Auto-Update: 2025-03-19T09:00:20.472870+00:00

Author: cad-safe-bot

CVE-2024/CVE-2024-134xx/CVE-2024-13410.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-13410",
+  "sourceIdentifier": "[email protected]",
+  "published": "2025-03-19T07:15:33.233",
+  "lastModified": "2025-03-19T07:15:33.233",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-134xx/CVE-2024-13412.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13412",
+  "sourceIdentifier": "[email protected]",
+  "published": "2025-03-19T07:15:33.980",
+  "lastModified": "2025-03-19T07:15:33.980",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2025/CVE-2025-302xx/CVE-2025-30236.json

@@ -2,7 +2,7 @@
   "id": "CVE-2025-30236",
   "sourceIdentifier": "[email protected]",
   "published": "2025-03-19T06:15:16.243",
-  "lastModified": "2025-03-19T06:15:16.243",
+  "lastModified": "2025-03-19T07:15:34.313",
   "vulnStatus": "Received",
   "cveTags": [],
   "descriptions": [
@@ -11,7 +11,42 @@
       "value": "Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-472"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://reserge.org/probabilistically-breaking-securenvoy-totp/",

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-03-19T07:00:23.443217+00:00
+2025-03-19T09:00:20.472870+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-03-19T06:15:16.243000+00:00
+2025-03-19T07:15:34.313000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,29 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-285655
+285657
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `10`
+Recently added CVEs: `2`
 
-- [CVE-2024-12295](CVE-2024/CVE-2024-122xx/CVE-2024-12295.json) (`2025-03-19T05:15:39.603`)
-- [CVE-2024-12922](CVE-2024/CVE-2024-129xx/CVE-2024-12922.json) (`2025-03-19T06:15:15.120`)
-- [CVE-2024-50629](CVE-2024/CVE-2024-506xx/CVE-2024-50629.json) (`2025-03-19T06:15:15.460`)
-- [CVE-2024-50630](CVE-2024/CVE-2024-506xx/CVE-2024-50630.json) (`2025-03-19T06:15:15.620`)
-- [CVE-2024-50631](CVE-2024/CVE-2024-506xx/CVE-2024-50631.json) (`2025-03-19T06:15:15.773`)
-- [CVE-2025-1232](CVE-2025/CVE-2025-12xx/CVE-2025-1232.json) (`2025-03-19T06:15:15.940`)
-- [CVE-2025-2290](CVE-2025/CVE-2025-22xx/CVE-2025-2290.json) (`2025-03-19T05:15:41.180`)
-- [CVE-2025-30234](CVE-2025/CVE-2025-302xx/CVE-2025-30234.json) (`2025-03-19T05:15:41.353`)
-- [CVE-2025-30235](CVE-2025/CVE-2025-302xx/CVE-2025-30235.json) (`2025-03-19T06:15:16.043`)
-- [CVE-2025-30236](CVE-2025/CVE-2025-302xx/CVE-2025-30236.json) (`2025-03-19T06:15:16.243`)
+- [CVE-2024-13410](CVE-2024/CVE-2024-134xx/CVE-2024-13410.json) (`2025-03-19T07:15:33.233`)
+- [CVE-2024-13412](CVE-2024/CVE-2024-134xx/CVE-2024-13412.json) (`2025-03-19T07:15:33.980`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2025-30236](CVE-2025/CVE-2025-302xx/CVE-2025-30236.json) (`2025-03-19T07:15:34.313`)
 
 
 ## Download and Usage

_state.csv

@@ -246493,7 +246493,7 @@ CVE-2024-12291,0,0,92bd6430c2e668a17bac8eff58d5c2110f868302e763b561cafc443091528
 CVE-2024-12292,0,0,9c2e3f4715c47523d2f1e1d813aca821c280ab211aff2eeed6650ad59c376aa9,2024-12-12T12:15:22.470000
 CVE-2024-12293,0,0,2953fa4e59ad0d89a9c80037ec9c293444942d58e596c71e3b8975df1192ecb7,2024-12-17T09:15:05.347000
 CVE-2024-12294,0,0,beb757b9be530a21bd62fb0889c97c31013e2208ab8db98bc3384b757caf5365,2024-12-11T11:15:06.623000
-CVE-2024-12295,1,1,06843dffc389419b7c1d55775b78366ce09109f84ba8a2161876182b08422b1a,2025-03-19T05:15:39.603000
+CVE-2024-12295,0,0,06843dffc389419b7c1d55775b78366ce09109f84ba8a2161876182b08422b1a,2025-03-19T05:15:39.603000
 CVE-2024-12296,0,0,2e1864fa6072ab80c406429c59d508ec6233147fe965c5fb3773394e06f5d391,2025-02-20T16:09:14.287000
 CVE-2024-12297,0,0,0bf5340e7a5fbc70cb59bfd941e3c3af31a7ca051fcdd935c4a0bdf03ed01122,2025-03-06T09:15:25.380000
 CVE-2024-12298,0,0,cc5fe609045dfd20e01ee8b5a4a2dfa91435af5a3c75ddd1927f875f5047d786,2025-01-14T01:15:09.423000
@@ -247044,7 +247044,7 @@ CVE-2024-12918,0,0,1035e9b27a2101293cfa4dc6b919699346b5a15e701cb7622e7b4fe97d2a4
 CVE-2024-12919,0,0,267cd9cf604b008de2f506d778d176d8d6c4286f989194d3cfe533433123b414,2025-01-22T17:29:01.883000
 CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000
 CVE-2024-12921,0,0,66514a714672aa9f260463c855267bb42fb72ace141e13c7370829c4ab97853e,2025-01-30T06:15:29.653000
-CVE-2024-12922,1,1,3c37006850d140c98149834c97117e5d90bae2ea48a41001d4db464e7915c4fd,2025-03-19T06:15:15.120000
+CVE-2024-12922,0,0,3c37006850d140c98149834c97117e5d90bae2ea48a41001d4db464e7915c4fd,2025-03-19T06:15:15.120000
 CVE-2024-12926,0,0,34efd8bf14c03e0212df6da35930928f45cf16a2638f05d82d7eb2cf46388400,2024-12-27T15:15:10.360000
 CVE-2024-12927,0,0,c173b425d03a6a507f56bf929c66277715c96aa1e0c001db5baad0f396d51d86,2024-12-27T15:15:10.513000
 CVE-2024-12928,0,0,f2c043827b5b2b9ff5b52d35dce551fcb76ded1c45573c4e011ec5877efe328d,2024-12-27T15:15:10.650000
@@ -247529,6 +247529,8 @@ CVE-2024-13407,0,0,1f436b9636d1a2e9852705669ce277b78519c04199eda73ea4f0162025e28
 CVE-2024-13408,0,0,e396f32e4dcbb651814f9215fd3a09eb2577d8842a6e7054a1c2694b62332fd0,2025-02-05T01:37:13.827000
 CVE-2024-13409,0,0,16195c232130678b474ab73526a536d491d9fdbf657fb8a2a79faa0112e2d1e0,2025-02-05T01:36:36.047000
 CVE-2024-1341,0,0,18a405c4f3b1670bb4682ce0d2bacf1a2f13ce190629c8c1f1c6d07cc16f0c27,2025-02-27T03:18:02.077000
+CVE-2024-13410,1,1,5d5ce15de77c9194923c67d32a93cabd6fa5b5e5a9f99c1d76be035b55aee771,2025-03-19T07:15:33.233000
+CVE-2024-13412,1,1,244d8c0c5a923eb8c145fd38652c7e10de2957cfe239ada5c7f672899d55edde,2025-03-19T07:15:33.980000
 CVE-2024-13413,0,0,b43ed4643dabc8868dcfa53910d76ce2221751b062cab18595b77b8d890794e4,2025-03-11T05:15:37.083000
 CVE-2024-13415,0,0,20f4b651b70587580f805a97274e0650f9bb61a3067aa9a0bda1ff129a051ce4,2025-01-31T06:15:29.287000
 CVE-2024-13416,0,0,d71120210a80712a2c247daf0d2ae5cb04d95a19fc86e36a7c69ffa25a62e7ae,2025-02-21T12:15:29.193000
@@ -272102,10 +272104,10 @@ CVE-2024-50625,0,0,600a63b94c23d23207c426e1e43b071296b787357ca99d17c5661761f04e2
 CVE-2024-50626,0,0,ee346cb1a02e9d6ceaf318c396c6bbfc04e63993edcd6528fb39c33b5fb34c43,2024-12-12T02:06:32.817000
 CVE-2024-50627,0,0,54f35ecd4423ba348ca66129853a9258eaef3460345ced0ea32309ba3face4cb,2024-12-11T17:15:17.200000
 CVE-2024-50628,0,0,0643f111de6b649c82d0d465a05ff1bea2d7a2ca8f3d6abb1fa505b9869b41b4,2024-12-11T17:15:17.350000
-CVE-2024-50629,1,1,092e026a31e02ec3801500a4ae72b99eb644aab0124068333f8636ff45eea81a,2025-03-19T06:15:15.460000
+CVE-2024-50629,0,0,092e026a31e02ec3801500a4ae72b99eb644aab0124068333f8636ff45eea81a,2025-03-19T06:15:15.460000
 CVE-2024-5063,0,0,e630fa0c680d15c2ffb71fb0fff853109ca27af8a13b608135186f60d8e0f3a0,2025-03-03T16:05:23.833000
-CVE-2024-50630,1,1,42480fa67393e893874111e10def74090d1580a476b884485586f78334425893,2025-03-19T06:15:15.620000
-CVE-2024-50631,1,1,6556b6fba30659d0e3b45c702b6e019d0f671fd06e0aa4fb8ca6f932b0269b12,2025-03-19T06:15:15.773000
+CVE-2024-50630,0,0,42480fa67393e893874111e10def74090d1580a476b884485586f78334425893,2025-03-19T06:15:15.620000
+CVE-2024-50631,0,0,6556b6fba30659d0e3b45c702b6e019d0f671fd06e0aa4fb8ca6f932b0269b12,2025-03-19T06:15:15.773000
 CVE-2024-50633,0,0,8447ae8fa0b4e5a5b6295a68bdf62cfe1ea1f8940cf2403607b397d2eabaa3a5,2025-02-18T21:15:22.343000
 CVE-2024-50634,0,0,75c75741b4ff07a7223817b405561d2122b2e965df2d36431c234973c9416179,2024-11-14T20:40:43.690000
 CVE-2024-50636,0,0,35ef03dd8175dba345c3fb32a6b071a45c850c144fdf90f5aef46a21c35cb9c9,2024-11-19T19:35:14.833000
@@ -281226,7 +281228,7 @@ CVE-2025-1228,0,0,12c830b22a778120983d037d36321ed8fb02836367f4bbbd9be0e196681004
 CVE-2025-1229,0,0,fa5787151bd081a7c3655f50c46799853d648eeeec0e4010ed7332955f8d9df1,2025-02-12T22:15:41.667000
 CVE-2025-1230,0,0,dd0a3ca0e089c26c5259a45f938e8e64977c81ece19c03ae3b8594f4d83448d5,2025-02-12T11:15:11.230000
 CVE-2025-1231,0,0,53b09d0e70e608d42ef2315cf58b2a0031ad64c29b00c44d026df29aef33383e,2025-02-11T15:15:20.643000
-CVE-2025-1232,1,1,bc598db07dca78cc69d221e1703a55770635d50095a5b64a36832e67ef7e339f,2025-03-19T06:15:15.940000
+CVE-2025-1232,0,0,bc598db07dca78cc69d221e1703a55770635d50095a5b64a36832e67ef7e339f,2025-03-19T06:15:15.940000
 CVE-2025-1239,0,0,6187788ffe5fd6000cc24d081f477dcae5b0ef59871d160b3ff23ee25b818501,2025-02-14T14:15:32.687000
 CVE-2025-1240,0,0,363ac0ec488e57d295d78c481b595c1c1507ba076f5813d8f4f20530988afa84,2025-02-11T22:15:29.800000
 CVE-2025-1243,0,0,b36908327b1b41fa664c4a39c71934592fd1d75bcc40ba67f7d64ed64955da7e,2025-02-12T01:15:09.073000
@@ -283078,7 +283080,7 @@ CVE-2025-22891,0,0,5058a67448259ac9abdaa428b056ef85a9f11123cf1683cf0699d5426be46
 CVE-2025-22894,0,0,099d82dc8568fb50b5dde7926f3fbb32a13311bb5c7a970a54e9828e99c29a1c,2025-02-06T08:15:30.027000
 CVE-2025-22896,0,0,cadb16b30aa07fd019cf5a31775c9c5a2a292f523d02b1c4ef2ed5d9558f302e,2025-03-04T21:25:33.663000
 CVE-2025-22897,0,0,9a22b887d81fcac41848fbf55628d95a06189013b3a027c7ddc8085a3cd9eb1a,2025-03-04T17:39:48.960000
-CVE-2025-2290,1,1,11af56ff6285a5f3028ad838da5752bac7bb9a41af222f693267b4ccc9e5ae68,2025-03-19T05:15:41.180000
+CVE-2025-2290,0,0,11af56ff6285a5f3028ad838da5752bac7bb9a41af222f693267b4ccc9e5ae68,2025-03-19T05:15:41.180000
 CVE-2025-22904,0,0,11fbec6328b596ed08ed392234d8935217007830badddad8b05907ab798c39a5,2025-02-18T21:15:26.993000
 CVE-2025-22905,0,0,bda5091cb8423b637c26775857bce84858d2915411a8d309230a6bd8a5902766,2025-02-18T21:15:27.153000
 CVE-2025-22906,0,0,dc0fdd210fffe08c72f299afbea7194cb399434a76d04819d6004eb76b91742b,2025-02-18T21:15:27.327000
@@ -285651,6 +285653,6 @@ CVE-2025-30140,0,0,2440c97dcbf7762989048323363fbf832325fdde3c21a7f46dbf65dc1a357
 CVE-2025-30141,0,0,252e709d2e6aa67cd4af9318785831886180b187b447e983f6557f7321b4a96c,2025-03-18T20:15:26.693000
 CVE-2025-30142,0,0,1246264bea9c6b49f2b8a8ead65c653d20fb9d371284f26fdb2f1b190b75f495,2025-03-18T20:15:26.777000
 CVE-2025-30143,0,0,dfaeb3eef5e72894446a00bc252dd02d40d218e0a77cd9256d63da4e0a89e02b,2025-03-17T16:15:28.643000
-CVE-2025-30234,1,1,2b5c58b261698db3654a8d87fafd123300be7c95ea66a06456456707d9ebfedd,2025-03-19T05:15:41.353000
-CVE-2025-30235,1,1,67c8acffd5b66a75e16bf136f5ec71938e7a203b09767896d1c5918e4b7c4166,2025-03-19T06:15:16.043000
-CVE-2025-30236,1,1,41f8712f78552e3f50d67f4f9b7d13235e555968f68017fda327688af857428f,2025-03-19T06:15:16.243000
+CVE-2025-30234,0,0,2b5c58b261698db3654a8d87fafd123300be7c95ea66a06456456707d9ebfedd,2025-03-19T05:15:41.353000
+CVE-2025-30235,0,0,67c8acffd5b66a75e16bf136f5ec71938e7a203b09767896d1c5918e4b7c4166,2025-03-19T06:15:16.043000
+CVE-2025-30236,0,1,500fbc3c7ec451492034813c7922507bae02c1576110edeaf224735f8baf4630,2025-03-19T07:15:34.313000