chore: generate CVEs metadata 🤖

cves.json

@@ -2268,7 +2268,6 @@
 {"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
 {"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"}
 {"ID":"CVE-2023-29827","Info":{"Name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","Severity":"critical","Description":"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29827.yaml"}
-{"ID":"CVE-2023-2986","Info":{"Name":"Abandoned Cart Lite for WooCommerce - Authentication Bypass","Severity":"critical","Description":"The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2986.yaml"}
 {"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"}
 {"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
 {"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
@@ -3017,7 +3016,6 @@
 {"ID":"CVE-2024-9463","Info":{"Name":"PaloAlto Networks Expedition - Remote Code Execution","Severity":"critical","Description":"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9463.yaml"}
 {"ID":"CVE-2024-9465","Info":{"Name":"Palo Alto Expedition - SQL Injection","Severity":"high","Description":"An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-9465.yaml"}
 {"ID":"CVE-2024-9474","Info":{"Name":"PAN-OS Management Web Interface - Command Injection","Severity":"high","Description":"A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\nCloud NGFW and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2024/CVE-2024-9474.yaml"}
-{"ID":"CVE-2024-9487","Info":{"Name":"GitHub Enterprise - SAML Authentication Bypass","Severity":"critical","Description":"An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-9487.yaml"}
 {"ID":"CVE-2024-9593","Info":{"Name":"Time Clock \u003c= 1.2.2 \u0026 Time Clock Pro \u003c= 1.1.4 - Remote Code Execution","Severity":"high","Description":"The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-9593.yaml"}
 {"ID":"CVE-2024-9617","Info":{"Name":"Danswer - Insecure Direct Object Reference","Severity":"medium","Description":"The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-9617.yaml"}
 {"ID":"CVE-2024-9707","Info":{"Name":"Hunk Companion \u003c= 1.8.4 - Arbitrary Plugin Installation","Severity":"critical","Description":"The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-9707.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-0b915025457fbcb7fbd4496a7ad889c3
+425043415754e2088d800df9ae84a558