admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-25 00:19:00 +00:00
parent 1b3ef58d2a
commit 17caeca8ab
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -3604,6 +3604,7 @@
{"ID":"CVE-2025-55748","Info":{"Name":"XWiki Platform - Path Traversal","Severity":"high","Description":"XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-55748.yaml"}
{"ID":"CVE-2025-55749","Info":{"Name":"XWiki - Information Disclosure","Severity":"high","Description":"XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-55749.yaml"}
{"ID":"CVE-2025-5605","Info":{"Name":"WSO2 Management Console - Authentication Bypass","Severity":"medium","Description":"An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-5605.yaml"}
{"ID":"CVE-2025-56132","Info":{"Name":"LiquidFiles \u003c 4.2 - User Enumeration via Password Reset","Severity":"high","Description":"LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2025/CVE-2025-56132.yaml"}
{"ID":"CVE-2025-56266","Info":{"Name":"Avigilon ACM - Host Header Injection","Severity":"medium","Description":"A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-56266.yaml"}
{"ID":"CVE-2025-56520","Info":{"Name":"Dify v1.6.0 - Server-Side Request Forgery","Severity":"high","Description":"Dify v1.6.0 contains a server side request forgery caused by improper validation in controllers.console.remote_files.RemoteFileUploadApi, letting attackers make arbitrary requests from the server, exploit requires network access.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2025/CVE-2025-56520.yaml"}
{"ID":"CVE-2025-56819","Info":{"Name":"Datart v1.0.0-rc.3 - Remote Code Execution","Severity":"critical","Description":"Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-56819.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
68fb1139904e79bdf14334d6b8686a06
64cb4499bf21d03f1ee5b63897495811