Auto-Update: 2026-02-26T07:00:12.873020+00:00

Author: cad-safe-bot

CVE-2026/CVE-2026-13xx/CVE-2026-1311.json

@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2026-1311",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2026-02-26T05:17:41.933",
+  "lastModified": "2026-02-26T05:17:41.933",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/tags/0.2.4/inc/libs/upload-backup.php#L97",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/worry-proof-backup/trunk/inc/libs/upload-backup.php#L97",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd6ce0-2536-43a5-9925-438bc653d0e5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2026/CVE-2026-237xx/CVE-2026-23703.json

@@ -0,0 +1,104 @@
+{
+  "id": "CVE-2026-23703",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2026-02-26T06:17:15.893",
+  "lastModified": "2026-02-26T06:17:15.893",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 8.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN48498976/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260226_01.pdf",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2026/CVE-2026-251xx/CVE-2026-25191.json

@@ -0,0 +1,104 @@
+{
+  "id": "CVE-2026-25191",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2026-02-26T06:17:16.200",
+  "lastModified": "2026-02-26T06:17:16.200",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-427"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN48498976/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260226_01.pdf",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2026-02-26T05:00:12.424657+00:00
+2026-02-26T07:00:12.873020+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2026-02-26T03:16:05.293000+00:00
+2026-02-26T06:17:16.200000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,39 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-334896
+334899
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `3`
 
-- [CVE-2026-1779](CVE-2026/CVE-2026-17xx/CVE-2026-1779.json) (`2026-02-26T03:16:03.827`)
-- [CVE-2026-2356](CVE-2026/CVE-2026-23xx/CVE-2026-2356.json) (`2026-02-26T03:16:05.293`)
-- [CVE-2026-23999](CVE-2026/CVE-2026-239xx/CVE-2026-23999.json) (`2026-02-26T03:16:04.010`)
-- [CVE-2026-24004](CVE-2026/CVE-2026-240xx/CVE-2026-24004.json) (`2026-02-26T03:16:04.183`)
-- [CVE-2026-25963](CVE-2026/CVE-2026-259xx/CVE-2026-25963.json) (`2026-02-26T03:16:04.350`)
-- [CVE-2026-27465](CVE-2026/CVE-2026-274xx/CVE-2026-27465.json) (`2026-02-26T03:16:04.520`)
-- [CVE-2026-27963](CVE-2026/CVE-2026-279xx/CVE-2026-27963.json) (`2026-02-26T03:16:04.687`)
-- [CVE-2026-27974](CVE-2026/CVE-2026-279xx/CVE-2026-27974.json) (`2026-02-26T03:16:04.970`)
-- [CVE-2026-27975](CVE-2026/CVE-2026-279xx/CVE-2026-27975.json) (`2026-02-26T03:16:05.130`)
+- [CVE-2026-1311](CVE-2026/CVE-2026-13xx/CVE-2026-1311.json) (`2026-02-26T05:17:41.933`)
+- [CVE-2026-23703](CVE-2026/CVE-2026-237xx/CVE-2026-23703.json) (`2026-02-26T06:17:15.893`)
+- [CVE-2026-25191](CVE-2026/CVE-2026-251xx/CVE-2026-25191.json) (`2026-02-26T06:17:16.200`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `11`
-
-- [CVE-2025-15563](CVE-2025/CVE-2025-155xx/CVE-2025-15563.json) (`2026-02-26T03:01:05.477`)
-- [CVE-2025-15582](CVE-2025/CVE-2025-155xx/CVE-2025-15582.json) (`2026-02-26T03:09:26.733`)
-- [CVE-2025-15583](CVE-2025/CVE-2025-155xx/CVE-2025-15583.json) (`2026-02-26T03:09:55.007`)
-- [CVE-2025-70327](CVE-2025/CVE-2025-703xx/CVE-2025-70327.json) (`2026-02-26T03:06:04.013`)
-- [CVE-2025-70328](CVE-2025/CVE-2025-703xx/CVE-2025-70328.json) (`2026-02-26T03:06:13.490`)
-- [CVE-2026-24443](CVE-2026/CVE-2026-244xx/CVE-2026-24443.json) (`2026-02-26T03:00:27.553`)
-- [CVE-2026-27741](CVE-2026/CVE-2026-277xx/CVE-2026-27741.json) (`2026-02-26T03:03:26.457`)
-- [CVE-2026-27742](CVE-2026/CVE-2026-277xx/CVE-2026-27742.json) (`2026-02-26T03:04:02.447`)
-- [CVE-2026-27973](CVE-2026/CVE-2026-279xx/CVE-2026-27973.json) (`2026-02-26T03:16:04.850`)
-- [CVE-2026-2861](CVE-2026/CVE-2026-28xx/CVE-2026-2861.json) (`2026-02-26T03:07:08.633`)
-- [CVE-2026-3028](CVE-2026/CVE-2026-30xx/CVE-2026-3028.json) (`2026-02-26T03:05:29.523`)
+Recently modified CVEs: `0`
+
 
 
 ## Download and Usage