diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json new file mode 100644 index 00000000000..564cd1709d2 --- /dev/null +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0357", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-25T02:15:26.990", + "lastModified": "2025-01-25T02:15:26.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.iqonic.design/wpbookit/versions/change-log", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json index 9500cbaeff2..32105f171e7 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23006.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23006", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2025-01-23T12:15:28.523", - "lastModified": "2025-01-23T15:15:13.240", - "vulnStatus": "Received", + "lastModified": "2025-01-25T02:00:01.990", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,10 @@ } ] }, + "cisaExploitAdd": "2025-01-24", + "cisaActionDue": "2025-02-14", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "SonicWall SMA1000 Appliances Deserialization Vulnerability", "weaknesses": [ { "source": "PSIRT@sonicwall.com", diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24360.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24360.json new file mode 100644 index 00000000000..c0e1935e167 --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24360.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2025-24360", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-01-25T01:15:24.047", + "lastModified": "2025-01-25T01:15:24.047", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nuxt/nuxt/pull/23995", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24361.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24361.json new file mode 100644 index 00000000000..ec28eb75e7e --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24361.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-24361", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-01-25T01:15:24.193", + "lastModified": "2025-01-25T01:15:24.193", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-4gf7-ff8x-hq99", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 64bc0bc4ad5..d1b458cfee9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-25T00:55:31.492167+00:00 +2025-01-25T03:00:19.912311+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-24T23:15:09.380000+00:00 +2025-01-25T02:15:26.990000+00:00 ``` ### Last Data Feed Release @@ -27,31 +27,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-01-24T01:00:04.379061+00:00 +2025-01-25T01:00:04.380356+00:00 ``` ### Total Number of included CVEs ```plain -278928 +278931 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -- [CVE-2024-50690](CVE-2024/CVE-2024-506xx/CVE-2024-50690.json) (`2025-01-24T23:15:08.227`) -- [CVE-2024-50692](CVE-2024/CVE-2024-506xx/CVE-2024-50692.json) (`2025-01-24T23:15:08.893`) -- [CVE-2024-50694](CVE-2024/CVE-2024-506xx/CVE-2024-50694.json) (`2025-01-24T23:15:09.000`) -- [CVE-2024-50695](CVE-2024/CVE-2024-506xx/CVE-2024-50695.json) (`2025-01-24T23:15:09.130`) -- [CVE-2024-50697](CVE-2024/CVE-2024-506xx/CVE-2024-50697.json) (`2025-01-24T23:15:09.253`) -- [CVE-2024-50698](CVE-2024/CVE-2024-506xx/CVE-2024-50698.json) (`2025-01-24T23:15:09.380`) +- [CVE-2025-0357](CVE-2025/CVE-2025-03xx/CVE-2025-0357.json) (`2025-01-25T02:15:26.990`) +- [CVE-2025-24360](CVE-2025/CVE-2025-243xx/CVE-2025-24360.json) (`2025-01-25T01:15:24.047`) +- [CVE-2025-24361](CVE-2025/CVE-2025-243xx/CVE-2025-24361.json) (`2025-01-25T01:15:24.193`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-23006](CVE-2025/CVE-2025-230xx/CVE-2025-23006.json) (`2025-01-25T02:00:01.990`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 2aae897bee9..98f16242672 100644 --- a/_state.csv +++ b/_state.csv @@ -269864,12 +269864,12 @@ CVE-2024-50671,0,0,99782c17088a8d91d172d01f5a082085329526fd6f7189288ae0f91a8aaa1 CVE-2024-50672,0,0,a506f4d2b4e62571040ff3dd4b935bbaea397a7aabe2668687c8152c3cc151d7,2024-11-27T17:15:12.563000 CVE-2024-50677,0,0,41d5addef3c1d4fcaf4d23ee7f34aa0575b53eb368f3af05bd4b5c5da2166101,2024-12-06T17:15:10.180000 CVE-2024-5069,0,0,ad719aec2191fa4733004e376bcb495f235c4247fa2915a6912d571066c414e6,2024-11-21T09:46:53.973000 -CVE-2024-50690,1,1,9d5fa667da25b907f6a8d87ed87c65d16d14dce5412c7abd336edf942643fae1,2025-01-24T23:15:08.227000 -CVE-2024-50692,1,1,fec59c437336f571adcbf83fec674e931b40d1cf7b23eb876e2a61aa2f9cabfc,2025-01-24T23:15:08.893000 -CVE-2024-50694,1,1,c4a29afb99bd1e874c60e1d69672eac5fd9e1fe06d6cb9ed86352c05fa98a55f,2025-01-24T23:15:09 -CVE-2024-50695,1,1,ba9592191562dd4b73b0b9f3dc66267a4d0aae1cf21634e627c788fb039c6890,2025-01-24T23:15:09.130000 -CVE-2024-50697,1,1,44480bba42848065bf0e807d881b5cf04b331a1ddf64b6d62fd6405bd648f176,2025-01-24T23:15:09.253000 -CVE-2024-50698,1,1,df6c508ce768af8f3e964c09d1903f787ab399323d7035e459e6e13ed4e33c03,2025-01-24T23:15:09.380000 +CVE-2024-50690,0,0,9d5fa667da25b907f6a8d87ed87c65d16d14dce5412c7abd336edf942643fae1,2025-01-24T23:15:08.227000 +CVE-2024-50692,0,0,fec59c437336f571adcbf83fec674e931b40d1cf7b23eb876e2a61aa2f9cabfc,2025-01-24T23:15:08.893000 +CVE-2024-50694,0,0,c4a29afb99bd1e874c60e1d69672eac5fd9e1fe06d6cb9ed86352c05fa98a55f,2025-01-24T23:15:09 +CVE-2024-50695,0,0,ba9592191562dd4b73b0b9f3dc66267a4d0aae1cf21634e627c788fb039c6890,2025-01-24T23:15:09.130000 +CVE-2024-50697,0,0,44480bba42848065bf0e807d881b5cf04b331a1ddf64b6d62fd6405bd648f176,2025-01-24T23:15:09.253000 +CVE-2024-50698,0,0,df6c508ce768af8f3e964c09d1903f787ab399323d7035e459e6e13ed4e33c03,2025-01-24T23:15:09.380000 CVE-2024-50699,0,0,b7bfb9ce8d871e66c8bc846d040c669e65be2a2e4a5ca2c2838499d7e02651cc,2024-12-11T16:15:12.720000 CVE-2024-50701,0,0,a80b1dc6acfa0163b2b418f9af2de103abd46652e86be76b69c935d1bde098bf,2024-12-30T16:15:11.387000 CVE-2024-50702,0,0,364da4b19de28c5c7b507be40fbdae2c11e3df8d6828b6df401d4df157b3f54d,2024-12-30T16:15:11.550000 @@ -277540,6 +277540,7 @@ CVE-2025-0349,0,0,5c5bde0373ec0c26c713a0d565cd6e4461e0dfe3c3d54fa435cc26640f811d CVE-2025-0354,0,0,428d38f2781814173c07276c3123b7894bf18887b24de42981453e8b9fe91fd5,2025-01-21T04:15:07.147000 CVE-2025-0355,0,0,60139aab38184d5553deea3c96ee67451ff405f2b0f65acb32b8c01c91586866,2025-01-21T04:15:07.877000 CVE-2025-0356,0,0,00c4e703b995e5d2c2e4f165848b6efa20e85198e0b810bdb74efa5802e75a40,2025-01-21T04:15:07.980000 +CVE-2025-0357,1,1,637a6ef73ca88597a9faee7a213f2c9e042293b4e1599306e7baf4be91a58fdb,2025-01-25T02:15:26.990000 CVE-2025-0369,0,0,60e0263b7bdd9bb8b2fbff594a1f912ed9cb257670ae53622ab1064bad30f4a5,2025-01-18T07:15:09.720000 CVE-2025-0371,0,0,5204757392b802de2ea741b3e076d05df7ac5ea75604db8718cee7d5330989cb,2025-01-21T09:15:07.747000 CVE-2025-0377,0,0,aa55b8120230ab743cc2893b218f537bed059fac30bd283d6a35143ffcd50fcc,2025-01-21T16:15:14.290000 @@ -278365,7 +278366,7 @@ CVE-2025-22983,0,0,3f91e33a7409029e8feb1969bf0fd19dc254a37fe16ab3c9358513b3c91fd CVE-2025-22984,0,0,79f7e0821d57086a5b30160c1ac3f4ee3a3942289c8274a9ca479dc29c59767f,2025-01-23T17:15:26.780000 CVE-2025-22996,0,0,c50cf62284cf751584047e7a98111e31ae9d7e05423e0e28a6dfeca6772a6ab9,2025-01-15T17:15:21.837000 CVE-2025-22997,0,0,cbf89797792d4ad66a4f37050995306b66d6d3563ae5ce9db2b5b27779f4d42b,2025-01-15T17:15:22.193000 -CVE-2025-23006,0,0,4909edec91386279e9960ab174937c9cea74f45a3faffb1f01e726a291599013,2025-01-23T15:15:13.240000 +CVE-2025-23006,0,1,977f772ea3b5876e891b28257119516496ae4d9450366cb495b2995cfcca3fa6,2025-01-25T02:00:01.990000 CVE-2025-23011,0,0,e1ba900acd27ddaffe837f1b2cb99a0620e19220a4594e9e2e5e1cfb6f6dd686,2025-01-23T21:15:15.010000 CVE-2025-23012,0,0,5a6363dd5cc5adf7b59d4da79cd0453ce862321fce6c24b705279a51911f41e0,2025-01-23T21:15:15.173000 CVE-2025-23013,0,0,1fb74d6ea76ff5844d786cdd2a74f412fea41ae3954a5796fa59991a0a874edb,2025-01-16T22:15:40.520000 @@ -278806,6 +278807,8 @@ CVE-2025-24337,0,0,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5de CVE-2025-24353,0,0,10800d697e68cd55cff6432e6a23d04d139654b7a35f7e8dc56fa2c5247f6ece,2025-01-23T18:15:33.990000 CVE-2025-24355,0,0,df091ddf8aeeb5f247d7b78b7e73863226f57cadf3f514eb1d8aa9b7831cf7ba,2025-01-24T17:15:16.047000 CVE-2025-24359,0,0,fe898aa41d1a6ecee2652ccd06e899fa4186d85ca361d42c0af02e968484e3d0,2025-01-24T17:15:16.197000 +CVE-2025-24360,1,1,2e9c8b6331a8a88dee1c12b547eb6d5cc111d8eab816a900e080a9ac8d56f9f8,2025-01-25T01:15:24.047000 +CVE-2025-24361,1,1,d29f3ff85909126621b45166d8a881d6bc5008d3724f4584c8a5635de601f311,2025-01-25T01:15:24.193000 CVE-2025-24362,0,0,bd0008c19e13cbed43d9a180a0c8a1357e3b6112b693da2df160b4b2a8f315e9,2025-01-24T18:15:32.383000 CVE-2025-24363,0,0,39d368ed8bf973713f2f52722001ed32dc19782f4926a08e8694d7826f6928da,2025-01-24T19:15:13.633000 CVE-2025-24397,0,0,1350cea3fe5814d5435bcd6f3428089c30106b375e343d91ae9b66932985a500,2025-01-23T17:15:27.643000