admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 02:00:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-29T11:00:19.780025+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-29 11:04:11 +00:00
parent df369cfd3e
commit fa1ed44a9f
38 changed files with 2437 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-100xx/CVE-2024-10048.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10048",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T09:15:06.403",
"lastModified": "2024-10-29T09:15:06.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3174969/post-status-notifier-lite/tags/1.11.7/lib/Psn/Admin/ListTable/Rules.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90220c8d-8efc-48a2-955c-3155598f5f19?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-102xx/CVE-2024-10227.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-10227",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T10:15:03.183",
"lastModified": "2024-10-29T10:15:03.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3174286/",
"source": "security@wordfence.com"
},
{
"url": "https://servit.dev/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/affiliate-toolkit-starter/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f86568f-dcdd-44fb-905a-9c5474f56515?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2024/CVE-2024-102xx/CVE-2024-10241.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-10241",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-29T08:15:11.990",
"lastModified": "2024-10-29T08:15:11.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get\u00a0private channel names by using cmd+K/ctrl+K."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

60
CVE-2024/CVE-2024-103xx/CVE-2024-10312.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10312",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T08:15:12.330",
"lastModified": "2024-10-29T08:15:12.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3175285/exclusive-addons-for-elementor",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-104xx/CVE-2024-10436.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-10436",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T10:15:03.900",
"lastModified": "2024-10-29T10:15:03.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L418",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wpc-smart-messages/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fd87512-def0-4e59-aa2d-b166919474f3?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-104xx/CVE-2024-10437.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10437",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T10:15:04.140",
"lastModified": "2024-10-29T10:15:04.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L775",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4acb4fda-0217-44b9-a85e-64807eb4a011?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2024/CVE-2024-220xx/CVE-2024-22066.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-22066",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-10-29T09:15:06.800",
"lastModified": "2024-10-29T09:15:06.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-294"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590",
"source": "psirt@zte.com.cn"
}
]
}

34
CVE-2024/CVE-2024-376xx/CVE-2024-37672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37672",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:10.963",
"lastModified": "2024-06-24T19:41:06.183",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T08:35:03.097",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

56
CVE-2024/CVE-2024-454xx/CVE-2024-45477.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45477",
"sourceIdentifier": "security@apache.org",
"published": "2024-10-29T09:15:07.053",
"lastModified": "2024-10-29T09:15:07.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/shdv0tw9hggj7tx9pl7g93mgok2lwbj9",
"source": "security@apache.org"
}
]
}

56
CVE-2024/CVE-2024-468xx/CVE-2024-46872.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-46872",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-29T09:15:07.350",
"lastModified": "2024-10-29T09:15:07.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47401.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47401",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-29T09:15:07.753",
"lastModified": "2024-10-29T09:15:07.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to\u00a0prevent detailed error messages from being displayed\u00a0in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49642.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49642",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:08.017",
"lastModified": "2024-10-29T09:15:08.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/todo-custom-field/wordpress-todo-custom-field-plugin-3-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-500xx/CVE-2024-50052.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50052",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-29T08:15:12.553",
"lastModified": "2024-10-29T08:15:12.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to\u00a0check that the origin of the message in an integration action matches with the original post metadata\u00a0which allows an authenticated user to delete an arbitrary post."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50411.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50411",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:08.333",
"lastModified": "2024-10-29T09:15:08.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50412.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50412",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:08.610",
"lastModified": "2024-10-29T09:15:08.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Stored XSS.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-conditional-fields/wordpress-conditional-fields-for-contact-form-7-plugin-2-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50413.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50413",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:08.847",
"lastModified": "2024-10-29T09:15:08.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-27-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50414.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50414",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:09.230",
"lastModified": "2024-10-29T09:15:09.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.9.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/button-contact-vr/wordpress-button-contact-vr-plugin-4-7-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50415.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50415",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:09.530",
"lastModified": "2024-10-29T09:15:09.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/app-ads-txt/wordpress-ads-txt-app-ads-txt-manager-for-wordpress-plugin-1-1-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50418.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50418",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:09.777",
"lastModified": "2024-10-29T09:15:09.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/timeslot/wordpress-time-slot-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50420.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:10.150",
"lastModified": "2024-10-29T09:15:10.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50426.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50426",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:10.383",
"lastModified": "2024-10-29T09:15:10.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50427.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50427",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:10.710",
"lastModified": "2024-10-29T09:15:10.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic O\u00dc SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50473.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50473",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:10.977",
"lastModified": "2024-10-29T09:15:10.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50475.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50475",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:11.203",
"lastModified": "2024-10-29T09:15:11.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/signup-page/wordpress-signup-page-plugin-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50476.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50476",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:11.533",
"lastModified": "2024-10-29T09:15:11.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in GR\u00dcN Software Group GmbH GR\u00dcN spendino Spendenformular allows Privilege Escalation.This issue affects GR\u00dcN spendino Spendenformular: from n/a through 1.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spendino/wordpress-gruen-spendino-spendenformular-plugin-1-0-1-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50480.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50480",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T08:15:12.767",
"lastModified": "2024-10-29T08:15:12.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/marketing-automation-by-azexo/wordpress-marketing-automation-by-azexo-plugin-1-27-80-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50481.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50481",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:11.787",
"lastModified": "2024-10-29T09:15:11.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bstone-demo-importer/wordpress-bstone-demo-importer-plugin-1-0-1-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50482.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50482",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T08:15:13.010",
"lastModified": "2024-10-29T08:15:13.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50484.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50484",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T08:15:13.237",
"lastModified": "2024-10-29T08:15:13.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50485.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50485",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:12.137",
"lastModified": "2024-10-29T09:15:12.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ": Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50490.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50490",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T09:15:12.497",
"lastModified": "2024-10-29T09:15:12.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pegapoll/wordpress-pegapoll-plugin-1-0-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50493.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50493",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T08:15:13.457",
"lastModified": "2024-10-29T08:15:13.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/automatic-translation/wordpress-automatic-translation-plugin-1-0-4-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50494.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50494",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T08:15:13.690",
"lastModified": "2024-10-29T08:15:13.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-sudan-payment-gateway/wordpress-sudan-payment-gateway-for-woocommerce-plugin-1-2-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50550.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50550",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T10:15:04.663",
"lastModified": "2024-10-29T10:15:04.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-1-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

68
CVE-2024/CVE-2024-93xx/CVE-2024-9376.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-9376",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T10:15:04.880",
"lastModified": "2024-10-29T10:15:04.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kata Plus \u2013 Addons for Elementor \u2013 Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://climaxthemes.com/kata/documentation/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3174359/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/kata-plus/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05c7267e-2e0c-48e9-bdaa-c8bc0b9ec8a6?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-94xx/CVE-2024-9438.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9438",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-29T09:15:12.753",
"lastModified": "2024-10-29T09:15:12.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/seur/trunk/core/pages/seur-get-labels.php#L60",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3176965/seur/trunk/core/pages/seur-get-labels.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88edf229-2be2-49d0-b500-e8ff7708f806?source=cve",
"source": "security@wordfence.com"
}
]
}

88
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-29T07:57:46.852458+00:00
2024-10-29T11:00:19.780025+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-29T06:15:13.743000+00:00
2024-10-29T10:15:04.880000+00:00
```
### Last Data Feed Release
@ -27,75 +27,51 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-10-28T01:00:08.664734+00:00
2024-10-29T08:01:49.015410+00:00
```
### Total Number of included CVEs
```plain
267427
267462
```
### CVEs added in the last Commit
Recently added CVEs: `167`
Recently added CVEs: `35`
- [CVE-2024-50446](CVE-2024/CVE-2024-504xx/CVE-2024-50446.json) (`2024-10-28T18:15:06.203`)
- [CVE-2024-50447](CVE-2024/CVE-2024-504xx/CVE-2024-50447.json) (`2024-10-28T18:15:06.473`)
- [CVE-2024-50448](CVE-2024/CVE-2024-504xx/CVE-2024-50448.json) (`2024-10-28T18:15:06.707`)
- [CVE-2024-50449](CVE-2024/CVE-2024-504xx/CVE-2024-50449.json) (`2024-10-28T18:15:06.907`)
- [CVE-2024-50451](CVE-2024/CVE-2024-504xx/CVE-2024-50451.json) (`2024-10-28T18:15:07.123`)
- [CVE-2024-50453](CVE-2024/CVE-2024-504xx/CVE-2024-50453.json) (`2024-10-28T20:15:07.463`)
- [CVE-2024-50457](CVE-2024/CVE-2024-504xx/CVE-2024-50457.json) (`2024-10-28T20:15:07.713`)
- [CVE-2024-50458](CVE-2024/CVE-2024-504xx/CVE-2024-50458.json) (`2024-10-28T18:15:07.327`)
- [CVE-2024-50460](CVE-2024/CVE-2024-504xx/CVE-2024-50460.json) (`2024-10-28T18:15:07.537`)
- [CVE-2024-50461](CVE-2024/CVE-2024-504xx/CVE-2024-50461.json) (`2024-10-28T18:15:07.737`)
- [CVE-2024-50462](CVE-2024/CVE-2024-504xx/CVE-2024-50462.json) (`2024-10-28T18:15:07.953`)
- [CVE-2024-50464](CVE-2024/CVE-2024-504xx/CVE-2024-50464.json) (`2024-10-28T18:15:08.163`)
- [CVE-2024-50467](CVE-2024/CVE-2024-504xx/CVE-2024-50467.json) (`2024-10-28T18:15:08.370`)
- [CVE-2024-50468](CVE-2024/CVE-2024-504xx/CVE-2024-50468.json) (`2024-10-28T18:15:08.570`)
- [CVE-2024-50469](CVE-2024/CVE-2024-504xx/CVE-2024-50469.json) (`2024-10-28T18:15:08.770`)
- [CVE-2024-50495](CVE-2024/CVE-2024-504xx/CVE-2024-50495.json) (`2024-10-28T21:15:09.800`)
- [CVE-2024-50496](CVE-2024/CVE-2024-504xx/CVE-2024-50496.json) (`2024-10-28T21:15:10.057`)
- [CVE-2024-51506](CVE-2024/CVE-2024-515xx/CVE-2024-51506.json) (`2024-10-28T23:15:02.667`)
- [CVE-2024-51507](CVE-2024/CVE-2024-515xx/CVE-2024-51507.json) (`2024-10-28T23:15:02.753`)
- [CVE-2024-51508](CVE-2024/CVE-2024-515xx/CVE-2024-51508.json) (`2024-10-28T23:15:02.837`)
- [CVE-2024-51509](CVE-2024/CVE-2024-515xx/CVE-2024-51509.json) (`2024-10-28T23:15:02.907`)
- [CVE-2024-5532](CVE-2024/CVE-2024-55xx/CVE-2024-5532.json) (`2024-10-28T19:15:15.010`)
- [CVE-2024-6245](CVE-2024/CVE-2024-62xx/CVE-2024-6245.json) (`2024-10-28T17:15:04.780`)
- [CVE-2024-9629](CVE-2024/CVE-2024-96xx/CVE-2024-9629.json) (`2024-10-28T18:15:09.040`)
- [CVE-2024-9825](CVE-2024/CVE-2024-98xx/CVE-2024-9825.json) (`2024-10-28T19:15:15.170`)
- [CVE-2024-49642](CVE-2024/CVE-2024-496xx/CVE-2024-49642.json) (`2024-10-29T09:15:08.017`)
- [CVE-2024-50052](CVE-2024/CVE-2024-500xx/CVE-2024-50052.json) (`2024-10-29T08:15:12.553`)
- [CVE-2024-50411](CVE-2024/CVE-2024-504xx/CVE-2024-50411.json) (`2024-10-29T09:15:08.333`)
- [CVE-2024-50412](CVE-2024/CVE-2024-504xx/CVE-2024-50412.json) (`2024-10-29T09:15:08.610`)
- [CVE-2024-50413](CVE-2024/CVE-2024-504xx/CVE-2024-50413.json) (`2024-10-29T09:15:08.847`)
- [CVE-2024-50414](CVE-2024/CVE-2024-504xx/CVE-2024-50414.json) (`2024-10-29T09:15:09.230`)
- [CVE-2024-50415](CVE-2024/CVE-2024-504xx/CVE-2024-50415.json) (`2024-10-29T09:15:09.530`)
- [CVE-2024-50418](CVE-2024/CVE-2024-504xx/CVE-2024-50418.json) (`2024-10-29T09:15:09.777`)
- [CVE-2024-50420](CVE-2024/CVE-2024-504xx/CVE-2024-50420.json) (`2024-10-29T09:15:10.150`)
- [CVE-2024-50426](CVE-2024/CVE-2024-504xx/CVE-2024-50426.json) (`2024-10-29T09:15:10.383`)
- [CVE-2024-50427](CVE-2024/CVE-2024-504xx/CVE-2024-50427.json) (`2024-10-29T09:15:10.710`)
- [CVE-2024-50473](CVE-2024/CVE-2024-504xx/CVE-2024-50473.json) (`2024-10-29T09:15:10.977`)
- [CVE-2024-50475](CVE-2024/CVE-2024-504xx/CVE-2024-50475.json) (`2024-10-29T09:15:11.203`)
- [CVE-2024-50476](CVE-2024/CVE-2024-504xx/CVE-2024-50476.json) (`2024-10-29T09:15:11.533`)
- [CVE-2024-50480](CVE-2024/CVE-2024-504xx/CVE-2024-50480.json) (`2024-10-29T08:15:12.767`)
- [CVE-2024-50481](CVE-2024/CVE-2024-504xx/CVE-2024-50481.json) (`2024-10-29T09:15:11.787`)
- [CVE-2024-50482](CVE-2024/CVE-2024-504xx/CVE-2024-50482.json) (`2024-10-29T08:15:13.010`)
- [CVE-2024-50484](CVE-2024/CVE-2024-504xx/CVE-2024-50484.json) (`2024-10-29T08:15:13.237`)
- [CVE-2024-50485](CVE-2024/CVE-2024-504xx/CVE-2024-50485.json) (`2024-10-29T09:15:12.137`)
- [CVE-2024-50490](CVE-2024/CVE-2024-504xx/CVE-2024-50490.json) (`2024-10-29T09:15:12.497`)
- [CVE-2024-50493](CVE-2024/CVE-2024-504xx/CVE-2024-50493.json) (`2024-10-29T08:15:13.457`)
- [CVE-2024-50494](CVE-2024/CVE-2024-504xx/CVE-2024-50494.json) (`2024-10-29T08:15:13.690`)
- [CVE-2024-50550](CVE-2024/CVE-2024-505xx/CVE-2024-50550.json) (`2024-10-29T10:15:04.663`)
- [CVE-2024-9376](CVE-2024/CVE-2024-93xx/CVE-2024-9376.json) (`2024-10-29T10:15:04.880`)
- [CVE-2024-9438](CVE-2024/CVE-2024-94xx/CVE-2024-9438.json) (`2024-10-29T09:15:12.753`)
### CVEs modified in the last Commit
Recently modified CVEs: `150`
Recently modified CVEs: `1`
- [CVE-2024-48424](CVE-2024/CVE-2024-484xx/CVE-2024-48424.json) (`2024-10-28T18:35:03.257`)
- [CVE-2024-48425](CVE-2024/CVE-2024-484xx/CVE-2024-48425.json) (`2024-10-28T19:35:28.823`)
- [CVE-2024-48427](CVE-2024/CVE-2024-484xx/CVE-2024-48427.json) (`2024-10-28T20:35:21.523`)
- [CVE-2024-4924](CVE-2024/CVE-2024-49xx/CVE-2024-4924.json) (`2024-10-28T21:35:21.157`)
- [CVE-2024-49957](CVE-2024/CVE-2024-499xx/CVE-2024-49957.json) (`2024-10-28T16:12:19.783`)
- [CVE-2024-49960](CVE-2024/CVE-2024-499xx/CVE-2024-49960.json) (`2024-10-28T16:16:35.320`)
- [CVE-2024-49962](CVE-2024/CVE-2024-499xx/CVE-2024-49962.json) (`2024-10-28T16:17:33.310`)
- [CVE-2024-49985](CVE-2024/CVE-2024-499xx/CVE-2024-49985.json) (`2024-10-28T16:22:29.887`)
- [CVE-2024-49987](CVE-2024/CVE-2024-499xx/CVE-2024-49987.json) (`2024-10-28T16:23:44.477`)
- [CVE-2024-49988](CVE-2024/CVE-2024-499xx/CVE-2024-49988.json) (`2024-10-28T16:38:50.897`)
- [CVE-2024-49990](CVE-2024/CVE-2024-499xx/CVE-2024-49990.json) (`2024-10-28T16:42:56.377`)
- [CVE-2024-49991](CVE-2024/CVE-2024-499xx/CVE-2024-49991.json) (`2024-10-28T16:49:29.023`)
- [CVE-2024-49995](CVE-2024/CVE-2024-499xx/CVE-2024-49995.json) (`2024-10-28T17:07:51.270`)
- [CVE-2024-50014](CVE-2024/CVE-2024-500xx/CVE-2024-50014.json) (`2024-10-28T17:12:16.643`)
- [CVE-2024-50015](CVE-2024/CVE-2024-500xx/CVE-2024-50015.json) (`2024-10-28T17:13:53.143`)
- [CVE-2024-50016](CVE-2024/CVE-2024-500xx/CVE-2024-50016.json) (`2024-10-28T17:17:41.473`)
- [CVE-2024-5022](CVE-2024/CVE-2024-50xx/CVE-2024-5022.json) (`2024-10-28T21:35:22.210`)
- [CVE-2024-50623](CVE-2024/CVE-2024-506xx/CVE-2024-50623.json) (`2024-10-28T21:15:10.287`)
- [CVE-2024-5071](CVE-2024/CVE-2024-50xx/CVE-2024-5071.json) (`2024-10-28T21:35:22.430`)
- [CVE-2024-5199](CVE-2024/CVE-2024-51xx/CVE-2024-5199.json) (`2024-10-28T21:35:23.237`)
- [CVE-2024-5640](CVE-2024/CVE-2024-56xx/CVE-2024-5640.json) (`2024-10-28T18:32:59.690`)
- [CVE-2024-5661](CVE-2024/CVE-2024-56xx/CVE-2024-5661.json) (`2024-10-28T20:35:25.447`)
- [CVE-2024-5689](CVE-2024/CVE-2024-56xx/CVE-2024-5689.json) (`2024-10-28T20:35:25.673`)
- [CVE-2024-6224](CVE-2024/CVE-2024-62xx/CVE-2024-6224.json) (`2024-10-28T20:35:25.907`)
- [CVE-2024-6720](CVE-2024/CVE-2024-67xx/CVE-2024-6720.json) (`2024-10-28T20:35:26.733`)
- [CVE-2024-37672](CVE-2024/CVE-2024-376xx/CVE-2024-37672.json) (`2024-10-29T08:35:03.097`)
## Download and Usage

671
_state.csv
View File

File diff suppressed because it is too large Load Diff