diff --git a/mapping.csv b/mapping.csv index 0932caf49a..908af9db4a 100644 --- a/mapping.csv +++ b/mapping.csv @@ -259900,3 +259900,300 @@ vulnerability,CVE-2024-28143,vulnerability--190f2e26-2c0e-4a1e-8db9-664f12186faa vulnerability,CVE-2024-28142,vulnerability--64089370-11c5-4ec6-b61e-272ca413b9f3 vulnerability,CVE-2024-28146,vulnerability--8a85147c-f8f9-49a3-b115-26cee86b1f10 vulnerability,CVE-2024-4109,vulnerability--2f1f5ead-6279-48c8-b9d1-b84e108ee426 +vulnerability,CVE-2024-24902,vulnerability--9b301da4-817a-4cc5-b396-c838e347eb46 +vulnerability,CVE-2024-48007,vulnerability--80f93738-651b-4440-8fe7-20add956b0b6 +vulnerability,CVE-2024-48008,vulnerability--8dddb7d9-ac14-4860-99f2-fd2d7a94dce0 +vulnerability,CVE-2024-52066,vulnerability--b32a3624-443a-47dd-83f9-ccd3f569bc5b +vulnerability,CVE-2024-52065,vulnerability--488a9265-debf-4cb1-ae0a-01503e93327b +vulnerability,CVE-2024-52064,vulnerability--4b0266fc-82fd-44a1-b578-a2e4a17b02e7 +vulnerability,CVE-2024-52060,vulnerability--5dd154a7-1a5c-4ca6-b2ef-5534544ecbd0 +vulnerability,CVE-2024-52063,vulnerability--e6f034aa-e066-43a7-9841-ca458e9587eb +vulnerability,CVE-2024-52058,vulnerability--7a6c265c-8cce-4c97-bbde-31cbe9eada96 +vulnerability,CVE-2024-52059,vulnerability--60504636-a9b9-4505-ab7a-f85f56ae3516 +vulnerability,CVE-2024-52061,vulnerability--9a1960c7-e798-4250-bd9c-823f7a5a79ba +vulnerability,CVE-2024-52062,vulnerability--51bc7714-d040-4954-abc8-38df363caaba +vulnerability,CVE-2024-52057,vulnerability--12b1a01f-5f09-4305-946b-dab9a1886c11 +vulnerability,CVE-2024-12465,vulnerability--12bfc65c-cfdc-4f5e-b17a-049cd515ddd0 +vulnerability,CVE-2024-12603,vulnerability--5b8c6b8c-e2a3-4ee6-bcb4-8dc514a9cec9 +vulnerability,CVE-2024-12414,vulnerability--98a22aa8-29af-45ce-acab-17bd88faec47 +vulnerability,CVE-2024-12421,vulnerability--3d72279a-5171-4815-bfae-08358c53526f +vulnerability,CVE-2024-12579,vulnerability--d56a954c-9f85-4ef4-87b6-e01256434910 +vulnerability,CVE-2024-12552,vulnerability--66e725a5-65b3-49e0-aec5-10fa13eaeca8 +vulnerability,CVE-2024-12572,vulnerability--27bee803-50c3-4c87-a152-295865cd31fb +vulnerability,CVE-2024-12574,vulnerability--f7c477b8-36ba-4293-b804-b700160eef1a +vulnerability,CVE-2024-12212,vulnerability--45e75bc5-a671-401e-aa22-1199984d14f2 +vulnerability,CVE-2024-12309,vulnerability--15bc40a8-28d1-4854-9133-49c3ff42f79b +vulnerability,CVE-2024-12632,vulnerability--c9c6570b-a628-4bfc-bb73-2f6b49d58d80 +vulnerability,CVE-2024-12300,vulnerability--267f34a5-8adb-43c9-af8a-68d6c38af3ac +vulnerability,CVE-2024-12581,vulnerability--ebea6e2f-c0c3-402e-b872-acd76b8cfa85 +vulnerability,CVE-2024-12042,vulnerability--7f6a1bb0-0687-4476-9fb7-50a10da9ae2c +vulnerability,CVE-2024-12553,vulnerability--a6979f45-51d7-4bb3-a257-7f22aa36ae66 +vulnerability,CVE-2024-12420,vulnerability--52ba0f4b-45f0-4c74-ba21-4ca576ec9719 +vulnerability,CVE-2024-12417,vulnerability--40594af8-f4d2-42c8-af00-8e7a506614d6 +vulnerability,CVE-2024-10678,vulnerability--5040b586-29c9-4aa8-9c52-ade1bd74133c +vulnerability,CVE-2024-10939,vulnerability--33af2d06-6372-47a2-bb0e-4633c4cdcc1c +vulnerability,CVE-2024-10783,vulnerability--82f469df-020d-43f5-aa7b-b0e538386fc1 +vulnerability,CVE-2024-9508,vulnerability--74bfda80-7020-405e-9098-3494ffcecb5c +vulnerability,CVE-2024-9290,vulnerability--8dd93ff0-682e-4784-b94a-35ba0b60297e +vulnerability,CVE-2024-9945,vulnerability--e65e6e97-b0ca-4440-95d6-4331d079e863 +vulnerability,CVE-2024-9608,vulnerability--535b8bdf-9a96-453c-a584-27e0277014e1 +vulnerability,CVE-2024-47892,vulnerability--e6f166ca-9d54-4044-a465-3fca2f69b9d5 +vulnerability,CVE-2024-47984,vulnerability--331a0d15-b1df-49d3-9837-502cd4c670eb +vulnerability,CVE-2024-11754,vulnerability--e5afca83-ee00-4538-bd13-6e0e65fc92d5 +vulnerability,CVE-2024-11910,vulnerability--9855d910-01e8-4ed5-9433-16f307f285fa +vulnerability,CVE-2024-11834,vulnerability--fd2ab162-0b7a-4b0e-b2a2-7ceb61aea1cb +vulnerability,CVE-2024-11012,vulnerability--1371bc8a-c480-43d5-b78a-bf168aff3b11 +vulnerability,CVE-2024-11827,vulnerability--509624bb-35a1-4f08-94af-a254378105a5 +vulnerability,CVE-2024-11835,vulnerability--b6afd4da-958a-424f-ae1d-90491ea9d09d +vulnerability,CVE-2024-11836,vulnerability--e57e57fa-fbad-40af-82aa-a38653d7c24c +vulnerability,CVE-2024-11839,vulnerability--3b79d00a-84f5-477a-9be1-485c9415890b +vulnerability,CVE-2024-11275,vulnerability--96a4629a-004c-4940-85fe-f0e6b88786a1 +vulnerability,CVE-2024-11833,vulnerability--751b3485-bd22-4c5f-9837-c3de98dd2f00 +vulnerability,CVE-2024-11767,vulnerability--9448e785-29d1-43fe-b639-258b64fef446 +vulnerability,CVE-2024-11837,vulnerability--9fd71f2b-4fce-4703-a670-c1e72f7a403e +vulnerability,CVE-2024-11809,vulnerability--e59b92bb-a602-46a5-b853-424bd22a68a6 +vulnerability,CVE-2024-11911,vulnerability--4d2519e5-6fd2-49f4-8bc4-730ab477e09a +vulnerability,CVE-2024-11832,vulnerability--756eaa2a-7ccd-43af-8467-3afb45663231 +vulnerability,CVE-2024-11838,vulnerability--826e85f9-603d-4804-93cd-d92b80f60d6d +vulnerability,CVE-2024-11986,vulnerability--3b6fb9ed-f249-4199-a3cc-3adc48cbb8d2 +vulnerability,CVE-2024-38488,vulnerability--004346da-618b-4b97-ab4c-c59d304be961 +vulnerability,CVE-2024-22461,vulnerability--ab829497-8833-4ccc-ab24-9b337007876f +vulnerability,CVE-2024-21576,vulnerability--70ae386e-668f-410e-9d10-f79e823d9c8f +vulnerability,CVE-2024-21577,vulnerability--4e030ee9-655a-4a0f-a1d9-2a6a18580541 +vulnerability,CVE-2024-21544,vulnerability--e00be81e-9190-4f93-9f28-62ba108da00b +vulnerability,CVE-2024-21543,vulnerability--36cc7c90-5dbe-40c9-900f-cec1eb894f9c +vulnerability,CVE-2024-54290,vulnerability--d658167f-c097-44f2-881e-b3ba97e254e3 +vulnerability,CVE-2024-54259,vulnerability--3cf8f885-aabe-4a9f-8bdb-b77918c05dee +vulnerability,CVE-2024-54258,vulnerability--ff9f002d-f181-4e1d-b902-c001ef7337e6 +vulnerability,CVE-2024-54333,vulnerability--56408db4-f0d4-4660-9cdb-d132af90fe69 +vulnerability,CVE-2024-54301,vulnerability--0671266f-39a9-4942-9a74-527f2b975d01 +vulnerability,CVE-2024-54287,vulnerability--e72b2317-ef05-40b7-b14d-9b0994816f4a +vulnerability,CVE-2024-54347,vulnerability--f2ba6a6f-21e4-4ab9-af55-39d5acde4ce7 +vulnerability,CVE-2024-54302,vulnerability--f8b675a0-2cd1-47c5-9661-a653198bb170 +vulnerability,CVE-2024-54277,vulnerability--a09d10f0-44ae-43ef-8830-63a59402eef7 +vulnerability,CVE-2024-54322,vulnerability--eca70219-ec11-49fc-853d-9defc8f3a859 +vulnerability,CVE-2024-54337,vulnerability--99c8581c-3e25-4ce4-ba21-73912bf6cd24 +vulnerability,CVE-2024-54297,vulnerability--680cef18-6673-48e3-ad63-17167fb14fff +vulnerability,CVE-2024-54303,vulnerability--5e80c8a1-5c70-415a-897d-6694ab5225ae +vulnerability,CVE-2024-54240,vulnerability--ca06e66c-8a6f-483a-9ece-450edbe757a0 +vulnerability,CVE-2024-54312,vulnerability--2db3217b-12b4-4d89-801a-699a61d409ca +vulnerability,CVE-2024-54242,vulnerability--a5e48b2c-2275-49ac-a255-860fe902e059 +vulnerability,CVE-2024-54349,vulnerability--33f23891-a913-4831-b436-e44ad6d759c6 +vulnerability,CVE-2024-54318,vulnerability--0f92f3ae-cb08-458c-ae86-cb78567d3788 +vulnerability,CVE-2024-54273,vulnerability--55edb2b9-d0a4-4bc3-bde1-0bf4d6a66ed0 +vulnerability,CVE-2024-54330,vulnerability--965d0ed0-8350-4321-8b7b-e11605533773 +vulnerability,CVE-2024-54245,vulnerability--e9dde6df-bc28-4d6a-9eb4-0b9edab80247 +vulnerability,CVE-2024-54327,vulnerability--05e23c1e-7acd-44fd-bb49-4b1275f636e9 +vulnerability,CVE-2024-54248,vulnerability--32a53e04-d393-423a-9313-3a02cd0bf233 +vulnerability,CVE-2024-54139,vulnerability--de3d36ba-a314-405c-b539-44b013c2ff58 +vulnerability,CVE-2024-54299,vulnerability--2fe97735-6fb4-4a6c-b720-f5e18c3040be +vulnerability,CVE-2024-54308,vulnerability--771b9390-5266-489f-add7-3ce36a4b969d +vulnerability,CVE-2024-54278,vulnerability--eec2e103-e58f-405a-b1fd-1da06248769a +vulnerability,CVE-2024-54342,vulnerability--58b98232-aa15-436f-8836-3567b9fc4448 +vulnerability,CVE-2024-54264,vulnerability--7a8c7ecd-7ef0-40b0-b830-a484cdf7ce08 +vulnerability,CVE-2024-54274,vulnerability--8392cc24-9596-4407-aa10-20a211cc8765 +vulnerability,CVE-2024-54288,vulnerability--3a4bd85e-ca7a-4f3e-ad22-688d4e96537a +vulnerability,CVE-2024-54316,vulnerability--04d918fd-8c3f-4f2e-ba94-a4a8430fd66b +vulnerability,CVE-2024-54262,vulnerability--a46eed0b-19ca-4dc5-907c-21ee9be7f7ec +vulnerability,CVE-2024-54293,vulnerability--13143900-ec5f-42db-b966-f30c9adb1594 +vulnerability,CVE-2024-54292,vulnerability--fa891aff-aa47-4fda-a061-acb2ace23390 +vulnerability,CVE-2024-54344,vulnerability--09691f6a-7c2e-451d-8bd0-38fb1c5d6f13 +vulnerability,CVE-2024-54329,vulnerability--7404ae20-d691-4841-8899-3da0d2a34e3a +vulnerability,CVE-2024-54311,vulnerability--5338bbbc-602e-4af7-b9a7-bd19be4bc963 +vulnerability,CVE-2024-54315,vulnerability--d2e45cbf-0990-486d-9838-f2932464bd57 +vulnerability,CVE-2024-54282,vulnerability--8eb5b338-893a-4baa-b6cc-7958e2049981 +vulnerability,CVE-2024-54343,vulnerability--d611bcba-316f-4022-8d10-37bfe0aae642 +vulnerability,CVE-2024-54336,vulnerability--2a2c7445-6fcc-4202-923c-aebd2cdc5342 +vulnerability,CVE-2024-54243,vulnerability--d2e16eb2-c58b-42d1-b3cc-cda94deeb1a7 +vulnerability,CVE-2024-54320,vulnerability--edeeb3e0-5ecc-42f0-aa07-3733c78ea880 +vulnerability,CVE-2024-54275,vulnerability--2e80a203-9b65-4750-998e-5a1f285796de +vulnerability,CVE-2024-54237,vulnerability--2d368237-70be-449f-8fce-861966673b55 +vulnerability,CVE-2024-54305,vulnerability--011d0088-9de7-4612-9002-9336a4d34678 +vulnerability,CVE-2024-54239,vulnerability--7d340fb4-1028-4535-8171-6e13c7ccf58f +vulnerability,CVE-2024-54234,vulnerability--7531a272-b69a-4d23-94f8-abc961dae1c1 +vulnerability,CVE-2024-54267,vulnerability--1bb6e5b9-f702-445a-849d-bee0009c5fbf +vulnerability,CVE-2024-54266,vulnerability--c0946830-dbd5-40a8-9e99-130a26abdbc3 +vulnerability,CVE-2024-54340,vulnerability--bdb115c7-c429-4ced-a84b-f79f2d9381fa +vulnerability,CVE-2024-54295,vulnerability--429b734f-862b-4fb1-bda2-23138ea7e7ae +vulnerability,CVE-2024-54265,vulnerability--a41f5105-1e32-478b-9b6c-3da353e251f3 +vulnerability,CVE-2024-54338,vulnerability--dc4aca09-9301-41ce-9a35-3886e1944d9e +vulnerability,CVE-2024-54271,vulnerability--81e4ebb4-f8a0-4004-9d4d-4e804ea91b90 +vulnerability,CVE-2024-54346,vulnerability--c821226c-388d-46c5-9dba-e710fdba38bb +vulnerability,CVE-2024-54306,vulnerability--0bf14cc6-c53a-4de7-a92e-688c4d491743 +vulnerability,CVE-2024-54313,vulnerability--37c875a5-ced3-41a6-a159-2fd4e11bc95f +vulnerability,CVE-2024-54296,vulnerability--c9afad26-5a53-4538-b88b-837359bfe727 +vulnerability,CVE-2024-54339,vulnerability--43e71836-e775-46b3-bef6-44874c82a18a +vulnerability,CVE-2024-54238,vulnerability--4292ad29-23dd-4560-ad14-a6518525e2f5 +vulnerability,CVE-2024-54328,vulnerability--cf6b2282-df5c-4667-86ca-c342be12db13 +vulnerability,CVE-2024-54323,vulnerability--c0a62ea4-f38c-436c-824d-9a863abd5c82 +vulnerability,CVE-2024-54268,vulnerability--ffcdbdcd-8cc5-44f7-a9ac-b52a17daba3e +vulnerability,CVE-2024-54325,vulnerability--5a3c968d-7af7-429c-a988-55f159f0c8d6 +vulnerability,CVE-2024-54256,vulnerability--667a8cb8-70ea-437a-8991-3761ca7a2189 +vulnerability,CVE-2024-54298,vulnerability--e9d07a1c-0ee8-4bdf-9557-58f1f4a40104 +vulnerability,CVE-2024-54236,vulnerability--8ae4470d-7f1f-4ef2-a366-e4a59d33b2ce +vulnerability,CVE-2024-54317,vulnerability--b3aeb1f7-f671-4daa-8b3e-bbdeb8c226c7 +vulnerability,CVE-2024-54294,vulnerability--4f824920-3d3e-44a8-abf4-0d614dff7377 +vulnerability,CVE-2024-54252,vulnerability--3feb9012-9c9c-45e7-a2d1-60bc6b404dd6 +vulnerability,CVE-2024-54326,vulnerability--da200936-5c14-4e71-aba7-9afca7a98c86 +vulnerability,CVE-2024-54309,vulnerability--de5dda4f-5f31-4a63-93d2-a61969a2c00e +vulnerability,CVE-2024-54351,vulnerability--a38962a8-f43d-4f6b-a60e-a9790514a520 +vulnerability,CVE-2024-54276,vulnerability--8d5ab716-65f2-42b6-b1ca-496d03ab9836 +vulnerability,CVE-2024-54233,vulnerability--c6c3a985-d6d3-438e-bdd7-9e2eb0c41053 +vulnerability,CVE-2024-54261,vulnerability--6205a7ff-daf9-45c5-8b36-aaf1ae4f0acf +vulnerability,CVE-2024-54314,vulnerability--99aa1a4e-2476-42cb-957a-e709275bf1d8 +vulnerability,CVE-2024-54250,vulnerability--a3c970fc-4b79-40b4-ac9d-a889c9341560 +vulnerability,CVE-2024-54319,vulnerability--683db0f9-d7be-46d8-bba8-06e408afd471 +vulnerability,CVE-2024-54300,vulnerability--2fb4f600-7b11-4a60-86c5-64a966e15906 +vulnerability,CVE-2024-54286,vulnerability--a85266db-ada5-4eda-9335-3bbc295edee3 +vulnerability,CVE-2024-54272,vulnerability--f1bacde5-f5e9-4cbd-8cba-6faa457f6089 +vulnerability,CVE-2024-54335,vulnerability--de6faed2-5c26-4d9a-a428-5b51b4868c3a +vulnerability,CVE-2024-54289,vulnerability--fa252143-c2ed-46a3-870a-7dfa6b6b4482 +vulnerability,CVE-2024-54244,vulnerability--6d8115fc-e6c8-465f-9d67-97b7f6cb498f +vulnerability,CVE-2024-54231,vulnerability--c66136ff-467a-40e2-b5f3-63b68aa66a35 +vulnerability,CVE-2024-54310,vulnerability--4e33b593-d439-4bbc-8f9c-64e0f4d6d653 +vulnerability,CVE-2024-54304,vulnerability--f70c4dfb-ccc2-46f7-923d-83baa42a2dda +vulnerability,CVE-2024-54241,vulnerability--67b2fc6e-ed6b-417c-ba37-9fb6ac3626a4 +vulnerability,CVE-2024-54345,vulnerability--1e360b55-c8fe-4664-a775-55d6d030c16b +vulnerability,CVE-2024-54321,vulnerability--f29eb129-8cfa-4dcf-aad6-1465a8b1fbd1 +vulnerability,CVE-2024-54324,vulnerability--51349375-5890-4549-a1f5-0acf1e69f8cf +vulnerability,CVE-2024-54341,vulnerability--9411407f-5a52-4c8d-9a23-fd6abd32a7dd +vulnerability,CVE-2024-54235,vulnerability--8e840f40-20bb-44a6-a454-7a07e397374b +vulnerability,CVE-2024-54307,vulnerability--f138101a-1a82-44e6-a693-ea6d482a5810 +vulnerability,CVE-2024-54334,vulnerability--fa8b328e-fb80-4616-8e86-1e63cc16c097 +vulnerability,CVE-2024-54246,vulnerability--2050c071-5e55-445e-b3ed-0ee2d7fb3cca +vulnerability,CVE-2024-55661,vulnerability--711977d8-da70-4367-9aa3-a3214d2d8f67 +vulnerability,CVE-2024-55918,vulnerability--7a5314be-b158-4091-bb55-095408b9f4b9 +vulnerability,CVE-2024-55889,vulnerability--b0f3475a-98b5-43ae-bb66-f1b67b276be9 +vulnerability,CVE-2024-55956,vulnerability--fffa7643-03cc-4d20-976d-663f073ea856 +vulnerability,CVE-2024-55890,vulnerability--4b52722c-2d76-4cde-9a50-194e2db9c046 +vulnerability,CVE-2024-55946,vulnerability--96e2d891-d7e1-40b2-a4c8-f2c4dd914556 +vulnerability,CVE-2024-55887,vulnerability--2773fa04-e35d-4f1a-918c-2c0680e7f7e1 +vulnerability,CVE-2024-46971,vulnerability--1009f08b-0b5c-4775-bb8b-c39eb616b2af +vulnerability,CVE-2024-28980,vulnerability--fe9220f8-83ef-4382-9f3d-3fc5bb9ce090 +vulnerability,CVE-2021-32007,vulnerability--d4c4903a-80f2-4b47-9c1c-137109deee64 +vulnerability,CVE-2022-45840,vulnerability--adc7840f-b905-4993-a876-11649d8afdd8 +vulnerability,CVE-2022-45826,vulnerability--5471e392-bf89-4a4d-a32e-17961bdb29d3 +vulnerability,CVE-2022-45806,vulnerability--15c8a832-a086-4c5f-bd9a-1bc83dd066ff +vulnerability,CVE-2022-45819,vulnerability--add1c636-9d44-4486-99e9-c9b6ff90e814 +vulnerability,CVE-2022-45841,vulnerability--327e68a6-2837-4e95-82e4-4619d5d57f98 +vulnerability,CVE-2022-47168,vulnerability--3313826a-7861-4597-a786-ffd394612625 +vulnerability,CVE-2022-47176,vulnerability--6f43c085-6214-4593-af90-7b34e612ff7f +vulnerability,CVE-2022-47182,vulnerability--949adf4e-8166-4815-b938-48775f8754be +vulnerability,CVE-2022-47594,vulnerability--4db48466-6218-4524-b211-c797fbfc61c1 +vulnerability,CVE-2022-47429,vulnerability--c322ecfb-e649-4839-9070-35fce573c61c +vulnerability,CVE-2022-44578,vulnerability--7999195e-b2ba-4d7a-a40b-b01295073638 +vulnerability,CVE-2022-46840,vulnerability--32d077fd-5dab-414a-8060-3663fd062079 +vulnerability,CVE-2022-46796,vulnerability--db6c568f-968e-454b-9d98-3e00ac8c36be +vulnerability,CVE-2022-46846,vulnerability--60a9cadf-a8bf-4429-ad70-124063e36eca +vulnerability,CVE-2022-46795,vulnerability--e3b0cf19-d0e4-46dd-87ad-6ae3a620a39f +vulnerability,CVE-2022-46811,vulnerability--ffcff508-0fca-4b0b-bd2e-e1987de1f5b2 +vulnerability,CVE-2022-46838,vulnerability--ce055ac0-fdb6-442a-a31f-cef75dae5966 +vulnerability,CVE-2022-46807,vulnerability--0106fd0f-0bab-46bb-8f36-7b62280f1573 +vulnerability,CVE-2022-43472,vulnerability--f7685166-c5ac-4ee6-87e9-9f2560bfe97b +vulnerability,CVE-2019-25221,vulnerability--58a79b45-a8a8-4de7-9cd2-d02d79bf303c +vulnerability,CVE-2023-30490,vulnerability--b53234fa-6c29-4c82-a92d-cd37078b0da9 +vulnerability,CVE-2023-39996,vulnerability--bfa7bd2c-0aa1-47c7-92da-4c9935f86eaf +vulnerability,CVE-2023-39995,vulnerability--eae738c2-35b1-40df-a742-ff25a7b9dd83 +vulnerability,CVE-2023-39305,vulnerability--d4c0bbaf-9e24-499f-8321-1c104a65c8ad +vulnerability,CVE-2023-39997,vulnerability--4dddbc27-122e-411c-8203-290fce8188bc +vulnerability,CVE-2023-39920,vulnerability--27a62ba7-bcf9-4e71-88df-e110d12bf635 +vulnerability,CVE-2023-25988,vulnerability--ce5b1a47-c0e9-4448-abe5-49583f14fedd +vulnerability,CVE-2023-34019,vulnerability--a8b38d04-a7db-4fcb-bd77-cf2dc29f4d02 +vulnerability,CVE-2023-34014,vulnerability--a44fdae6-629b-4168-b254-867bcfab15fa +vulnerability,CVE-2023-34009,vulnerability--ea4061e6-7dae-4dd4-904d-b06d600ee161 +vulnerability,CVE-2023-34387,vulnerability--4d8e9d5a-2eaa-40d0-b7e8-857ee9226d16 +vulnerability,CVE-2023-34376,vulnerability--90ae3736-490f-49be-a73b-157df92a4b85 +vulnerability,CVE-2023-34381,vulnerability--0f1fe128-62fc-4d08-9ab7-3ecb6d392031 +vulnerability,CVE-2023-44149,vulnerability--288d7f24-2c5e-45ed-b3b2-a8f5a8d470b4 +vulnerability,CVE-2023-44147,vulnerability--f8c1b585-9cb4-476d-9419-31311271d8eb +vulnerability,CVE-2023-44142,vulnerability--8a978542-c282-4ca2-836e-c09ffc4c12a2 +vulnerability,CVE-2023-33998,vulnerability--f11c8897-988f-44e9-9400-3451e3aef91b +vulnerability,CVE-2023-33215,vulnerability--3d7d5397-1d53-4533-bcca-daf84ac59ba2 +vulnerability,CVE-2023-33324,vulnerability--ed48ff0f-1bec-4653-805d-00579fa4a822 +vulnerability,CVE-2023-33928,vulnerability--c857de98-0a27-4336-a943-4806ba32ba5c +vulnerability,CVE-2023-33995,vulnerability--62b2158e-c834-44ec-b59e-82348145d741 +vulnerability,CVE-2023-33994,vulnerability--e8426cc0-3f47-47bb-9572-be4a48a16322 +vulnerability,CVE-2023-33996,vulnerability--a357d1f7-2c9c-439a-986d-b440a82a71a8 +vulnerability,CVE-2023-38385,vulnerability--fba06518-6390-4a14-a3b2-f8caff4c9c7e +vulnerability,CVE-2023-38475,vulnerability--115f8c12-8a75-4438-8e62-cfce2b6adf55 +vulnerability,CVE-2023-38483,vulnerability--53f489d3-ff08-4a90-8922-e5912412134c +vulnerability,CVE-2023-38477,vulnerability--35390d8d-acdb-43b9-928a-5bffeb71295d +vulnerability,CVE-2023-38479,vulnerability--ab3a1dde-cc7e-4f62-aea5-a38a058282d7 +vulnerability,CVE-2023-38514,vulnerability--0f5c52de-40ab-4709-a8fc-0dab9efefe4b +vulnerability,CVE-2023-38480,vulnerability--10892fca-f8f8-44f4-8f0f-8f2a8e9dd510 +vulnerability,CVE-2023-38383,vulnerability--5a2d62c4-5143-45df-989c-1c1a2682c095 +vulnerability,CVE-2023-22697,vulnerability--a069716c-4bfb-481b-9e25-0ade5e496bd8 +vulnerability,CVE-2023-40003,vulnerability--d4edfb17-25f7-4ef5-8992-f55c13aec92a +vulnerability,CVE-2023-40203,vulnerability--3d207cb8-a74d-430c-b6b1-01696dfac3a6 +vulnerability,CVE-2023-40213,vulnerability--d284c22c-8578-4e19-b906-6b956fc8b828 +vulnerability,CVE-2023-40331,vulnerability--020786c3-6b0c-4db2-a9da-630d62a2a2ff +vulnerability,CVE-2023-40011,vulnerability--409833f7-f8fd-43a9-9ca1-2dd0b7346841 +vulnerability,CVE-2023-40678,vulnerability--4d020117-e5c4-4d68-bacd-91b60f3aa697 +vulnerability,CVE-2023-40001,vulnerability--48717d67-dcb7-4a15-b685-d8f73ebdc1aa +vulnerability,CVE-2023-40334,vulnerability--c4ecf8fe-b11e-4be6-95a2-15d899b004cc +vulnerability,CVE-2023-40670,vulnerability--d5d77bcc-be5e-4667-807a-95312baa05ca +vulnerability,CVE-2023-40005,vulnerability--d4eb9e89-52aa-4c8e-9b13-cc62ecd6c416 +vulnerability,CVE-2023-41671,vulnerability--a0b8f016-3de4-454e-abe7-003cbe286b43 +vulnerability,CVE-2023-41866,vulnerability--0c332e3a-7e97-406d-b69c-63d97df7ccaa +vulnerability,CVE-2023-41132,vulnerability--0da3f8e9-2b57-4cba-9782-1ab1822e8a0e +vulnerability,CVE-2023-41130,vulnerability--bfc0d5e9-b687-4f20-9982-1288e215569d +vulnerability,CVE-2023-41951,vulnerability--4593b29b-3ff4-422e-bd6e-1e246bf37e9b +vulnerability,CVE-2023-41848,vulnerability--01000609-46f4-4f7a-bee4-a285dcf7de21 +vulnerability,CVE-2023-41857,vulnerability--50fcfb91-5c26-45f6-8a9f-4422b343d0ff +vulnerability,CVE-2023-41688,vulnerability--1687f1a0-aea9-4517-8fe5-ee769d018acc +vulnerability,CVE-2023-41873,vulnerability--44979c76-3094-4992-aa36-e92618ba84f4 +vulnerability,CVE-2023-41870,vulnerability--01358ba2-3150-46cb-9245-e4c47ce5bff8 +vulnerability,CVE-2023-41803,vulnerability--6382c059-d0fc-4198-8947-138702e31d57 +vulnerability,CVE-2023-41683,vulnerability--6cf96337-cbe8-429c-8d05-684f1fe76cef +vulnerability,CVE-2023-41952,vulnerability--7dc0180c-0828-4fd1-9b29-b28af1cfbd4c +vulnerability,CVE-2023-41695,vulnerability--48c43681-e560-4033-b53d-b1a7fc2897a3 +vulnerability,CVE-2023-41865,vulnerability--1f26437d-de4c-499b-ac12-72649e464c76 +vulnerability,CVE-2023-41689,vulnerability--84219e24-15db-4ded-afe7-7ba2bd41689f +vulnerability,CVE-2023-41690,vulnerability--4685537a-31f7-43c0-a6ae-3d07c07748a0 +vulnerability,CVE-2023-41849,vulnerability--0631af6f-f793-4eb0-a2c2-88dace45893b +vulnerability,CVE-2023-41869,vulnerability--6e9e76ea-99d5-479c-9160-f305694714b4 +vulnerability,CVE-2023-41862,vulnerability--cfcde3eb-dd96-4b25-81e2-088c9e0ed7b4 +vulnerability,CVE-2023-41686,vulnerability--260f608e-234a-49db-a8c4-c9fa73329cf2 +vulnerability,CVE-2023-41875,vulnerability--24120153-ecb5-4e4a-ad30-39650243f3b4 +vulnerability,CVE-2023-41649,vulnerability--757ad48b-1ec2-47cd-a36c-f089b351301b +vulnerability,CVE-2023-41802,vulnerability--11644c21-5e63-4405-a5d6-ec03171492fc +vulnerability,CVE-2023-41664,vulnerability--380000ec-2cdb-456e-bd61-5e5ce624d3a2 +vulnerability,CVE-2023-41133,vulnerability--581aabe7-636a-4b33-8fd3-2d33073c9684 +vulnerability,CVE-2023-37971,vulnerability--933049eb-180b-488c-abfe-7363bb881c1e +vulnerability,CVE-2023-37969,vulnerability--a9caa988-ef52-43dc-9074-7ccd4cf1daed +vulnerability,CVE-2023-37967,vulnerability--529d9015-3327-48ba-a8eb-c15b5fad76ed +vulnerability,CVE-2023-37989,vulnerability--39230d8e-91ec-4d52-9ec1-8c37ee0064a1 +vulnerability,CVE-2023-37984,vulnerability--6ffa8dc1-ac0b-4e17-997c-97d7985fa973 +vulnerability,CVE-2023-37987,vulnerability--1a6f5532-88bd-4ade-b631-aa5509d098de +vulnerability,CVE-2023-37887,vulnerability--387987ff-8b81-4493-a750-cb6f46f0819c +vulnerability,CVE-2023-35875,vulnerability--677742c6-69c4-4171-9ae9-e33b3890a053 +vulnerability,CVE-2023-35777,vulnerability--212137b7-5d78-4b02-aeb7-6c1565323220 +vulnerability,CVE-2023-35037,vulnerability--4e1f0f1a-b0df-4012-b14f-81767e6a7483 +vulnerability,CVE-2023-35046,vulnerability--45885b3c-0420-4e4f-9bdb-4eabf94817ae +vulnerability,CVE-2023-35051,vulnerability--4fc6f38c-bb21-47e8-8754-2e4c3fb7ad96 +vulnerability,CVE-2023-35052,vulnerability--e86d6b23-4540-4a33-939e-d5e2258d2385 +vulnerability,CVE-2023-36510,vulnerability--6a762bcb-afb0-48f6-8a26-ba21b92a202e +vulnerability,CVE-2023-36526,vulnerability--c19c77de-5ea2-44ce-91b3-b759d2038ce6 +vulnerability,CVE-2023-36509,vulnerability--ae971184-0ef6-40ea-9e93-51d75995ec28 +vulnerability,CVE-2023-36528,vulnerability--c5dc4fba-7c89-4e57-a49b-4948c4cf84ad +vulnerability,CVE-2023-36518,vulnerability--35928707-5808-4e22-ac60-0c651f191425 +vulnerability,CVE-2023-36531,vulnerability--efeeb769-51c5-4c70-99c2-e34ff9f95719 +vulnerability,CVE-2023-36519,vulnerability--ce815252-a46b-4b07-a2a2-aa737cf3fa0f +vulnerability,CVE-2023-36680,vulnerability--bcdc0540-cb0a-4816-b32a-45312ec02273 +vulnerability,CVE-2023-36681,vulnerability--b2af2e1c-5a97-4c3e-8c93-9999f3e8377f +vulnerability,CVE-2023-36506,vulnerability--4bd168ae-1d60-4259-8099-60d4aa7a8cbd +vulnerability,CVE-2023-32506,vulnerability--6c4f683c-6388-452d-8d83-6ae652a92aa3 +vulnerability,CVE-2023-32963,vulnerability--31df13c6-6a53-4974-a770-47c172c110f7 +vulnerability,CVE-2023-32599,vulnerability--83ef32a4-da2d-421f-88f7-203fbabbfe6b +vulnerability,CVE-2023-32585,vulnerability--3264e14e-55d3-4b5a-baf0-9c77f816e8cc +vulnerability,CVE-2023-32574,vulnerability--84af5bed-dca0-4983-87f9-4627bffe82d0 +vulnerability,CVE-2023-32601,vulnerability--8298f369-5922-424b-a8f3-d70a6053b1b5 +vulnerability,CVE-2023-32586,vulnerability--da390ce8-906b-4e37-9837-69539bcee7f4 +vulnerability,CVE-2023-32581,vulnerability--a3a1c95e-c356-47d7-aa54-be2fd6ae2aac +vulnerability,CVE-2023-32507,vulnerability--de2b6648-5cf5-493c-81c9-1194a43508cb +vulnerability,CVE-2023-32798,vulnerability--00d23f7b-efe4-42d6-b74d-e685fd96c69e +vulnerability,CVE-2023-32593,vulnerability--2189bb90-7b7e-409d-aac4-e569fc3c3439 +vulnerability,CVE-2023-32520,vulnerability--ab205cf1-a9d4-4f9d-9453-113ad5edc68f +vulnerability,CVE-2023-32519,vulnerability--ed61fa28-d3d9-4eb4-946e-3dce65473807 +vulnerability,CVE-2023-28990,vulnerability--cec42c87-cd28-48a6-bfc8-0497c8f7a906 +vulnerability,CVE-2023-27456,vulnerability--96943713-0eef-4102-a136-df88a437fab4 diff --git a/objects/vulnerability/vulnerability--004346da-618b-4b97-ab4c-c59d304be961.json b/objects/vulnerability/vulnerability--004346da-618b-4b97-ab4c-c59d304be961.json new file mode 100644 index 0000000000..83ed0ee3fc --- /dev/null +++ b/objects/vulnerability/vulnerability--004346da-618b-4b97-ab4c-c59d304be961.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abc2b0d8-73d9-46a1-be2d-21dc5b853085", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--004346da-618b-4b97-ab4c-c59d304be961", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.458801Z", + "modified": "2024-12-14T00:22:03.458801Z", + "name": "CVE-2024-38488", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise.\nThis allows attackers to brute-force the password of valid users in an automated manner.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--00d23f7b-efe4-42d6-b74d-e685fd96c69e.json b/objects/vulnerability/vulnerability--00d23f7b-efe4-42d6-b74d-e685fd96c69e.json new file mode 100644 index 0000000000..5b5b47cd63 --- /dev/null +++ b/objects/vulnerability/vulnerability--00d23f7b-efe4-42d6-b74d-e685fd96c69e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16f9817d-fc2b-49b5-8536-e0058d641b39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00d23f7b-efe4-42d6-b74d-e685fd96c69e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.327641Z", + "modified": "2024-12-14T00:22:14.327641Z", + "name": "CVE-2023-32798", + "description": "Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32798" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01000609-46f4-4f7a-bee4-a285dcf7de21.json b/objects/vulnerability/vulnerability--01000609-46f4-4f7a-bee4-a285dcf7de21.json new file mode 100644 index 0000000000..baa94e778b --- /dev/null +++ b/objects/vulnerability/vulnerability--01000609-46f4-4f7a-bee4-a285dcf7de21.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e6b602c-fcaf-45f4-a7ed-03d1d3c39fab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01000609-46f4-4f7a-bee4-a285dcf7de21", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.614947Z", + "modified": "2024-12-14T00:22:13.614947Z", + "name": "CVE-2023-41848", + "description": "Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0106fd0f-0bab-46bb-8f36-7b62280f1573.json b/objects/vulnerability/vulnerability--0106fd0f-0bab-46bb-8f36-7b62280f1573.json new file mode 100644 index 0000000000..a064da9d6a --- /dev/null +++ b/objects/vulnerability/vulnerability--0106fd0f-0bab-46bb-8f36-7b62280f1573.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e03a6818-2d87-4afd-9476-fbfb8295ed55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0106fd0f-0bab-46bb-8f36-7b62280f1573", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:10.002867Z", + "modified": "2024-12-14T00:22:10.002867Z", + "name": "CVE-2022-46807", + "description": "Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-46807" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--011d0088-9de7-4612-9002-9336a4d34678.json b/objects/vulnerability/vulnerability--011d0088-9de7-4612-9002-9336a4d34678.json new file mode 100644 index 0000000000..9d98d5ec4d --- /dev/null +++ b/objects/vulnerability/vulnerability--011d0088-9de7-4612-9002-9336a4d34678.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c48cae5-b488-4b95-95fd-c63563e1fd2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--011d0088-9de7-4612-9002-9336a4d34678", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.080847Z", + "modified": "2024-12-14T00:22:04.080847Z", + "name": "CVE-2024-54305", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woocs J&T Express Malaysia allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through 2.0.13.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54305" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01358ba2-3150-46cb-9245-e4c47ce5bff8.json b/objects/vulnerability/vulnerability--01358ba2-3150-46cb-9245-e4c47ce5bff8.json new file mode 100644 index 0000000000..81584fc6b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--01358ba2-3150-46cb-9245-e4c47ce5bff8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b866155f-798b-4b62-a126-1c3941bf7d2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01358ba2-3150-46cb-9245-e4c47ce5bff8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.631726Z", + "modified": "2024-12-14T00:22:13.631726Z", + "name": "CVE-2023-41870", + "description": "Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41870" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--020786c3-6b0c-4db2-a9da-630d62a2a2ff.json b/objects/vulnerability/vulnerability--020786c3-6b0c-4db2-a9da-630d62a2a2ff.json new file mode 100644 index 0000000000..ea3b2bf292 --- /dev/null +++ b/objects/vulnerability/vulnerability--020786c3-6b0c-4db2-a9da-630d62a2a2ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--204e67d3-5d7c-4cef-b204-ed035bc60925", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--020786c3-6b0c-4db2-a9da-630d62a2a2ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.501723Z", + "modified": "2024-12-14T00:22:13.501723Z", + "name": "CVE-2023-40331", + "description": "Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04d918fd-8c3f-4f2e-ba94-a4a8430fd66b.json b/objects/vulnerability/vulnerability--04d918fd-8c3f-4f2e-ba94-a4a8430fd66b.json new file mode 100644 index 0000000000..2f4c373b51 --- /dev/null +++ b/objects/vulnerability/vulnerability--04d918fd-8c3f-4f2e-ba94-a4a8430fd66b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d1fb9b9-e784-442a-8fe4-79a699e7bdcd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04d918fd-8c3f-4f2e-ba94-a4a8430fd66b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.055519Z", + "modified": "2024-12-14T00:22:04.055519Z", + "name": "CVE-2024-54316", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05e23c1e-7acd-44fd-bb49-4b1275f636e9.json b/objects/vulnerability/vulnerability--05e23c1e-7acd-44fd-bb49-4b1275f636e9.json new file mode 100644 index 0000000000..8a685a4187 --- /dev/null +++ b/objects/vulnerability/vulnerability--05e23c1e-7acd-44fd-bb49-4b1275f636e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1feae675-4d32-43a9-a55c-2b963dab62d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05e23c1e-7acd-44fd-bb49-4b1275f636e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.970001Z", + "modified": "2024-12-14T00:22:03.970001Z", + "name": "CVE-2024-54327", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM allows Reflected XSS.This issue affects UNIVERSAM: from n/a through n/a.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0631af6f-f793-4eb0-a2c2-88dace45893b.json b/objects/vulnerability/vulnerability--0631af6f-f793-4eb0-a2c2-88dace45893b.json new file mode 100644 index 0000000000..079973081d --- /dev/null +++ b/objects/vulnerability/vulnerability--0631af6f-f793-4eb0-a2c2-88dace45893b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f74a0c35-465f-4f50-a082-0bfb2a3e42e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0631af6f-f793-4eb0-a2c2-88dace45893b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.653785Z", + "modified": "2024-12-14T00:22:13.653785Z", + "name": "CVE-2023-41849", + "description": "Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0671266f-39a9-4942-9a74-527f2b975d01.json b/objects/vulnerability/vulnerability--0671266f-39a9-4942-9a74-527f2b975d01.json new file mode 100644 index 0000000000..841c94eb93 --- /dev/null +++ b/objects/vulnerability/vulnerability--0671266f-39a9-4942-9a74-527f2b975d01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c394d742-9b28-4b26-804f-1083f1863620", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0671266f-39a9-4942-9a74-527f2b975d01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.944984Z", + "modified": "2024-12-14T00:22:03.944984Z", + "name": "CVE-2024-54301", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54301" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09691f6a-7c2e-451d-8bd0-38fb1c5d6f13.json b/objects/vulnerability/vulnerability--09691f6a-7c2e-451d-8bd0-38fb1c5d6f13.json new file mode 100644 index 0000000000..757d048f6d --- /dev/null +++ b/objects/vulnerability/vulnerability--09691f6a-7c2e-451d-8bd0-38fb1c5d6f13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbc4125c-1d87-4c32-9998-0922fd2d167c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09691f6a-7c2e-451d-8bd0-38fb1c5d6f13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.06766Z", + "modified": "2024-12-14T00:22:04.06766Z", + "name": "CVE-2024-54344", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through 1.3.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54344" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0bf14cc6-c53a-4de7-a92e-688c4d491743.json b/objects/vulnerability/vulnerability--0bf14cc6-c53a-4de7-a92e-688c4d491743.json new file mode 100644 index 0000000000..e45325cf98 --- /dev/null +++ b/objects/vulnerability/vulnerability--0bf14cc6-c53a-4de7-a92e-688c4d491743.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b07618e-a6de-4130-a2fd-fc29d370759a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0bf14cc6-c53a-4de7-a92e-688c4d491743", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.097883Z", + "modified": "2024-12-14T00:22:04.097883Z", + "name": "CVE-2024-54306", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c332e3a-7e97-406d-b69c-63d97df7ccaa.json b/objects/vulnerability/vulnerability--0c332e3a-7e97-406d-b69c-63d97df7ccaa.json new file mode 100644 index 0000000000..a105cfdeea --- /dev/null +++ b/objects/vulnerability/vulnerability--0c332e3a-7e97-406d-b69c-63d97df7ccaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--966327e2-a75d-496c-9ff9-8e37643f481f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c332e3a-7e97-406d-b69c-63d97df7ccaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.603594Z", + "modified": "2024-12-14T00:22:13.603594Z", + "name": "CVE-2023-41866", + "description": "Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41866" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0da3f8e9-2b57-4cba-9782-1ab1822e8a0e.json b/objects/vulnerability/vulnerability--0da3f8e9-2b57-4cba-9782-1ab1822e8a0e.json new file mode 100644 index 0000000000..dd37aef023 --- /dev/null +++ b/objects/vulnerability/vulnerability--0da3f8e9-2b57-4cba-9782-1ab1822e8a0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6310bc9a-05a6-4c71-97c2-da56ed02e32d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0da3f8e9-2b57-4cba-9782-1ab1822e8a0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.607184Z", + "modified": "2024-12-14T00:22:13.607184Z", + "name": "CVE-2023-41132", + "description": "Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f1fe128-62fc-4d08-9ab7-3ecb6d392031.json b/objects/vulnerability/vulnerability--0f1fe128-62fc-4d08-9ab7-3ecb6d392031.json new file mode 100644 index 0000000000..1997e8631e --- /dev/null +++ b/objects/vulnerability/vulnerability--0f1fe128-62fc-4d08-9ab7-3ecb6d392031.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a376ae4b-4e6b-4b25-9d18-9b91d525bb76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f1fe128-62fc-4d08-9ab7-3ecb6d392031", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.839752Z", + "modified": "2024-12-14T00:22:12.839752Z", + "name": "CVE-2023-34381", + "description": "Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34381" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f5c52de-40ab-4709-a8fc-0dab9efefe4b.json b/objects/vulnerability/vulnerability--0f5c52de-40ab-4709-a8fc-0dab9efefe4b.json new file mode 100644 index 0000000000..a9b2fb5c30 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f5c52de-40ab-4709-a8fc-0dab9efefe4b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--394fb855-81dd-4634-b2d2-9e745084dc1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f5c52de-40ab-4709-a8fc-0dab9efefe4b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.383768Z", + "modified": "2024-12-14T00:22:13.383768Z", + "name": "CVE-2023-38514", + "description": "Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f92f3ae-cb08-458c-ae86-cb78567d3788.json b/objects/vulnerability/vulnerability--0f92f3ae-cb08-458c-ae86-cb78567d3788.json new file mode 100644 index 0000000000..fdd230a82e --- /dev/null +++ b/objects/vulnerability/vulnerability--0f92f3ae-cb08-458c-ae86-cb78567d3788.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fae1a9d-6e73-4dee-88ee-b590fc31727d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f92f3ae-cb08-458c-ae86-cb78567d3788", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.964155Z", + "modified": "2024-12-14T00:22:03.964155Z", + "name": "CVE-2024-54318", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54318" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1009f08b-0b5c-4775-bb8b-c39eb616b2af.json b/objects/vulnerability/vulnerability--1009f08b-0b5c-4775-bb8b-c39eb616b2af.json new file mode 100644 index 0000000000..079b202c3d --- /dev/null +++ b/objects/vulnerability/vulnerability--1009f08b-0b5c-4775-bb8b-c39eb616b2af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--138cc61b-bdfe-48bd-b3cb-eca42a11f093", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1009f08b-0b5c-4775-bb8b-c39eb616b2af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.450305Z", + "modified": "2024-12-14T00:22:04.450305Z", + "name": "CVE-2024-46971", + "description": "Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10892fca-f8f8-44f4-8f0f-8f2a8e9dd510.json b/objects/vulnerability/vulnerability--10892fca-f8f8-44f4-8f0f-8f2a8e9dd510.json new file mode 100644 index 0000000000..72902a4c41 --- /dev/null +++ b/objects/vulnerability/vulnerability--10892fca-f8f8-44f4-8f0f-8f2a8e9dd510.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1dd6cb0-489c-4e22-b336-a569b5827f12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10892fca-f8f8-44f4-8f0f-8f2a8e9dd510", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.409486Z", + "modified": "2024-12-14T00:22:13.409486Z", + "name": "CVE-2023-38480", + "description": "Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38480" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--115f8c12-8a75-4438-8e62-cfce2b6adf55.json b/objects/vulnerability/vulnerability--115f8c12-8a75-4438-8e62-cfce2b6adf55.json new file mode 100644 index 0000000000..d421a0cb34 --- /dev/null +++ b/objects/vulnerability/vulnerability--115f8c12-8a75-4438-8e62-cfce2b6adf55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e133ee8b-08d0-44a9-84ca-00818cd9bf7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--115f8c12-8a75-4438-8e62-cfce2b6adf55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.360472Z", + "modified": "2024-12-14T00:22:13.360472Z", + "name": "CVE-2023-38475", + "description": "Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11644c21-5e63-4405-a5d6-ec03171492fc.json b/objects/vulnerability/vulnerability--11644c21-5e63-4405-a5d6-ec03171492fc.json new file mode 100644 index 0000000000..9c605ba1b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--11644c21-5e63-4405-a5d6-ec03171492fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c9a6cc7-82ac-46ae-979a-f692f8f0575e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11644c21-5e63-4405-a5d6-ec03171492fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.674328Z", + "modified": "2024-12-14T00:22:13.674328Z", + "name": "CVE-2023-41802", + "description": "Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41802" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12b1a01f-5f09-4305-946b-dab9a1886c11.json b/objects/vulnerability/vulnerability--12b1a01f-5f09-4305-946b-dab9a1886c11.json new file mode 100644 index 0000000000..d788b2cc8d --- /dev/null +++ b/objects/vulnerability/vulnerability--12b1a01f-5f09-4305-946b-dab9a1886c11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--786bab0c-1dde-4115-9cbe-30fad130d50b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12b1a01f-5f09-4305-946b-dab9a1886c11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.444589Z", + "modified": "2024-12-14T00:22:02.444589Z", + "name": "CVE-2024-52057", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12bfc65c-cfdc-4f5e-b17a-049cd515ddd0.json b/objects/vulnerability/vulnerability--12bfc65c-cfdc-4f5e-b17a-049cd515ddd0.json new file mode 100644 index 0000000000..458e8ed421 --- /dev/null +++ b/objects/vulnerability/vulnerability--12bfc65c-cfdc-4f5e-b17a-049cd515ddd0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88dddd08-5208-411b-a0ad-4427b0f0d7f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12bfc65c-cfdc-4f5e-b17a-049cd515ddd0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.509453Z", + "modified": "2024-12-14T00:22:02.509453Z", + "name": "CVE-2024-12465", + "description": "The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12465" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13143900-ec5f-42db-b966-f30c9adb1594.json b/objects/vulnerability/vulnerability--13143900-ec5f-42db-b966-f30c9adb1594.json new file mode 100644 index 0000000000..049c33c035 --- /dev/null +++ b/objects/vulnerability/vulnerability--13143900-ec5f-42db-b966-f30c9adb1594.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e7b1033-3e6b-462b-affe-16134a6dd808", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13143900-ec5f-42db-b966-f30c9adb1594", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.057501Z", + "modified": "2024-12-14T00:22:04.057501Z", + "name": "CVE-2024-54293", + "description": "Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54293" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1371bc8a-c480-43d5-b78a-bf168aff3b11.json b/objects/vulnerability/vulnerability--1371bc8a-c480-43d5-b78a-bf168aff3b11.json new file mode 100644 index 0000000000..9a3e2dd68b --- /dev/null +++ b/objects/vulnerability/vulnerability--1371bc8a-c480-43d5-b78a-bf168aff3b11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7b86fdd-53d6-4966-8d6a-164eb729e3d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1371bc8a-c480-43d5-b78a-bf168aff3b11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.032107Z", + "modified": "2024-12-14T00:22:03.032107Z", + "name": "CVE-2024-11012", + "description": "The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15bc40a8-28d1-4854-9133-49c3ff42f79b.json b/objects/vulnerability/vulnerability--15bc40a8-28d1-4854-9133-49c3ff42f79b.json new file mode 100644 index 0000000000..d31abaf347 --- /dev/null +++ b/objects/vulnerability/vulnerability--15bc40a8-28d1-4854-9133-49c3ff42f79b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--134b4eb0-2850-4f4f-ba60-41da73910910", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15bc40a8-28d1-4854-9133-49c3ff42f79b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.533635Z", + "modified": "2024-12-14T00:22:02.533635Z", + "name": "CVE-2024-12309", + "description": "The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12309" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15c8a832-a086-4c5f-bd9a-1bc83dd066ff.json b/objects/vulnerability/vulnerability--15c8a832-a086-4c5f-bd9a-1bc83dd066ff.json new file mode 100644 index 0000000000..06acc1c944 --- /dev/null +++ b/objects/vulnerability/vulnerability--15c8a832-a086-4c5f-bd9a-1bc83dd066ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db507767-dfb7-4081-a662-daa4b9642a45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15c8a832-a086-4c5f-bd9a-1bc83dd066ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.610517Z", + "modified": "2024-12-14T00:22:08.610517Z", + "name": "CVE-2022-45806", + "description": "Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45806" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1687f1a0-aea9-4517-8fe5-ee769d018acc.json b/objects/vulnerability/vulnerability--1687f1a0-aea9-4517-8fe5-ee769d018acc.json new file mode 100644 index 0000000000..6db2cd96f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--1687f1a0-aea9-4517-8fe5-ee769d018acc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04f675c8-a3c3-408e-ba17-30279047af0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1687f1a0-aea9-4517-8fe5-ee769d018acc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.619477Z", + "modified": "2024-12-14T00:22:13.619477Z", + "name": "CVE-2023-41688", + "description": "Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a6f5532-88bd-4ade-b631-aa5509d098de.json b/objects/vulnerability/vulnerability--1a6f5532-88bd-4ade-b631-aa5509d098de.json new file mode 100644 index 0000000000..ac27c587db --- /dev/null +++ b/objects/vulnerability/vulnerability--1a6f5532-88bd-4ade-b631-aa5509d098de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--250409b4-3358-41d5-b295-0adf9b0f32e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a6f5532-88bd-4ade-b631-aa5509d098de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.863755Z", + "modified": "2024-12-14T00:22:13.863755Z", + "name": "CVE-2023-37987", + "description": "Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37987" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bb6e5b9-f702-445a-849d-bee0009c5fbf.json b/objects/vulnerability/vulnerability--1bb6e5b9-f702-445a-849d-bee0009c5fbf.json new file mode 100644 index 0000000000..34d3ac41e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bb6e5b9-f702-445a-849d-bee0009c5fbf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19e73fd5-1f73-4cb1-9c40-a2bbde6b85e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bb6e5b9-f702-445a-849d-bee0009c5fbf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.084695Z", + "modified": "2024-12-14T00:22:04.084695Z", + "name": "CVE-2024-54267", + "description": "Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54267" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e360b55-c8fe-4664-a775-55d6d030c16b.json b/objects/vulnerability/vulnerability--1e360b55-c8fe-4664-a775-55d6d030c16b.json new file mode 100644 index 0000000000..dca4f5bf26 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e360b55-c8fe-4664-a775-55d6d030c16b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49f729bf-7b36-48c3-bdc2-6fd3fa6ec8b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e360b55-c8fe-4664-a775-55d6d030c16b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.143125Z", + "modified": "2024-12-14T00:22:04.143125Z", + "name": "CVE-2024-54345", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f26437d-de4c-499b-ac12-72649e464c76.json b/objects/vulnerability/vulnerability--1f26437d-de4c-499b-ac12-72649e464c76.json new file mode 100644 index 0000000000..86db25f8dd --- /dev/null +++ b/objects/vulnerability/vulnerability--1f26437d-de4c-499b-ac12-72649e464c76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2f601d0-5293-4e80-bd52-3881be6a72f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f26437d-de4c-499b-ac12-72649e464c76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.646708Z", + "modified": "2024-12-14T00:22:13.646708Z", + "name": "CVE-2023-41865", + "description": "Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41865" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2050c071-5e55-445e-b3ed-0ee2d7fb3cca.json b/objects/vulnerability/vulnerability--2050c071-5e55-445e-b3ed-0ee2d7fb3cca.json new file mode 100644 index 0000000000..1172c9aa8b --- /dev/null +++ b/objects/vulnerability/vulnerability--2050c071-5e55-445e-b3ed-0ee2d7fb3cca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb9499b4-5a2b-43e6-9300-c3f1e0e316f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2050c071-5e55-445e-b3ed-0ee2d7fb3cca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.155361Z", + "modified": "2024-12-14T00:22:04.155361Z", + "name": "CVE-2024-54246", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs allows Stored XSS.This issue affects FAQs: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54246" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--212137b7-5d78-4b02-aeb7-6c1565323220.json b/objects/vulnerability/vulnerability--212137b7-5d78-4b02-aeb7-6c1565323220.json new file mode 100644 index 0000000000..6bd218c41b --- /dev/null +++ b/objects/vulnerability/vulnerability--212137b7-5d78-4b02-aeb7-6c1565323220.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af8e2f20-96b4-43af-a4ca-883a7d351f78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--212137b7-5d78-4b02-aeb7-6c1565323220", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.894712Z", + "modified": "2024-12-14T00:22:13.894712Z", + "name": "CVE-2023-35777", + "description": "Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35777" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2189bb90-7b7e-409d-aac4-e569fc3c3439.json b/objects/vulnerability/vulnerability--2189bb90-7b7e-409d-aac4-e569fc3c3439.json new file mode 100644 index 0000000000..49ec38daef --- /dev/null +++ b/objects/vulnerability/vulnerability--2189bb90-7b7e-409d-aac4-e569fc3c3439.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ffa3e04-dd94-4773-ac6c-2fdc6d38bdf3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2189bb90-7b7e-409d-aac4-e569fc3c3439", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.332761Z", + "modified": "2024-12-14T00:22:14.332761Z", + "name": "CVE-2023-32593", + "description": "Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24120153-ecb5-4e4a-ad30-39650243f3b4.json b/objects/vulnerability/vulnerability--24120153-ecb5-4e4a-ad30-39650243f3b4.json new file mode 100644 index 0000000000..1ca2a314bd --- /dev/null +++ b/objects/vulnerability/vulnerability--24120153-ecb5-4e4a-ad30-39650243f3b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eef37e7d-8160-4d36-935a-f27f80b452df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24120153-ecb5-4e4a-ad30-39650243f3b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.668217Z", + "modified": "2024-12-14T00:22:13.668217Z", + "name": "CVE-2023-41875", + "description": "Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--260f608e-234a-49db-a8c4-c9fa73329cf2.json b/objects/vulnerability/vulnerability--260f608e-234a-49db-a8c4-c9fa73329cf2.json new file mode 100644 index 0000000000..208be0531d --- /dev/null +++ b/objects/vulnerability/vulnerability--260f608e-234a-49db-a8c4-c9fa73329cf2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2da58b0-d1f2-4609-9f94-6f52bc1db401", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--260f608e-234a-49db-a8c4-c9fa73329cf2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.662795Z", + "modified": "2024-12-14T00:22:13.662795Z", + "name": "CVE-2023-41686", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41686" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--267f34a5-8adb-43c9-af8a-68d6c38af3ac.json b/objects/vulnerability/vulnerability--267f34a5-8adb-43c9-af8a-68d6c38af3ac.json new file mode 100644 index 0000000000..6cd0a3de25 --- /dev/null +++ b/objects/vulnerability/vulnerability--267f34a5-8adb-43c9-af8a-68d6c38af3ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a395ec89-f1f7-4458-b576-65c4703f0e2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--267f34a5-8adb-43c9-af8a-68d6c38af3ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.538876Z", + "modified": "2024-12-14T00:22:02.538876Z", + "name": "CVE-2024-12300", + "description": "The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging a double extension attack. It's important to note the file is deleted immediately and double extension attacks only work on select servers making this unlikely to be successfully exploited.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2773fa04-e35d-4f1a-918c-2c0680e7f7e1.json b/objects/vulnerability/vulnerability--2773fa04-e35d-4f1a-918c-2c0680e7f7e1.json new file mode 100644 index 0000000000..28031a0a2b --- /dev/null +++ b/objects/vulnerability/vulnerability--2773fa04-e35d-4f1a-918c-2c0680e7f7e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58398a27-40a7-4186-846c-611de33b8299", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2773fa04-e35d-4f1a-918c-2c0680e7f7e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.208211Z", + "modified": "2024-12-14T00:22:04.208211Z", + "name": "CVE-2024-55887", + "description": "Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27a62ba7-bcf9-4e71-88df-e110d12bf635.json b/objects/vulnerability/vulnerability--27a62ba7-bcf9-4e71-88df-e110d12bf635.json new file mode 100644 index 0000000000..bd4d0d3c68 --- /dev/null +++ b/objects/vulnerability/vulnerability--27a62ba7-bcf9-4e71-88df-e110d12bf635.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdcdc63d-5b52-417f-b600-97a6b0a58704", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27a62ba7-bcf9-4e71-88df-e110d12bf635", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.534588Z", + "modified": "2024-12-14T00:22:12.534588Z", + "name": "CVE-2023-39920", + "description": "Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through 2.9.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27bee803-50c3-4c87-a152-295865cd31fb.json b/objects/vulnerability/vulnerability--27bee803-50c3-4c87-a152-295865cd31fb.json new file mode 100644 index 0000000000..2b292e2a8b --- /dev/null +++ b/objects/vulnerability/vulnerability--27bee803-50c3-4c87-a152-295865cd31fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21c90d84-0f35-49e3-a7bd-99c20b5629cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27bee803-50c3-4c87-a152-295865cd31fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.523107Z", + "modified": "2024-12-14T00:22:02.523107Z", + "name": "CVE-2024-12572", + "description": "The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--288d7f24-2c5e-45ed-b3b2-a8f5a8d470b4.json b/objects/vulnerability/vulnerability--288d7f24-2c5e-45ed-b3b2-a8f5a8d470b4.json new file mode 100644 index 0000000000..3e49e374b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--288d7f24-2c5e-45ed-b3b2-a8f5a8d470b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--efd69594-7a81-4934-b9c2-a1ee1a72ae9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--288d7f24-2c5e-45ed-b3b2-a8f5a8d470b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.852182Z", + "modified": "2024-12-14T00:22:12.852182Z", + "name": "CVE-2023-44149", + "description": "Missing Authorization vulnerability in BeRocket Brands for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through 3.8.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44149" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a2c7445-6fcc-4202-923c-aebd2cdc5342.json b/objects/vulnerability/vulnerability--2a2c7445-6fcc-4202-923c-aebd2cdc5342.json new file mode 100644 index 0000000000..91d8e1c3c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a2c7445-6fcc-4202-923c-aebd2cdc5342.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28710d91-ed94-43af-8adb-da13b6ce63e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a2c7445-6fcc-4202-923c-aebd2cdc5342", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.074935Z", + "modified": "2024-12-14T00:22:04.074935Z", + "name": "CVE-2024-54336", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54336" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d368237-70be-449f-8fce-861966673b55.json b/objects/vulnerability/vulnerability--2d368237-70be-449f-8fce-861966673b55.json new file mode 100644 index 0000000000..ddcb31bb99 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d368237-70be-449f-8fce-861966673b55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e101b46-16f6-4535-8bf7-6d37c522715b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d368237-70be-449f-8fce-861966673b55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.079864Z", + "modified": "2024-12-14T00:22:04.079864Z", + "name": "CVE-2024-54237", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2db3217b-12b4-4d89-801a-699a61d409ca.json b/objects/vulnerability/vulnerability--2db3217b-12b4-4d89-801a-699a61d409ca.json new file mode 100644 index 0000000000..42d62a7ac0 --- /dev/null +++ b/objects/vulnerability/vulnerability--2db3217b-12b4-4d89-801a-699a61d409ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--786a4781-6779-4d8a-ac84-fe9dfd3114bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2db3217b-12b4-4d89-801a-699a61d409ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.960003Z", + "modified": "2024-12-14T00:22:03.960003Z", + "name": "CVE-2024-54312", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ووکامرس فارسی Persian Woocommerce SMS allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through 7.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54312" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e80a203-9b65-4750-998e-5a1f285796de.json b/objects/vulnerability/vulnerability--2e80a203-9b65-4750-998e-5a1f285796de.json new file mode 100644 index 0000000000..e80856545d --- /dev/null +++ b/objects/vulnerability/vulnerability--2e80a203-9b65-4750-998e-5a1f285796de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa225241-d544-4297-8ca6-5ec850590a6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e80a203-9b65-4750-998e-5a1f285796de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.078696Z", + "modified": "2024-12-14T00:22:04.078696Z", + "name": "CVE-2024-54275", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wibergs Web CSV to html allows Reflected XSS.This issue affects CSV to html: from n/a through 3.04.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2fb4f600-7b11-4a60-86c5-64a966e15906.json b/objects/vulnerability/vulnerability--2fb4f600-7b11-4a60-86c5-64a966e15906.json new file mode 100644 index 0000000000..1897282d84 --- /dev/null +++ b/objects/vulnerability/vulnerability--2fb4f600-7b11-4a60-86c5-64a966e15906.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3833479-78af-48cb-85cd-c2682e672923", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2fb4f600-7b11-4a60-86c5-64a966e15906", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.12941Z", + "modified": "2024-12-14T00:22:04.12941Z", + "name": "CVE-2024-54300", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through 2.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54300" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2fe97735-6fb4-4a6c-b720-f5e18c3040be.json b/objects/vulnerability/vulnerability--2fe97735-6fb4-4a6c-b720-f5e18c3040be.json new file mode 100644 index 0000000000..9cb90db9d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2fe97735-6fb4-4a6c-b720-f5e18c3040be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dab9aa99-03bf-4f44-bd4d-6a32b8d7a457", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2fe97735-6fb4-4a6c-b720-f5e18c3040be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.973321Z", + "modified": "2024-12-14T00:22:03.973321Z", + "name": "CVE-2024-54299", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revi Revi.io allows Reflected XSS.This issue affects Revi.io: from n/a through 5.7.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31df13c6-6a53-4974-a770-47c172c110f7.json b/objects/vulnerability/vulnerability--31df13c6-6a53-4974-a770-47c172c110f7.json new file mode 100644 index 0000000000..4e523b639f --- /dev/null +++ b/objects/vulnerability/vulnerability--31df13c6-6a53-4974-a770-47c172c110f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5011acd-941f-4199-a5b6-49a36d8e8688", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31df13c6-6a53-4974-a770-47c172c110f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.287683Z", + "modified": "2024-12-14T00:22:14.287683Z", + "name": "CVE-2023-32963", + "description": "Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3264e14e-55d3-4b5a-baf0-9c77f816e8cc.json b/objects/vulnerability/vulnerability--3264e14e-55d3-4b5a-baf0-9c77f816e8cc.json new file mode 100644 index 0000000000..ddfe3b0513 --- /dev/null +++ b/objects/vulnerability/vulnerability--3264e14e-55d3-4b5a-baf0-9c77f816e8cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4befd704-9203-4101-9b9b-d18e9bc31acf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3264e14e-55d3-4b5a-baf0-9c77f816e8cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.302987Z", + "modified": "2024-12-14T00:22:14.302987Z", + "name": "CVE-2023-32585", + "description": "Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--327e68a6-2837-4e95-82e4-4619d5d57f98.json b/objects/vulnerability/vulnerability--327e68a6-2837-4e95-82e4-4619d5d57f98.json new file mode 100644 index 0000000000..074d5f366a --- /dev/null +++ b/objects/vulnerability/vulnerability--327e68a6-2837-4e95-82e4-4619d5d57f98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22114572-8b80-4ab2-b41f-b202eddccdd9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--327e68a6-2837-4e95-82e4-4619d5d57f98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.628495Z", + "modified": "2024-12-14T00:22:08.628495Z", + "name": "CVE-2022-45841", + "description": "Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32a53e04-d393-423a-9313-3a02cd0bf233.json b/objects/vulnerability/vulnerability--32a53e04-d393-423a-9313-3a02cd0bf233.json new file mode 100644 index 0000000000..437a311792 --- /dev/null +++ b/objects/vulnerability/vulnerability--32a53e04-d393-423a-9313-3a02cd0bf233.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48699d70-a020-4b43-8c8f-5249e55f1435", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32a53e04-d393-423a-9313-3a02cd0bf233", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.970948Z", + "modified": "2024-12-14T00:22:03.970948Z", + "name": "CVE-2024-54248", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Michael DUMONTET eewee admin custom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through 1.8.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54248" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32d077fd-5dab-414a-8060-3663fd062079.json b/objects/vulnerability/vulnerability--32d077fd-5dab-414a-8060-3663fd062079.json new file mode 100644 index 0000000000..591052b662 --- /dev/null +++ b/objects/vulnerability/vulnerability--32d077fd-5dab-414a-8060-3663fd062079.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b482fc77-10f8-4de8-8096-9e669e65770a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32d077fd-5dab-414a-8060-3663fd062079", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:09.939413Z", + "modified": "2024-12-14T00:22:09.939413Z", + "name": "CVE-2022-46840", + "description": "Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-46840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3313826a-7861-4597-a786-ffd394612625.json b/objects/vulnerability/vulnerability--3313826a-7861-4597-a786-ffd394612625.json new file mode 100644 index 0000000000..bcf52e965f --- /dev/null +++ b/objects/vulnerability/vulnerability--3313826a-7861-4597-a786-ffd394612625.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dacf915-fbfc-4530-b5a4-079990e8446f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3313826a-7861-4597-a786-ffd394612625", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.70271Z", + "modified": "2024-12-14T00:22:08.70271Z", + "name": "CVE-2022-47168", + "description": "Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-47168" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--331a0d15-b1df-49d3-9837-502cd4c670eb.json b/objects/vulnerability/vulnerability--331a0d15-b1df-49d3-9837-502cd4c670eb.json new file mode 100644 index 0000000000..910eaa01b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--331a0d15-b1df-49d3-9837-502cd4c670eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a547b84b-9fb4-489c-ac0c-57eae77ca146", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--331a0d15-b1df-49d3-9837-502cd4c670eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.78041Z", + "modified": "2024-12-14T00:22:02.78041Z", + "name": "CVE-2024-47984", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33af2d06-6372-47a2-bb0e-4633c4cdcc1c.json b/objects/vulnerability/vulnerability--33af2d06-6372-47a2-bb0e-4633c4cdcc1c.json new file mode 100644 index 0000000000..e523b67ac2 --- /dev/null +++ b/objects/vulnerability/vulnerability--33af2d06-6372-47a2-bb0e-4633c4cdcc1c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e76654a3-057a-4b3b-9f09-ed77e65d9406", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33af2d06-6372-47a2-bb0e-4633c4cdcc1c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.55942Z", + "modified": "2024-12-14T00:22:02.55942Z", + "name": "CVE-2024-10939", + "description": "The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10939" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33f23891-a913-4831-b436-e44ad6d759c6.json b/objects/vulnerability/vulnerability--33f23891-a913-4831-b436-e44ad6d759c6.json new file mode 100644 index 0000000000..a35331090a --- /dev/null +++ b/objects/vulnerability/vulnerability--33f23891-a913-4831-b436-e44ad6d759c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d055b8d-78c0-48ab-b743-83e2cd467502", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33f23891-a913-4831-b436-e44ad6d759c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.96236Z", + "modified": "2024-12-14T00:22:03.96236Z", + "name": "CVE-2024-54349", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz.com Plain Post allows Stored XSS.This issue affects Plain Post: from n/a through 1.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54349" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35390d8d-acdb-43b9-928a-5bffeb71295d.json b/objects/vulnerability/vulnerability--35390d8d-acdb-43b9-928a-5bffeb71295d.json new file mode 100644 index 0000000000..089396dc70 --- /dev/null +++ b/objects/vulnerability/vulnerability--35390d8d-acdb-43b9-928a-5bffeb71295d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f0e15d5-f76a-4562-aca5-47ae2e3c59c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35390d8d-acdb-43b9-928a-5bffeb71295d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.372385Z", + "modified": "2024-12-14T00:22:13.372385Z", + "name": "CVE-2023-38477", + "description": "Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35928707-5808-4e22-ac60-0c651f191425.json b/objects/vulnerability/vulnerability--35928707-5808-4e22-ac60-0c651f191425.json new file mode 100644 index 0000000000..105fbb9092 --- /dev/null +++ b/objects/vulnerability/vulnerability--35928707-5808-4e22-ac60-0c651f191425.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a27b117-7b32-4776-8d4e-de56c7840c0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35928707-5808-4e22-ac60-0c651f191425", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.144649Z", + "modified": "2024-12-14T00:22:14.144649Z", + "name": "CVE-2023-36518", + "description": "Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36cc7c90-5dbe-40c9-900f-cec1eb894f9c.json b/objects/vulnerability/vulnerability--36cc7c90-5dbe-40c9-900f-cec1eb894f9c.json new file mode 100644 index 0000000000..17e701f270 --- /dev/null +++ b/objects/vulnerability/vulnerability--36cc7c90-5dbe-40c9-900f-cec1eb894f9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--497def2c-b34a-4bc6-9225-23d600db3683", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36cc7c90-5dbe-40c9-900f-cec1eb894f9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.752373Z", + "modified": "2024-12-14T00:22:03.752373Z", + "name": "CVE-2024-21543", + "description": "Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--37c875a5-ced3-41a6-a159-2fd4e11bc95f.json b/objects/vulnerability/vulnerability--37c875a5-ced3-41a6-a159-2fd4e11bc95f.json new file mode 100644 index 0000000000..619b6ec9e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--37c875a5-ced3-41a6-a159-2fd4e11bc95f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1550d7d-364a-446a-ba9e-da0e440f21f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--37c875a5-ced3-41a6-a159-2fd4e11bc95f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.099371Z", + "modified": "2024-12-14T00:22:04.099371Z", + "name": "CVE-2024-54313", + "description": "Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54313" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--380000ec-2cdb-456e-bd61-5e5ce624d3a2.json b/objects/vulnerability/vulnerability--380000ec-2cdb-456e-bd61-5e5ce624d3a2.json new file mode 100644 index 0000000000..dd8486e673 --- /dev/null +++ b/objects/vulnerability/vulnerability--380000ec-2cdb-456e-bd61-5e5ce624d3a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0908b30a-a444-4966-b569-6b9f4b910c62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--380000ec-2cdb-456e-bd61-5e5ce624d3a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.675733Z", + "modified": "2024-12-14T00:22:13.675733Z", + "name": "CVE-2023-41664", + "description": "Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--387987ff-8b81-4493-a750-cb6f46f0819c.json b/objects/vulnerability/vulnerability--387987ff-8b81-4493-a750-cb6f46f0819c.json new file mode 100644 index 0000000000..9d06915a56 --- /dev/null +++ b/objects/vulnerability/vulnerability--387987ff-8b81-4493-a750-cb6f46f0819c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--644e931e-8874-4aa0-8034-6d5650f0ac72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--387987ff-8b81-4493-a750-cb6f46f0819c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.873365Z", + "modified": "2024-12-14T00:22:13.873365Z", + "name": "CVE-2023-37887", + "description": "Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39230d8e-91ec-4d52-9ec1-8c37ee0064a1.json b/objects/vulnerability/vulnerability--39230d8e-91ec-4d52-9ec1-8c37ee0064a1.json new file mode 100644 index 0000000000..03c2e6df7f --- /dev/null +++ b/objects/vulnerability/vulnerability--39230d8e-91ec-4d52-9ec1-8c37ee0064a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a116d8d-a41a-4334-8986-9617831f9c1d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39230d8e-91ec-4d52-9ec1-8c37ee0064a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.845625Z", + "modified": "2024-12-14T00:22:13.845625Z", + "name": "CVE-2023-37989", + "description": "Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37989" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a4bd85e-ca7a-4f3e-ad22-688d4e96537a.json b/objects/vulnerability/vulnerability--3a4bd85e-ca7a-4f3e-ad22-688d4e96537a.json new file mode 100644 index 0000000000..c0ad1bbf38 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a4bd85e-ca7a-4f3e-ad22-688d4e96537a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af079109-f8bc-4f8f-a49f-77841aec1ae9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a4bd85e-ca7a-4f3e-ad22-688d4e96537a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.05425Z", + "modified": "2024-12-14T00:22:04.05425Z", + "name": "CVE-2024-54288", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through 3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b6fb9ed-f249-4199-a3cc-3adc48cbb8d2.json b/objects/vulnerability/vulnerability--3b6fb9ed-f249-4199-a3cc-3adc48cbb8d2.json new file mode 100644 index 0000000000..a36433273f --- /dev/null +++ b/objects/vulnerability/vulnerability--3b6fb9ed-f249-4199-a3cc-3adc48cbb8d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ed81ecb-d720-403d-9643-666acd400ff3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b6fb9ed-f249-4199-a3cc-3adc48cbb8d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.083228Z", + "modified": "2024-12-14T00:22:03.083228Z", + "name": "CVE-2024-11986", + "description": "Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11986" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b79d00a-84f5-477a-9be1-485c9415890b.json b/objects/vulnerability/vulnerability--3b79d00a-84f5-477a-9be1-485c9415890b.json new file mode 100644 index 0000000000..a04724e410 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b79d00a-84f5-477a-9be1-485c9415890b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cdf55d2-3e89-4429-a40f-e344a917e49d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b79d00a-84f5-477a-9be1-485c9415890b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.042794Z", + "modified": "2024-12-14T00:22:03.042794Z", + "name": "CVE-2024-11839", + "description": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11839" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cf8f885-aabe-4a9f-8bdb-b77918c05dee.json b/objects/vulnerability/vulnerability--3cf8f885-aabe-4a9f-8bdb-b77918c05dee.json new file mode 100644 index 0000000000..e86d1bb6e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cf8f885-aabe-4a9f-8bdb-b77918c05dee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7656cca4-1f62-4f30-8009-2f4a1042a3b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cf8f885-aabe-4a9f-8bdb-b77918c05dee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.941561Z", + "modified": "2024-12-14T00:22:03.941561Z", + "name": "CVE-2024-54259", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS GmbH DELUCKS SEO allows Path Traversal.This issue affects DELUCKS SEO: from n/a through 2.5.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54259" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d207cb8-a74d-430c-b6b1-01696dfac3a6.json b/objects/vulnerability/vulnerability--3d207cb8-a74d-430c-b6b1-01696dfac3a6.json new file mode 100644 index 0000000000..e83bbac3bb --- /dev/null +++ b/objects/vulnerability/vulnerability--3d207cb8-a74d-430c-b6b1-01696dfac3a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--523540dc-8975-4fe1-b326-d7c07de74f05", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d207cb8-a74d-430c-b6b1-01696dfac3a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.487798Z", + "modified": "2024-12-14T00:22:13.487798Z", + "name": "CVE-2023-40203", + "description": "Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d72279a-5171-4815-bfae-08358c53526f.json b/objects/vulnerability/vulnerability--3d72279a-5171-4815-bfae-08358c53526f.json new file mode 100644 index 0000000000..0fa161daa1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d72279a-5171-4815-bfae-08358c53526f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--453257c3-43b3-40d9-8257-d25796ffef23", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d72279a-5171-4815-bfae-08358c53526f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.51578Z", + "modified": "2024-12-14T00:22:02.51578Z", + "name": "CVE-2024-12421", + "description": "The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12421" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d7d5397-1d53-4533-bcca-daf84ac59ba2.json b/objects/vulnerability/vulnerability--3d7d5397-1d53-4533-bcca-daf84ac59ba2.json new file mode 100644 index 0000000000..ba72551bc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d7d5397-1d53-4533-bcca-daf84ac59ba2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd16b72d-2eeb-42bf-90de-9b5ddd362707", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d7d5397-1d53-4533-bcca-daf84ac59ba2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.975473Z", + "modified": "2024-12-14T00:22:12.975473Z", + "name": "CVE-2023-33215", + "description": "Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33215" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3feb9012-9c9c-45e7-a2d1-60bc6b404dd6.json b/objects/vulnerability/vulnerability--3feb9012-9c9c-45e7-a2d1-60bc6b404dd6.json new file mode 100644 index 0000000000..cf07f8779e --- /dev/null +++ b/objects/vulnerability/vulnerability--3feb9012-9c9c-45e7-a2d1-60bc6b404dd6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ce236cf-cbc0-4235-8d1c-2b3a3d3e7d40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3feb9012-9c9c-45e7-a2d1-60bc6b404dd6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.116522Z", + "modified": "2024-12-14T00:22:04.116522Z", + "name": "CVE-2024-54252", + "description": "Missing Authorization vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54252" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40594af8-f4d2-42c8-af00-8e7a506614d6.json b/objects/vulnerability/vulnerability--40594af8-f4d2-42c8-af00-8e7a506614d6.json new file mode 100644 index 0000000000..55c78219f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--40594af8-f4d2-42c8-af00-8e7a506614d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f60928f8-a214-4c30-b6b8-976c3bfeeb55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40594af8-f4d2-42c8-af00-8e7a506614d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.553128Z", + "modified": "2024-12-14T00:22:02.553128Z", + "name": "CVE-2024-12417", + "description": "The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--409833f7-f8fd-43a9-9ca1-2dd0b7346841.json b/objects/vulnerability/vulnerability--409833f7-f8fd-43a9-9ca1-2dd0b7346841.json new file mode 100644 index 0000000000..68852197ba --- /dev/null +++ b/objects/vulnerability/vulnerability--409833f7-f8fd-43a9-9ca1-2dd0b7346841.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf745b66-290e-4e2a-847e-bae1744e733d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--409833f7-f8fd-43a9-9ca1-2dd0b7346841", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.504804Z", + "modified": "2024-12-14T00:22:13.504804Z", + "name": "CVE-2023-40011", + "description": "Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40011" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4292ad29-23dd-4560-ad14-a6518525e2f5.json b/objects/vulnerability/vulnerability--4292ad29-23dd-4560-ad14-a6518525e2f5.json new file mode 100644 index 0000000000..62cdf75e6b --- /dev/null +++ b/objects/vulnerability/vulnerability--4292ad29-23dd-4560-ad14-a6518525e2f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--574c1203-85d2-4adf-9811-2853b01e5c95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4292ad29-23dd-4560-ad14-a6518525e2f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.102965Z", + "modified": "2024-12-14T00:22:04.102965Z", + "name": "CVE-2024-54238", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Colin Tomele Board Document Manager from CHUHPL allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through 1.9.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--429b734f-862b-4fb1-bda2-23138ea7e7ae.json b/objects/vulnerability/vulnerability--429b734f-862b-4fb1-bda2-23138ea7e7ae.json new file mode 100644 index 0000000000..ee3af503bf --- /dev/null +++ b/objects/vulnerability/vulnerability--429b734f-862b-4fb1-bda2-23138ea7e7ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3e84c5d-03b4-4491-9122-807d5f6a67a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--429b734f-862b-4fb1-bda2-23138ea7e7ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.08858Z", + "modified": "2024-12-14T00:22:04.08858Z", + "name": "CVE-2024-54295", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43e71836-e775-46b3-bef6-44874c82a18a.json b/objects/vulnerability/vulnerability--43e71836-e775-46b3-bef6-44874c82a18a.json new file mode 100644 index 0000000000..000611062f --- /dev/null +++ b/objects/vulnerability/vulnerability--43e71836-e775-46b3-bef6-44874c82a18a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ac39776-b431-4009-a803-0ce269f61432", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43e71836-e775-46b3-bef6-44874c82a18a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.101931Z", + "modified": "2024-12-14T00:22:04.101931Z", + "name": "CVE-2024-54339", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr allows Reflected XSS.This issue affects geoFlickr: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54339" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44979c76-3094-4992-aa36-e92618ba84f4.json b/objects/vulnerability/vulnerability--44979c76-3094-4992-aa36-e92618ba84f4.json new file mode 100644 index 0000000000..418b3ef376 --- /dev/null +++ b/objects/vulnerability/vulnerability--44979c76-3094-4992-aa36-e92618ba84f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--661d7333-f424-437f-a23b-d384766ca2fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44979c76-3094-4992-aa36-e92618ba84f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.623682Z", + "modified": "2024-12-14T00:22:13.623682Z", + "name": "CVE-2023-41873", + "description": "Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41873" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45885b3c-0420-4e4f-9bdb-4eabf94817ae.json b/objects/vulnerability/vulnerability--45885b3c-0420-4e4f-9bdb-4eabf94817ae.json new file mode 100644 index 0000000000..ce505a39e5 --- /dev/null +++ b/objects/vulnerability/vulnerability--45885b3c-0420-4e4f-9bdb-4eabf94817ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da4bb959-5248-4034-b53c-70f4bd0ca93f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45885b3c-0420-4e4f-9bdb-4eabf94817ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.910995Z", + "modified": "2024-12-14T00:22:13.910995Z", + "name": "CVE-2023-35046", + "description": "Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35046" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4593b29b-3ff4-422e-bd6e-1e246bf37e9b.json b/objects/vulnerability/vulnerability--4593b29b-3ff4-422e-bd6e-1e246bf37e9b.json new file mode 100644 index 0000000000..4aa5f9a6ea --- /dev/null +++ b/objects/vulnerability/vulnerability--4593b29b-3ff4-422e-bd6e-1e246bf37e9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df17e07d-dd2f-463e-8227-f938dac703fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4593b29b-3ff4-422e-bd6e-1e246bf37e9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.612758Z", + "modified": "2024-12-14T00:22:13.612758Z", + "name": "CVE-2023-41951", + "description": "Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41951" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45e75bc5-a671-401e-aa22-1199984d14f2.json b/objects/vulnerability/vulnerability--45e75bc5-a671-401e-aa22-1199984d14f2.json new file mode 100644 index 0000000000..ba1ceebc27 --- /dev/null +++ b/objects/vulnerability/vulnerability--45e75bc5-a671-401e-aa22-1199984d14f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e4f2e87-ce04-42e0-9a15-20bf297b1bc4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45e75bc5-a671-401e-aa22-1199984d14f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.525557Z", + "modified": "2024-12-14T00:22:02.525557Z", + "name": "CVE-2024-12212", + "description": "The vulnerability occurs in the parsing of CSP files. The issues result \nfrom the lack of proper validation of user-supplied data, which could \nallow reading past the end of allocated data structures, resulting in \nexecution of arbitrary code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4685537a-31f7-43c0-a6ae-3d07c07748a0.json b/objects/vulnerability/vulnerability--4685537a-31f7-43c0-a6ae-3d07c07748a0.json new file mode 100644 index 0000000000..6c016816f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4685537a-31f7-43c0-a6ae-3d07c07748a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd7b52c7-790d-4d6b-a83b-8252b1a03d76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4685537a-31f7-43c0-a6ae-3d07c07748a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.650641Z", + "modified": "2024-12-14T00:22:13.650641Z", + "name": "CVE-2023-41690", + "description": "Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41690" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48717d67-dcb7-4a15-b685-d8f73ebdc1aa.json b/objects/vulnerability/vulnerability--48717d67-dcb7-4a15-b685-d8f73ebdc1aa.json new file mode 100644 index 0000000000..391f63139a --- /dev/null +++ b/objects/vulnerability/vulnerability--48717d67-dcb7-4a15-b685-d8f73ebdc1aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e89fdb6f-4d86-40ca-a678-d1462e9fded6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48717d67-dcb7-4a15-b685-d8f73ebdc1aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.51725Z", + "modified": "2024-12-14T00:22:13.51725Z", + "name": "CVE-2023-40001", + "description": "Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40001" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--488a9265-debf-4cb1-ae0a-01503e93327b.json b/objects/vulnerability/vulnerability--488a9265-debf-4cb1-ae0a-01503e93327b.json new file mode 100644 index 0000000000..aced16d040 --- /dev/null +++ b/objects/vulnerability/vulnerability--488a9265-debf-4cb1-ae0a-01503e93327b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c24812c3-5349-4c42-a75e-5e66e654bf63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--488a9265-debf-4cb1-ae0a-01503e93327b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.378944Z", + "modified": "2024-12-14T00:22:02.378944Z", + "name": "CVE-2024-52065", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52065" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--48c43681-e560-4033-b53d-b1a7fc2897a3.json b/objects/vulnerability/vulnerability--48c43681-e560-4033-b53d-b1a7fc2897a3.json new file mode 100644 index 0000000000..d5d9b9a8df --- /dev/null +++ b/objects/vulnerability/vulnerability--48c43681-e560-4033-b53d-b1a7fc2897a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f01d06b4-42e3-483d-8db9-b6f231a58d35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--48c43681-e560-4033-b53d-b1a7fc2897a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.645441Z", + "modified": "2024-12-14T00:22:13.645441Z", + "name": "CVE-2023-41695", + "description": "Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b0266fc-82fd-44a1-b578-a2e4a17b02e7.json b/objects/vulnerability/vulnerability--4b0266fc-82fd-44a1-b578-a2e4a17b02e7.json new file mode 100644 index 0000000000..6e400b33ce --- /dev/null +++ b/objects/vulnerability/vulnerability--4b0266fc-82fd-44a1-b578-a2e4a17b02e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6f570bb-8ef1-4240-9d02-c9534840c087", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b0266fc-82fd-44a1-b578-a2e4a17b02e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.400628Z", + "modified": "2024-12-14T00:22:02.400628Z", + "name": "CVE-2024-52064", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b52722c-2d76-4cde-9a50-194e2db9c046.json b/objects/vulnerability/vulnerability--4b52722c-2d76-4cde-9a50-194e2db9c046.json new file mode 100644 index 0000000000..c24261e7e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b52722c-2d76-4cde-9a50-194e2db9c046.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52af8592-1866-4fbf-83be-3ff17be1eb61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b52722c-2d76-4cde-9a50-194e2db9c046", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.188855Z", + "modified": "2024-12-14T00:22:04.188855Z", + "name": "CVE-2024-55890", + "description": "D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55890" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bd168ae-1d60-4259-8099-60d4aa7a8cbd.json b/objects/vulnerability/vulnerability--4bd168ae-1d60-4259-8099-60d4aa7a8cbd.json new file mode 100644 index 0000000000..ff486ba561 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bd168ae-1d60-4259-8099-60d4aa7a8cbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e1eaa05-d4c1-42ec-9db2-9f98fc5e891e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bd168ae-1d60-4259-8099-60d4aa7a8cbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.170812Z", + "modified": "2024-12-14T00:22:14.170812Z", + "name": "CVE-2023-36506", + "description": "Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d020117-e5c4-4d68-bacd-91b60f3aa697.json b/objects/vulnerability/vulnerability--4d020117-e5c4-4d68-bacd-91b60f3aa697.json new file mode 100644 index 0000000000..20342e05aa --- /dev/null +++ b/objects/vulnerability/vulnerability--4d020117-e5c4-4d68-bacd-91b60f3aa697.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4db0d0e5-1f2e-4a87-9855-6b0a4f01c232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d020117-e5c4-4d68-bacd-91b60f3aa697", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.509355Z", + "modified": "2024-12-14T00:22:13.509355Z", + "name": "CVE-2023-40678", + "description": "Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d2519e5-6fd2-49f4-8bc4-730ab477e09a.json b/objects/vulnerability/vulnerability--4d2519e5-6fd2-49f4-8bc4-730ab477e09a.json new file mode 100644 index 0000000000..8a88ae6eac --- /dev/null +++ b/objects/vulnerability/vulnerability--4d2519e5-6fd2-49f4-8bc4-730ab477e09a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c9fdb37-60f7-4105-a14b-e2f9d2813288", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d2519e5-6fd2-49f4-8bc4-730ab477e09a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.065157Z", + "modified": "2024-12-14T00:22:03.065157Z", + "name": "CVE-2024-11911", + "description": "The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11911" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d8e9d5a-2eaa-40d0-b7e8-857ee9226d16.json b/objects/vulnerability/vulnerability--4d8e9d5a-2eaa-40d0-b7e8-857ee9226d16.json new file mode 100644 index 0000000000..1ad0d0ae8a --- /dev/null +++ b/objects/vulnerability/vulnerability--4d8e9d5a-2eaa-40d0-b7e8-857ee9226d16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28a204b3-6451-45a4-b180-f107eae85bb5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d8e9d5a-2eaa-40d0-b7e8-857ee9226d16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.814902Z", + "modified": "2024-12-14T00:22:12.814902Z", + "name": "CVE-2023-34387", + "description": "Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34387" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4db48466-6218-4524-b211-c797fbfc61c1.json b/objects/vulnerability/vulnerability--4db48466-6218-4524-b211-c797fbfc61c1.json new file mode 100644 index 0000000000..4174cfe092 --- /dev/null +++ b/objects/vulnerability/vulnerability--4db48466-6218-4524-b211-c797fbfc61c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--966cb740-8822-469a-8b90-ddb08f411d61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4db48466-6218-4524-b211-c797fbfc61c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.722641Z", + "modified": "2024-12-14T00:22:08.722641Z", + "name": "CVE-2022-47594", + "description": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-47594" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4dddbc27-122e-411c-8203-290fce8188bc.json b/objects/vulnerability/vulnerability--4dddbc27-122e-411c-8203-290fce8188bc.json new file mode 100644 index 0000000000..1e7acd4408 --- /dev/null +++ b/objects/vulnerability/vulnerability--4dddbc27-122e-411c-8203-290fce8188bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0bba12c-2b64-4f2e-beb3-88a5bdf117de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4dddbc27-122e-411c-8203-290fce8188bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.525672Z", + "modified": "2024-12-14T00:22:12.525672Z", + "name": "CVE-2023-39997", + "description": "Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39997" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e030ee9-655a-4a0f-a1d9-2a6a18580541.json b/objects/vulnerability/vulnerability--4e030ee9-655a-4a0f-a1d9-2a6a18580541.json new file mode 100644 index 0000000000..c44eabecbc --- /dev/null +++ b/objects/vulnerability/vulnerability--4e030ee9-655a-4a0f-a1d9-2a6a18580541.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--185b8f34-a7a5-4a9c-84e9-f867abb9c290", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e030ee9-655a-4a0f-a1d9-2a6a18580541", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.736165Z", + "modified": "2024-12-14T00:22:03.736165Z", + "name": "CVE-2024-21577", + "description": "ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21577" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e1f0f1a-b0df-4012-b14f-81767e6a7483.json b/objects/vulnerability/vulnerability--4e1f0f1a-b0df-4012-b14f-81767e6a7483.json new file mode 100644 index 0000000000..6ac4181a2f --- /dev/null +++ b/objects/vulnerability/vulnerability--4e1f0f1a-b0df-4012-b14f-81767e6a7483.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--980f1408-0080-4a2b-88b0-b35cc4e482d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e1f0f1a-b0df-4012-b14f-81767e6a7483", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.896504Z", + "modified": "2024-12-14T00:22:13.896504Z", + "name": "CVE-2023-35037", + "description": "Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through 1.3.2.357.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35037" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e33b593-d439-4bbc-8f9c-64e0f4d6d653.json b/objects/vulnerability/vulnerability--4e33b593-d439-4bbc-8f9c-64e0f4d6d653.json new file mode 100644 index 0000000000..131d673ee4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e33b593-d439-4bbc-8f9c-64e0f4d6d653.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92469fb9-34ae-440e-9096-91c274818c01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e33b593-d439-4bbc-8f9c-64e0f4d6d653", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.140178Z", + "modified": "2024-12-14T00:22:04.140178Z", + "name": "CVE-2024-54310", + "description": "Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through 1.0.1.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54310" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f824920-3d3e-44a8-abf4-0d614dff7377.json b/objects/vulnerability/vulnerability--4f824920-3d3e-44a8-abf4-0d614dff7377.json new file mode 100644 index 0000000000..dd1154dc8c --- /dev/null +++ b/objects/vulnerability/vulnerability--4f824920-3d3e-44a8-abf4-0d614dff7377.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96b3fa7b-7892-48af-a5cd-fbe911224159", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f824920-3d3e-44a8-abf4-0d614dff7377", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.115428Z", + "modified": "2024-12-14T00:22:04.115428Z", + "name": "CVE-2024-54294", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fc6f38c-bb21-47e8-8754-2e4c3fb7ad96.json b/objects/vulnerability/vulnerability--4fc6f38c-bb21-47e8-8754-2e4c3fb7ad96.json new file mode 100644 index 0000000000..b57002f689 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fc6f38c-bb21-47e8-8754-2e4c3fb7ad96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59c5db4f-d416-45ce-a2de-597edffd0dd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fc6f38c-bb21-47e8-8754-2e4c3fb7ad96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.914673Z", + "modified": "2024-12-14T00:22:13.914673Z", + "name": "CVE-2023-35051", + "description": "Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35051" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5040b586-29c9-4aa8-9c52-ade1bd74133c.json b/objects/vulnerability/vulnerability--5040b586-29c9-4aa8-9c52-ade1bd74133c.json new file mode 100644 index 0000000000..8f6176dc7b --- /dev/null +++ b/objects/vulnerability/vulnerability--5040b586-29c9-4aa8-9c52-ade1bd74133c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e473a8e9-e852-45fb-87d5-1f199533b02d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5040b586-29c9-4aa8-9c52-ade1bd74133c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.557768Z", + "modified": "2024-12-14T00:22:02.557768Z", + "name": "CVE-2024-10678", + "description": "The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--509624bb-35a1-4f08-94af-a254378105a5.json b/objects/vulnerability/vulnerability--509624bb-35a1-4f08-94af-a254378105a5.json new file mode 100644 index 0000000000..8291e15a73 --- /dev/null +++ b/objects/vulnerability/vulnerability--509624bb-35a1-4f08-94af-a254378105a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2d82c01-1423-46e4-9367-922d9d1f26cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--509624bb-35a1-4f08-94af-a254378105a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.033562Z", + "modified": "2024-12-14T00:22:03.033562Z", + "name": "CVE-2024-11827", + "description": "The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11827" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50fcfb91-5c26-45f6-8a9f-4422b343d0ff.json b/objects/vulnerability/vulnerability--50fcfb91-5c26-45f6-8a9f-4422b343d0ff.json new file mode 100644 index 0000000000..a13fe682aa --- /dev/null +++ b/objects/vulnerability/vulnerability--50fcfb91-5c26-45f6-8a9f-4422b343d0ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a91aad30-8fcc-415a-99ae-9fd43aeb9e4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50fcfb91-5c26-45f6-8a9f-4422b343d0ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.618118Z", + "modified": "2024-12-14T00:22:13.618118Z", + "name": "CVE-2023-41857", + "description": "Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51349375-5890-4549-a1f5-0acf1e69f8cf.json b/objects/vulnerability/vulnerability--51349375-5890-4549-a1f5-0acf1e69f8cf.json new file mode 100644 index 0000000000..8e99d2cda2 --- /dev/null +++ b/objects/vulnerability/vulnerability--51349375-5890-4549-a1f5-0acf1e69f8cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e4eb28e-3578-4b55-9bdb-80b3ff52f30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51349375-5890-4549-a1f5-0acf1e69f8cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.14698Z", + "modified": "2024-12-14T00:22:04.14698Z", + "name": "CVE-2024-54324", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloud Inn SMSify allows Reflected XSS.This issue affects SMSify: from n/a through 6.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54324" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51bc7714-d040-4954-abc8-38df363caaba.json b/objects/vulnerability/vulnerability--51bc7714-d040-4954-abc8-38df363caaba.json new file mode 100644 index 0000000000..bcb5f2ca27 --- /dev/null +++ b/objects/vulnerability/vulnerability--51bc7714-d040-4954-abc8-38df363caaba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b5bae13-9cd9-4b97-ab59-a58d667c8e53", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51bc7714-d040-4954-abc8-38df363caaba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.439701Z", + "modified": "2024-12-14T00:22:02.439701Z", + "name": "CVE-2024-52062", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52062" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--529d9015-3327-48ba-a8eb-c15b5fad76ed.json b/objects/vulnerability/vulnerability--529d9015-3327-48ba-a8eb-c15b5fad76ed.json new file mode 100644 index 0000000000..c80e8709c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--529d9015-3327-48ba-a8eb-c15b5fad76ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77522bdd-a0a0-437f-a1d8-d1960ea69d21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--529d9015-3327-48ba-a8eb-c15b5fad76ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.822747Z", + "modified": "2024-12-14T00:22:13.822747Z", + "name": "CVE-2023-37967", + "description": "Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52ba0f4b-45f0-4c74-ba21-4ca576ec9719.json b/objects/vulnerability/vulnerability--52ba0f4b-45f0-4c74-ba21-4ca576ec9719.json new file mode 100644 index 0000000000..eab421f02e --- /dev/null +++ b/objects/vulnerability/vulnerability--52ba0f4b-45f0-4c74-ba21-4ca576ec9719.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46849fa9-9555-41d6-ac2d-b417fcca183c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52ba0f4b-45f0-4c74-ba21-4ca576ec9719", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.544858Z", + "modified": "2024-12-14T00:22:02.544858Z", + "name": "CVE-2024-12420", + "description": "The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12420" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5338bbbc-602e-4af7-b9a7-bd19be4bc963.json b/objects/vulnerability/vulnerability--5338bbbc-602e-4af7-b9a7-bd19be4bc963.json new file mode 100644 index 0000000000..12049c5b71 --- /dev/null +++ b/objects/vulnerability/vulnerability--5338bbbc-602e-4af7-b9a7-bd19be4bc963.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--086b20a6-a6d5-4533-9729-f85e27abe793", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5338bbbc-602e-4af7-b9a7-bd19be4bc963", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.070114Z", + "modified": "2024-12-14T00:22:04.070114Z", + "name": "CVE-2024-54311", + "description": "Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54311" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--535b8bdf-9a96-453c-a584-27e0277014e1.json b/objects/vulnerability/vulnerability--535b8bdf-9a96-453c-a584-27e0277014e1.json new file mode 100644 index 0000000000..e545161334 --- /dev/null +++ b/objects/vulnerability/vulnerability--535b8bdf-9a96-453c-a584-27e0277014e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b530afb0-45cc-4bbe-a625-6b4d73f7abbf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--535b8bdf-9a96-453c-a584-27e0277014e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.671211Z", + "modified": "2024-12-14T00:22:02.671211Z", + "name": "CVE-2024-9608", + "description": "The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the WooCommerce store is set to Belgium.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53f489d3-ff08-4a90-8922-e5912412134c.json b/objects/vulnerability/vulnerability--53f489d3-ff08-4a90-8922-e5912412134c.json new file mode 100644 index 0000000000..0d875f496a --- /dev/null +++ b/objects/vulnerability/vulnerability--53f489d3-ff08-4a90-8922-e5912412134c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dd0265c-0517-48a5-ba22-671748707941", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53f489d3-ff08-4a90-8922-e5912412134c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.367083Z", + "modified": "2024-12-14T00:22:13.367083Z", + "name": "CVE-2023-38483", + "description": "Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5471e392-bf89-4a4d-a32e-17961bdb29d3.json b/objects/vulnerability/vulnerability--5471e392-bf89-4a4d-a32e-17961bdb29d3.json new file mode 100644 index 0000000000..8fb4982b78 --- /dev/null +++ b/objects/vulnerability/vulnerability--5471e392-bf89-4a4d-a32e-17961bdb29d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2523277-9d7d-4d8e-922d-3550301609e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5471e392-bf89-4a4d-a32e-17961bdb29d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.595011Z", + "modified": "2024-12-14T00:22:08.595011Z", + "name": "CVE-2022-45826", + "description": "Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45826" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55edb2b9-d0a4-4bc3-bde1-0bf4d6a66ed0.json b/objects/vulnerability/vulnerability--55edb2b9-d0a4-4bc3-bde1-0bf4d6a66ed0.json new file mode 100644 index 0000000000..05ff544bc1 --- /dev/null +++ b/objects/vulnerability/vulnerability--55edb2b9-d0a4-4bc3-bde1-0bf4d6a66ed0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce539782-4036-488b-9009-724bb26104fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55edb2b9-d0a4-4bc3-bde1-0bf4d6a66ed0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.965493Z", + "modified": "2024-12-14T00:22:03.965493Z", + "name": "CVE-2024-54273", + "description": "Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54273" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56408db4-f0d4-4660-9cdb-d132af90fe69.json b/objects/vulnerability/vulnerability--56408db4-f0d4-4660-9cdb-d132af90fe69.json new file mode 100644 index 0000000000..f9d1fe7470 --- /dev/null +++ b/objects/vulnerability/vulnerability--56408db4-f0d4-4660-9cdb-d132af90fe69.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b190a147-e452-4915-b544-e7cf22c21ce5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56408db4-f0d4-4660-9cdb-d132af90fe69", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.943854Z", + "modified": "2024-12-14T00:22:03.943854Z", + "name": "CVE-2024-54333", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--581aabe7-636a-4b33-8fd3-2d33073c9684.json b/objects/vulnerability/vulnerability--581aabe7-636a-4b33-8fd3-2d33073c9684.json new file mode 100644 index 0000000000..4aaa13bae5 --- /dev/null +++ b/objects/vulnerability/vulnerability--581aabe7-636a-4b33-8fd3-2d33073c9684.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a446c9e-594e-45f0-8f7b-c36cfcb9d4b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--581aabe7-636a-4b33-8fd3-2d33073c9684", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.676729Z", + "modified": "2024-12-14T00:22:13.676729Z", + "name": "CVE-2023-41133", + "description": "Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58a79b45-a8a8-4de7-9cd2-d02d79bf303c.json b/objects/vulnerability/vulnerability--58a79b45-a8a8-4de7-9cd2-d02d79bf303c.json new file mode 100644 index 0000000000..816ccf2b2c --- /dev/null +++ b/objects/vulnerability/vulnerability--58a79b45-a8a8-4de7-9cd2-d02d79bf303c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ade73b97-3a54-4055-9112-0be07ac43987", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58a79b45-a8a8-4de7-9cd2-d02d79bf303c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:11.200654Z", + "modified": "2024-12-14T00:22:11.200654Z", + "name": "CVE-2019-25221", + "description": "The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2019-25221" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58b98232-aa15-436f-8836-3567b9fc4448.json b/objects/vulnerability/vulnerability--58b98232-aa15-436f-8836-3567b9fc4448.json new file mode 100644 index 0000000000..11a7d726bd --- /dev/null +++ b/objects/vulnerability/vulnerability--58b98232-aa15-436f-8836-3567b9fc4448.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13029edd-71ee-4426-b4a6-ea5d43911ec2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58b98232-aa15-436f-8836-3567b9fc4448", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.97702Z", + "modified": "2024-12-14T00:22:03.97702Z", + "name": "CVE-2024-54342", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54342" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a2d62c4-5143-45df-989c-1c1a2682c095.json b/objects/vulnerability/vulnerability--5a2d62c4-5143-45df-989c-1c1a2682c095.json new file mode 100644 index 0000000000..bd627ac346 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a2d62c4-5143-45df-989c-1c1a2682c095.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--372bc645-4d01-4440-8ed4-a2cbf2f7ec38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a2d62c4-5143-45df-989c-1c1a2682c095", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.41116Z", + "modified": "2024-12-14T00:22:13.41116Z", + "name": "CVE-2023-38383", + "description": "Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a3c968d-7af7-429c-a988-55f159f0c8d6.json b/objects/vulnerability/vulnerability--5a3c968d-7af7-429c-a988-55f159f0c8d6.json new file mode 100644 index 0000000000..e0d83cac18 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a3c968d-7af7-429c-a988-55f159f0c8d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52c6ca6e-6f38-433d-b35a-2beb33227014", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a3c968d-7af7-429c-a988-55f159f0c8d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.108622Z", + "modified": "2024-12-14T00:22:04.108622Z", + "name": "CVE-2024-54325", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress allows Reflected XSS.This issue affects CarDealerPress: from n/a through 6.6.2410.02.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b8c6b8c-e2a3-4ee6-bcb4-8dc514a9cec9.json b/objects/vulnerability/vulnerability--5b8c6b8c-e2a3-4ee6-bcb4-8dc514a9cec9.json new file mode 100644 index 0000000000..2d00f238e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b8c6b8c-e2a3-4ee6-bcb4-8dc514a9cec9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48c9bb28-851b-4348-92dc-73a1d76cc2ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b8c6b8c-e2a3-4ee6-bcb4-8dc514a9cec9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.511833Z", + "modified": "2024-12-14T00:22:02.511833Z", + "name": "CVE-2024-12603", + "description": "A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5dd154a7-1a5c-4ca6-b2ef-5534544ecbd0.json b/objects/vulnerability/vulnerability--5dd154a7-1a5c-4ca6-b2ef-5534544ecbd0.json new file mode 100644 index 0000000000..1882fb3156 --- /dev/null +++ b/objects/vulnerability/vulnerability--5dd154a7-1a5c-4ca6-b2ef-5534544ecbd0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fcbbd9e7-065a-46b3-8ae8-ac4c878f7c12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5dd154a7-1a5c-4ca6-b2ef-5534544ecbd0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.40396Z", + "modified": "2024-12-14T00:22:02.40396Z", + "name": "CVE-2024-52060", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e80c8a1-5c70-415a-897d-6694ab5225ae.json b/objects/vulnerability/vulnerability--5e80c8a1-5c70-415a-897d-6694ab5225ae.json new file mode 100644 index 0000000000..7575411733 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e80c8a1-5c70-415a-897d-6694ab5225ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--efe8f51e-8b26-4c0a-9a92-d4af26ad7ffb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e80c8a1-5c70-415a-897d-6694ab5225ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.957414Z", + "modified": "2024-12-14T00:22:03.957414Z", + "name": "CVE-2024-54303", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60504636-a9b9-4505-ab7a-f85f56ae3516.json b/objects/vulnerability/vulnerability--60504636-a9b9-4505-ab7a-f85f56ae3516.json new file mode 100644 index 0000000000..4062f5ac9e --- /dev/null +++ b/objects/vulnerability/vulnerability--60504636-a9b9-4505-ab7a-f85f56ae3516.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c17cb15-c248-4dff-b766-ac6bf8d9c962", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60504636-a9b9-4505-ab7a-f85f56ae3516", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.428575Z", + "modified": "2024-12-14T00:22:02.428575Z", + "name": "CVE-2024-52059", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60a9cadf-a8bf-4429-ad70-124063e36eca.json b/objects/vulnerability/vulnerability--60a9cadf-a8bf-4429-ad70-124063e36eca.json new file mode 100644 index 0000000000..446268e3d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--60a9cadf-a8bf-4429-ad70-124063e36eca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eed9e683-c008-4849-9035-33d1a008eeba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60a9cadf-a8bf-4429-ad70-124063e36eca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:09.959858Z", + "modified": "2024-12-14T00:22:09.959858Z", + "name": "CVE-2022-46846", + "description": "Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through 1.5.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-46846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6205a7ff-daf9-45c5-8b36-aaf1ae4f0acf.json b/objects/vulnerability/vulnerability--6205a7ff-daf9-45c5-8b36-aaf1ae4f0acf.json new file mode 100644 index 0000000000..fc9cd868b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--6205a7ff-daf9-45c5-8b36-aaf1ae4f0acf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03b15c9c-86b9-443d-8e4a-d56d9e065cc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6205a7ff-daf9-45c5-8b36-aaf1ae4f0acf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.124345Z", + "modified": "2024-12-14T00:22:04.124345Z", + "name": "CVE-2024-54261", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54261" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62b2158e-c834-44ec-b59e-82348145d741.json b/objects/vulnerability/vulnerability--62b2158e-c834-44ec-b59e-82348145d741.json new file mode 100644 index 0000000000..272d5abe7b --- /dev/null +++ b/objects/vulnerability/vulnerability--62b2158e-c834-44ec-b59e-82348145d741.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--985ca55f-1935-47ad-a8ae-d2779c9ac949", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62b2158e-c834-44ec-b59e-82348145d741", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.990515Z", + "modified": "2024-12-14T00:22:12.990515Z", + "name": "CVE-2023-33995", + "description": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33995" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6382c059-d0fc-4198-8947-138702e31d57.json b/objects/vulnerability/vulnerability--6382c059-d0fc-4198-8947-138702e31d57.json new file mode 100644 index 0000000000..577491f266 --- /dev/null +++ b/objects/vulnerability/vulnerability--6382c059-d0fc-4198-8947-138702e31d57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d81f0be3-afbf-41a0-873a-9b91f7ae60e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6382c059-d0fc-4198-8947-138702e31d57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.635773Z", + "modified": "2024-12-14T00:22:13.635773Z", + "name": "CVE-2023-41803", + "description": "Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41803" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--667a8cb8-70ea-437a-8991-3761ca7a2189.json b/objects/vulnerability/vulnerability--667a8cb8-70ea-437a-8991-3761ca7a2189.json new file mode 100644 index 0000000000..2dd0806c6a --- /dev/null +++ b/objects/vulnerability/vulnerability--667a8cb8-70ea-437a-8991-3761ca7a2189.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--107ae751-a2e2-4c88-9ee5-1d140a151560", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--667a8cb8-70ea-437a-8991-3761ca7a2189", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.110809Z", + "modified": "2024-12-14T00:22:04.110809Z", + "name": "CVE-2024-54256", + "description": "Missing Authorization vulnerability in Seerox Easy Blocks pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through 1.0.21.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66e725a5-65b3-49e0-aec5-10fa13eaeca8.json b/objects/vulnerability/vulnerability--66e725a5-65b3-49e0-aec5-10fa13eaeca8.json new file mode 100644 index 0000000000..197d092784 --- /dev/null +++ b/objects/vulnerability/vulnerability--66e725a5-65b3-49e0-aec5-10fa13eaeca8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f34356e-e6a4-4534-9ac1-e800abe9dbd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66e725a5-65b3-49e0-aec5-10fa13eaeca8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.52135Z", + "modified": "2024-12-14T00:22:02.52135Z", + "name": "CVE-2024-12552", + "description": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n\nThe specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12552" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--677742c6-69c4-4171-9ae9-e33b3890a053.json b/objects/vulnerability/vulnerability--677742c6-69c4-4171-9ae9-e33b3890a053.json new file mode 100644 index 0000000000..96fd13a3c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--677742c6-69c4-4171-9ae9-e33b3890a053.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8b09e27-40a2-4ed9-b1c4-c226534edca2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--677742c6-69c4-4171-9ae9-e33b3890a053", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.877229Z", + "modified": "2024-12-14T00:22:13.877229Z", + "name": "CVE-2023-35875", + "description": "Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-35875" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67b2fc6e-ed6b-417c-ba37-9fb6ac3626a4.json b/objects/vulnerability/vulnerability--67b2fc6e-ed6b-417c-ba37-9fb6ac3626a4.json new file mode 100644 index 0000000000..bc06ab0633 --- /dev/null +++ b/objects/vulnerability/vulnerability--67b2fc6e-ed6b-417c-ba37-9fb6ac3626a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86e9599e-037f-4cf9-b543-cbb63244803b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67b2fc6e-ed6b-417c-ba37-9fb6ac3626a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.141958Z", + "modified": "2024-12-14T00:22:04.141958Z", + "name": "CVE-2024-54241", + "description": "Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification: from 1.5 through n/a.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54241" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--680cef18-6673-48e3-ad63-17167fb14fff.json b/objects/vulnerability/vulnerability--680cef18-6673-48e3-ad63-17167fb14fff.json new file mode 100644 index 0000000000..ef5404b6d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--680cef18-6673-48e3-ad63-17167fb14fff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7bb5646-be6f-4d6c-9699-955a5d6823c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--680cef18-6673-48e3-ad63-17167fb14fff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.956408Z", + "modified": "2024-12-14T00:22:03.956408Z", + "name": "CVE-2024-54297", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--683db0f9-d7be-46d8-bba8-06e408afd471.json b/objects/vulnerability/vulnerability--683db0f9-d7be-46d8-bba8-06e408afd471.json new file mode 100644 index 0000000000..7b1ad640e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--683db0f9-d7be-46d8-bba8-06e408afd471.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5713e42-626c-4903-a551-6cb1905ac341", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--683db0f9-d7be-46d8-bba8-06e408afd471", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.128406Z", + "modified": "2024-12-14T00:22:04.128406Z", + "name": "CVE-2024-54319", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiNet Interactive AB Kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through 1.0.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54319" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a762bcb-afb0-48f6-8a26-ba21b92a202e.json b/objects/vulnerability/vulnerability--6a762bcb-afb0-48f6-8a26-ba21b92a202e.json new file mode 100644 index 0000000000..b82d2da622 --- /dev/null +++ b/objects/vulnerability/vulnerability--6a762bcb-afb0-48f6-8a26-ba21b92a202e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de9a0d15-2a1d-4217-bb6e-195a70d959cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a762bcb-afb0-48f6-8a26-ba21b92a202e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.106448Z", + "modified": "2024-12-14T00:22:14.106448Z", + "name": "CVE-2023-36510", + "description": "Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c4f683c-6388-452d-8d83-6ae652a92aa3.json b/objects/vulnerability/vulnerability--6c4f683c-6388-452d-8d83-6ae652a92aa3.json new file mode 100644 index 0000000000..6abcc7738a --- /dev/null +++ b/objects/vulnerability/vulnerability--6c4f683c-6388-452d-8d83-6ae652a92aa3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2eb98c54-a4d6-4438-8b29-55f275c47db1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c4f683c-6388-452d-8d83-6ae652a92aa3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.283962Z", + "modified": "2024-12-14T00:22:14.283962Z", + "name": "CVE-2023-32506", + "description": "Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6cf96337-cbe8-429c-8d05-684f1fe76cef.json b/objects/vulnerability/vulnerability--6cf96337-cbe8-429c-8d05-684f1fe76cef.json new file mode 100644 index 0000000000..3e4ae457a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--6cf96337-cbe8-429c-8d05-684f1fe76cef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72449da0-7579-4939-b4c9-7b2cad584015", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6cf96337-cbe8-429c-8d05-684f1fe76cef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.638312Z", + "modified": "2024-12-14T00:22:13.638312Z", + "name": "CVE-2023-41683", + "description": "Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d8115fc-e6c8-465f-9d67-97b7f6cb498f.json b/objects/vulnerability/vulnerability--6d8115fc-e6c8-465f-9d67-97b7f6cb498f.json new file mode 100644 index 0000000000..c909762ed4 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d8115fc-e6c8-465f-9d67-97b7f6cb498f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--589e5fc2-f4d1-4f8d-9052-1b63dd15bd2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d8115fc-e6c8-465f-9d67-97b7f6cb498f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.137419Z", + "modified": "2024-12-14T00:22:04.137419Z", + "name": "CVE-2024-54244", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace allows Stored XSS.This issue affects Easy Replace: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54244" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e9e76ea-99d5-479c-9160-f305694714b4.json b/objects/vulnerability/vulnerability--6e9e76ea-99d5-479c-9160-f305694714b4.json new file mode 100644 index 0000000000..9e59f83d73 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e9e76ea-99d5-479c-9160-f305694714b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ace6eb1c-e4f2-4294-aa15-42e6f412da14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e9e76ea-99d5-479c-9160-f305694714b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.654763Z", + "modified": "2024-12-14T00:22:13.654763Z", + "name": "CVE-2023-41869", + "description": "Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41869" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f43c085-6214-4593-af90-7b34e612ff7f.json b/objects/vulnerability/vulnerability--6f43c085-6214-4593-af90-7b34e612ff7f.json new file mode 100644 index 0000000000..c69e453deb --- /dev/null +++ b/objects/vulnerability/vulnerability--6f43c085-6214-4593-af90-7b34e612ff7f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51a6ec65-ae78-40a4-9817-945605355e19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f43c085-6214-4593-af90-7b34e612ff7f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.709607Z", + "modified": "2024-12-14T00:22:08.709607Z", + "name": "CVE-2022-47176", + "description": "Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-47176" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ffa8dc1-ac0b-4e17-997c-97d7985fa973.json b/objects/vulnerability/vulnerability--6ffa8dc1-ac0b-4e17-997c-97d7985fa973.json new file mode 100644 index 0000000000..975412d877 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ffa8dc1-ac0b-4e17-997c-97d7985fa973.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bcba73e3-2b4a-4036-9574-6a715708cf1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ffa8dc1-ac0b-4e17-997c-97d7985fa973", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.85945Z", + "modified": "2024-12-14T00:22:13.85945Z", + "name": "CVE-2023-37984", + "description": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70ae386e-668f-410e-9d10-f79e823d9c8f.json b/objects/vulnerability/vulnerability--70ae386e-668f-410e-9d10-f79e823d9c8f.json new file mode 100644 index 0000000000..befa6d67db --- /dev/null +++ b/objects/vulnerability/vulnerability--70ae386e-668f-410e-9d10-f79e823d9c8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6b04086-79c0-4933-bfad-7ed2010ca1ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70ae386e-668f-410e-9d10-f79e823d9c8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.697228Z", + "modified": "2024-12-14T00:22:03.697228Z", + "name": "CVE-2024-21576", + "description": "ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-21576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--711977d8-da70-4367-9aa3-a3214d2d8f67.json b/objects/vulnerability/vulnerability--711977d8-da70-4367-9aa3-a3214d2d8f67.json new file mode 100644 index 0000000000..ffe9b1fc57 --- /dev/null +++ b/objects/vulnerability/vulnerability--711977d8-da70-4367-9aa3-a3214d2d8f67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2287ed00-0d20-478f-8718-f74aa7443074", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--711977d8-da70-4367-9aa3-a3214d2d8f67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.166221Z", + "modified": "2024-12-14T00:22:04.166221Z", + "name": "CVE-2024-55661", + "description": "Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method in which the callable is a function or static method and the callable has no parameters or no strict parameter types. The vulnerable to component is `remember(callable $query, string $key = '')` method in `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries`, and the vulnerability affects all Pulse card components that use this trait. Version 1.3.1 contains a patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55661" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7404ae20-d691-4841-8899-3da0d2a34e3a.json b/objects/vulnerability/vulnerability--7404ae20-d691-4841-8899-3da0d2a34e3a.json new file mode 100644 index 0000000000..5b2219ec2a --- /dev/null +++ b/objects/vulnerability/vulnerability--7404ae20-d691-4841-8899-3da0d2a34e3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f8859af-547c-445e-a712-b003d8fbc932", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7404ae20-d691-4841-8899-3da0d2a34e3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.068996Z", + "modified": "2024-12-14T00:22:04.068996Z", + "name": "CVE-2024-54329", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup s.r.l. CleverNode Related Content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through 1.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74bfda80-7020-405e-9098-3494ffcecb5c.json b/objects/vulnerability/vulnerability--74bfda80-7020-405e-9098-3494ffcecb5c.json new file mode 100644 index 0000000000..0244138aa0 --- /dev/null +++ b/objects/vulnerability/vulnerability--74bfda80-7020-405e-9098-3494ffcecb5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67c49453-ce7f-465a-bc27-9c20a2106f5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74bfda80-7020-405e-9098-3494ffcecb5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.615592Z", + "modified": "2024-12-14T00:22:02.615592Z", + "name": "CVE-2024-9508", + "description": "Horner Automation Cscape contains a memory corruption vulnerability, which \ncould allow an attacker to disclose information and execute arbitrary \ncode.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--751b3485-bd22-4c5f-9837-c3de98dd2f00.json b/objects/vulnerability/vulnerability--751b3485-bd22-4c5f-9837-c3de98dd2f00.json new file mode 100644 index 0000000000..220103b07a --- /dev/null +++ b/objects/vulnerability/vulnerability--751b3485-bd22-4c5f-9837-c3de98dd2f00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d710a6f5-009d-4372-bd19-9bebbf2a02b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--751b3485-bd22-4c5f-9837-c3de98dd2f00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.050567Z", + "modified": "2024-12-14T00:22:03.050567Z", + "name": "CVE-2024-11833", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11833" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7531a272-b69a-4d23-94f8-abc961dae1c1.json b/objects/vulnerability/vulnerability--7531a272-b69a-4d23-94f8-abc961dae1c1.json new file mode 100644 index 0000000000..95145c68d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--7531a272-b69a-4d23-94f8-abc961dae1c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec307a4f-a552-4be0-acb2-dc4c593c349f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7531a272-b69a-4d23-94f8-abc961dae1c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.083596Z", + "modified": "2024-12-14T00:22:04.083596Z", + "name": "CVE-2024-54234", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--756eaa2a-7ccd-43af-8467-3afb45663231.json b/objects/vulnerability/vulnerability--756eaa2a-7ccd-43af-8467-3afb45663231.json new file mode 100644 index 0000000000..b401765dce --- /dev/null +++ b/objects/vulnerability/vulnerability--756eaa2a-7ccd-43af-8467-3afb45663231.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d520a817-2f21-48f1-9a41-05041d19ff3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--756eaa2a-7ccd-43af-8467-3afb45663231", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.078739Z", + "modified": "2024-12-14T00:22:03.078739Z", + "name": "CVE-2024-11832", + "description": "The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--757ad48b-1ec2-47cd-a36c-f089b351301b.json b/objects/vulnerability/vulnerability--757ad48b-1ec2-47cd-a36c-f089b351301b.json new file mode 100644 index 0000000000..59a4b460a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--757ad48b-1ec2-47cd-a36c-f089b351301b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d86b9dc1-4585-42c7-a6d1-6bc90a4e7ecb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--757ad48b-1ec2-47cd-a36c-f089b351301b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.66957Z", + "modified": "2024-12-14T00:22:13.66957Z", + "name": "CVE-2023-41649", + "description": "Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--771b9390-5266-489f-add7-3ce36a4b969d.json b/objects/vulnerability/vulnerability--771b9390-5266-489f-add7-3ce36a4b969d.json new file mode 100644 index 0000000000..217018fe63 --- /dev/null +++ b/objects/vulnerability/vulnerability--771b9390-5266-489f-add7-3ce36a4b969d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--262195c6-0466-4784-9ca1-c3a12bca0bd1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--771b9390-5266-489f-add7-3ce36a4b969d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.974636Z", + "modified": "2024-12-14T00:22:03.974636Z", + "name": "CVE-2024-54308", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.today Cryptocurrency Price Widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through 1.2.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54308" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7999195e-b2ba-4d7a-a40b-b01295073638.json b/objects/vulnerability/vulnerability--7999195e-b2ba-4d7a-a40b-b01295073638.json new file mode 100644 index 0000000000..1d3f42be27 --- /dev/null +++ b/objects/vulnerability/vulnerability--7999195e-b2ba-4d7a-a40b-b01295073638.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40822af7-e393-4a12-a3ba-d8227597615a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7999195e-b2ba-4d7a-a40b-b01295073638", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.941161Z", + "modified": "2024-12-14T00:22:08.941161Z", + "name": "CVE-2022-44578", + "description": "Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-44578" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a5314be-b158-4091-bb55-095408b9f4b9.json b/objects/vulnerability/vulnerability--7a5314be-b158-4091-bb55-095408b9f4b9.json new file mode 100644 index 0000000000..01e3707000 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a5314be-b158-4091-bb55-095408b9f4b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12854254-1f96-4d8c-8cc6-7b01751d3da7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a5314be-b158-4091-bb55-095408b9f4b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.168516Z", + "modified": "2024-12-14T00:22:04.168516Z", + "name": "CVE-2024-55918", + "description": "An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a6c265c-8cce-4c97-bbde-31cbe9eada96.json b/objects/vulnerability/vulnerability--7a6c265c-8cce-4c97-bbde-31cbe9eada96.json new file mode 100644 index 0000000000..20e37d46fd --- /dev/null +++ b/objects/vulnerability/vulnerability--7a6c265c-8cce-4c97-bbde-31cbe9eada96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--955c7471-0159-4bfd-ae32-5eafb9431644", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a6c265c-8cce-4c97-bbde-31cbe9eada96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.420713Z", + "modified": "2024-12-14T00:22:02.420713Z", + "name": "CVE-2024-52058", + "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7a8c7ecd-7ef0-40b0-b830-a484cdf7ce08.json b/objects/vulnerability/vulnerability--7a8c7ecd-7ef0-40b0-b830-a484cdf7ce08.json new file mode 100644 index 0000000000..df65cd0e43 --- /dev/null +++ b/objects/vulnerability/vulnerability--7a8c7ecd-7ef0-40b0-b830-a484cdf7ce08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--945094d0-1d17-48f0-9674-883c81f8d719", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7a8c7ecd-7ef0-40b0-b830-a484cdf7ce08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.051426Z", + "modified": "2024-12-14T00:22:04.051426Z", + "name": "CVE-2024-54264", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in César Morillas Shortcodes Blocks Creator Ultimate allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through 2.2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54264" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d340fb4-1028-4535-8171-6e13c7ccf58f.json b/objects/vulnerability/vulnerability--7d340fb4-1028-4535-8171-6e13c7ccf58f.json new file mode 100644 index 0000000000..5ef8bc8a04 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d340fb4-1028-4535-8171-6e13c7ccf58f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70e65ebb-f0d3-4760-94c1-3e2a62598df5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d340fb4-1028-4535-8171-6e13c7ccf58f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.081839Z", + "modified": "2024-12-14T00:22:04.081839Z", + "name": "CVE-2024-54239", + "description": "Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7dc0180c-0828-4fd1-9b29-b28af1cfbd4c.json b/objects/vulnerability/vulnerability--7dc0180c-0828-4fd1-9b29-b28af1cfbd4c.json new file mode 100644 index 0000000000..9c30eaaf93 --- /dev/null +++ b/objects/vulnerability/vulnerability--7dc0180c-0828-4fd1-9b29-b28af1cfbd4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7221fc30-5808-4995-b1c0-1f19c82d1bf6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7dc0180c-0828-4fd1-9b29-b28af1cfbd4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.643287Z", + "modified": "2024-12-14T00:22:13.643287Z", + "name": "CVE-2023-41952", + "description": "Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41952" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f6a1bb0-0687-4476-9fb7-50a10da9ae2c.json b/objects/vulnerability/vulnerability--7f6a1bb0-0687-4476-9fb7-50a10da9ae2c.json new file mode 100644 index 0000000000..49e53b3d28 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f6a1bb0-0687-4476-9fb7-50a10da9ae2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--876c3e16-2fd2-49ac-be5f-3f9a6360b570", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f6a1bb0-0687-4476-9fb7-50a10da9ae2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.542116Z", + "modified": "2024-12-14T00:22:02.542116Z", + "name": "CVE-2024-12042", + "description": "The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload HTML files with arbitrary web scripts that will execute whenever a user accesses the file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12042" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--80f93738-651b-4440-8fe7-20add956b0b6.json b/objects/vulnerability/vulnerability--80f93738-651b-4440-8fe7-20add956b0b6.json new file mode 100644 index 0000000000..1868cde139 --- /dev/null +++ b/objects/vulnerability/vulnerability--80f93738-651b-4440-8fe7-20add956b0b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99011194-b1d0-4726-9746-d58cf54bb890", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--80f93738-651b-4440-8fe7-20add956b0b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.270766Z", + "modified": "2024-12-14T00:22:02.270766Z", + "name": "CVE-2024-48007", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48007" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81e4ebb4-f8a0-4004-9d4d-4e804ea91b90.json b/objects/vulnerability/vulnerability--81e4ebb4-f8a0-4004-9d4d-4e804ea91b90.json new file mode 100644 index 0000000000..97db983329 --- /dev/null +++ b/objects/vulnerability/vulnerability--81e4ebb4-f8a0-4004-9d4d-4e804ea91b90.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ff90178-b404-4439-a7cd-619cc2a9689f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81e4ebb4-f8a0-4004-9d4d-4e804ea91b90", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.094432Z", + "modified": "2024-12-14T00:22:04.094432Z", + "name": "CVE-2024-54271", + "description": "Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54271" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--826e85f9-603d-4804-93cd-d92b80f60d6d.json b/objects/vulnerability/vulnerability--826e85f9-603d-4804-93cd-d92b80f60d6d.json new file mode 100644 index 0000000000..1f01e343a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--826e85f9-603d-4804-93cd-d92b80f60d6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e52ccbf-2cf6-4ceb-bc78-6c5c71821016", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--826e85f9-603d-4804-93cd-d92b80f60d6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.082261Z", + "modified": "2024-12-14T00:22:03.082261Z", + "name": "CVE-2024-11838", + "description": "External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11838" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8298f369-5922-424b-a8f3-d70a6053b1b5.json b/objects/vulnerability/vulnerability--8298f369-5922-424b-a8f3-d70a6053b1b5.json new file mode 100644 index 0000000000..a96f14de08 --- /dev/null +++ b/objects/vulnerability/vulnerability--8298f369-5922-424b-a8f3-d70a6053b1b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55dcea70-4b98-4454-bdb6-9c857ef2bdab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8298f369-5922-424b-a8f3-d70a6053b1b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.310176Z", + "modified": "2024-12-14T00:22:14.310176Z", + "name": "CVE-2023-32601", + "description": "Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82f469df-020d-43f5-aa7b-b0e538386fc1.json b/objects/vulnerability/vulnerability--82f469df-020d-43f5-aa7b-b0e538386fc1.json new file mode 100644 index 0000000000..85c77a44bf --- /dev/null +++ b/objects/vulnerability/vulnerability--82f469df-020d-43f5-aa7b-b0e538386fc1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0432f6a0-98b3-4c28-af32-6b42fa69c3c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82f469df-020d-43f5-aa7b-b0e538386fc1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.586696Z", + "modified": "2024-12-14T00:22:02.586696Z", + "name": "CVE-2024-10783", + "description": "The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8392cc24-9596-4407-aa10-20a211cc8765.json b/objects/vulnerability/vulnerability--8392cc24-9596-4407-aa10-20a211cc8765.json new file mode 100644 index 0000000000..345209f179 --- /dev/null +++ b/objects/vulnerability/vulnerability--8392cc24-9596-4407-aa10-20a211cc8765.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf49fc7b-5413-4a37-ac74-f6f869afe401", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8392cc24-9596-4407-aa10-20a211cc8765", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.052713Z", + "modified": "2024-12-14T00:22:04.052713Z", + "name": "CVE-2024-54274", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83ef32a4-da2d-421f-88f7-203fbabbfe6b.json b/objects/vulnerability/vulnerability--83ef32a4-da2d-421f-88f7-203fbabbfe6b.json new file mode 100644 index 0000000000..2ce8ac2d92 --- /dev/null +++ b/objects/vulnerability/vulnerability--83ef32a4-da2d-421f-88f7-203fbabbfe6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78c14969-be69-4827-8f91-71c808608d54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83ef32a4-da2d-421f-88f7-203fbabbfe6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.293192Z", + "modified": "2024-12-14T00:22:14.293192Z", + "name": "CVE-2023-32599", + "description": "Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84219e24-15db-4ded-afe7-7ba2bd41689f.json b/objects/vulnerability/vulnerability--84219e24-15db-4ded-afe7-7ba2bd41689f.json new file mode 100644 index 0000000000..62e0546b5c --- /dev/null +++ b/objects/vulnerability/vulnerability--84219e24-15db-4ded-afe7-7ba2bd41689f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a87a2e4a-19f4-4fe9-992e-c2f26882c6e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84219e24-15db-4ded-afe7-7ba2bd41689f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.64774Z", + "modified": "2024-12-14T00:22:13.64774Z", + "name": "CVE-2023-41689", + "description": "Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84af5bed-dca0-4983-87f9-4627bffe82d0.json b/objects/vulnerability/vulnerability--84af5bed-dca0-4983-87f9-4627bffe82d0.json new file mode 100644 index 0000000000..75b1fa0cb0 --- /dev/null +++ b/objects/vulnerability/vulnerability--84af5bed-dca0-4983-87f9-4627bffe82d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d21339b0-07ed-4618-a751-9418749942e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84af5bed-dca0-4983-87f9-4627bffe82d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.306503Z", + "modified": "2024-12-14T00:22:14.306503Z", + "name": "CVE-2023-32574", + "description": "Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a978542-c282-4ca2-836e-c09ffc4c12a2.json b/objects/vulnerability/vulnerability--8a978542-c282-4ca2-836e-c09ffc4c12a2.json new file mode 100644 index 0000000000..d6f1ddcef9 --- /dev/null +++ b/objects/vulnerability/vulnerability--8a978542-c282-4ca2-836e-c09ffc4c12a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb86a44a-86f9-454a-8b65-b640b4e23e86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a978542-c282-4ca2-836e-c09ffc4c12a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.884061Z", + "modified": "2024-12-14T00:22:12.884061Z", + "name": "CVE-2023-44142", + "description": "Missing Authorization vulnerability in Inactive Logout Inactive Logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through 3.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-44142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ae4470d-7f1f-4ef2-a366-e4a59d33b2ce.json b/objects/vulnerability/vulnerability--8ae4470d-7f1f-4ef2-a366-e4a59d33b2ce.json new file mode 100644 index 0000000000..e12d5b62fe --- /dev/null +++ b/objects/vulnerability/vulnerability--8ae4470d-7f1f-4ef2-a366-e4a59d33b2ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d635c59-3ece-495b-84df-39a194d32e01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ae4470d-7f1f-4ef2-a366-e4a59d33b2ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.113255Z", + "modified": "2024-12-14T00:22:04.113255Z", + "name": "CVE-2024-54236", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d5ab716-65f2-42b6-b1ca-496d03ab9836.json b/objects/vulnerability/vulnerability--8d5ab716-65f2-42b6-b1ca-496d03ab9836.json new file mode 100644 index 0000000000..a52957d0b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--8d5ab716-65f2-42b6-b1ca-496d03ab9836.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eda13c45-db7b-4f8f-a18f-ff8aaa4947d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d5ab716-65f2-42b6-b1ca-496d03ab9836", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.122018Z", + "modified": "2024-12-14T00:22:04.122018Z", + "name": "CVE-2024-54276", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dd93ff0-682e-4784-b94a-35ba0b60297e.json b/objects/vulnerability/vulnerability--8dd93ff0-682e-4784-b94a-35ba0b60297e.json new file mode 100644 index 0000000000..ba23594613 --- /dev/null +++ b/objects/vulnerability/vulnerability--8dd93ff0-682e-4784-b94a-35ba0b60297e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a96cd753-c794-44c9-9c7d-8c37129fe7d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dd93ff0-682e-4784-b94a-35ba0b60297e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.630126Z", + "modified": "2024-12-14T00:22:02.630126Z", + "name": "CVE-2024-9290", + "description": "The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dddb7d9-ac14-4860-99f2-fd2d7a94dce0.json b/objects/vulnerability/vulnerability--8dddb7d9-ac14-4860-99f2-fd2d7a94dce0.json new file mode 100644 index 0000000000..5c01300ed2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8dddb7d9-ac14-4860-99f2-fd2d7a94dce0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--955b80fc-47a0-46b0-8a45-fc7ad0b9ad5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dddb7d9-ac14-4860-99f2-fd2d7a94dce0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.289728Z", + "modified": "2024-12-14T00:22:02.289728Z", + "name": "CVE-2024-48008", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e840f40-20bb-44a6-a454-7a07e397374b.json b/objects/vulnerability/vulnerability--8e840f40-20bb-44a6-a454-7a07e397374b.json new file mode 100644 index 0000000000..997218b04d --- /dev/null +++ b/objects/vulnerability/vulnerability--8e840f40-20bb-44a6-a454-7a07e397374b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd7317ad-c637-4b75-9e29-5487e4449fd4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e840f40-20bb-44a6-a454-7a07e397374b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.150895Z", + "modified": "2024-12-14T00:22:04.150895Z", + "name": "CVE-2024-54235", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8eb5b338-893a-4baa-b6cc-7958e2049981.json b/objects/vulnerability/vulnerability--8eb5b338-893a-4baa-b6cc-7958e2049981.json new file mode 100644 index 0000000000..8fe72c96c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--8eb5b338-893a-4baa-b6cc-7958e2049981.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ad62935-c776-4b76-9483-ae8c5dbba2bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8eb5b338-893a-4baa-b6cc-7958e2049981", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.0723Z", + "modified": "2024-12-14T00:22:04.0723Z", + "name": "CVE-2024-54282", + "description": "Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90ae3736-490f-49be-a73b-157df92a4b85.json b/objects/vulnerability/vulnerability--90ae3736-490f-49be-a73b-157df92a4b85.json new file mode 100644 index 0000000000..25ab6652c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--90ae3736-490f-49be-a73b-157df92a4b85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--100e4322-7070-4c5b-af52-7dced3f228d4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90ae3736-490f-49be-a73b-157df92a4b85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.834811Z", + "modified": "2024-12-14T00:22:12.834811Z", + "name": "CVE-2023-34376", + "description": "Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34376" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--933049eb-180b-488c-abfe-7363bb881c1e.json b/objects/vulnerability/vulnerability--933049eb-180b-488c-abfe-7363bb881c1e.json new file mode 100644 index 0000000000..12546fc002 --- /dev/null +++ b/objects/vulnerability/vulnerability--933049eb-180b-488c-abfe-7363bb881c1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3934d749-e01a-4c5e-9494-b8068c62769e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--933049eb-180b-488c-abfe-7363bb881c1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.817396Z", + "modified": "2024-12-14T00:22:13.817396Z", + "name": "CVE-2023-37971", + "description": "Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9411407f-5a52-4c8d-9a23-fd6abd32a7dd.json b/objects/vulnerability/vulnerability--9411407f-5a52-4c8d-9a23-fd6abd32a7dd.json new file mode 100644 index 0000000000..38af52b54c --- /dev/null +++ b/objects/vulnerability/vulnerability--9411407f-5a52-4c8d-9a23-fd6abd32a7dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec472be9-9181-4a8f-bd1f-7267f25030ff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9411407f-5a52-4c8d-9a23-fd6abd32a7dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.149403Z", + "modified": "2024-12-14T00:22:04.149403Z", + "name": "CVE-2024-54341", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through 1.3.58.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54341" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9448e785-29d1-43fe-b639-258b64fef446.json b/objects/vulnerability/vulnerability--9448e785-29d1-43fe-b639-258b64fef446.json new file mode 100644 index 0000000000..663bed3778 --- /dev/null +++ b/objects/vulnerability/vulnerability--9448e785-29d1-43fe-b639-258b64fef446.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23fae3a5-e664-423f-85eb-1abb51e90d87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9448e785-29d1-43fe-b639-258b64fef446", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.055222Z", + "modified": "2024-12-14T00:22:03.055222Z", + "name": "CVE-2024-11767", + "description": "The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11767" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--949adf4e-8166-4815-b938-48775f8754be.json b/objects/vulnerability/vulnerability--949adf4e-8166-4815-b938-48775f8754be.json new file mode 100644 index 0000000000..7f27ca211b --- /dev/null +++ b/objects/vulnerability/vulnerability--949adf4e-8166-4815-b938-48775f8754be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14c349b4-5e0e-4655-8a50-4b9d78667e58", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--949adf4e-8166-4815-b938-48775f8754be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.717616Z", + "modified": "2024-12-14T00:22:08.717616Z", + "name": "CVE-2022-47182", + "description": "Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-47182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--965d0ed0-8350-4321-8b7b-e11605533773.json b/objects/vulnerability/vulnerability--965d0ed0-8350-4321-8b7b-e11605533773.json new file mode 100644 index 0000000000..abf37efba1 --- /dev/null +++ b/objects/vulnerability/vulnerability--965d0ed0-8350-4321-8b7b-e11605533773.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab8d7ca8-bbea-4ff7-84a4-6fd80fc57159", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--965d0ed0-8350-4321-8b7b-e11605533773", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.966622Z", + "modified": "2024-12-14T00:22:03.966622Z", + "name": "CVE-2024-54330", + "description": "Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96943713-0eef-4102-a136-df88a437fab4.json b/objects/vulnerability/vulnerability--96943713-0eef-4102-a136-df88a437fab4.json new file mode 100644 index 0000000000..5b9795f712 --- /dev/null +++ b/objects/vulnerability/vulnerability--96943713-0eef-4102-a136-df88a437fab4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3d92c62-346e-4e88-931d-17a2db1d8841", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96943713-0eef-4102-a136-df88a437fab4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.734528Z", + "modified": "2024-12-14T00:22:14.734528Z", + "name": "CVE-2023-27456", + "description": "Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-27456" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96a4629a-004c-4940-85fe-f0e6b88786a1.json b/objects/vulnerability/vulnerability--96a4629a-004c-4940-85fe-f0e6b88786a1.json new file mode 100644 index 0000000000..4f265df7fb --- /dev/null +++ b/objects/vulnerability/vulnerability--96a4629a-004c-4940-85fe-f0e6b88786a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e5ccdf1-b27d-4265-b4b1-56f4bdde487d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96a4629a-004c-4940-85fe-f0e6b88786a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.048728Z", + "modified": "2024-12-14T00:22:03.048728Z", + "name": "CVE-2024-11275", + "description": "The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96e2d891-d7e1-40b2-a4c8-f2c4dd914556.json b/objects/vulnerability/vulnerability--96e2d891-d7e1-40b2-a4c8-f2c4dd914556.json new file mode 100644 index 0000000000..1c548d87c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--96e2d891-d7e1-40b2-a4c8-f2c4dd914556.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec89c2ba-14eb-491d-ba14-8f977e29148b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96e2d891-d7e1-40b2-a4c8-f2c4dd914556", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.199718Z", + "modified": "2024-12-14T00:22:04.199718Z", + "name": "CVE-2024-55946", + "description": "Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have entered into the software. This poses a risk to user privacy. The maintainers of Playloom Engine have temporarily disabled the collaboration feature until a fix can be implemented. When Engine Beta v0.0.2 is released, it is expected to contain a patch addressing this issue. Users should refrain from using the collaboration feature in the meantime.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55946" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9855d910-01e8-4ed5-9433-16f307f285fa.json b/objects/vulnerability/vulnerability--9855d910-01e8-4ed5-9433-16f307f285fa.json new file mode 100644 index 0000000000..dce5515b51 --- /dev/null +++ b/objects/vulnerability/vulnerability--9855d910-01e8-4ed5-9433-16f307f285fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c2b9aa5-0500-4a30-8b99-11b44f37a5f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9855d910-01e8-4ed5-9433-16f307f285fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.019999Z", + "modified": "2024-12-14T00:22:03.019999Z", + "name": "CVE-2024-11910", + "description": "The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98a22aa8-29af-45ce-acab-17bd88faec47.json b/objects/vulnerability/vulnerability--98a22aa8-29af-45ce-acab-17bd88faec47.json new file mode 100644 index 0000000000..697759773d --- /dev/null +++ b/objects/vulnerability/vulnerability--98a22aa8-29af-45ce-acab-17bd88faec47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d0749e8-c69f-4d3a-a7ea-eae048b125d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98a22aa8-29af-45ce-acab-17bd88faec47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.513783Z", + "modified": "2024-12-14T00:22:02.513783Z", + "name": "CVE-2024-12414", + "description": "The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12414" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99aa1a4e-2476-42cb-957a-e709275bf1d8.json b/objects/vulnerability/vulnerability--99aa1a4e-2476-42cb-957a-e709275bf1d8.json new file mode 100644 index 0000000000..27a2098cf8 --- /dev/null +++ b/objects/vulnerability/vulnerability--99aa1a4e-2476-42cb-957a-e709275bf1d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e3cb469-2a53-47aa-b94a-b9a21052847d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99aa1a4e-2476-42cb-957a-e709275bf1d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.125253Z", + "modified": "2024-12-14T00:22:04.125253Z", + "name": "CVE-2024-54314", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54314" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99c8581c-3e25-4ce4-ba21-73912bf6cd24.json b/objects/vulnerability/vulnerability--99c8581c-3e25-4ce4-ba21-73912bf6cd24.json new file mode 100644 index 0000000000..91ed2a3b9c --- /dev/null +++ b/objects/vulnerability/vulnerability--99c8581c-3e25-4ce4-ba21-73912bf6cd24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fae1a576-ec89-47f9-b180-a38938c42415", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99c8581c-3e25-4ce4-ba21-73912bf6cd24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.955295Z", + "modified": "2024-12-14T00:22:03.955295Z", + "name": "CVE-2024-54337", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54337" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a1960c7-e798-4250-bd9c-823f7a5a79ba.json b/objects/vulnerability/vulnerability--9a1960c7-e798-4250-bd9c-823f7a5a79ba.json new file mode 100644 index 0000000000..710f3b9a72 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a1960c7-e798-4250-bd9c-823f7a5a79ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--feef2628-9280-4bf9-9bd0-108f642d13d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a1960c7-e798-4250-bd9c-823f7a5a79ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.438332Z", + "modified": "2024-12-14T00:22:02.438332Z", + "name": "CVE-2024-52061", + "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b301da4-817a-4cc5-b396-c838e347eb46.json b/objects/vulnerability/vulnerability--9b301da4-817a-4cc5-b396-c838e347eb46.json new file mode 100644 index 0000000000..5c974fdfee --- /dev/null +++ b/objects/vulnerability/vulnerability--9b301da4-817a-4cc5-b396-c838e347eb46.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--824df06a-8f95-4fdd-a9dc-6db5cf080efe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b301da4-817a-4cc5-b396-c838e347eb46", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.164715Z", + "modified": "2024-12-14T00:22:02.164715Z", + "name": "CVE-2024-24902", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-24902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9fd71f2b-4fce-4703-a670-c1e72f7a403e.json b/objects/vulnerability/vulnerability--9fd71f2b-4fce-4703-a670-c1e72f7a403e.json new file mode 100644 index 0000000000..a59723a0f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--9fd71f2b-4fce-4703-a670-c1e72f7a403e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8de1ce6a-e416-4a01-9ef7-40012ec08841", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9fd71f2b-4fce-4703-a670-c1e72f7a403e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.059442Z", + "modified": "2024-12-14T00:22:03.059442Z", + "name": "CVE-2024-11837", + "description": "Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11837" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a069716c-4bfb-481b-9e25-0ade5e496bd8.json b/objects/vulnerability/vulnerability--a069716c-4bfb-481b-9e25-0ade5e496bd8.json new file mode 100644 index 0000000000..25ea3e16a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a069716c-4bfb-481b-9e25-0ade5e496bd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08f5342c-c359-48ab-9c51-596d25ef510a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a069716c-4bfb-481b-9e25-0ade5e496bd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.457047Z", + "modified": "2024-12-14T00:22:13.457047Z", + "name": "CVE-2023-22697", + "description": "Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-22697" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a09d10f0-44ae-43ef-8830-63a59402eef7.json b/objects/vulnerability/vulnerability--a09d10f0-44ae-43ef-8830-63a59402eef7.json new file mode 100644 index 0000000000..3a7712485a --- /dev/null +++ b/objects/vulnerability/vulnerability--a09d10f0-44ae-43ef-8830-63a59402eef7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b6c869e-fabc-4d4c-942f-1601fc86ad55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a09d10f0-44ae-43ef-8830-63a59402eef7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.950128Z", + "modified": "2024-12-14T00:22:03.950128Z", + "name": "CVE-2024-54277", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza aliniya Nias course allows DOM-Based XSS.This issue affects Nias course: from n/a through 1.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54277" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0b8f016-3de4-454e-abe7-003cbe286b43.json b/objects/vulnerability/vulnerability--a0b8f016-3de4-454e-abe7-003cbe286b43.json new file mode 100644 index 0000000000..0a509e3af3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0b8f016-3de4-454e-abe7-003cbe286b43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5747909-091a-4dc9-a5bf-17d4e8093111", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0b8f016-3de4-454e-abe7-003cbe286b43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.601318Z", + "modified": "2024-12-14T00:22:13.601318Z", + "name": "CVE-2023-41671", + "description": "Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-41671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a357d1f7-2c9c-439a-986d-b440a82a71a8.json b/objects/vulnerability/vulnerability--a357d1f7-2c9c-439a-986d-b440a82a71a8.json new file mode 100644 index 0000000000..c2736edca9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a357d1f7-2c9c-439a-986d-b440a82a71a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c123c42-0039-417c-8859-5bf2ed8783fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a357d1f7-2c9c-439a-986d-b440a82a71a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.023434Z", + "modified": "2024-12-14T00:22:13.023434Z", + "name": "CVE-2023-33996", + "description": "Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-33996" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a38962a8-f43d-4f6b-a60e-a9790514a520.json b/objects/vulnerability/vulnerability--a38962a8-f43d-4f6b-a60e-a9790514a520.json new file mode 100644 index 0000000000..e5fd83695f --- /dev/null +++ b/objects/vulnerability/vulnerability--a38962a8-f43d-4f6b-a60e-a9790514a520.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ccc2c6a-571e-4124-9864-e671371769e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a38962a8-f43d-4f6b-a60e-a9790514a520", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.120096Z", + "modified": "2024-12-14T00:22:04.120096Z", + "name": "CVE-2024-54351", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54351" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3a1c95e-c356-47d7-aa54-be2fd6ae2aac.json b/objects/vulnerability/vulnerability--a3a1c95e-c356-47d7-aa54-be2fd6ae2aac.json new file mode 100644 index 0000000000..c6cddd081d --- /dev/null +++ b/objects/vulnerability/vulnerability--a3a1c95e-c356-47d7-aa54-be2fd6ae2aac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5809c2d5-42f9-448c-9ae0-cf1dd4b489a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3a1c95e-c356-47d7-aa54-be2fd6ae2aac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.314887Z", + "modified": "2024-12-14T00:22:14.314887Z", + "name": "CVE-2023-32581", + "description": "Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3c970fc-4b79-40b4-ac9d-a889c9341560.json b/objects/vulnerability/vulnerability--a3c970fc-4b79-40b4-ac9d-a889c9341560.json new file mode 100644 index 0000000000..7e030fb4c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3c970fc-4b79-40b4-ac9d-a889c9341560.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89442d44-41e3-4300-934e-b9f543822365", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3c970fc-4b79-40b4-ac9d-a889c9341560", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.126252Z", + "modified": "2024-12-14T00:22:04.126252Z", + "name": "CVE-2024-54250", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prodigy Commerce Prodigy Commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through 3.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a41f5105-1e32-478b-9b6c-3da353e251f3.json b/objects/vulnerability/vulnerability--a41f5105-1e32-478b-9b6c-3da353e251f3.json new file mode 100644 index 0000000000..164ce9a2de --- /dev/null +++ b/objects/vulnerability/vulnerability--a41f5105-1e32-478b-9b6c-3da353e251f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d8d6da6-163a-4474-bd94-f90392fe9b0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a41f5105-1e32-478b-9b6c-3da353e251f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.089845Z", + "modified": "2024-12-14T00:22:04.089845Z", + "name": "CVE-2024-54265", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54265" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a44fdae6-629b-4168-b254-867bcfab15fa.json b/objects/vulnerability/vulnerability--a44fdae6-629b-4168-b254-867bcfab15fa.json new file mode 100644 index 0000000000..5a65bb9d79 --- /dev/null +++ b/objects/vulnerability/vulnerability--a44fdae6-629b-4168-b254-867bcfab15fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11a3305e-b6a6-4a54-86d5-ce3e90a423e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a44fdae6-629b-4168-b254-867bcfab15fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.811408Z", + "modified": "2024-12-14T00:22:12.811408Z", + "name": "CVE-2023-34014", + "description": "Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a46eed0b-19ca-4dc5-907c-21ee9be7f7ec.json b/objects/vulnerability/vulnerability--a46eed0b-19ca-4dc5-907c-21ee9be7f7ec.json new file mode 100644 index 0000000000..89eef62808 --- /dev/null +++ b/objects/vulnerability/vulnerability--a46eed0b-19ca-4dc5-907c-21ee9be7f7ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7f92ac5-242d-4f89-8fc1-933ed81e2eb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a46eed0b-19ca-4dc5-907c-21ee9be7f7ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.056502Z", + "modified": "2024-12-14T00:22:04.056502Z", + "name": "CVE-2024-54262", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54262" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5e48b2c-2275-49ac-a255-860fe902e059.json b/objects/vulnerability/vulnerability--a5e48b2c-2275-49ac-a255-860fe902e059.json new file mode 100644 index 0000000000..0a9fecefc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5e48b2c-2275-49ac-a255-860fe902e059.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ee6c9d6-dbe1-4851-a6e9-026676525bee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5e48b2c-2275-49ac-a255-860fe902e059", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.961463Z", + "modified": "2024-12-14T00:22:03.961463Z", + "name": "CVE-2024-54242", + "description": "Missing Authorization vulnerability in Appsbd Simple Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54242" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6979f45-51d7-4bb3-a257-7f22aa36ae66.json b/objects/vulnerability/vulnerability--a6979f45-51d7-4bb3-a257-7f22aa36ae66.json new file mode 100644 index 0000000000..38727b8c99 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6979f45-51d7-4bb3-a257-7f22aa36ae66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe801be0-b130-4ae0-a0d9-34092eda7938", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6979f45-51d7-4bb3-a257-7f22aa36ae66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:02.543757Z", + "modified": "2024-12-14T00:22:02.543757Z", + "name": "CVE-2024-12553", + "description": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12553" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a85266db-ada5-4eda-9335-3bbc295edee3.json b/objects/vulnerability/vulnerability--a85266db-ada5-4eda-9335-3bbc295edee3.json new file mode 100644 index 0000000000..346ddf1920 --- /dev/null +++ b/objects/vulnerability/vulnerability--a85266db-ada5-4eda-9335-3bbc295edee3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cd63d6d8-d383-4fcf-9253-b535806de42f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a85266db-ada5-4eda-9335-3bbc295edee3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.130413Z", + "modified": "2024-12-14T00:22:04.130413Z", + "name": "CVE-2024-54286", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sendsmaily LLC Smaily for WP allows Stored XSS.This issue affects Smaily for WP: from n/a through 3.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54286" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8b38d04-a7db-4fcb-bd77-cf2dc29f4d02.json b/objects/vulnerability/vulnerability--a8b38d04-a7db-4fcb-bd77-cf2dc29f4d02.json new file mode 100644 index 0000000000..d7437f46a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8b38d04-a7db-4fcb-bd77-cf2dc29f4d02.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6d742c3-5412-430b-a09f-b53bd811486b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8b38d04-a7db-4fcb-bd77-cf2dc29f4d02", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:12.805695Z", + "modified": "2024-12-14T00:22:12.805695Z", + "name": "CVE-2023-34019", + "description": "Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-34019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9caa988-ef52-43dc-9074-7ccd4cf1daed.json b/objects/vulnerability/vulnerability--a9caa988-ef52-43dc-9074-7ccd4cf1daed.json new file mode 100644 index 0000000000..98394a7ec4 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9caa988-ef52-43dc-9074-7ccd4cf1daed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f2b77a4-809c-4941-82b2-29f64a3f1761", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9caa988-ef52-43dc-9074-7ccd4cf1daed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.819917Z", + "modified": "2024-12-14T00:22:13.819917Z", + "name": "CVE-2023-37969", + "description": "Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab205cf1-a9d4-4f9d-9453-113ad5edc68f.json b/objects/vulnerability/vulnerability--ab205cf1-a9d4-4f9d-9453-113ad5edc68f.json new file mode 100644 index 0000000000..3a2be8f468 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab205cf1-a9d4-4f9d-9453-113ad5edc68f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11e08e0c-aa8a-4c4e-ab45-4dac81cdfce6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab205cf1-a9d4-4f9d-9453-113ad5edc68f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.334964Z", + "modified": "2024-12-14T00:22:14.334964Z", + "name": "CVE-2023-32520", + "description": "Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-32520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab3a1dde-cc7e-4f62-aea5-a38a058282d7.json b/objects/vulnerability/vulnerability--ab3a1dde-cc7e-4f62-aea5-a38a058282d7.json new file mode 100644 index 0000000000..6edc1e1162 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab3a1dde-cc7e-4f62-aea5-a38a058282d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cae934e4-36b3-4f0f-8b43-8b1c0cc6cd78", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab3a1dde-cc7e-4f62-aea5-a38a058282d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:13.379315Z", + "modified": "2024-12-14T00:22:13.379315Z", + "name": "CVE-2023-38479", + "description": "Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-38479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab829497-8833-4ccc-ab24-9b337007876f.json b/objects/vulnerability/vulnerability--ab829497-8833-4ccc-ab24-9b337007876f.json new file mode 100644 index 0000000000..bcbfb0ed65 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab829497-8833-4ccc-ab24-9b337007876f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d33aa503-b378-4c53-8db9-aca5458b9965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab829497-8833-4ccc-ab24-9b337007876f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:03.484508Z", + "modified": "2024-12-14T00:22:03.484508Z", + "name": "CVE-2024-22461", + "description": "Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22461" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--adc7840f-b905-4993-a876-11649d8afdd8.json b/objects/vulnerability/vulnerability--adc7840f-b905-4993-a876-11649d8afdd8.json new file mode 100644 index 0000000000..e2a9d6a918 --- /dev/null +++ b/objects/vulnerability/vulnerability--adc7840f-b905-4993-a876-11649d8afdd8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ccdfcb5-30ce-4f93-9318-bbb7f5e052b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--adc7840f-b905-4993-a876-11649d8afdd8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.589497Z", + "modified": "2024-12-14T00:22:08.589497Z", + "name": "CVE-2022-45840", + "description": "Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--add1c636-9d44-4486-99e9-c9b6ff90e814.json b/objects/vulnerability/vulnerability--add1c636-9d44-4486-99e9-c9b6ff90e814.json new file mode 100644 index 0000000000..8b52e5e4d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--add1c636-9d44-4486-99e9-c9b6ff90e814.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0932d37-1637-4465-a612-ac8482c1c723", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--add1c636-9d44-4486-99e9-c9b6ff90e814", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:08.618979Z", + "modified": "2024-12-14T00:22:08.618979Z", + "name": "CVE-2022-45819", + "description": "Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-45819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae971184-0ef6-40ea-9e93-51d75995ec28.json b/objects/vulnerability/vulnerability--ae971184-0ef6-40ea-9e93-51d75995ec28.json new file mode 100644 index 0000000000..ed99ebd7a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--ae971184-0ef6-40ea-9e93-51d75995ec28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ccaf842-850a-4559-b273-8aca8613767a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae971184-0ef6-40ea-9e93-51d75995ec28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:14.136515Z", + "modified": "2024-12-14T00:22:14.136515Z", + "name": "CVE-2023-36509", + "description": "Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-36509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0f3475a-98b5-43ae-bb66-f1b67b276be9.json b/objects/vulnerability/vulnerability--b0f3475a-98b5-43ae-bb66-f1b67b276be9.json new file mode 100644 index 0000000000..0fa4de5910 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0f3475a-98b5-43ae-bb66-f1b67b276be9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e9cfcc2-ef47-4b21-8ffd-0f164161a9ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0f3475a-98b5-43ae-bb66-f1b67b276be9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-14T00:22:04.175846Z", + "modified": "2024-12-14T00:22:04.175846Z", + "name": "CVE-2024-55889", + "description": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an