-15T15:15:23.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3240422/responsive-add-ons",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2025/CVE-2025-267xx/CVE-2025-26788.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-26788",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-14T08:15:31.183",
"lastModified": "2025-02-14T08:15:31.183",
"lastModified": "2025-02-15T16:15:30.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -51,6 +51,10 @@
{
"url": "https://docs.strongkey.com/index.php/skfs-v3/skfs-release-notes",
"source": "cve@mitre.org"
},
{
"url": "https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/",
"source": "cve@mitre.org"
}
]
}

82
CVE-2025/CVE-2025-267xx/CVE-2025-26793.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-26793",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-15T15:15:23.587",
"lastModified": "2025-02-15T15:15:23.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the \"vulnerable systems are not following manufacturers' recommendations to change the default password.\""
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:S/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "SAFETY",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1393"
}
]
}
],
"references": [
{
"url": "https://support.identiv.com/products/physical-access/hirsch/",
"source": "cve@mitre.org"
},
{
"url": "https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/",
"source": "cve@mitre.org"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-15T15:00:19.737645+00:00
2025-02-15T17:00:20.500240+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-15T13:15:28.847000+00:00
2025-02-15T16:15:30.090000+00:00
```
### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
281470
281472
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
- [CVE-2025-0822](CVE-2025/CVE-2025-08xx/CVE-2025-0822.json) (`2025-02-15T13:15:28.847`)
- [CVE-2024-13834](CVE-2024/CVE-2024-138xx/CVE-2024-13834.json) (`2025-02-15T15:15:23.423`)
- [CVE-2025-26793](CVE-2025/CVE-2025-267xx/CVE-2025-26793.json) (`2025-02-15T15:15:23.587`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-26788](CVE-2025/CVE-2025-267xx/CVE-2025-26788.json) (`2025-02-15T16:15:30.090`)
## Download and Usage

6
_state.csv
View File

@ -246714,6 +246714,7 @@ CVE-2024-13821,0,0,5b1ee3d380f6761fb93008f96f770c5f4e5b232778bb2785f2bf8699e79c8
CVE-2024-13829,0,0,b39aa81be1f98cadde5a8564db1794206153bbf387222b17a1b12873f0417acd,2025-02-05T06:15:31.257000
CVE-2024-1383,0,0,59b5f34a837fb68b850c9929786dc2e35071d4c4d7ba3d2784cb584749f9b1cc,2024-11-21T08:50:27.733000
CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000
CVE-2024-13834,1,1,b3a753413a4c1c1c8fb1941598bdc1cadfaac89f934ae66577e6a8bb7cdc2403,2025-02-15T15:15:23.423000
CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000
CVE-2024-13841,0,0,4c93b1db402e8de05f25325df5694695bb31198aa5a04ae7b8d4b41a4bbb57ba,2025-02-07T07:15:14.573000
CVE-2024-13842,0,0,2715c109473c50e2a4032d622fe5c5afbf3812f1d195d7554a06494928d68374,2025-02-11T16:15:39.513000
@ -279047,7 +279048,7 @@ CVE-2025-0814,0,0,bfe2f7915210b62a55466da59b48e0bda396f9dfcd76c355bd6412d0b71073
CVE-2025-0815,0,0,056c1ef757b2472b9fcd0969895cef9bf85847763cf4a093e3c2d6a037ca855e,2025-02-13T07:15:11.160000
CVE-2025-0816,0,0,533bc9602517837c7cfc50eaffd15d88f401c009bd48fd94c44340c6f53905a3,2025-02-13T07:15:11.353000
CVE-2025-0821,0,0,eef623ecbc4f931b67c977737dbf8b956ec963ba6d7dfab149142eb36bc3e525,2025-02-14T11:15:10.230000
CVE-2025-0822,1,1,19eb63234ef431f63c50ebd89131653cdb608481cafa3dc46ad8d59b634f7d92,2025-02-15T13:15:28.847000
CVE-2025-0822,0,0,19eb63234ef431f63c50ebd89131653cdb608481cafa3dc46ad8d59b634f7d92,2025-02-15T13:15:28.847000
CVE-2025-0825,0,0,7f81ca19fb96d77c0731181ff23092e49d4e8a157f0a8fa4a0ca13f53bda7923,2025-02-04T15:15:19.420000
CVE-2025-0834,0,0,239a6f08c2db88ce57ab64c699932d200eff33712703b8a8f00d02b01207348f,2025-01-30T09:15:09.703000
CVE-2025-0837,0,0,2dd7973af6fce81a46dfa76902f2b5db7d3debf86d7a4a86f2d7e2515d71ea0b,2025-02-13T05:15:14.623000
@ -281465,7 +281466,8 @@ CVE-2025-26577,0,0,cc2f8c1ac7aa0d1b35a1f7b5d360e0b2d07e13834785542e837aebe416cbf
CVE-2025-26578,0,0,cd72ae9257326f25b0cb5e50eefc8b87bc4caefa625d6784329a0c22f9290202,2025-02-13T14:16:23.990000
CVE-2025-26580,0,0,916e7b90eb27b1f7f000689c1c2c0d448ca25a3cef16eef15cec717bb455efdc,2025-02-13T14:16:24.250000
CVE-2025-26582,0,0,6e8fe3f3ea1ebd2d8730cc1aef1506305d1a9b31eb701ca7bcc9103287dcd909,2025-02-13T14:16:24.407000
CVE-2025-26788,0,0,64332a85fdb9912d1b73ed075990a903c9543c33a30078e66d3be5a1bd8bc2eb,2025-02-14T08:15:31.183000
CVE-2025-26788,0,1,1ba864f8ac81a56163abfb386c84050b425d8eb039d7783af9b48ca3d178b538,2025-02-15T16:15:30.090000
CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c39a,2025-02-14T08:15:31.357000
CVE-2025-26791,0,0,26890395366e56c551a6ef36e1b66be0cbc180a8be1a68af298b9b716ff6b5e5,2025-02-14T16:15:37.350000
CVE-2025-26793,1,1,23a8e0213a0ca1b8120177cee0a8b3703ebe8289aad842eda98d1b97dcb6bf7f,2025-02-15T15:15:23.587000
CVE-2025-26819,0,0,7afd4e7cb03752c52e5526c11c2ec114770ff5f83e4468a7bb7571814f4cc158,2025-02-15T00:15:28.510000

Can't render this file because it is too large.