generated content from 2025-01-26

Author: github-actions[bot]

mapping.csv

@@ -265104,3 +265104,53 @@ vulnerability,CVE-2025-0703,vulnerability--91b11a0a-140f-449f-b5fe-f91279d3d90e
 vulnerability,CVE-2025-0314,vulnerability--b7b686f5-82f6-4f06-afd0-cd18b44368ef
 vulnerability,CVE-2025-0701,vulnerability--bab9ecfb-a51b-479d-8f5e-278f8ea95101
 vulnerability,CVE-2019-15690,vulnerability--283f35d2-b005-4450-b9d1-f6850daf1296
+vulnerability,CVE-2024-12529,vulnerability--b5dfa802-95a2-4445-8e69-d85eb85d8e2a
+vulnerability,CVE-2024-12826,vulnerability--d70f405f-5fc1-458f-8f23-e57361fae2dc
+vulnerability,CVE-2024-12113,vulnerability--bef88d9b-c5f4-4d62-9a51-5740a09318bf
+vulnerability,CVE-2024-12817,vulnerability--95625bcb-4483-41fe-a51c-cab67ac4cb4f
+vulnerability,CVE-2024-12076,vulnerability--9203a4a7-7354-4384-863c-c376f98872d8
+vulnerability,CVE-2024-12512,vulnerability--b8faafd6-c5dc-4160-b978-3108d49bd72a
+vulnerability,CVE-2024-12885,vulnerability--a6f93c01-dcce-4b3e-aa2a-5c5c884d2cac
+vulnerability,CVE-2024-12600,vulnerability--900d5653-62a9-4954-8697-e1dc6c4939ed
+vulnerability,CVE-2024-12816,vulnerability--cec0035b-14ba-47c1-8a57-8b4808cd136e
+vulnerability,CVE-2024-10552,vulnerability--3192d776-6bce-49f6-aadd-7cf65f63c290
+vulnerability,CVE-2024-35111,vulnerability--6f77546d-2077-4e25-a3e0-8bc38256eba3
+vulnerability,CVE-2024-35150,vulnerability--9698d579-13b9-4b8f-88b3-281f76bb2090
+vulnerability,CVE-2024-35144,vulnerability--e150e9a9-676e-44f3-99a8-4c5abaf1e5d2
+vulnerability,CVE-2024-35145,vulnerability--cf2e9a57-bff7-42fb-abf9-4663fe409c86
+vulnerability,CVE-2024-35148,vulnerability--b566784a-07e9-40fd-ac59-1fe0be386403
+vulnerability,CVE-2024-35114,vulnerability--caead157-bd8f-4603-9365-f3c72696b673
+vulnerability,CVE-2024-35134,vulnerability--7432b193-f74e-47f0-8166-4d8545b4bb75
+vulnerability,CVE-2024-35113,vulnerability--051b1598-7931-40e8-aa9e-b0e9f030793e
+vulnerability,CVE-2024-35112,vulnerability--75809c3f-780e-4685-91b6-2af33fbab00e
+vulnerability,CVE-2024-13586,vulnerability--dff38f20-7f26-4667-aed3-c66f772b95b8
+vulnerability,CVE-2024-13599,vulnerability--25383b05-70d1-4eb0-8260-2de9b458f8a0
+vulnerability,CVE-2024-13550,vulnerability--a1565a94-521d-4825-a4f5-f6acfe03a14c
+vulnerability,CVE-2024-13441,vulnerability--324e7417-b485-4f3c-890c-a69a6429837b
+vulnerability,CVE-2024-13551,vulnerability--7a4c1e48-85f4-4bc3-9a7f-f251abf84305
+vulnerability,CVE-2024-13458,vulnerability--df3581dd-3cb9-45fd-83f7-cf50cae9f11a
+vulnerability,CVE-2024-13548,vulnerability--fc503c1f-6cbd-40ab-91d1-278f75d76913
+vulnerability,CVE-2024-13709,vulnerability--aac9d5fe-3f99-47cf-b2df-b48b480c8072
+vulnerability,CVE-2024-13449,vulnerability--f191e7af-318e-4f05-9dc5-4edc9a7c6e18
+vulnerability,CVE-2024-13450,vulnerability--885a9479-c03f-4389-8c35-8e1d98747674
+vulnerability,CVE-2024-13721,vulnerability--34320920-4938-4993-afce-31ab1fcba28f
+vulnerability,CVE-2024-13562,vulnerability--2d893901-e38a-43e5-9b07-a52fbaf6f228
+vulnerability,CVE-2024-13467,vulnerability--b658800d-0572-4b4e-94d0-82fe191fabd1
+vulnerability,CVE-2024-13370,vulnerability--54bcb0b8-a813-464b-94b6-638555eecfd1
+vulnerability,CVE-2024-13368,vulnerability--a1636d1d-300d-44fd-a7bf-9f3e34bd879c
+vulnerability,CVE-2024-39750,vulnerability--e06097fe-debd-4ea1-b502-74a63a0a4544
+vulnerability,CVE-2024-11825,vulnerability--a626226b-6c74-499d-8a63-60a0cabbbf5d
+vulnerability,CVE-2023-38012,vulnerability--860b626f-4135-47a5-b86b-9bf87b4e1c41
+vulnerability,CVE-2023-38271,vulnerability--c4dc6fb3-65f4-49c1-b48f-eb59019f7da7
+vulnerability,CVE-2023-38716,vulnerability--e003a371-4de6-4993-a067-a6284616acc6
+vulnerability,CVE-2023-38714,vulnerability--91413055-7448-4a8e-a3a9-8b099293bdd2
+vulnerability,CVE-2023-38013,vulnerability--475e24b8-49cf-4676-928f-084422eb2287
+vulnerability,CVE-2023-38713,vulnerability--516c7cea-daa0-4c20-a4cc-90749ac01058
+vulnerability,CVE-2025-24360,vulnerability--c30053ab-fd86-4f07-9d90-169928147777
+vulnerability,CVE-2025-24361,vulnerability--015cef04-86e8-408b-9bb1-7b2561f41913
+vulnerability,CVE-2025-0543,vulnerability--8dea21b8-4c0d-4300-9e59-0e40ea90d28a
+vulnerability,CVE-2025-0682,vulnerability--a060c5a1-d179-4e63-8571-8be0e2a43467
+vulnerability,CVE-2025-0542,vulnerability--0281b54d-8966-4b5a-b5bb-5fe3a5b59df6
+vulnerability,CVE-2025-0411,vulnerability--b8cb1fbb-7abf-4e97-8d52-1db3e1cd4e30
+vulnerability,CVE-2025-0357,vulnerability--dda2aa42-795f-4afb-a24f-3b8ffa5bc9f1
+vulnerability,CVE-2025-0350,vulnerability--e2193644-fef9-4828-9c28-005f901c037a

objects/vulnerability/vulnerability--015cef04-86e8-408b-9bb1-7b2561f41913.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--117c627f-22b3-45ff-8598-da73b78fbdaf",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--015cef04-86e8-408b-9bb1-7b2561f41913",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:21:03.22228Z",
+            "modified": "2025-01-26T00:21:03.22228Z",
+            "name": "CVE-2025-24361",
+            "description": "Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-24361"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--0281b54d-8966-4b5a-b5bb-5fe3a5b59df6.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b4fc6269-d571-48ab-b013-5f0fc2e8e6e3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--0281b54d-8966-4b5a-b5bb-5fe3a5b59df6",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:21:03.270405Z",
+            "modified": "2025-01-26T00:21:03.270405Z",
+            "name": "CVE-2025-0542",
+            "description": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2025-0542"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--051b1598-7931-40e8-aa9e-b0e9f030793e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--621f2098-ea7a-4c14-a90f-9000c2fa0c11",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--051b1598-7931-40e8-aa9e-b0e9f030793e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.666584Z",
+            "modified": "2025-01-26T00:20:53.666584Z",
+            "name": "CVE-2024-35113",
+            "description": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\ncould allow an authenticated user to obtain sensitive information exposed through a directory listing.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-35113"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--25383b05-70d1-4eb0-8260-2de9b458f8a0.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--6c4b01c4-7f6d-4b93-bd81-8d7fc14c8652",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--25383b05-70d1-4eb0-8260-2de9b458f8a0",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.674873Z",
+            "modified": "2025-01-26T00:20:53.674873Z",
+            "name": "CVE-2024-13599",
+            "description": "The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-13599"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--2d893901-e38a-43e5-9b07-a52fbaf6f228.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b858370a-e2f6-49aa-8b65-c543768bcf29",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2d893901-e38a-43e5-9b07-a52fbaf6f228",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.710616Z",
+            "modified": "2025-01-26T00:20:53.710616Z",
+            "name": "CVE-2024-13562",
+            "description": "The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data  stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-13562"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--3192d776-6bce-49f6-aadd-7cf65f63c290.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--25420ab2-7768-4e09-b7cb-011204189485",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--3192d776-6bce-49f6-aadd-7cf65f63c290",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.267408Z",
+            "modified": "2025-01-26T00:20:53.267408Z",
+            "name": "CVE-2024-10552",
+            "description": "The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-10552"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--324e7417-b485-4f3c-890c-a69a6429837b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--addd9d52-7952-4a12-a55e-db53c6b13063",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--324e7417-b485-4f3c-890c-a69a6429837b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.679006Z",
+            "modified": "2025-01-26T00:20:53.679006Z",
+            "name": "CVE-2024-13441",
+            "description": "The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-13441"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--34320920-4938-4993-afce-31ab1fcba28f.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--38b3bbdd-6ca2-4780-88ff-cfd75bfdd3f4",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--34320920-4938-4993-afce-31ab1fcba28f",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:53.708223Z",
+            "modified": "2025-01-26T00:20:53.708223Z",
+            "name": "CVE-2024-13721",
+            "description": "The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-13721"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--475e24b8-49cf-4676-928f-084422eb2287.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--86a0cd77-282a-47bc-aad2-f9f87d220b04",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--475e24b8-49cf-4676-928f-084422eb2287",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2025-01-26T00:20:58.351553Z",
+            "modified": "2025-01-26T00:20:58.351553Z",
+            "name": "CVE-2023-38013",
+            "description": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-38013"
+                }
+            ]
+        }
+    ]
+}