From e3d7f1b4d7142f1754be049c2d3c73449b575061 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 10 Apr 2025 08:03:57 +0000 Subject: [PATCH] Auto-Update: 2025-04-10T08:00:19.930027+00:00 --- CVE-2024/CVE-2024-108xx/CVE-2024-10894.json | 72 +++++++++++++++++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13874.json | 21 ++++++ CVE-2024/CVE-2024-138xx/CVE-2024-13896.json | 21 ++++++ CVE-2024/CVE-2024-139xx/CVE-2024-13909.json | 64 ++++++++++++++++++ CVE-2025/CVE-2025-05xx/CVE-2025-0539.json | 66 +++++++++++++++++++ CVE-2025/CVE-2025-27xx/CVE-2025-2719.json | 60 +++++++++++++++++ CVE-2025/CVE-2025-28xx/CVE-2025-2805.json | 64 ++++++++++++++++++ CVE-2025/CVE-2025-28xx/CVE-2025-2809.json | 64 ++++++++++++++++++ CVE-2025/CVE-2025-34xx/CVE-2025-3417.json | 60 +++++++++++++++++ README.md | 19 ++++-- _state.csv | 13 +++- 11 files changed, 516 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10894.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13874.json create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13896.json create mode 100644 CVE-2024/CVE-2024-139xx/CVE-2024-13909.json create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0539.json create mode 100644 CVE-2025/CVE-2025-27xx/CVE-2025-2719.json create mode 100644 CVE-2025/CVE-2025-28xx/CVE-2025-2805.json create mode 100644 CVE-2025/CVE-2025-28xx/CVE-2025-2809.json create mode 100644 CVE-2025/CVE-2025-34xx/CVE-2025-3417.json diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10894.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10894.json new file mode 100644 index 00000000000..f5eab8e6590 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10894.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-10894", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:40.683", + "lastModified": "2025-04-10T07:15:40.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/4.0.0/includes/classes/class-field-shortcodes.php#L218", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/4.0.0/includes/classes/class-field-shortcodes.php#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/4.0.0/includes/classes/class-field-shortcodes.php#L99", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210130%40payment-forms-for-paystack&new=3210130%40payment-forms-for-paystack&sfp_email=&sfph_mail=#file7", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20b0a946-f429-4615-9d16-4a95a9120c3d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13874.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13874.json new file mode 100644 index 00000000000..fceb8e80217 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13874.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-13874", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-04-10T07:15:41.080", + "lastModified": "2025-04-10T07:15:41.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c808e7cf-3285-402b-ab4f-a40ab822b12e/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13896.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13896.json new file mode 100644 index 00000000000..566080b9440 --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13896.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-13896", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-04-10T07:15:41.197", + "lastModified": "2025-04-10T07:15:41.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/b8b622ea-e090-45ad-8755-b050fc055231/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13909.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13909.json new file mode 100644 index 00000000000..30f50df67df --- /dev/null +++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13909.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13909", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:41.300", + "lastModified": "2025-04-10T07:15:41.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/accredible-certificates/tags/1.4.9/users_list.php#L48", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/accredible-certificates/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f96d3773-29a1-44bd-904a-905aff2b345e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0539.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0539.json new file mode 100644 index 00000000000..06bac3f7c68 --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0539.json @@ -0,0 +1,66 @@ +{ + "id": "CVE-2025-0539", + "sourceIdentifier": "security@octopus.com", + "published": "2025-04-10T06:15:53.133", + "lastModified": "2025-04-10T06:15:53.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@octopus.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "references": [ + { + "url": "https://advisories.octopus.com/post/2025/sa2025-06", + "source": "security@octopus.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2719.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2719.json new file mode 100644 index 00000000000..fa6dbbd363b --- /dev/null +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2719.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2719", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:41.493", + "lastModified": "2025-04-10T07:15:41.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Swatchly \u2013 WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/swatchly/tags/1.2.8/includes/Admin/Notices.php#L59", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39336115-5993-49e1-b810-80a712e8e42b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2805.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2805.json new file mode 100644 index 00000000000..16789b79226 --- /dev/null +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2805.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2805", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:41.687", + "lastModified": "2025-04-10T07:15:41.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.svn.wordpress.org/order-post/trunk/wp_post_order.php", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/order-post/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d35ea739-5ee9-4779-87d5-3f13b11229cf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2809.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2809.json new file mode 100644 index 00000000000..27b028e6784 --- /dev/null +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2809.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-2809", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:41.873", + "lastModified": "2025-04-10T07:15:41.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/azurecurve-shortcodes-in-comments/trunk/azurecurve-shortcodes-in-comments.php#L35", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/azurecurve-shortcodes-in-comments/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22cc6da1-fd22-4b2a-90ab-24086879f0f6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3417.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3417.json new file mode 100644 index 00000000000..c273112b1e2 --- /dev/null +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3417.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-3417", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-10T07:15:42.053", + "lastModified": "2025-04-10T07:15:42.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/embedder/trunk/emb-admin-ajax.php#L41", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2602ebb35cb..8885007ad8d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-10T06:00:19.665106+00:00 +2025-04-10T08:00:19.930027+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-10T05:15:38.990000+00:00 +2025-04-10T07:15:42.053000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -289461 +289470 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `9` -- [CVE-2025-3102](CVE-2025/CVE-2025-31xx/CVE-2025-3102.json) (`2025-04-10T05:15:38.990`) -- [CVE-2025-3489](CVE-2025/CVE-2025-34xx/CVE-2025-3489.json) (`2025-04-10T04:15:40.610`) +- [CVE-2024-10894](CVE-2024/CVE-2024-108xx/CVE-2024-10894.json) (`2025-04-10T07:15:40.683`) +- [CVE-2024-13874](CVE-2024/CVE-2024-138xx/CVE-2024-13874.json) (`2025-04-10T07:15:41.080`) +- [CVE-2024-13896](CVE-2024/CVE-2024-138xx/CVE-2024-13896.json) (`2025-04-10T07:15:41.197`) +- [CVE-2024-13909](CVE-2024/CVE-2024-139xx/CVE-2024-13909.json) (`2025-04-10T07:15:41.300`) +- [CVE-2025-0539](CVE-2025/CVE-2025-05xx/CVE-2025-0539.json) (`2025-04-10T06:15:53.133`) +- [CVE-2025-2719](CVE-2025/CVE-2025-27xx/CVE-2025-2719.json) (`2025-04-10T07:15:41.493`) +- [CVE-2025-2805](CVE-2025/CVE-2025-28xx/CVE-2025-2805.json) (`2025-04-10T07:15:41.687`) +- [CVE-2025-2809](CVE-2025/CVE-2025-28xx/CVE-2025-2809.json) (`2025-04-10T07:15:41.873`) +- [CVE-2025-3417](CVE-2025/CVE-2025-34xx/CVE-2025-3417.json) (`2025-04-10T07:15:42.053`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index bfd45e17965..0ee0ddb20f5 100644 --- a/_state.csv +++ b/_state.csv @@ -245361,6 +245361,7 @@ CVE-2024-10890,0,0,291737e09e39acbad6d8cc1c52c0ae5cd2168a1e41e273e4ff02b1422afae CVE-2024-10891,0,0,6756c0c33d7417e4f522126d4552796d2cb16a6b1d07395aaddee44058a352b0,2024-11-21T13:57:24.187000 CVE-2024-10892,0,0,8e3017fcb4997696be5d41543367e2c13d86752e79c067544969077765372ab5,2024-12-18T15:15:08.067000 CVE-2024-10893,0,0,cec45a8d99b10dd83c0bf750188d64f22ea32a205bdb03916ff953823f5e203f,2024-12-03T15:15:09.780000 +CVE-2024-10894,1,1,5d6fc4c47cb70594fbae254033f0493f89680d0168f4115b116b1800dc4cf810,2025-04-10T07:15:40.683000 CVE-2024-10895,0,0,04c98611744adf39f95b71a878352eb8b113feb4aa126ef2824080fbccdc579f,2024-11-27T07:15:08.347000 CVE-2024-10896,0,0,e962891bb7ff0bd290fd7c88332bde91f2f69d0bdc8b8df6012dc8f056efaa3b,2024-11-29T16:15:08.880000 CVE-2024-10897,0,0,b52986d028914704172403e43ebe70daf322cea1711e1657c62b53facd1dfbeb,2024-11-20T16:09:16.643000 @@ -248311,6 +248312,7 @@ CVE-2024-13870,0,0,3cb87b62ec130122ba819c9d907ccf45e4d470775a7726fc8ca4fa815401f CVE-2024-13871,0,0,6914e75153aa8ac82856a10614a4ab71bf74b973b9197753b08e3467b50ff7e4,2025-03-12T12:15:14.087000 CVE-2024-13872,0,0,8441a8b9821b99dd5d66f21ca116b3982d70866c01c29996d1bcba8ba0374b87,2025-03-12T12:15:14.273000 CVE-2024-13873,0,0,55e5174b0343fd72e7abadc33d2c5cbba17148439d124d339cc41ecc820eadf2,2025-03-11T13:32:22.040000 +CVE-2024-13874,1,1,515161cc0af15b86a4d763ca840e8ce11072220f7a34da7fa12f111bef66fac8,2025-04-10T07:15:41.080000 CVE-2024-13875,0,0,67a012139b99ebba306db9af8b9dea979c8ddd0c5ca55c3c69db1e9082da46bb,2025-03-20T20:15:30.417000 CVE-2024-13876,0,0,1a31961cb7178894e7a1cdfaf5b471eca01a1563f8bd466dcc32aee1e4b14e39,2025-04-09T13:39:49.970000 CVE-2024-13877,0,0,528a605011124113a625c95ca1b9ae2f74edc8be7c535f195cefab1318e52c0e,2025-04-09T13:48:36.593000 @@ -248333,6 +248335,7 @@ CVE-2024-13892,0,0,64f4bb1b23a13fd56cc1262300e8aa6d77d2ba9b49f885f9fe5ac91920ce1 CVE-2024-13893,0,0,fa5eb1d679920542099905b2166422dd832df0600663b7e6c3349a9bf0a034c5,2025-03-06T14:15:35.630000 CVE-2024-13894,0,0,381f271b629199f022fdf9fd4b83845b543284434a4e6931eb7fc74e5af2dadc,2025-03-06T14:15:35.777000 CVE-2024-13895,0,0,e8d5a6bac9730aeb4a8848468a12eea3815476c71300fdcead98f4dfa8122c9c,2025-03-12T16:44:26.183000 +CVE-2024-13896,1,1,884699d480379825e0276185dcbe697fc25211367e556684bb566c1b11131230,2025-04-10T07:15:41.197000 CVE-2024-13897,0,0,04f8f74fe55f18650082e0f1721ca59668171996133eedd9591e8be8a245c842,2025-03-06T09:15:25.787000 CVE-2024-13898,0,0,e5a4fc2c830d098d3dbb626930df66eb63e1e246adf0a795320d3a19069fb241,2025-04-07T14:18:15.560000 CVE-2024-13899,0,0,52a6df255cced586247fa5995c60bd6a4c8114bd9f571a8a9cd0a46e9cfea6df,2025-03-11T13:26:57.550000 @@ -248346,6 +248349,7 @@ CVE-2024-13905,0,0,436741d4745da61f32b1dd276f8785ce3d1d88be86851a86061b5781057f2 CVE-2024-13906,0,0,c18d3ed61043491f118577c9199dd56f8e4281ffddbc9a5f32cd948a9ff0542a,2025-03-07T08:15:37.467000 CVE-2024-13907,0,0,3b0e87cf5752b8b0fccb0cb5069f80bf05370ddfb297c2e78ae1a11702604545,2025-03-11T16:26:05.363000 CVE-2024-13908,0,0,4f62d92db99cc1a21fce08f49f8c6e4569fddc165732e64174b95658b4cca256,2025-03-13T13:07:55.160000 +CVE-2024-13909,1,1,48461759b4c042d8a992a508148e698978271714b25607bc02a2e067c2b517cb,2025-04-10T07:15:41.300000 CVE-2024-1391,0,0,fccbf24dfb651f372e2b51106217c90f4de85c1f936edcd91290184be12fa7b9,2025-01-17T19:52:57.843000 CVE-2024-13910,0,0,6885427b6394b62d7dcb79523e61be62dd8281aad81e8cab0af59c67e1beea02,2025-03-01T09:15:09.517000 CVE-2024-13911,0,0,4ecdacf9340f565972d67d0fd0f16ebfb137c877e410b587b04d73d76789b018,2025-03-01T08:15:33.803000 @@ -281536,6 +281540,7 @@ CVE-2025-0535,0,0,a4a429801e674b81f799745159d72683769c43f6c36cfbf29ded67f6004130 CVE-2025-0536,0,0,412cd2683e58a1de99579b236649cb4bd6b2182db9918e53a30fe5cc8242b56b,2025-02-25T22:25:04.860000 CVE-2025-0537,0,0,ac18629f3505fc8d01ed75e493b563a9195f7e930c5c5595394a818b3f1d8d86,2025-02-21T21:32:41.437000 CVE-2025-0538,0,0,23a74353ce4d38faae66783e1cf58936a188bf24527270171417447ac3a1997e,2025-02-21T21:22:54.457000 +CVE-2025-0539,1,1,5c25d6871154c2f598cc0c5defc90690b8e0e69b4b8a7bf463c302f6ece168ad,2025-04-10T06:15:53.133000 CVE-2025-0540,0,0,477bb769b8d3e7a17387e56bf8963022110dfb0384c277c279161d54e393c481,2025-02-07T14:58:25.477000 CVE-2025-0541,0,0,185bfc59de787ff6a7aed59304dec973fe8c904f3f2e9dfa433a1fdef3b0c726,2025-02-25T22:22:22.760000 CVE-2025-0542,0,0,6313331796a87cfd429c6887ebdeb1b0129ce5eba24c6840f8a5db7fe9415456,2025-01-25T17:15:21.030000 @@ -286977,6 +286982,7 @@ CVE-2025-27186,0,0,d6a7c36938fb0ec4547234bdf8014d1fb8e1b54a259eba5484aa67f028047 CVE-2025-27187,0,0,2f2178a3ade147e716c21308d74312136a08dde9070b126b8be0d8e574002614,2025-04-09T20:03:01.577000 CVE-2025-27188,0,0,baa6d648ba130d0422b128128ac53208274c7a4970470bcc5c21647e49f01681,2025-04-09T20:02:41.860000 CVE-2025-27189,0,0,7eec0359c6679ce6079037456ad2495fd960bf0ce3f801d85bafe5fc2dfe17a7,2025-04-09T20:02:41.860000 +CVE-2025-2719,1,1,29f47b7e33b830c858fce1d7c5ad02b805d9ff869875ae2ee3ce269075f7a371,2025-04-10T07:15:41.493000 CVE-2025-27190,0,0,f6f93c1a2aea709128307aab4dd8f7522a1d7f29cb3bdc0326949ea46ad2467a,2025-04-09T20:02:41.860000 CVE-2025-27191,0,0,4f5df9b8c88675a85a7e789e6b2d5ccdb0b9a9567f661f6a44fa4181c1411c1b,2025-04-09T20:02:41.860000 CVE-2025-27192,0,0,1b90b1b7a7ab4ed5119a3d35c794c4de9f8c839b7d2d708b8887e2e334fefdec,2025-04-09T20:02:41.860000 @@ -287413,10 +287419,12 @@ CVE-2025-28011,0,0,fdcb5591ea26e059e8d35048712169c6e42fd9f817189e1097ee50f0c5ccd CVE-2025-28015,0,0,2ec3b03d6a2c5b451e55cb244fde2066264789b2e32a98f716bffd5d4cc31009,2025-03-28T19:49:16.520000 CVE-2025-2803,0,0,e47ecd50bab8435762f20a0360685d74e0ceaca5cc3e5df3e0509ccc4da5c57f,2025-04-01T20:26:30.593000 CVE-2025-2804,0,0,920f730e5efd8732e0e5abb52416672a1a115bcae2eab5cbf394b4b15549c65b,2025-03-28T18:11:40.180000 +CVE-2025-2805,1,1,477936ca44ddfa3aeb1e17b3d62b09b809674e780eaa872ab74dfbe055c99246,2025-04-10T07:15:41.687000 CVE-2025-2807,0,0,f8faf57b374faab8743fa15c01545fe02708770c7c9d6b7c7888f61e54c92b92,2025-04-08T18:13:53.347000 CVE-2025-2808,0,0,2d9ef6fcbe323df90c90b4e91a51bb82e8f5ef9746894b9f5e9c32273a3c6988,2025-04-08T18:13:53.347000 CVE-2025-28087,0,0,1a24fc8fa031815998ab3cec95d83c4ceea417049d18cb4b484e469d0233d5a6,2025-04-07T14:22:33.160000 CVE-2025-28089,0,0,67dcb00b253159ea36147dba2ae48f5f5632d8f7c0e820c0f6cd1525d263b4dd,2025-04-07T14:20:46.543000 +CVE-2025-2809,1,1,1e27e1e469983706cefa78e602caeac8f16c64d71b928dc08e1001be0a172510,2025-04-10T07:15:41.873000 CVE-2025-28090,0,0,493fc323568428ac078046a31d0aa0ab344284d8b92655b7299afbb44b2e5613,2025-04-07T14:18:13.877000 CVE-2025-28091,0,0,53b8d61f6b3efd58e9b1e57672a49f938683d316e8cae6a6d7e9f0df22a8fa47,2025-04-07T14:17:00.940000 CVE-2025-28092,0,0,769156e3f6f63d735ff65693553d7a465233801220a0a4936c5d0d4f20f3625b,2025-04-07T14:12:53.293000 @@ -288413,7 +288421,7 @@ CVE-2025-31010,0,0,2eedda8f330a9beae819a4cd9d50315b7c3705aef34f39a70e86c91cbd492 CVE-2025-31012,0,0,21f03eb3af6d9b3bb51a2a0fcf9624a753c1fc6babd21259e4b8c500780eb98c,2025-04-09T20:02:41.860000 CVE-2025-31016,0,0,9f9353b55280d52026be79b202ae8bc2b442e0024607fdee2a6c539bec9857cb,2025-04-01T20:26:30.593000 CVE-2025-31017,0,0,b56a44652605d8eeed3d64b16f1dab34aa789f93a1221cc3bdf4b45f393886c0,2025-04-09T20:02:41.860000 -CVE-2025-3102,1,1,bccf8eff8b40ef1bd77bee41b31cfae93692edd7c8d803415cbae18e80b9f57a,2025-04-10T05:15:38.990000 +CVE-2025-3102,0,0,bccf8eff8b40ef1bd77bee41b31cfae93692edd7c8d803415cbae18e80b9f57a,2025-04-10T05:15:38.990000 CVE-2025-31020,0,0,daa9e1981c03ac81dbf536cdee43874fa54a803f7000d9e16ed8ebb44cdf19dd,2025-04-09T20:02:41.860000 CVE-2025-31023,0,0,dfa96669063a1f3955fe0e1aab8c8bfa43477b027538a93d222fb97048f80625,2025-04-09T20:02:41.860000 CVE-2025-31024,0,0,f27fb13571b9dddbe1b515b7ab2184082954eb269d62d89f6a6c625e2c4c4385,2025-04-01T20:26:11.547000 @@ -289444,6 +289452,7 @@ CVE-2025-3411,0,0,8cff3e75ab7d8c8c3df6b9fa01111f95a8fb7002f322628e53333c48f3625f CVE-2025-3412,0,0,25a3c2ab8fa0aef3dfffc2c9723b43f279f3600f9f3d1f7632095f66cdc52ea3,2025-04-08T18:13:53.347000 CVE-2025-3413,0,0,e9ae6f9ee954dc0b39e2e9a8b6ad41f6cbd8628b2d84dff62138fbf7e2823b11,2025-04-08T18:13:53.347000 CVE-2025-3416,0,0,52d35af283afef5bb6d8cccc38fa0eb8d4ad3029b21142a4de9837a0c397cd70,2025-04-09T20:02:41.860000 +CVE-2025-3417,1,1,e02727245ecf5844203f9f3599b286f4e69c2165ec99a0adea27cd395cb4ace8,2025-04-10T07:15:42.053000 CVE-2025-3424,0,0,e4a6bd7e6ff2128bc5d939729449d80241551339ad344ad915f9387ff36da19c,2025-04-08T18:14:17.307000 CVE-2025-3425,0,0,89b52021ac9535b7bfcd710ad3a41c5d483f876e564b2bf8efc340d7efdcfbdf,2025-04-08T18:14:17.307000 CVE-2025-3426,0,0,90dd23ef26990db1fdca18c825634f92c9798fac280599ec08ba6ebce934ed6c,2025-04-08T18:14:17.307000 @@ -289459,4 +289468,4 @@ CVE-2025-3437,0,0,e73b4884af1e4c5b90938b61853540dd90f98780db8cdd9f4d702d9b75697d CVE-2025-3442,0,0,2a59e6aeb9a7ce85db231c9e4252568faabc9932311aa3489ec1af959c55a52f,2025-04-09T20:02:41.860000 CVE-2025-3474,0,0,f8e71c46703e14cca85d8e407ff995fe29213506f600ff4c3b6065d1079e537c,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,bb4bc227f15a0b277f9580dd5137093b362fd6a8b2970e4968b5dd8302443ad1,2025-04-09T20:02:41.860000 -CVE-2025-3489,1,1,682530fb46b90cec0874c3105be478571a510fd20461cd4b0dfcdc5594ec5afd,2025-04-10T04:15:40.610000 +CVE-2025-3489,0,0,682530fb46b90cec0874c3105be478571a510fd20461cd4b0dfcdc5594ec5afd,2025-04-10T04:15:40.610000