From de03ba6cad777407ba6227c0ce5ec078d2fcd124 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 9 Jan 2025 13:04:03 +0000 Subject: [PATCH] Auto-Update: 2025-01-09T13:00:40.135767+00:00 --- CVE-2024/CVE-2024-113xx/CVE-2024-11328.json | 76 ++++++++++ CVE-2024/CVE-2024-116xx/CVE-2024-11642.json | 60 ++++++++ CVE-2024/CVE-2024-116xx/CVE-2024-11686.json | 60 ++++++++ CVE-2024/CVE-2024-118xx/CVE-2024-11815.json | 60 ++++++++ CVE-2024/CVE-2024-119xx/CVE-2024-11907.json | 64 +++++++++ CVE-2024/CVE-2024-119xx/CVE-2024-11929.json | 60 ++++++++ CVE-2024/CVE-2024-120xx/CVE-2024-12067.json | 72 ++++++++++ CVE-2024/CVE-2024-121xx/CVE-2024-12122.json | 60 ++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12206.json | 60 ++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12218.json | 64 +++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12222.json | 60 ++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12249.json | 64 +++++++++ CVE-2024/CVE-2024-122xx/CVE-2024-12285.json | 60 ++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12330.json | 64 +++++++++ CVE-2024/CVE-2024-123xx/CVE-2024-12394.json | 60 ++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12491.json | 60 ++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12493.json | 64 +++++++++ CVE-2024/CVE-2024-124xx/CVE-2024-12496.json | 64 +++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12514.json | 64 +++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12515.json | 60 ++++++++ CVE-2024/CVE-2024-125xx/CVE-2024-12542.json | 60 ++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12605.json | 60 ++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12616.json | 60 ++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12618.json | 60 ++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12621.json | 64 +++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12819.json | 64 +++++++++ CVE-2024/CVE-2024-128xx/CVE-2024-12848.json | 68 +++++++++ CVE-2024/CVE-2024-57xx/CVE-2024-5769.json | 72 ++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6155.json | 60 ++++++++ CVE-2025/CVE-2025-03xx/CVE-2025-0349.json | 145 ++++++++++++++++++++ README.md | 53 +++---- _state.csv | 66 ++++++--- 32 files changed, 2047 insertions(+), 41 deletions(-) create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11328.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11642.json create mode 100644 CVE-2024/CVE-2024-116xx/CVE-2024-11686.json create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11815.json create mode 100644 CVE-2024/CVE-2024-119xx/CVE-2024-11907.json create mode 100644 CVE-2024/CVE-2024-119xx/CVE-2024-11929.json create mode 100644 CVE-2024/CVE-2024-120xx/CVE-2024-12067.json create mode 100644 CVE-2024/CVE-2024-121xx/CVE-2024-12122.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12206.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12218.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12222.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12249.json create mode 100644 CVE-2024/CVE-2024-122xx/CVE-2024-12285.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12330.json create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12394.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12491.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12493.json create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12496.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12514.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12515.json create mode 100644 CVE-2024/CVE-2024-125xx/CVE-2024-12542.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12605.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12616.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12618.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12621.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12819.json create mode 100644 CVE-2024/CVE-2024-128xx/CVE-2024-12848.json create mode 100644 CVE-2024/CVE-2024-57xx/CVE-2024-5769.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6155.json create mode 100644 CVE-2025/CVE-2025-03xx/CVE-2025-0349.json diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11328.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11328.json new file mode 100644 index 00000000000..1d37a175ae5 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11328.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-11328", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:08.717", + "lastModified": "2025-01-09T11:15:08.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/admin-views/class.module-ratings-page.php#L173", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L1228", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L1230", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L1242", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L788", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bcfe315-2db1-4f6c-9635-a7fdf5404adf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11642.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11642.json new file mode 100644 index 00000000000..495b83e00ce --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11642.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11642", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:10.187", + "lastModified": "2025-01-09T11:15:10.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The file included must have a .php extension." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ajax-filter-posts/tags/3.4.12/inc/Shortcode.php#L624", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b299a932-8167-4547-845b-637c4971360d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11686.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11686.json new file mode 100644 index 00000000000..4a005d89a89 --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11686.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11686", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:10.447", + "lastModified": "2025-01-09T11:15:10.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WhatsApp \ud83d\ude80 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/manycontacts-bar/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d623840-30d1-4599-a52d-08c28e190699?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11815.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11815.json new file mode 100644 index 00000000000..3f52be14664 --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11815.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11815", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:10.770", + "lastModified": "2025-01-09T11:15:10.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The P\u00f3sturinn\\'s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/posturinn/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a8dc0e3-ff3a-4abc-afca-eb1879603550?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11907.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11907.json new file mode 100644 index 00000000000..50b49edf0fa --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11907.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11907", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:11.240", + "lastModified": "2025-01-09T11:15:11.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/skyword-plugin/trunk/php/class-skyword-shortcode.php#L93", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/skyword-plugin/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/615eb349-c5ed-4b6e-bd60-b92b8790427f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11929.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11929.json new file mode 100644 index 00000000000..ae76d4e1157 --- /dev/null +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11929.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11929", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:11.447", + "lastModified": "2025-01-09T11:15:11.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/responsive-flipbook-plugin/2372863", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53b24f9a-f225-40b5-9937-f7449d4832df?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12067.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12067.json new file mode 100644 index 00000000000..fc247d64809 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12067.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-12067", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:11.647", + "lastModified": "2025-01-09T11:15:11.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Travel \u2013 Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-travel/trunk/app/inc/admin/class-wptravel-admin-assets.php#L17", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-travel/trunk/app/inc/admin/class-wptravel-admin-assets.php#L31", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-travel/trunk/inc/helpers/helpers-stat.php#L14", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-travel/trunk/inc/helpers/helpers-stat.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e0f38db-84bb-4ba9-9068-40937e78010d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12122.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12122.json new file mode 100644 index 00000000000..3b30984153a --- /dev/null +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12122.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12122", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:11.860", + "lastModified": "2025-01-09T11:15:11.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/resads/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0a544a-b5f3-41bf-9313-28188662ea56?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12206.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12206.json new file mode 100644 index 00000000000..70b0c75e4b9 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12206.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12206", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:12.070", + "lastModified": "2025-01-09T11:15:12.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218670%40pearl-header-builder&new=3218670%40pearl-header-builder&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4de0d05f-2f51-4fea-9520-ff07a882d95e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12218.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12218.json new file mode 100644 index 00000000000..07cf1871325 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12218.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12218", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:12.280", + "lastModified": "2025-01-09T11:15:12.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-check-pincode-zipcode-for-shipping/trunk/classes/pincode-list.php#L93", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/woocommerce-check-pincode-zipcode-for-shipping/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b79b5ae-7ce5-4065-8d7c-487df6752bc7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12222.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12222.json new file mode 100644 index 00000000000..81292a70544 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12222.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12222", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:12.490", + "lastModified": "2025-01-09T11:15:12.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018dvsfw_bulk_label_url\u2019 parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wc-shipos-delivery/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/377afb95-02d9-46b9-936d-3d58257dd928?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12249.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12249.json new file mode 100644 index 00000000000..bed7bf47569 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12249.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12249", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:12.683", + "lastModified": "2025-01-09T11:15:12.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gs-instagram-portfolio/tags/1.4.5/admin/Backend_Builder.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gs-instagram-portfolio/tags/1.4.5/admin/includes/Ajax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36f3e9be-9a4e-458d-92b3-687afc44696a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12285.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12285.json new file mode 100644 index 00000000000..995e03f6332 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12285.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12285", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:12.883", + "lastModified": "2025-01-09T11:15:12.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018catid\u2019 parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/sema-api/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42b9e16c-8e53-452d-9c0b-34c424d6f508?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12330.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12330.json new file mode 100644 index 00000000000..5294423c4b9 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12330.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12330", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:13.090", + "lastModified": "2025-01-09T11:15:13.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-530" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209380%40wp-database-backup&new=3209380%40wp-database-backup&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209387%40wp-database-backup&new=3209387%40wp-database-backup&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f36839b-850e-4c39-aa61-4fd7a89cd5bc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12394.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12394.json new file mode 100644 index 00000000000..a053b4e7eaf --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12394.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12394", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:13.310", + "lastModified": "2025-01-09T11:15:13.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/wp-action-network/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c90dadc9-0109-4ebd-8135-3efd26682ad9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12491.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12491.json new file mode 100644 index 00000000000..f0eca28e496 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12491.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12491", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:13.520", + "lastModified": "2025-01-09T11:15:13.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/simply-rets/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5c2d05-f6cb-4f97-b174-653ad3577b02?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12493.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12493.json new file mode 100644 index 00000000000..2d162075a10 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12493.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12493", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:13.727", + "lastModified": "2025-01-09T11:15:13.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/files-download-delay/trunk/post.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/files-download-delay/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/217f3595-3c35-46c1-a02c-e8829732a719?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12496.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12496.json new file mode 100644 index 00000000000..88d516c52f5 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12496.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12496", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:13.937", + "lastModified": "2025-01-09T11:15:13.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/linear/trunk/blocks/buy-commissions/buy-commissions.php#L213", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/linear", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25d6ee47-2a7b-486e-856b-336964b387ae?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12514.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12514.json new file mode 100644 index 00000000000..a36de3dada9 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12514.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12514", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:14.137", + "lastModified": "2025-01-09T11:15:14.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/3dvieweronline-wp/trunk/public/class-threedvieweronline-iframe-public.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/3dvieweronline-wp/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee1c9c62-d5b5-4213-ae5a-d3d4e9103d15?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12515.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12515.json new file mode 100644 index 00000000000..d5d6da22692 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12515.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12515", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:14.343", + "lastModified": "2025-01-09T11:15:14.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wordpress.org/plugins/masjidal/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e34b3df-ac18-4409-b8fe-b27c931f3aa3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12542.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12542.json new file mode 100644 index 00000000000..fb99e4e0928 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12542.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12542", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:14.550", + "lastModified": "2025-01-09T11:15:14.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/linkid/trunk/lib/linkid/linkid-sdk-php/util/index.php#L1", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2fe5315-37b7-4009-b2e5-909e6b5ed1da?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12605.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12605.json new file mode 100644 index 00000000000..0beba877f6e --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12605.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12605", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:14.763", + "lastModified": "2025-01-09T11:15:14.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the \"al_scribe_engine_request_data\" and \"al_scribe_content_data\" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/trunk/article_builder.php#L713", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52a8718f-2c4d-4da1-a81f-e93dff3fa43b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12616.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12616.json new file mode 100644 index 00000000000..04da829396e --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12616.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12616", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:14.970", + "lastModified": "2025-01-09T11:15:14.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-bitly/trunk/includes/class-wp-bitly-auth.php#L115", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1312c34-45c6-41e5-b6fc-a45ac2c8a0ca?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12618.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12618.json new file mode 100644 index 00000000000..21f0b652d4d --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12618.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12618", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:15.193", + "lastModified": "2025-01-09T11:15:15.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/newsletter2go/trunk/gui/N2Go_Gui.php#L294", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09b2d763-63ce-4cc7-aa04-589bb8697ce9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12621.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12621.json new file mode 100644 index 00000000000..1cdca1da43b --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12621.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12621", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:15.417", + "lastModified": "2025-01-09T11:15:15.417", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/tags/3.0.8/lib/Shortcode.php#L24", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/tags/3.0.8/lib/Shortcode.php#L81", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60c0db19-deda-4b95-a341-cf33883dc9b4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12819.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12819.json new file mode 100644 index 00000000000..8d98d8a1703 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12819.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12819", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:15.657", + "lastModified": "2025-01-09T11:15:15.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/searchie/trunk/SIO/Shortcodes/WidgetsEmbed.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/searchie/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8abed8c7-0c3f-4054-a116-82ce47d605de?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12848.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12848.json new file mode 100644 index 00000000000..8e23ff7bc9f --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12848.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12848", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:15.870", + "lastModified": "2025-01-09T11:15:15.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/skt-builder/trunk/sktbuilder.php#L960", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213786%40skt-builder&new=3213786%40skt-builder&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218995%40skt-builder&new=3218995%40skt-builder&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89e3cef3-c1aa-4df7-a9f9-1ca5837643e1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5769.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5769.json new file mode 100644 index 00000000000..0b04be32de5 --- /dev/null +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5769.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-5769", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:16.127", + "lastModified": "2025-01-09T11:15:16.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/mimo-woocommerce-order-tracking/tags/1.0.2/mimo-woocommerce-order-tracking.php#L137", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mimo-woocommerce-order-tracking/tags/1.0.2/mimo-woocommerce-order-tracking.php#L264", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mimo-woocommerce-order-tracking/tags/1.0.2/mimo-woocommerce-order-tracking.php#L292", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mimo-woocommerce-order-tracking/tags/1.0.2/mimo-woocommerce-order-tracking.php#L322", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47c666b1-1ac2-4764-bbee-385ec321a580?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6155.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6155.json new file mode 100644 index 00000000000..450803cb860 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6155.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6155", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-09T11:15:16.330", + "lastModified": "2025-01-09T11:15:16.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/8.9.8/settings.php#L1385", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json new file mode 100644 index 00000000000..4eb5fe7707e --- /dev/null +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0349.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0349", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T11:15:16.547", + "lastModified": "2025-01-09T11:15:16.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wy876/cve/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.477048", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8c203dd6fcf..24c2470ecc9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-09T11:00:22.223054+00:00 +2025-01-09T13:00:40.135767+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-09T10:15:07.700000+00:00 +2025-01-09T11:15:16.547000+00:00 ``` ### Last Data Feed Release @@ -33,37 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276427 +276457 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `30` -- [CVE-2024-12802](CVE-2024/CVE-2024-128xx/CVE-2024-12802.json) (`2025-01-09T09:15:06.587`) -- [CVE-2024-13153](CVE-2024/CVE-2024-131xx/CVE-2024-13153.json) (`2025-01-09T09:15:07.243`) -- [CVE-2025-0345](CVE-2025/CVE-2025-03xx/CVE-2025-0345.json) (`2025-01-09T09:15:09.220`) -- [CVE-2025-0346](CVE-2025/CVE-2025-03xx/CVE-2025-0346.json) (`2025-01-09T09:15:09.393`) -- [CVE-2025-0347](CVE-2025/CVE-2025-03xx/CVE-2025-0347.json) (`2025-01-09T10:15:07.170`) -- [CVE-2025-0348](CVE-2025/CVE-2025-03xx/CVE-2025-0348.json) (`2025-01-09T10:15:07.700`) +- [CVE-2024-11929](CVE-2024/CVE-2024-119xx/CVE-2024-11929.json) (`2025-01-09T11:15:11.447`) +- [CVE-2024-12067](CVE-2024/CVE-2024-120xx/CVE-2024-12067.json) (`2025-01-09T11:15:11.647`) +- [CVE-2024-12122](CVE-2024/CVE-2024-121xx/CVE-2024-12122.json) (`2025-01-09T11:15:11.860`) +- [CVE-2024-12206](CVE-2024/CVE-2024-122xx/CVE-2024-12206.json) (`2025-01-09T11:15:12.070`) +- [CVE-2024-12218](CVE-2024/CVE-2024-122xx/CVE-2024-12218.json) (`2025-01-09T11:15:12.280`) +- [CVE-2024-12222](CVE-2024/CVE-2024-122xx/CVE-2024-12222.json) (`2025-01-09T11:15:12.490`) +- [CVE-2024-12249](CVE-2024/CVE-2024-122xx/CVE-2024-12249.json) (`2025-01-09T11:15:12.683`) +- [CVE-2024-12285](CVE-2024/CVE-2024-122xx/CVE-2024-12285.json) (`2025-01-09T11:15:12.883`) +- [CVE-2024-12330](CVE-2024/CVE-2024-123xx/CVE-2024-12330.json) (`2025-01-09T11:15:13.090`) +- [CVE-2024-12394](CVE-2024/CVE-2024-123xx/CVE-2024-12394.json) (`2025-01-09T11:15:13.310`) +- [CVE-2024-12491](CVE-2024/CVE-2024-124xx/CVE-2024-12491.json) (`2025-01-09T11:15:13.520`) +- [CVE-2024-12493](CVE-2024/CVE-2024-124xx/CVE-2024-12493.json) (`2025-01-09T11:15:13.727`) +- [CVE-2024-12496](CVE-2024/CVE-2024-124xx/CVE-2024-12496.json) (`2025-01-09T11:15:13.937`) +- [CVE-2024-12514](CVE-2024/CVE-2024-125xx/CVE-2024-12514.json) (`2025-01-09T11:15:14.137`) +- [CVE-2024-12515](CVE-2024/CVE-2024-125xx/CVE-2024-12515.json) (`2025-01-09T11:15:14.343`) +- [CVE-2024-12542](CVE-2024/CVE-2024-125xx/CVE-2024-12542.json) (`2025-01-09T11:15:14.550`) +- [CVE-2024-12605](CVE-2024/CVE-2024-126xx/CVE-2024-12605.json) (`2025-01-09T11:15:14.763`) +- [CVE-2024-12616](CVE-2024/CVE-2024-126xx/CVE-2024-12616.json) (`2025-01-09T11:15:14.970`) +- [CVE-2024-12618](CVE-2024/CVE-2024-126xx/CVE-2024-12618.json) (`2025-01-09T11:15:15.193`) +- [CVE-2024-12621](CVE-2024/CVE-2024-126xx/CVE-2024-12621.json) (`2025-01-09T11:15:15.417`) +- [CVE-2024-12819](CVE-2024/CVE-2024-128xx/CVE-2024-12819.json) (`2025-01-09T11:15:15.657`) +- [CVE-2024-12848](CVE-2024/CVE-2024-128xx/CVE-2024-12848.json) (`2025-01-09T11:15:15.870`) +- [CVE-2024-5769](CVE-2024/CVE-2024-57xx/CVE-2024-5769.json) (`2025-01-09T11:15:16.127`) +- [CVE-2024-6155](CVE-2024/CVE-2024-61xx/CVE-2024-6155.json) (`2025-01-09T11:15:16.330`) +- [CVE-2025-0349](CVE-2025/CVE-2025-03xx/CVE-2025-0349.json) (`2025-01-09T11:15:16.547`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `0` -- [CVE-2024-13205](CVE-2024/CVE-2024-132xx/CVE-2024-13205.json) (`2025-01-09T09:15:07.417`) -- [CVE-2024-45496](CVE-2024/CVE-2024-454xx/CVE-2024-45496.json) (`2025-01-09T09:15:07.600`) -- [CVE-2024-6508](CVE-2024/CVE-2024-65xx/CVE-2024-6508.json) (`2025-01-09T09:15:07.767`) -- [CVE-2024-7387](CVE-2024/CVE-2024-73xx/CVE-2024-7387.json) (`2025-01-09T09:15:07.903`) -- [CVE-2025-0237](CVE-2025/CVE-2025-02xx/CVE-2025-0237.json) (`2025-01-09T09:15:08.027`) -- [CVE-2025-0238](CVE-2025/CVE-2025-02xx/CVE-2025-0238.json) (`2025-01-09T09:15:08.197`) -- [CVE-2025-0239](CVE-2025/CVE-2025-02xx/CVE-2025-0239.json) (`2025-01-09T09:15:08.357`) -- [CVE-2025-0240](CVE-2025/CVE-2025-02xx/CVE-2025-0240.json) (`2025-01-09T09:15:08.513`) -- [CVE-2025-0241](CVE-2025/CVE-2025-02xx/CVE-2025-0241.json) (`2025-01-09T09:15:08.667`) -- [CVE-2025-0242](CVE-2025/CVE-2025-02xx/CVE-2025-0242.json) (`2025-01-09T09:15:08.763`) -- [CVE-2025-0243](CVE-2025/CVE-2025-02xx/CVE-2025-0243.json) (`2025-01-09T09:15:08.917`) -- [CVE-2025-0247](CVE-2025/CVE-2025-02xx/CVE-2025-0247.json) (`2025-01-09T09:15:09.067`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1444f189211..a41d2222ce6 100644 --- a/_state.csv +++ b/_state.csv @@ -244294,6 +244294,7 @@ CVE-2024-11323,0,0,b21512b61028c73cc1de57f12898b09b963c30c0d7f4179739451d39c1bfb CVE-2024-11324,0,0,55d7ccc413e27e03ca55705c584d56ff127a26670d0ff07867577116e215726f,2024-12-05T10:31:39.313000 CVE-2024-11325,0,0,96d539af849f72e86bc30d45c134273d928f773df65fa65b9a7fb4618c89893e,2024-12-03T10:15:05.067000 CVE-2024-11326,0,0,9d10d6c9af70a4b37660df9be6daba459c823e11b8e9209053dea842d431fc47,2024-12-03T11:15:04.867000 +CVE-2024-11328,1,1,0bd1c3ce5dca1f2a86ef0622d98e37cfd0511ee02971591ae8d409fd39fbf623,2025-01-09T11:15:08.717000 CVE-2024-11329,0,0,b8078055ea1294f92cc83861c7101c3b3e6c5146a8621a33052ed2acc467efe1,2024-12-07T02:15:17.707000 CVE-2024-1133,0,0,4ebc6a2651d5348692c359f9763049862ae951f3b0834af00edeaa957870768c,2024-11-21T08:49:52.210000 CVE-2024-11330,0,0,18ebd923deefc9a9bb5d0708c49f6927dd28806fb2a49775faee5c7db402775d,2024-11-23T07:15:03.737000 @@ -244571,6 +244572,7 @@ CVE-2024-11634,0,0,0e2d7b37ec82ce83fed6bdfe701bc5f2686fac239cb6656f7c455143c516f CVE-2024-11635,0,0,79551e3678bb1b6e8af2e6c56ac6d09d40e00e1be731bce08075cc39984c1b57,2025-01-08T08:15:24.117000 CVE-2024-11639,0,0,0210e46589d8e363ac9b295eb4432d5b1bb6755405d9d65212946ea82705ab83,2024-12-10T19:15:19.690000 CVE-2024-1164,0,0,ea75a9ac84fb05bc5899ed5764c236687fb5121f662769fb6e46971a20a2f34a,2024-11-21T08:49:56.530000 +CVE-2024-11642,1,1,81515b64b1b61c37dba72524ff38246072ba416173946fc68a33149b2c54bd39,2025-01-09T11:15:10.187000 CVE-2024-11643,0,0,ae78ce4f54b48c77ffb4df12d001ddabc5e672affe5a377c6c988d0deb6a52af,2024-12-04T16:15:24.177000 CVE-2024-11644,0,0,38b2c694eddaad1da45e24d2b7150693eba2499ddb691622394ace7d3593825d,2024-12-27T19:15:07.400000 CVE-2024-11645,0,0,c608ae27d81e6acc05944526d79b8330c84a4e23791c7ed889680dd0f094154a,2024-12-27T19:15:07.557000 @@ -244617,6 +244619,7 @@ CVE-2024-11682,0,0,560590a5be0c603e71436f75adade57eb313e8dad3069a7dc031cb3c6f8d4 CVE-2024-11683,0,0,c5c34a549f676b6e4bfb5a3fd3e5626bf20a1dd88602d5be54893cdf8cd9f992,2024-12-12T04:15:06.490000 CVE-2024-11684,0,0,12cb277c9205905669ffa100f303ceaebc405f85837f54097728fa8f404b4d50,2024-11-28T09:15:04.793000 CVE-2024-11685,0,0,ac2887e3bedadf93f8263266da035f2c90903ee2e66a4074483ee4f2d7f8e8dd,2024-11-28T09:15:04.950000 +CVE-2024-11686,1,1,b948abf534061d8c2aa9e6f64a60c2e0f0c926071d1f7532ea68af0b03379fa7,2025-01-09T11:15:10.447000 CVE-2024-11687,0,0,5e77fbcd46b583a4f084d8bcc3492702fbc8999eee40cfff605d5263f17d5ba6,2024-12-06T09:15:07.303000 CVE-2024-11688,0,0,8d8a43b07b745617ea451bc11d9802776a561f6818ffe3d6e83d98ef6a879a1d,2024-12-21T10:15:06.733000 CVE-2024-11689,0,0,083793777007e12786b393e59e70bbd36f5df589b4b26e2949eb5844a08ab45f,2024-12-12T04:15:06.657000 @@ -244743,6 +244746,7 @@ CVE-2024-11811,0,0,de10a3ae4822973dd993404053b9029fe9aac56c38d9c3c2b8c2699bef5d0 CVE-2024-11812,0,0,df32cc25c5bb5c5dcc725bf487d9704dded6625df8d19e9336934b5d64e1e261,2024-12-20T07:15:11.373000 CVE-2024-11813,0,0,47a3a35561cd3c4cfbe2425cc2aa9f8596afbe4dae47aa0811b6748805370891,2024-12-04T03:15:05.227000 CVE-2024-11814,0,0,2a13f9fe8be8eabbe1cb3354ac6af91e2a65c049708e435975b8ce27567d551d,2024-12-04T10:15:05.007000 +CVE-2024-11815,1,1,1c338dc05d62597f50fb04d3312b75ba17f9f73e3b5391315d3e569ff151c072,2025-01-09T11:15:10.770000 CVE-2024-11816,0,0,44a8365b70415c54e1c2796c79be1d73f9ddd09db3f5e6b7378fefb8ad6935db,2025-01-08T04:15:06.380000 CVE-2024-11817,0,0,9a66a0fca3306ba25f6938738b8c35626d89b0596c6acf3b5c6bd12c17a8843e,2024-12-03T15:15:41.753000 CVE-2024-11818,0,0,03353c8ea92f63bcb93155865a1eb5dbe1fed70391bddfd4d8cf954b882838c4,2024-12-03T15:06:10.997000 @@ -244820,6 +244824,7 @@ CVE-2024-11903,0,0,1fb664847ae87ab093a142384297236893b764bd45b68ea230b1dd002c36e CVE-2024-11904,0,0,cfe02e1e018fdb745163b14d85560843145fb371b7c3a3b355230dde5ae64d47,2024-12-07T02:15:18.263000 CVE-2024-11905,0,0,89d6ac7c0a69a770b8b688d45d6603a876edf464b165240c1b0f17863d68bf47,2024-12-17T00:15:06.073000 CVE-2024-11906,0,0,03234e0c61cd2ad73ce555c614f3ac9a8664ab2fc7213639ae1c28053e931f89,2024-12-17T00:15:06.217000 +CVE-2024-11907,1,1,032f983aa134921859b6bb3383d5475112b21b6fbf03021f2aeb154fd0431262,2025-01-09T11:15:11.240000 CVE-2024-1191,0,0,ef0e46725fd632855b77f99b24f8a76187525aa45f002df92acf431759b3a65c,2025-01-02T15:09:32.670000 CVE-2024-11910,0,0,7cdc56d220bb226d66f2e09af7dfa09212676d67ef40d93704c67462fa98d7df,2024-12-13T09:15:06.543000 CVE-2024-11911,0,0,caa0b453641ff9f186639ae770eb52db38531714654a626a4eab9e32db68000f,2024-12-13T09:15:07.083000 @@ -244832,6 +244837,7 @@ CVE-2024-11921,0,0,8d14fd5ac89466ae906ad741ca0367246b772d6837be889940ee25bf6694b CVE-2024-11925,0,0,77043a2dc07077ec38aa584033543217cc9fb39ce00751159aa83ba0aa54cc6b,2024-11-28T07:15:05.267000 CVE-2024-11926,0,0,12ad1d9fc49995c8eb92feee3b52ec9fafd14557b209a764d700401682560722,2024-12-18T12:15:09.107000 CVE-2024-11928,0,0,4eb81c3b991253e17b093831750d2f60d8030675796e16e7e29cc29429037a0b,2024-12-10T11:15:07.220000 +CVE-2024-11929,1,1,8deaa721c21e8d2ea81f795c01ca49300230626a98edc172bb677bbd08c1e1f8,2025-01-09T11:15:11.447000 CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000 CVE-2024-11930,0,0,3d6f16686fbf2f10ff523adfd2c8cbb605e12592056b32937532511e03efa5aa,2025-01-04T09:15:05.880000 CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000 @@ -244934,6 +244940,7 @@ CVE-2024-12061,0,0,e705f6d208be0412d9e4e1ed849702d7bdef1edc0803b726bf0fe97bd2731 CVE-2024-12062,0,0,72735736917491b453ec9a8b66f16471859e8308b17c93b657198e604c611c2f,2024-12-03T10:15:05.493000 CVE-2024-12064,0,0,5bbffd5016c2c66c65f1cad07469a2c9304ddde32e6765225186e453c653a401,2024-12-05T22:15:20.080000 CVE-2024-12066,0,0,b8b74ff74daf8006195a72a7866cbbcaf66d537ba02c482e9dfaf1c6e82963a9,2024-12-21T07:15:08.907000 +CVE-2024-12067,1,1,6a03fcf12bf72536cea254282433d0797e729d3e25197c51a24b4806379b69aa,2025-01-09T11:15:11.647000 CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af06c,2024-11-21T08:50:02.457000 CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000 CVE-2024-12073,0,0,475cbc36cb5ae8f88984192a7bf4a297e0f4afe77d63eaa7029ef51bd04b08b1,2025-01-07T06:15:15.367000 @@ -244963,6 +244970,7 @@ CVE-2024-12112,0,0,cb0f7873248fd4a1fa61695f98ef1eefe20e324e4ad567998bdfa3d468a39 CVE-2024-12115,0,0,e6944683813361fa4999b92dbfb5849d2d0c20bc3f6186b671317bdf2839435d,2024-12-07T02:15:18.653000 CVE-2024-1212,0,0,c6c0d98b39fe69ac963e13ef16e93aec1a62abd1466de44e7788f638a4921cfa,2024-11-21T08:50:03.010000 CVE-2024-12121,0,0,03702b315699ac0a86731f33a73d0aefd1ecc16bf8d72dc7730c1bb362033b62,2024-12-19T02:15:22.610000 +CVE-2024-12122,1,1,cd1f78c8c596258a19e9ed3e4a0459f757b23ea59e2546cc9293883a9975ed13,2025-01-09T11:15:11.860000 CVE-2024-12123,0,0,3314f70340307f7968d2c224d2753ec462f128bd5dd04a8f7d840d35f281e69e,2024-12-04T04:15:04.430000 CVE-2024-12124,0,0,0fd98c73daa8d1ce9959268c0475817b20b4d7ca8ce2793643bde29f6970a1fc,2025-01-07T05:15:14.340000 CVE-2024-12126,0,0,b0f00c4bf0b4302d6115af0d6af3b97db152c00b497d912443ec3c39ea9a8c54,2025-01-07T05:15:14.533000 @@ -245026,6 +245034,7 @@ CVE-2024-12200,0,0,23413f89ab73dcfe4f53913520af84d44004f8074e56a4f24db9e34101f9d CVE-2024-12201,0,0,24aea21415169e4ceff164eedb7fa32646ef24d523e6e014144846720c08c29c,2024-12-12T07:15:09.607000 CVE-2024-12202,0,0,de392d017a2cde554eddfd34575adabf2f2bb89cd4dcf190c1f3aa8d5126404e,2025-01-07T08:15:25.090000 CVE-2024-12205,0,0,047d79feb29ebf288479cef73d13ee19472dab8c826e2da0e7c21592d5e5973e,2025-01-08T05:15:09.667000 +CVE-2024-12206,1,1,3e46952e21139ddfb31587b140482f6dad3077922fdd1dff103fd72547e4dedc,2025-01-09T11:15:12.070000 CVE-2024-12207,0,0,76c8fa95f11590dc49aa5b062e9bb5af48aaa9477d134f7c1609580bb8e1c8b2,2025-01-07T05:15:16.080000 CVE-2024-12208,0,0,e03ecc3884be8ef44ef5a077ba53c4a05754ec74a94b603c1e749a21b3975365,2025-01-07T05:15:16.270000 CVE-2024-12209,0,0,965d45920161ad8379a478313464ecb572a2b8b8ed1bf056a1646168e0b8105f,2024-12-08T06:15:04.823000 @@ -245033,10 +245042,12 @@ CVE-2024-1221,0,0,c833d2d1840e5e81b3c325295532e3c4cac8ba514abb434d638a7c419bdc43 CVE-2024-12210,0,0,fcdbe73e10e5bb8e25626395e1c0b8dfb21d78601eb91a6e83c928772c0881ff,2024-12-24T06:15:32.973000 CVE-2024-12212,0,0,4068a90166bc858f8bfa4c7fe1dbc180f7e4e033930f31a1b74471c9abd7763b,2024-12-13T01:15:05.810000 CVE-2024-12214,0,0,e5bb0332e0fe01f5cc924fbc7ed5aea720d65c55a0e9216597df8548b18bb334,2025-01-07T05:15:16.470000 +CVE-2024-12218,1,1,809d0382d9b5aef64cfa79e748563ce0ac486797007d9144ac5f2a54d1521c12,2025-01-09T11:15:12.280000 CVE-2024-12219,0,0,30a275e193bbba91aa16bdcd2e01caf0ae8c253910825d417094094009d7c6a9,2024-12-17T08:15:05.010000 CVE-2024-1222,0,0,ff0f67607974451388d42ae6b90b2e9690717b801a6493a4e7aa508a94c6883e,2024-11-21T08:50:05.110000 CVE-2024-12220,0,0,5a9af5863bd9968393d1012c1c5f5fb4875db98205155149f405e76579a2b19e,2024-12-17T08:15:05.393000 CVE-2024-12221,0,0,8fad08691cce151fb30093e1018ac5dece558333693419a9442736a1f5767a8b,2025-01-04T10:15:06.410000 +CVE-2024-12222,1,1,6f911132db72679ec1b57ef45db6f2fd945a8358f5cbfadf2f176b9557b4ca82,2025-01-09T11:15:12.490000 CVE-2024-12227,0,0,c353a784c73b22c93b545f7e3c07e2ff77771e5d977f7464354ff7113388628f,2024-12-05T14:15:19.400000 CVE-2024-12228,0,0,cba3b66c66f8b74b7da0219a0273d1dd0c005a65d0aca4a38c9a6589b54985c9,2024-12-10T23:19:04.773000 CVE-2024-12229,0,0,aa44844c8d830c107b3760370b58cb504158d7d7c510be09891b02a376b9c9ac,2024-12-10T23:19:31.487000 @@ -245053,6 +245064,7 @@ CVE-2024-12238,0,0,0b2506120279c72470fe6ced119aba981e066d08bdac68bd9b96e39e9d942 CVE-2024-12239,0,0,6402c790bc7203c11dca14fab5982d0c29c8034f8baef3a6d7c350a55d38d141,2024-12-17T03:15:06.710000 CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a0658e,2024-11-21T08:50:05.487000 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000 +CVE-2024-12249,1,1,e41070fc4bf83345dc6d2dc8cee93585cb3e872e74f6c9c591576d93f6051cce,2025-01-09T11:15:12.683000 CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000 CVE-2024-12250,0,0,e5f748db33ee246e1110b31eaf24b071ff8e9ad960657a91bc37454c3187e14e,2024-12-18T04:15:07.657000 CVE-2024-12252,0,0,d2a36d6f8519946aa283013662310c3484c591468bc446e63c62515e57b10fb1,2025-01-07T05:15:16.660000 @@ -245079,6 +245091,7 @@ CVE-2024-12272,0,0,cbbb238a5fc49c4ada4f96dbd5ec3bf6a1bab33a6ad37ef5b0235e516631a CVE-2024-12279,0,0,9733fcc263294614cb14c679edb202184bedb7555bf9f6fd2b2bb344049bfd1a,2025-01-04T12:15:24.453000 CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44ef,2024-11-21T08:50:06.280000 CVE-2024-12283,0,0,27e00fa0bc574ce5113c52cfd02ee2100414eb1f36a7d99001797949356bf37d,2024-12-11T09:15:05.697000 +CVE-2024-12285,1,1,dde19ea03fdaebfbd1b6e3d3f9ceea86db4ad162960843ba0e822816f5844c7b,2025-01-09T11:15:12.883000 CVE-2024-12286,0,0,a2cf97a2f897256d80732f72cb83c0245f2eb4e867cc795bfeda6550048be20a,2024-12-10T18:15:27.150000 CVE-2024-12287,0,0,3bd2321de0e3063fd87782574573766f363076382fc77605ade9039fc3997618,2024-12-18T07:15:07.040000 CVE-2024-12288,0,0,2b34fc8eb4709b34f9e1bbef958cf604197d6b5c8258b4549867810433c5a64e,2025-01-07T05:15:17.243000 @@ -245111,6 +245124,7 @@ CVE-2024-12327,0,0,33b53efc3ce56f726d317632e9f42265ea308a0bd5237c993a51a1f8709d6 CVE-2024-12328,0,0,944a330a612f4e13424878c3385e8e468ce4bce8a42713319a6ece116278bf79,2025-01-08T09:15:06.780000 CVE-2024-12329,0,0,66dd2e3f2af8b0b1aca8274acaafc22644d93ff908c884984769d59605f22905,2024-12-12T07:15:10.607000 CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000 +CVE-2024-12330,1,1,6eab4a4395916f5dad5a9e40a1992449475768589a16984ede0554ee6f2c5c26,2025-01-09T11:15:13.090000 CVE-2024-12331,0,0,1854f15311a9fd512bedfae9559249a253ffa3b6afc48825c570d85f65b5b458,2024-12-19T12:15:05.330000 CVE-2024-12332,0,0,9ade021f05f8b6e21164a241020abeabd975e39004cb00e9e2b83269848afc43,2025-01-07T05:15:18.687000 CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000 @@ -245154,6 +245168,7 @@ CVE-2024-12383,0,0,cef6b512c28673e57747095580f46f3d1a23cd2ac5dd948f3ffe8185e568c CVE-2024-12384,0,0,cd7118b6e6ac25f91cd1e0a0d2656f02763a1bb4ed18e9935c8cccb732d09818,2025-01-07T06:15:15.983000 CVE-2024-1239,0,0,a515a367dab4b48d00e7f390a15c0d107266b53b28358b9f5ebf3476b0a625f5,2024-11-21T08:50:08.180000 CVE-2024-12393,0,0,f3d3d4aeb55dacdbdda4d3e84dd9efd2b47893e24f5c1cd3a62a5960b9b718f2,2024-12-11T17:15:14.657000 +CVE-2024-12394,1,1,3c16ea6482aefa41bfcc98b24ea81521e985224b77c50f31eb90829703f7737f,2025-01-09T11:15:13.310000 CVE-2024-12395,0,0,75ff5ef98722c35fb11d383db877ddbb73a300c7cb334e918191d763e24090f0,2024-12-17T12:15:20.377000 CVE-2024-12397,0,0,661288be67552f431f0a0bf144bed2d313b12b592e50cdc78451d7c1272f6fb5,2024-12-12T09:15:05.570000 CVE-2024-1240,0,0,28733ede53b96385ee0de4a7c5187b3db0d925b1e4ab6e977522dc277dee75de,2024-11-19T19:04:53.913000 @@ -245225,8 +245240,11 @@ CVE-2024-12488,0,0,e61763695faa4ad98c5d9271fdbb8c43d58c48ce22137674ec8ef0c993695 CVE-2024-12489,0,0,34e8581bdf334a189a2ffc1badc0f4ef832f78206f67eec3963135fc8b168dac,2024-12-12T17:38:15.650000 CVE-2024-1249,0,0,9c5a57e06c52f317cf27f7cc2217e068f960e2413695cebf0a7e0dc21397817d,2024-11-21T08:50:09.153000 CVE-2024-12490,0,0,1555e4125b1bbd18e44ad154504a390e80c730aff0638a2c04280c85da66dcf1,2024-12-12T17:15:09.233000 +CVE-2024-12491,1,1,f4a6cd5ae8cd15ec93ddff9954fa785b5160288fa3e58ecfe39ed76df766f4c6,2025-01-09T11:15:13.520000 CVE-2024-12492,0,0,d916ae3db37806ef5451c78588e17d1a804f7c9a228c6c5f62bb3eeb89f366ac,2024-12-13T17:12:51.283000 +CVE-2024-12493,1,1,efe052c720ad59502974aa45ccae295f4bb8cf8efaa1119d98ac2f35388481ce,2025-01-09T11:15:13.727000 CVE-2024-12495,0,0,9154f8226ee53936cd846cde00b2209b4fce5f48828264320b815ca9724f0f08,2025-01-07T07:15:27.370000 +CVE-2024-12496,1,1,f2addd62db7137bd6763564fec0c8bc7565bd52bce1366d93a5b3e1eb199a497,2025-01-09T11:15:13.937000 CVE-2024-12497,0,0,2fa5c57c56d5261d14e7efca34ea444e21df46aee84c2eede506aff4e7856847,2024-12-13T17:13:18.457000 CVE-2024-12499,0,0,ebf971fda2646d8a484d4f57e044f8d010f0e527c3a9209865656c9f745545db,2025-01-07T07:15:27.570000 CVE-2024-1250,0,0,c54b18c5c3077dc882ddb080c03b243e2860ef906533ea0af6c558156b694109,2024-11-21T08:50:09.347000 @@ -245239,6 +245257,8 @@ CVE-2024-12507,0,0,f098eff6e3ef53742e66474a6ac17418c00af6d9e6800445130b20da01af7 CVE-2024-12509,0,0,8448cb7b981b452e7bee8263b7d56776b70a911630dc0596718dc3941caa2300,2024-12-20T07:15:12.177000 CVE-2024-1251,0,0,8c0214d9f05a1f50e84514dc27e8bafe56d249b59ef6b0b677b5e947e572faed,2024-11-21T08:50:09.497000 CVE-2024-12513,0,0,6393dedffea01c8a6ef2142d1a8a9d6ba57b27f731b145d36f16e844db01eb62,2024-12-18T03:15:26.427000 +CVE-2024-12514,1,1,2548af16b7c91a222b8384bb3ca53727a0b945f9424a3eb93ee4bfa911f184de,2025-01-09T11:15:14.137000 +CVE-2024-12515,1,1,09dd4a0c49aa32e74192a256344ff33ed3a3398ea0769ff4f67849bb3b5cbe4b,2025-01-09T11:15:14.343000 CVE-2024-12516,0,0,e41b8f7326a1ff9d5fbcf49901d9bff7bf07cbba6980171c82a8cc823c6f0a6e,2025-01-07T08:15:25.290000 CVE-2024-12517,0,0,4d330b1d19e40313cc9a81f9b8784c01c801f44b6fb4859786e4a9a0d1f904a4,2024-12-14T05:15:11.453000 CVE-2024-12518,0,0,e836e2bda2de8df1c322fb96b28c258a6308fb3f7a0cbb3b5a146ac83d3fa431,2024-12-24T05:15:06.827000 @@ -245256,6 +245276,7 @@ CVE-2024-12539,0,0,bf2bc8684b4967ec9692452689aaa296f660969c9ab0dd0ec9b638e64908a CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c91,2024-11-21T08:50:09.993000 CVE-2024-12540,0,0,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000 CVE-2024-12541,0,0,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000 +CVE-2024-12542,1,1,1b5e410a01b2b0740ac7510602b06694fb755dcb9bfac836e50106821a16986c,2025-01-09T11:15:14.550000 CVE-2024-12545,0,0,5409af2cc867f9cbfaa0048cd65660c930731d490c0e60928807d15814cab2e6,2025-01-04T08:15:06.363000 CVE-2024-1255,0,0,5935182eb4eb024c7cf7e3cda464e0c74472c4e58bc0030bb090a2a8f708b72f,2024-11-21T08:50:10.150000 CVE-2024-12552,0,0,8443c6d0851e2c1de6fc0e2780c54c711d712f43dce29b5a9fc2e07cff55adf4,2024-12-13T23:15:05.553000 @@ -245293,9 +245314,13 @@ CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9 CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f8244,2024-11-21T08:50:10.880000 CVE-2024-12601,0,0,f9b91f2d20d6914a3b5ca3c9af2a431f615ff9e20926a30171bf1c35967a6eba,2024-12-17T12:15:20.543000 CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74875,2024-12-13T03:15:05.187000 +CVE-2024-12605,1,1,3bdf7d532555875acf78841a61b04c8cd0013768cae69cd76b5f6d3250698131,2025-01-09T11:15:14.763000 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000 +CVE-2024-12616,1,1,12117fcf52b11bd06f0b2df3a48b15a3d855d5a677e047656ff1ff12b92b9905,2025-01-09T11:15:14.970000 CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000 +CVE-2024-12618,1,1,b478a453538536543bd730a64ae602daa7473e6b349f6190223b5fc78b8cb9f5,2025-01-09T11:15:15.193000 CVE-2024-1262,0,0,b26d9641a8cbc2c5642fa36dfff4a6fef92b6772e7113385af431217d75dfe5b,2024-11-21T08:50:11.167000 +CVE-2024-12621,1,1,0ddaf419150cd8fdc2837c3a9faac9cadc9db887558cc641f9d053a7c959dd70,2025-01-09T11:15:15.417000 CVE-2024-12622,0,0,44dabce1b6e9706e1913dedf06e830c5e84e3b2aacb10e32270b16def1e102ad,2024-12-24T06:15:33.433000 CVE-2024-12624,0,0,c77e80fce8bb7cfbd6622ffb693e19a17da83ef3696c2a0a7c37bae9a130d383,2025-01-07T07:15:27.747000 CVE-2024-12626,0,0,dc01f58442ef4eb4425488c755c4a1d0852a1ed618c4541c829e9e2584781b84,2024-12-19T12:15:06.160000 @@ -245400,11 +245425,12 @@ CVE-2024-12793,0,0,2902a16bfecddc21a8d8d04e8f0997250ef373c3635003ef32f9127592c72 CVE-2024-12794,0,0,1f45437b8b28f90cd480ff6b28049ee2f0d50b6e09b9de7825840b2430eeb83b,2025-01-06T14:40:23.127000 CVE-2024-12798,0,0,5bd2c8c2d17a4f0af35e3d86ea1aab510b9864bd24d1725787e693a4849fe677,2025-01-03T14:15:24.370000 CVE-2024-12801,0,0,0e0d6365f891eca7b68a17e99dee519237772ad2d2b9b95e05e08c492aa73c2f,2025-01-03T14:15:24.500000 -CVE-2024-12802,1,1,02e0d4499664dae94f894abf5b14a3696a760858576f720ade3983b2933a550f,2025-01-09T09:15:06.587000 +CVE-2024-12802,0,0,02e0d4499664dae94f894abf5b14a3696a760858576f720ade3983b2933a550f,2025-01-09T09:15:06.587000 CVE-2024-12803,0,0,39b13515bd90582cf33d0ed4f88d02f6b7dfc604d3edbbab329fd26f0ea79caa,2025-01-09T08:15:26.007000 CVE-2024-12805,0,0,88244c73e27c67bc8006e84c4e0b60b1c6b6d146df3eb2fafe424e792ef9edfa,2025-01-09T08:15:26.247000 CVE-2024-12806,0,0,9ca03f14d28b1eb09c39d6105bff209df4089157e217b8603b11751d7e40ad7a,2025-01-09T08:15:26.417000 CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000 +CVE-2024-12819,1,1,d2bcfc7e7b1d427da08a10d74e72152ade55c9e09e00d5003c319f78e194c4b8,2025-01-09T11:15:15.657000 CVE-2024-1282,0,0,e6b07825f0f3597687613e3a6164d0e157f6f527c33c61eb8d90ec07193bdec2,2024-11-21T08:50:13.520000 CVE-2024-12828,0,0,a29f7d175d08af9e9a3e3b2d9a239843d4c47c7b84f9529c7b9ddf19ae5c7fea,2024-12-30T17:15:07.717000 CVE-2024-12829,0,0,b6def8373fb939ecec35d929ec57c311d0480519af7a0919a5038b5b832e9ed5,2025-01-03T17:46:48.507000 @@ -245425,6 +245451,7 @@ CVE-2024-12843,0,0,0238e674ff4a2f2823631a9cac361a4395bebdd053f8f32556861c5f8a605 CVE-2024-12844,0,0,5c0e1e9f12ccd3e7b6409ec6f9fa62b1ac61e24d0cd9ed98d53a582ec95f3c0b,2025-01-07T18:45:15.590000 CVE-2024-12845,0,0,a476f9ae604ca9ba196326844e481285fd755f33cc18c52bebc4a8c43fca5e80,2025-01-07T18:35:19.607000 CVE-2024-12846,0,0,e4c252bde2ca9af2e00706946ce2eb14da53254be655d485961e368b0c87d8ac,2024-12-21T05:15:07.373000 +CVE-2024-12848,1,1,2d29b233ac5706cf0ebef89ef8e274a8d0b86e90355ee65e22b0956f32d44c16,2025-01-09T11:15:15.870000 CVE-2024-12849,0,0,1ec1f74cc5622df60afc70cfedb69ebca5791587da5e6e97ed85991f051e26c4,2025-01-07T06:15:17.607000 CVE-2024-1285,0,0,6f25c863c73c3b70a1777f6b7ea15f17f9158b6669df8af6e4411802154a74d9,2025-01-08T17:13:54.647000 CVE-2024-12850,0,0,075205b205303999a6a29790d3e10f6b915eaaea804fbc90dec0f08e9b7ce1f4,2024-12-24T10:15:06.033000 @@ -245647,7 +245674,7 @@ CVE-2024-13143,0,0,c2afc4876e46cd380fd1d10a980312da4d2e603db0d42920d20cd1d81d1bf CVE-2024-13144,0,0,bc673dcb37833b727fc98157fce26807cef4c158cb3987428cbd5bd61bbe52b2,2025-01-06T00:15:05.633000 CVE-2024-13145,0,0,5293851792dc3cb6491b0cda78aca9c898b2b603a3534d53245e0430e746e1ed,2025-01-06T01:15:06.253000 CVE-2024-1315,0,0,e1f16e3b2be06db6b65befc45bb21c6efb290182d3477c01a71033b0effe0c2a,2024-11-21T08:50:18.373000 -CVE-2024-13153,1,1,de78f1f4efaeeb4981941c568d7dd7c0ad017670abfea047339f3d3542b071c5,2025-01-09T09:15:07.243000 +CVE-2024-13153,0,0,de78f1f4efaeeb4981941c568d7dd7c0ad017670abfea047339f3d3542b071c5,2025-01-09T09:15:07.243000 CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000 CVE-2024-13173,0,0,f1a33d2e3c9b2cf91c9a53b07743d77111624711ca1e4fa83f21d1b344cad8f0,2025-01-08T15:15:16.577000 @@ -245674,7 +245701,7 @@ CVE-2024-13201,0,0,98f9e9029ecdad1b3085258c9d21a620f38d90ac00edbfea61330f3072ab2 CVE-2024-13202,0,0,fcc0d41315cbf872ad3f8ed3c4bf434e97528b65abb99250267aa9cd85514824,2025-01-09T03:15:24.220000 CVE-2024-13203,0,0,819c261d60fcd7e19a6b1cc262670172b97a373b3e5bcd2e58b29355523bf351,2025-01-09T03:15:24.410000 CVE-2024-13204,0,0,29b356ed8e68b4bf4c454a187403ce827799c9b4a8c71e1fb3c28ca6727e9acb,2025-01-09T03:15:24.603000 -CVE-2024-13205,0,1,eab2280f118cc878917b605ffe82a4e3281effe9ad63660bef82b0a134012d58,2025-01-09T09:15:07.417000 +CVE-2024-13205,0,0,eab2280f118cc878917b605ffe82a4e3281effe9ad63660bef82b0a134012d58,2025-01-09T09:15:07.417000 CVE-2024-13206,0,0,3592680ac4f9d21850041d74074be88a605be70d439b1229b27538d812be260a,2025-01-09T04:15:10.990000 CVE-2024-13209,0,0,ba59362766f93c6d18b5a8987b5e8a847432c789f656b7315b541fc0de12a958,2025-01-09T04:15:11.683000 CVE-2024-1321,0,0,64c53fddfcf700442bf3bc09eea0aa8fb2f1c68b08bca44e74ca22c8291fb906,2024-11-21T08:50:19.770000 @@ -265536,7 +265563,7 @@ CVE-2024-45492,0,0,6ab18bae2a19d3274e46d846526a2c9caf05018be54190e57425083d757a6 CVE-2024-45493,0,0,63ded12e1cce66753793ae82bef6c61efd91f10fe98a5bd1c054c3ddfbe0becc,2024-12-17T19:15:06.287000 CVE-2024-45494,0,0,e62b8176d74731dfdb1c9ebc3d4575fcabd14aac12deeb9776633eac1b50aecb,2024-12-17T19:15:06.497000 CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000 -CVE-2024-45496,0,1,f647c5447ed213c353caf91ddf707bc78331ddddcd98c233146cc0a0d9ee301a,2025-01-09T09:15:07.600000 +CVE-2024-45496,0,0,f647c5447ed213c353caf91ddf707bc78331ddddcd98c233146cc0a0d9ee301a,2025-01-09T09:15:07.600000 CVE-2024-45497,0,0,8f10e5d1340565ce5f36ecaf4b2e6fa88136b7550ee676f0b4149fba415b5f50,2024-12-31T03:15:05.543000 CVE-2024-45498,0,0,ca7ab14623fe44aa59d843f355963b5b1f5525ef3bebc4a2486921426a009155,2024-11-21T09:37:51.613000 CVE-2024-4550,0,0,d020c2baa57a4c8c78c6437cdbbe1c555a0bddf99dab5627801ef1d8b20c6e80,2024-09-14T11:47:14.677000 @@ -272580,6 +272607,7 @@ CVE-2024-5765,0,0,e5003ba3f530e37b105db973fc0ab01852d52d4c3a3d40c99dc1f996aa54e2 CVE-2024-5766,0,0,cdfccc92ec2c159269346acd4c1a0ac28434fd31fc36fe70d66da845920ad03f,2024-11-21T09:48:18.263000 CVE-2024-5767,0,0,83b611dd489bb163f66e83f90bca18a4479f0bb38020979c04a07f5718f3596b,2024-11-21T09:48:18.420000 CVE-2024-5768,0,0,6c9ff2121591327d1892929b36d619819744c12030a51756837ec582065802b9,2024-11-21T09:48:18.613000 +CVE-2024-5769,1,1,8050ee07c9faa3b2614fde11774d0d6b1fdea284928125d18129fd88f30e7524,2025-01-09T11:15:16.127000 CVE-2024-5770,0,0,918380eecb24f860d41c083e6e9a778682d01ec1efa0eb8b0287a3dccfe91d0a,2024-11-21T09:48:18.730000 CVE-2024-5771,0,0,8829a844c7846b06bb23778fad93312a505e31e0f93087e15ef0b64a0b36f535,2024-11-21T09:48:18.863000 CVE-2024-5772,0,0,04004702ec5106d11d8a70be9a1c34eceae4a60526afd5c3eb12e840c71e6683,2024-11-21T09:48:19.003000 @@ -272933,6 +272961,7 @@ CVE-2024-6151,0,0,4b327b1a740911613192b717f6588a19b86c3c3cf5c7049ca65e021c1c9bc3 CVE-2024-6152,0,0,56e39ec64bc38c4079fcca10d552cf2ac8153d4adf04ef1eb4977bff49f15926,2024-11-21T09:49:04.580000 CVE-2024-6153,0,0,aae068275d4c4e63555b57416b174ee8f2e1ff96ec75d6bff3d4c959289ad262,2024-11-21T09:49:04.707000 CVE-2024-6154,0,0,44eb11c4fcc6c6616a2ed49e485a415327653c78c87a2ef8353cb2a27dda49c2,2024-11-21T09:49:04.847000 +CVE-2024-6155,1,1,6269e95ed083e7f1c2e2f7772635bea6c0eaaf87604204bdc729029f42997067,2025-01-09T11:15:16.330000 CVE-2024-6156,0,0,ed2080432a92897efaf31c0ac3d09606d8e76b43d503d06d631742410471368e,2024-12-06T00:15:04.380000 CVE-2024-6157,0,0,5be8de9f177d4f5bffe03509876e18a408a381753d90da1ebea280d1d882e02c,2024-10-15T12:58:51.050000 CVE-2024-6158,0,0,259665afaf15722a4d969735b84a2bbadf645404975cbe690c673aedfdc3c5bf,2024-08-13T15:35:29.740000 @@ -273255,7 +273284,7 @@ CVE-2024-6504,0,0,fad0ade8c88ad6e8496cfe0d237856169f53f8a93210eadd259fe3abd75e2e CVE-2024-6505,0,0,21aa9ddf3ebc6b3515263ded9b2cee589115bfdb04b0eceea7d24129ed687c73,2024-11-21T09:49:46.400000 CVE-2024-6506,0,0,1a9cee5d897bff8909e0a3bb27604c626e57ed4bbd4bb54c8f2bd8e2e572b480,2024-11-21T09:49:46.537000 CVE-2024-6507,0,0,687ddf6520b599b09dc3a1d8aab83ca78b8392e14671ddde76f4a9814b88169c,2024-11-25T13:15:07.517000 -CVE-2024-6508,0,1,52de2f9db1bae89555ac7f7a0971e5d71f1b68c7d83dedf5c4b0916b92a29272,2025-01-09T09:15:07.767000 +CVE-2024-6508,0,0,52de2f9db1bae89555ac7f7a0971e5d71f1b68c7d83dedf5c4b0916b92a29272,2025-01-09T09:15:07.767000 CVE-2024-6509,0,0,90d894af5048ed3f0f64d638b676864ae566d58ef707a1e4890279c66c4ecf68,2024-11-29T06:15:07.640000 CVE-2024-6510,0,0,b5f4271053f188471e3e35f9aca13c4993fc4e8f43ff33784781597a6cac8f1f,2024-10-02T17:17:46.450000 CVE-2024-6511,0,0,d521b24465eff12b0c8151a58c6c8010152bbabe6c86ea5dd1a924fa2f64baf8,2024-11-21T09:49:47.060000 @@ -274019,7 +274048,7 @@ CVE-2024-7383,0,0,7beeface4302f9b7cabdff180768add34a64cc9c1a8e549a14d10aa1dc8f69 CVE-2024-7384,0,0,72665cefc9bc5e7a4bb167b33f41e91e76bc71ffdb470737af7a5454b0f8a7ba,2024-09-27T13:15:28.443000 CVE-2024-7385,0,0,101c941ce4234279ac93469f4d75a71718ff61f7f4f159a8cf136648a29532f0,2024-10-02T19:35:26.523000 CVE-2024-7386,0,0,623f13cd2bc79eb32d7c88560297357b78b3ef2e7abbbf45c8d9ab2e2aff0739,2024-09-26T13:32:02.803000 -CVE-2024-7387,0,1,c2f7dcf02cdd17901d7de24823d83c3c0d3eb2f86ae88f5e8ad91fb71d3849b1,2025-01-09T09:15:07.903000 +CVE-2024-7387,0,0,c2f7dcf02cdd17901d7de24823d83c3c0d3eb2f86ae88f5e8ad91fb71d3849b1,2025-01-09T09:15:07.903000 CVE-2024-7388,0,0,832d23d5406547c0193a4b31c0fd589fd6f309473f42f5bd0b1b9a8f787e7450,2024-08-13T12:58:25.437000 CVE-2024-7389,0,0,cab381fcf4b9b71264f141b348bf1292afa8da6fe747dc8fe0784ecf6d792fc5,2024-11-21T09:51:25.673000 CVE-2024-7390,0,0,62257d50cfac87a87bf72bf184895cbf9edf65dcbcd5b500828f71bf6dd1b693,2024-09-27T17:45:05.590000 @@ -276224,17 +276253,17 @@ CVE-2025-0230,0,0,da56c380fbd78e0c1f33c2e3a59c91c27f8ad01a46dc235a12db28093892ee CVE-2025-0231,0,0,73ba5b334ad5db7bd7f18e0277fa8cbe48a99916bc557dd1170e5fb52d78d868,2025-01-05T22:15:05.540000 CVE-2025-0232,0,0,bbb1f8dd03cca1cfde501a9cda5da15f541da213c05bfee0e291ed634d921d4c,2025-01-05T22:15:05.767000 CVE-2025-0233,0,0,5ed4a33582b9d256ec10fa7176aad6ab5c25b941c467fc43ba8899ab1d384b8a,2025-01-05T23:15:07.320000 -CVE-2025-0237,0,1,0b751bd6b34602b7f4016b4315ae89eb52ba9b85f7e29c77deaa4b8d978ed818,2025-01-09T09:15:08.027000 -CVE-2025-0238,0,1,d61e0c1ab93e15f75affeb2cd81f13435188b17e117fb24770ef3eba2003f283,2025-01-09T09:15:08.197000 -CVE-2025-0239,0,1,0f263f44b2da53877b60ef1934370203b8addac1a331dc64a04a2eff62174b0b,2025-01-09T09:15:08.357000 -CVE-2025-0240,0,1,c69bbfd2c6326ce3090e62e372d341b68729615a4388aff2a4b92f2c232fb7c1,2025-01-09T09:15:08.513000 -CVE-2025-0241,0,1,4c166f86574c263a185a4c3fecf418950105464db70810e33e44575c571c3963,2025-01-09T09:15:08.667000 -CVE-2025-0242,0,1,6e3ffe62eab5a260ad145f0774aa93a7590007f7e30a1b6b7fd39c7d565b3e01,2025-01-09T09:15:08.763000 -CVE-2025-0243,0,1,117a57037c84082e44064bbeb1055284d87eb96171b291191011e49dd59c7343,2025-01-09T09:15:08.917000 +CVE-2025-0237,0,0,0b751bd6b34602b7f4016b4315ae89eb52ba9b85f7e29c77deaa4b8d978ed818,2025-01-09T09:15:08.027000 +CVE-2025-0238,0,0,d61e0c1ab93e15f75affeb2cd81f13435188b17e117fb24770ef3eba2003f283,2025-01-09T09:15:08.197000 +CVE-2025-0239,0,0,0f263f44b2da53877b60ef1934370203b8addac1a331dc64a04a2eff62174b0b,2025-01-09T09:15:08.357000 +CVE-2025-0240,0,0,c69bbfd2c6326ce3090e62e372d341b68729615a4388aff2a4b92f2c232fb7c1,2025-01-09T09:15:08.513000 +CVE-2025-0241,0,0,4c166f86574c263a185a4c3fecf418950105464db70810e33e44575c571c3963,2025-01-09T09:15:08.667000 +CVE-2025-0242,0,0,6e3ffe62eab5a260ad145f0774aa93a7590007f7e30a1b6b7fd39c7d565b3e01,2025-01-09T09:15:08.763000 +CVE-2025-0243,0,0,117a57037c84082e44064bbeb1055284d87eb96171b291191011e49dd59c7343,2025-01-09T09:15:08.917000 CVE-2025-0244,0,0,4dc39d4eb7e9626e46633620b63b126f4ca8c432d219058ffa0df86e8e17d0ee,2025-01-08T16:15:37.520000 CVE-2025-0245,0,0,17124b2bb78bf9f026108e77a44161cf6b567d6714acd6476cda81e3148b7689,2025-01-08T16:15:37.693000 CVE-2025-0246,0,0,f212da1e386aff9790e671db2401da03b9d2ebbeea4ee1b40e830ef0d58e3da6,2025-01-08T16:15:37.880000 -CVE-2025-0247,0,1,a4d940faacbcfb08843111a764fa700e1f1d7273a90fabf2269ce1d35477b80f,2025-01-09T09:15:09.067000 +CVE-2025-0247,0,0,a4d940faacbcfb08843111a764fa700e1f1d7273a90fabf2269ce1d35477b80f,2025-01-09T09:15:09.067000 CVE-2025-0282,0,0,d61ebd3c832aef5272fa20364c759f17a80fd9cb0737dd97040687ac5893e46b,2025-01-09T02:00:01.633000 CVE-2025-0283,0,0,573fcb41d2dcbb5f422c0804f1f8b289f75a27c245f0e6d9cb198c03e2e8d415,2025-01-08T23:15:09.920000 CVE-2025-0291,0,0,e64e166dc7ec231b6921ab6e7b688950a3c44d4ac259882cc427bcb73fed1fd1,2025-01-08T20:15:29.353000 @@ -276258,10 +276287,11 @@ CVE-2025-0340,0,0,4f2990fc81137574b4912409b11904dee7e92cbd62c572bffa83a92d2b3d67 CVE-2025-0341,0,0,90d8993fb7474a58be910ed5ed3a12242101d69a099db0025c917dff8fc0565c,2025-01-09T08:15:30.060000 CVE-2025-0342,0,0,6d3bd167a05490c5aa5dbc9a6d3538c596245238d57a65fa83ecac443971921f,2025-01-09T08:15:30.310000 CVE-2025-0344,0,0,1715f04fd5095fb83a5a82a19a8fdfb8ee1ceb83adeb19a18037c35e0449a30c,2025-01-09T08:15:30.517000 -CVE-2025-0345,1,1,3f56e569c8daf7b06b0796fdfa20438b20d7fd91be6d3db3cb0cfe5e1b99fe14,2025-01-09T09:15:09.220000 -CVE-2025-0346,1,1,5ef713c51f5d66e23ba323fef83a836926d709bf8afa5794ad9246d5b98392a7,2025-01-09T09:15:09.393000 -CVE-2025-0347,1,1,6deecfeab5129f64e2a00007dc87253c44d21860263f71f54e4dc7b1cdd350f5,2025-01-09T10:15:07.170000 -CVE-2025-0348,1,1,331eb1ff4b382b4fa4cded2d4eff33d4e1224a2775f1380fa27191f50e86e003,2025-01-09T10:15:07.700000 +CVE-2025-0345,0,0,3f56e569c8daf7b06b0796fdfa20438b20d7fd91be6d3db3cb0cfe5e1b99fe14,2025-01-09T09:15:09.220000 +CVE-2025-0346,0,0,5ef713c51f5d66e23ba323fef83a836926d709bf8afa5794ad9246d5b98392a7,2025-01-09T09:15:09.393000 +CVE-2025-0347,0,0,6deecfeab5129f64e2a00007dc87253c44d21860263f71f54e4dc7b1cdd350f5,2025-01-09T10:15:07.170000 +CVE-2025-0348,0,0,331eb1ff4b382b4fa4cded2d4eff33d4e1224a2775f1380fa27191f50e86e003,2025-01-09T10:15:07.700000 +CVE-2025-0349,1,1,113bd719c64af64e563d3b7f6bc64a9c5a1e1f5ad7d7591de270b2e445c8d15a,2025-01-09T11:15:16.547000 CVE-2025-20033,0,0,6018e09e60bc36da724018ac20bc63bc1922bb37746fdb9e10624cea7c137ebf,2025-01-09T07:15:28.450000 CVE-2025-20123,0,0,7f3b728d3f9cbfa875df0a45e50a08c953f805f15b1141475f4e31dfbed0e1d1,2025-01-08T16:15:38.150000 CVE-2025-20126,0,0,1585188395ef0aa5a894bbea6d526bdf238d58865dbcb187ac89434fb8c590b9,2025-01-08T19:15:38.553000