From dd407d2ab0c871b12f7d014e425e3c1d58cb2a48 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sat, 15 Feb 2025 17:03:49 +0000
Subject: [PATCH] Auto-Update: 2025-02-15T17:00:20.500240+00:00

---
 CVE-2024/CVE-2024-138xx/CVE-2024-13834.json | 60 +++++++++++++++
 CVE-2025/CVE-2025-267xx/CVE-2025-26788.json |  6 +-
 CVE-2025/CVE-2025-267xx/CVE-2025-26793.json | 82 +++++++++++++++++++++
 README.md                                   | 14 ++--
 _state.csv                                  |  6 +-
 5 files changed, 159 insertions(+), 9 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13834.json
 create mode 100644 CVE-2025/CVE-2025-267xx/CVE-2025-26793.json

diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13834.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13834.json
new file mode 100644
index 00000000000..b3cff745de3
--- /dev/null
+++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13834.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13834",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-15T15:15:23.423",
+  "lastModified": "2025-02-15T15:15:23.423",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3240422/responsive-add-ons",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26788.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26788.json
index 7efcaf85da2..cba94940393 100644
--- a/CVE-2025/CVE-2025-267xx/CVE-2025-26788.json
+++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26788.json
@@ -2,7 +2,7 @@
   "id": "CVE-2025-26788",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-02-14T08:15:31.183",
-  "lastModified": "2025-02-14T08:15:31.183",
+  "lastModified": "2025-02-15T16:15:30.090",
   "vulnStatus": "Received",
   "cveTags": [],
   "descriptions": [
@@ -51,6 +51,10 @@
     {
       "url": "https://docs.strongkey.com/index.php/skfs-v3/skfs-release-notes",
       "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/",
+      "source": "cve@mitre.org"
     }
   ]
 }
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26793.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26793.json
new file mode 100644
index 00000000000..63ef764c9a1
--- /dev/null
+++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26793.json
@@ -0,0 +1,82 @@
+{
+  "id": "CVE-2025-26793",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-02-15T15:15:23.587",
+  "lastModified": "2025-02-15T15:15:23.587",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the \"vulnerable systems are not following manufacturers' recommendations to change the default password.\""
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:S/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "SAFETY",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "PRESENT",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1393"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.identiv.com/products/physical-access/hirsch/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 5ae1bda9656..877550a31c5 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-02-15T15:00:19.737645+00:00
+2025-02-15T17:00:20.500240+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-02-15T13:15:28.847000+00:00
+2025-02-15T16:15:30.090000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-281470
+281472
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-- [CVE-2025-0822](CVE-2025/CVE-2025-08xx/CVE-2025-0822.json) (`2025-02-15T13:15:28.847`)
+- [CVE-2024-13834](CVE-2024/CVE-2024-138xx/CVE-2024-13834.json) (`2025-02-15T15:15:23.423`)
+- [CVE-2025-26793](CVE-2025/CVE-2025-267xx/CVE-2025-26793.json) (`2025-02-15T15:15:23.587`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2025-26788](CVE-2025/CVE-2025-267xx/CVE-2025-26788.json) (`2025-02-15T16:15:30.090`)
 
 
 ## Download and Usage
diff --git a/_state.csv b/_state.csv
index f025beb5975..1ad50824b6c 100644
--- a/_state.csv
+++ b/_state.csv
@@ -246714,6 +246714,7 @@ CVE-2024-13821,0,0,5b1ee3d380f6761fb93008f96f770c5f4e5b232778bb2785f2bf8699e79c8
 CVE-2024-13829,0,0,b39aa81be1f98cadde5a8564db1794206153bbf387222b17a1b12873f0417acd,2025-02-05T06:15:31.257000
 CVE-2024-1383,0,0,59b5f34a837fb68b850c9929786dc2e35071d4c4d7ba3d2784cb584749f9b1cc,2024-11-21T08:50:27.733000
 CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000
+CVE-2024-13834,1,1,b3a753413a4c1c1c8fb1941598bdc1cadfaac89f934ae66577e6a8bb7cdc2403,2025-02-15T15:15:23.423000
 CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000
 CVE-2024-13841,0,0,4c93b1db402e8de05f25325df5694695bb31198aa5a04ae7b8d4b41a4bbb57ba,2025-02-07T07:15:14.573000
 CVE-2024-13842,0,0,2715c109473c50e2a4032d622fe5c5afbf3812f1d195d7554a06494928d68374,2025-02-11T16:15:39.513000
@@ -279047,7 +279048,7 @@ CVE-2025-0814,0,0,bfe2f7915210b62a55466da59b48e0bda396f9dfcd76c355bd6412d0b71073
 CVE-2025-0815,0,0,056c1ef757b2472b9fcd0969895cef9bf85847763cf4a093e3c2d6a037ca855e,2025-02-13T07:15:11.160000
 CVE-2025-0816,0,0,533bc9602517837c7cfc50eaffd15d88f401c009bd48fd94c44340c6f53905a3,2025-02-13T07:15:11.353000
 CVE-2025-0821,0,0,eef623ecbc4f931b67c977737dbf8b956ec963ba6d7dfab149142eb36bc3e525,2025-02-14T11:15:10.230000
-CVE-2025-0822,1,1,19eb63234ef431f63c50ebd89131653cdb608481cafa3dc46ad8d59b634f7d92,2025-02-15T13:15:28.847000
+CVE-2025-0822,0,0,19eb63234ef431f63c50ebd89131653cdb608481cafa3dc46ad8d59b634f7d92,2025-02-15T13:15:28.847000
 CVE-2025-0825,0,0,7f81ca19fb96d77c0731181ff23092e49d4e8a157f0a8fa4a0ca13f53bda7923,2025-02-04T15:15:19.420000
 CVE-2025-0834,0,0,239a6f08c2db88ce57ab64c699932d200eff33712703b8a8f00d02b01207348f,2025-01-30T09:15:09.703000
 CVE-2025-0837,0,0,2dd7973af6fce81a46dfa76902f2b5db7d3debf86d7a4a86f2d7e2515d71ea0b,2025-02-13T05:15:14.623000
@@ -281465,7 +281466,8 @@ CVE-2025-26577,0,0,cc2f8c1ac7aa0d1b35a1f7b5d360e0b2d07e13834785542e837aebe416cbf
 CVE-2025-26578,0,0,cd72ae9257326f25b0cb5e50eefc8b87bc4caefa625d6784329a0c22f9290202,2025-02-13T14:16:23.990000
 CVE-2025-26580,0,0,916e7b90eb27b1f7f000689c1c2c0d448ca25a3cef16eef15cec717bb455efdc,2025-02-13T14:16:24.250000
 CVE-2025-26582,0,0,6e8fe3f3ea1ebd2d8730cc1aef1506305d1a9b31eb701ca7bcc9103287dcd909,2025-02-13T14:16:24.407000
-CVE-2025-26788,0,0,64332a85fdb9912d1b73ed075990a903c9543c33a30078e66d3be5a1bd8bc2eb,2025-02-14T08:15:31.183000
+CVE-2025-26788,0,1,1ba864f8ac81a56163abfb386c84050b425d8eb039d7783af9b48ca3d178b538,2025-02-15T16:15:30.090000
 CVE-2025-26789,0,0,b98c32efc76bff07b26dd009ea99782108b024ce84abc7d87c0e368d23f6c39a,2025-02-14T08:15:31.357000
 CVE-2025-26791,0,0,26890395366e56c551a6ef36e1b66be0cbc180a8be1a68af298b9b716ff6b5e5,2025-02-14T16:15:37.350000
+CVE-2025-26793,1,1,23a8e0213a0ca1b8120177cee0a8b3703ebe8289aad842eda98d1b97dcb6bf7f,2025-02-15T15:15:23.587000
 CVE-2025-26819,0,0,7afd4e7cb03752c52e5526c11c2ec114770ff5f83e4468a7bb7571814f4cc158,2025-02-15T00:15:28.510000