mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-07 19:16:29 +00:00
Auto-Update: 2025-01-21T07:00:19.731735+00:00
This commit is contained in:
cad-safe-bot
parent
ee1d1d30af
commit
ec5e0a3b66
60
CVE-2024/CVE-2024-135xx/CVE-2024-13536.json
Normal file
60
CVE-2024/CVE-2024-135xx/CVE-2024-13536.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-13536",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-01-21T05:15:07.490",
|
||||
"lastModified": "2025-01-21T05:15:07.490",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-209"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/1003-mortgage-application/trunk/inc/class/fnm/export.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbc90b9-af91-49ac-ad3d-a37c17e8ba6d?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
21
CVE-2025/CVE-2025-230xx/CVE-2025-23086.json
Normal file
21
CVE-2025/CVE-2025-230xx/CVE-2025-23086.json
Normal file
@ -0,0 +1,21 @@
|
||||
{
|
||||
"id": "CVE-2025-23086",
|
||||
"sourceIdentifier": "support@hackerone.com",
|
||||
"published": "2025-01-21T05:15:07.960",
|
||||
"lastModified": "2025-01-21T05:15:07.960",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://hackerone.com/reports/2888770",
|
||||
"source": "support@hackerone.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
16
README.md
16
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2025-01-21T05:00:20.007751+00:00
|
||||
2025-01-21T07:00:19.731735+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2025-01-21T04:15:07.980000+00:00
|
||||
2025-01-21T05:15:07.960000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,23 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
278159
|
||||
278161
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `0`
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2024-13536](CVE-2024/CVE-2024-135xx/CVE-2024-13536.json) (`2025-01-21T05:15:07.490`)
|
||||
- [CVE-2025-23086](CVE-2025/CVE-2025-230xx/CVE-2025-23086.json) (`2025-01-21T05:15:07.960`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `4`
|
||||
Recently modified CVEs: `0`
|
||||
|
||||
- [CVE-2025-0354](CVE-2025/CVE-2025-03xx/CVE-2025-0354.json) (`2025-01-21T04:15:07.147`)
|
||||
- [CVE-2025-0355](CVE-2025/CVE-2025-03xx/CVE-2025-0355.json) (`2025-01-21T04:15:07.877`)
|
||||
- [CVE-2025-0356](CVE-2025/CVE-2025-03xx/CVE-2025-0356.json) (`2025-01-21T04:15:07.980`)
|
||||
- [CVE-2025-24014](CVE-2025/CVE-2025-240xx/CVE-2025-24014.json) (`2025-01-21T03:15:06.393`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
||||
10
_state.csv
10
_state.csv
@ -246044,6 +246044,7 @@ CVE-2024-13519,0,0,91071072a08ea24827f5d5bc615943726188f0b2d2b9d39683465c01c81a2
|
||||
CVE-2024-1352,0,0,80e73adafdfe15b995501384770910e119d96dba6ac79b22584e1c2a8e29f667,2025-01-17T17:23:55.973000
|
||||
CVE-2024-13524,0,0,8904fc9b47632ebbae09c103a68ff131aa17785fda270c0fbbff20bc7cde5ada,2025-01-20T03:15:08.033000
|
||||
CVE-2024-1353,0,0,afe5e84ebbb775598783ab5b808c4fd20532e7440cc7da3552115f2ac18ba752,2024-11-21T08:50:23.700000
|
||||
CVE-2024-13536,1,1,2c346b2df91a5dc057c237d35edbe756ff5236144feccf10098be940a9698d61,2025-01-21T05:15:07.490000
|
||||
CVE-2024-1354,0,0,5af9747793c0c7f9d624ad8210334d43a11a7e2ffd1bfd24e0f893306f01668b,2024-11-21T08:50:23.843000
|
||||
CVE-2024-1355,0,0,6172baf85be4d7a27bbb49e6e2c61129e709fa636052c76496ed45a61202985b,2024-11-21T08:50:23.993000
|
||||
CVE-2024-1356,0,0,6cb6186c899ef9742e559deecf7de4862ea2bb78bef5eed0c472ae9df79196b1,2024-11-21T08:50:24.133000
|
||||
@ -277229,9 +277230,9 @@ CVE-2025-0346,0,0,3ca882ed5f0f6ff30f77b6214e7e7bdd383925e6a59aee9ebd80a0c7383e3b
|
||||
CVE-2025-0347,0,0,ec55ad444ba1a81cdc39b917c4d69e23fb6f894614506108703cecaf8b681d74,2025-01-09T10:15:07.170000
|
||||
CVE-2025-0348,0,0,caf29c7d10aa1d0bc868897d1f5fe71d1c997b913af05adf015858af50a20840,2025-01-09T10:15:07.700000
|
||||
CVE-2025-0349,0,0,5c5bde0373ec0c26c713a0d565cd6e4461e0dfe3c3d54fa435cc26640f811d63,2025-01-09T11:15:16.547000
|
||||
CVE-2025-0354,0,1,428d38f2781814173c07276c3123b7894bf18887b24de42981453e8b9fe91fd5,2025-01-21T04:15:07.147000
|
||||
CVE-2025-0355,0,1,60139aab38184d5553deea3c96ee67451ff405f2b0f65acb32b8c01c91586866,2025-01-21T04:15:07.877000
|
||||
CVE-2025-0356,0,1,00c4e703b995e5d2c2e4f165848b6efa20e85198e0b810bdb74efa5802e75a40,2025-01-21T04:15:07.980000
|
||||
CVE-2025-0354,0,0,428d38f2781814173c07276c3123b7894bf18887b24de42981453e8b9fe91fd5,2025-01-21T04:15:07.147000
|
||||
CVE-2025-0355,0,0,60139aab38184d5553deea3c96ee67451ff405f2b0f65acb32b8c01c91586866,2025-01-21T04:15:07.877000
|
||||
CVE-2025-0356,0,0,00c4e703b995e5d2c2e4f165848b6efa20e85198e0b810bdb74efa5802e75a40,2025-01-21T04:15:07.980000
|
||||
CVE-2025-0369,0,0,60e0263b7bdd9bb8b2fbff594a1f912ed9cb257670ae53622ab1064bad30f4a5,2025-01-18T07:15:09.720000
|
||||
CVE-2025-0390,0,0,a9cacf0ddfe16d7ce6aba119743e725f69b4f5561bb60e372a0dcb6744d412ca,2025-01-11T08:15:26.527000
|
||||
CVE-2025-0391,0,0,ab8f7905746a492810fe86765faefb1fff997fc4d75bb4be776d20c58a35599f,2025-01-11T09:15:05.937000
|
||||
@ -277918,6 +277919,7 @@ CVE-2025-23079,0,0,78406696c95877d502c4c9b4607328548f20c8246eeff924786f7d9228881
|
||||
CVE-2025-23080,0,0,165d07f7f3ac467de5017c0ed6cba0e28a556747a1eb136b531ca8b1a8ca92c9,2025-01-14T18:16:06.110000
|
||||
CVE-2025-23081,0,0,8e8adb61025ad816e7ca7d3f543c46c43aae9a6ff6f38d8ecfef81ad769cb146,2025-01-16T16:15:36.090000
|
||||
CVE-2025-23082,0,0,04a4f0f7ff5458b7d3b3235d7001e50f9111979d3e99a4d703024d8cba8b9a7c,2025-01-14T16:15:36.200000
|
||||
CVE-2025-23086,1,1,be2b2e20c3c37d45e502b9c050e3f49065346c4fc9e1a84519387fee5cb48056,2025-01-21T05:15:07.960000
|
||||
CVE-2025-23108,0,0,0867ae52bf9537919e00df206497183b5abf45a3a43e56579f476cc3d26e8d6c,2025-01-13T18:15:22.680000
|
||||
CVE-2025-23109,0,0,4d519c5c41161d21ebd8f814ea3659acc2224a598528dd7d3e4c7b87a5ad8cc0,2025-01-13T18:15:22.903000
|
||||
CVE-2025-23110,0,0,b9e32d20d7e6cf23b28c590dc2ad7f239b5186f27517cd303db97f7275b077fa,2025-01-10T22:15:27.550000
|
||||
@ -278156,5 +278158,5 @@ CVE-2025-23963,0,0,b25e75626ec56255a41425e6f3edd3e3aea1c19b7ee658d0d0b26b28ec1f0
|
||||
CVE-2025-23965,0,0,53fb1e10aaa7ebd57bd7f00633a90cd803f03e00b4bc8c44e50c428b42627500,2025-01-16T21:15:38.023000
|
||||
CVE-2025-24010,0,0,b1ad142cb0e12a44fa76d1536c3ae8cc5dc1c93205ad3e19be582c3fc492507c,2025-01-20T16:15:28.730000
|
||||
CVE-2025-24013,0,0,a013478a51520d1a805dca03a3a7f43a81c8ee1d4137efd7110dbaf0e05d94c6,2025-01-20T16:15:28.877000
|
||||
CVE-2025-24014,0,1,0c972738e3babcd39492772e29e55637e9d570d75dd7fbfa964ee94a33114b3d,2025-01-21T03:15:06.393000
|
||||
CVE-2025-24014,0,0,0c972738e3babcd39492772e29e55637e9d570d75dd7fbfa964ee94a33114b3d,2025-01-21T03:15:06.393000
|
||||
CVE-2025-24337,0,0,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5deb68,2025-01-20T14:15:27.130000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user