Auto-Update: 2025-01-25T03:00:19.912311+00:00

2025-07-09 16:05:11 +00:00 · 2025-01-25 03:03:47 +00:00 · 2025-01-25 03:03:47 +00:00 · df66a068ec
commit df66a068ec
parent 9be68fd736
6 changed files with 222 additions and 21 deletions
--- a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json
+++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-0357",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-25T02:15:26.990",
+  "lastModified": "2025-01-25T02:15:26.990",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://documentation.iqonic.design/wpbookit/versions/change-log",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json
+++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json
@ -2,8 +2,8 @@
  "id": "CVE-2025-23006",
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "published": "2025-01-23T12:15:28.523",
-  "lastModified": "2025-01-23T15:15:13.240",
-  "vulnStatus": "Received",
+  "lastModified": "2025-01-25T02:00:01.990",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
@ -39,6 +39,10 @@
      }
    ]
  },
+  "cisaExploitAdd": "2025-01-24",
+  "cisaActionDue": "2025-02-14",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "SonicWall SMA1000 Appliances Deserialization Vulnerability",
  "weaknesses": [
    {
      "source": "PSIRT@sonicwall.com",
--- a/CVE-2025/CVE-2025-243xx/CVE-2025-24360.json
+++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24360.json
@ -0,0 +1,76 @@
+{
+  "id": "CVE-2025-24360",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2025-01-25T01:15:24.047",
+  "lastModified": "2025-01-25T01:15:24.047",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/nuxt/nuxt/pull/23995",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-243xx/CVE-2025-24361.json
+++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24361.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-24361",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2025-01-25T01:15:24.193",
+  "lastModified": "2025-01-25T01:15:24.193",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-749"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-4gf7-ff8x-hq99",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-25T00:55:31.492167+00:00
+2025-01-25T03:00:19.912311+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-24T23:15:09.380000+00:00
+2025-01-25T02:15:26.990000+00:00
 ```

 ### Last Data Feed Release
@ -27,31 +27,29 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-01-24T01:00:04.379061+00:00
+2025-01-25T01:00:04.380356+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-278928
+278931
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `3`

- [CVE-2024-50690](CVE-2024/CVE-2024-506xx/CVE-2024-50690.json) (`2025-01-24T23:15:08.227`)
- [CVE-2024-50692](CVE-2024/CVE-2024-506xx/CVE-2024-50692.json) (`2025-01-24T23:15:08.893`)
- [CVE-2024-50694](CVE-2024/CVE-2024-506xx/CVE-2024-50694.json) (`2025-01-24T23:15:09.000`)
- [CVE-2024-50695](CVE-2024/CVE-2024-506xx/CVE-2024-50695.json) (`2025-01-24T23:15:09.130`)
- [CVE-2024-50697](CVE-2024/CVE-2024-506xx/CVE-2024-50697.json) (`2025-01-24T23:15:09.253`)
- [CVE-2024-50698](CVE-2024/CVE-2024-506xx/CVE-2024-50698.json) (`2025-01-24T23:15:09.380`)
+- [CVE-2025-0357](CVE-2025/CVE-2025-03xx/CVE-2025-0357.json) (`2025-01-25T02:15:26.990`)
+- [CVE-2025-24360](CVE-2025/CVE-2025-243xx/CVE-2025-24360.json) (`2025-01-25T01:15:24.047`)
+- [CVE-2025-24361](CVE-2025/CVE-2025-243xx/CVE-2025-24361.json) (`2025-01-25T01:15:24.193`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2025-23006](CVE-2025/CVE-2025-230xx/CVE-2025-23006.json) (`2025-01-25T02:00:01.990`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -269864,12 +269864,12 @@ CVE-2024-50671,0,0,99782c17088a8d91d172d01f5a082085329526fd6f7189288ae0f91a8aaa1
 CVE-2024-50672,0,0,a506f4d2b4e62571040ff3dd4b935bbaea397a7aabe2668687c8152c3cc151d7,2024-11-27T17:15:12.563000
 CVE-2024-50677,0,0,41d5addef3c1d4fcaf4d23ee7f34aa0575b53eb368f3af05bd4b5c5da2166101,2024-12-06T17:15:10.180000
 CVE-2024-5069,0,0,ad719aec2191fa4733004e376bcb495f235c4247fa2915a6912d571066c414e6,2024-11-21T09:46:53.973000
-CVE-2024-50690,1,1,9d5fa667da25b907f6a8d87ed87c65d16d14dce5412c7abd336edf942643fae1,2025-01-24T23:15:08.227000
-CVE-2024-50692,1,1,fec59c437336f571adcbf83fec674e931b40d1cf7b23eb876e2a61aa2f9cabfc,2025-01-24T23:15:08.893000
-CVE-2024-50694,1,1,c4a29afb99bd1e874c60e1d69672eac5fd9e1fe06d6cb9ed86352c05fa98a55f,2025-01-24T23:15:09
-CVE-2024-50695,1,1,ba9592191562dd4b73b0b9f3dc66267a4d0aae1cf21634e627c788fb039c6890,2025-01-24T23:15:09.130000
-CVE-2024-50697,1,1,44480bba42848065bf0e807d881b5cf04b331a1ddf64b6d62fd6405bd648f176,2025-01-24T23:15:09.253000
-CVE-2024-50698,1,1,df6c508ce768af8f3e964c09d1903f787ab399323d7035e459e6e13ed4e33c03,2025-01-24T23:15:09.380000
+CVE-2024-50690,0,0,9d5fa667da25b907f6a8d87ed87c65d16d14dce5412c7abd336edf942643fae1,2025-01-24T23:15:08.227000
+CVE-2024-50692,0,0,fec59c437336f571adcbf83fec674e931b40d1cf7b23eb876e2a61aa2f9cabfc,2025-01-24T23:15:08.893000
+CVE-2024-50694,0,0,c4a29afb99bd1e874c60e1d69672eac5fd9e1fe06d6cb9ed86352c05fa98a55f,2025-01-24T23:15:09
+CVE-2024-50695,0,0,ba9592191562dd4b73b0b9f3dc66267a4d0aae1cf21634e627c788fb039c6890,2025-01-24T23:15:09.130000
+CVE-2024-50697,0,0,44480bba42848065bf0e807d881b5cf04b331a1ddf64b6d62fd6405bd648f176,2025-01-24T23:15:09.253000
+CVE-2024-50698,0,0,df6c508ce768af8f3e964c09d1903f787ab399323d7035e459e6e13ed4e33c03,2025-01-24T23:15:09.380000
 CVE-2024-50699,0,0,b7bfb9ce8d871e66c8bc846d040c669e65be2a2e4a5ca2c2838499d7e02651cc,2024-12-11T16:15:12.720000
 CVE-2024-50701,0,0,a80b1dc6acfa0163b2b418f9af2de103abd46652e86be76b69c935d1bde098bf,2024-12-30T16:15:11.387000
 CVE-2024-50702,0,0,364da4b19de28c5c7b507be40fbdae2c11e3df8d6828b6df401d4df157b3f54d,2024-12-30T16:15:11.550000
@ -277540,6 +277540,7 @@ CVE-2025-0349,0,0,5c5bde0373ec0c26c713a0d565cd6e4461e0dfe3c3d54fa435cc26640f811d
 CVE-2025-0354,0,0,428d38f2781814173c07276c3123b7894bf18887b24de42981453e8b9fe91fd5,2025-01-21T04:15:07.147000
 CVE-2025-0355,0,0,60139aab38184d5553deea3c96ee67451ff405f2b0f65acb32b8c01c91586866,2025-01-21T04:15:07.877000
 CVE-2025-0356,0,0,00c4e703b995e5d2c2e4f165848b6efa20e85198e0b810bdb74efa5802e75a40,2025-01-21T04:15:07.980000
+CVE-2025-0357,1,1,637a6ef73ca88597a9faee7a213f2c9e042293b4e1599306e7baf4be91a58fdb,2025-01-25T02:15:26.990000
 CVE-2025-0369,0,0,60e0263b7bdd9bb8b2fbff594a1f912ed9cb257670ae53622ab1064bad30f4a5,2025-01-18T07:15:09.720000
 CVE-2025-0371,0,0,5204757392b802de2ea741b3e076d05df7ac5ea75604db8718cee7d5330989cb,2025-01-21T09:15:07.747000
 CVE-2025-0377,0,0,aa55b8120230ab743cc2893b218f537bed059fac30bd283d6a35143ffcd50fcc,2025-01-21T16:15:14.290000
@ -278365,7 +278366,7 @@ CVE-2025-22983,0,0,3f91e33a7409029e8feb1969bf0fd19dc254a37fe16ab3c9358513b3c91fd
 CVE-2025-22984,0,0,79f7e0821d57086a5b30160c1ac3f4ee3a3942289c8274a9ca479dc29c59767f,2025-01-23T17:15:26.780000
 CVE-2025-22996,0,0,c50cf62284cf751584047e7a98111e31ae9d7e05423e0e28a6dfeca6772a6ab9,2025-01-15T17:15:21.837000
 CVE-2025-22997,0,0,cbf89797792d4ad66a4f37050995306b66d6d3563ae5ce9db2b5b27779f4d42b,2025-01-15T17:15:22.193000
-CVE-2025-23006,0,0,4909edec91386279e9960ab174937c9cea74f45a3faffb1f01e726a291599013,2025-01-23T15:15:13.240000
+CVE-2025-23006,0,1,977f772ea3b5876e891b28257119516496ae4d9450366cb495b2995cfcca3fa6,2025-01-25T02:00:01.990000
 CVE-2025-23011,0,0,e1ba900acd27ddaffe837f1b2cb99a0620e19220a4594e9e2e5e1cfb6f6dd686,2025-01-23T21:15:15.010000
 CVE-2025-23012,0,0,5a6363dd5cc5adf7b59d4da79cd0453ce862321fce6c24b705279a51911f41e0,2025-01-23T21:15:15.173000
 CVE-2025-23013,0,0,1fb74d6ea76ff5844d786cdd2a74f412fea41ae3954a5796fa59991a0a874edb,2025-01-16T22:15:40.520000
@ -278806,6 +278807,8 @@ CVE-2025-24337,0,0,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5de
 CVE-2025-24353,0,0,10800d697e68cd55cff6432e6a23d04d139654b7a35f7e8dc56fa2c5247f6ece,2025-01-23T18:15:33.990000
 CVE-2025-24355,0,0,df091ddf8aeeb5f247d7b78b7e73863226f57cadf3f514eb1d8aa9b7831cf7ba,2025-01-24T17:15:16.047000
 CVE-2025-24359,0,0,fe898aa41d1a6ecee2652ccd06e899fa4186d85ca361d42c0af02e968484e3d0,2025-01-24T17:15:16.197000
+CVE-2025-24360,1,1,2e9c8b6331a8a88dee1c12b547eb6d5cc111d8eab816a900e080a9ac8d56f9f8,2025-01-25T01:15:24.047000
+CVE-2025-24361,1,1,d29f3ff85909126621b45166d8a881d6bc5008d3724f4584c8a5635de601f311,2025-01-25T01:15:24.193000
 CVE-2025-24362,0,0,bd0008c19e13cbed43d9a180a0c8a1357e3b6112b693da2df160b4b2a8f315e9,2025-01-24T18:15:32.383000
 CVE-2025-24363,0,0,39d368ed8bf973713f2f52722001ed32dc19782f4926a08e8694d7826f6928da,2025-01-24T19:15:13.633000
 CVE-2025-24397,0,0,1350cea3fe5814d5435bcd6f3428089c30106b375e343d91ae9b66932985a500,2025-01-23T17:15:27.643000