Merge branch 'main' into Release-Prep---v10.3.6

.github/workflows/cve-enhancement.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.11'
 

.new-additions

@@ -2,17 +2,20 @@ dast/ai/ai-code-execution.yaml
 dast/ai/ai-data-exfiltration.yaml
 dast/ai/ai-prompt-injection.yaml
 dast/ai/ai-safety-bypass.yaml
+headless/mozilla-pdfjs-content-spoofing.yaml
 http/cves/2015/CVE-2015-8350.yaml
 http/cves/2017/CVE-2017-17762.yaml
 http/cves/2017/CVE-2017-18580.yaml
 http/cves/2019/CVE-2019-4061.yaml
 http/cves/2019/CVE-2019-5591.yaml
+http/cves/2019/CVE-2019-9082.yaml
 http/cves/2020/CVE-2020-12832.yaml
 http/cves/2020/CVE-2020-20627.yaml
 http/cves/2020/CVE-2020-25200.yaml
 http/cves/2020/CVE-2020-26836.yaml
 http/cves/2021/CVE-2021-20617.yaml
 http/cves/2021/CVE-2021-2135.yaml
+http/cves/2021/CVE-2021-22175.yaml
 http/cves/2021/CVE-2021-24657.yaml
 http/cves/2021/CVE-2021-24681.yaml
 http/cves/2021/CVE-2021-25082.yaml
@@ -20,6 +23,7 @@ http/cves/2021/CVE-2021-3007.yaml
 http/cves/2021/CVE-2021-33829.yaml
 http/cves/2021/CVE-2021-35042.yaml
 http/cves/2021/CVE-2021-37415.yaml
+http/cves/2022/CVE-2022-0765.yaml
 http/cves/2022/CVE-2022-0873.yaml
 http/cves/2022/CVE-2022-1029.yaml
 http/cves/2022/CVE-2022-34305.yaml
@@ -32,14 +36,18 @@ http/cves/2023/CVE-2023-38952.yaml
 http/cves/2023/CVE-2023-45038.yaml
 http/cves/2023/CVE-2023-6266.yaml
 http/cves/2023/CVE-2023-7164.yaml
+http/cves/2024/CVE-2024-25608.yaml
+http/cves/2024/CVE-2024-28200.yaml
 http/cves/2024/CVE-2024-28253.yaml
 http/cves/2024/CVE-2024-2862.yaml
 http/cves/2024/CVE-2024-2863.yaml
 http/cves/2024/CVE-2024-31223.yaml
+http/cves/2024/CVE-2024-33939.yaml
 http/cves/2024/CVE-2024-35693.yaml
 http/cves/2024/CVE-2024-35694.yaml
 http/cves/2024/CVE-2024-39646.yaml
 http/cves/2024/CVE-2024-47374.yaml
+http/cves/2025/CVE-2025-12139.yaml
 http/cves/2025/CVE-2025-13486.yaml
 http/cves/2025/CVE-2025-14611.yaml
 http/cves/2025/CVE-2025-34299.yaml
@@ -50,8 +58,10 @@ http/cves/2025/CVE-2025-55749.yaml
 http/cves/2025/CVE-2025-56266.yaml
 http/cves/2025/CVE-2025-56819.yaml
 http/cves/2025/CVE-2025-63387.yaml
+http/cves/2025/CVE-2025-68613.yaml
 http/cves/2025/CVE-2025-9808.yaml
 http/exposed-panels/cisco-esa-panel.yaml
+http/exposed-panels/hpe-oneview-panel.yaml
 http/exposed-panels/temboard-panel.yaml
 http/exposures/apis/ambassador-api-diagnostics-exposure.yaml
 http/exposures/backups/wordpress-db-exposure.yaml
@@ -69,9 +79,12 @@ http/exposures/files/wp-w3-total-cache-exposure.yaml
 http/exposures/files/yarn-integrity-disclosure.yaml
 http/exposures/logs/bitrix-log-file-disclosure.yaml
 http/exposures/logs/wp-easy-google-fonts-log-disclosure.yaml
+http/exposures/logs/wp-flexible-shipping-log.yaml
 http/exposures/logs/wp-importer-log-disclosure.yaml
 http/exposures/logs/wp-pretty-link-log-disclosure.yaml
+http/exposures/logs/wp-wps-hide-login-log.yaml
 http/global-matchers/secrets-patterns-pii.yaml
+http/misconfiguration/apache/apache-mod-negotiation-listing.yaml
 http/misconfiguration/browserconfig-xml.yaml
 http/misconfiguration/buildpath-file-disclosure.yaml
 http/misconfiguration/eslint-ignore-exposure.yaml
@@ -81,28 +94,42 @@ http/misconfiguration/jetty-directory-listing.yaml
 http/misconfiguration/jfrog-artifactory-exposure.yaml
 http/misconfiguration/joomla/joomla-registration-enabled.yaml
 http/misconfiguration/nexus-repository-anonymous-access.yaml
+http/misconfiguration/vscode-slnx-sqlite-disclosure.yaml
+http/misconfiguration/wordpress/nextgen-gallery-pro-error-log.yaml
+http/misconfiguration/wordpress/wordfence-rules-disclosure.yaml
+http/misconfiguration/wordpress/wordfence-waf-logs-disclosure.yaml
+http/misconfiguration/wordpress/wordpress-amp-fpd.yaml
 http/misconfiguration/wordpress/wordpress-cmb2-fpd.yaml
 http/misconfiguration/wordpress/wordpress-imsanity-fpd.yaml
+http/misconfiguration/wordpress/wordpress-storefront-fpd.yaml
+http/misconfiguration/wordpress/wp-add-to-any-fpd.yaml
 http/misconfiguration/wordpress/wp-astra-sites-fpd.yaml
 http/misconfiguration/wordpress/wp-beaver-builder-lite-version-fpd.yaml
 http/misconfiguration/wordpress/wp-cookie-law-info-fpd.yaml
 http/misconfiguration/wordpress/wp-image-widget-fpd.yaml
+http/misconfiguration/wordpress/wp-iwp-client-fpd.yaml
 http/misconfiguration/wordpress/wp-maintenance-mode-fpd.yaml
 http/misconfiguration/wordpress/wp-members-error-log-disclosure.yaml
+http/misconfiguration/wordpress/wp-migrate-db-fpd.yaml
 http/misconfiguration/wordpress/wp-oceanwp-fpd.yaml
+http/misconfiguration/wordpress/wp-pretty-links-fpd.yaml
 http/misconfiguration/wordpress/wp-rank-math-seo-fpd.yaml
 http/misconfiguration/wordpress/wp-safe-svg-fpd.yaml
 http/misconfiguration/wordpress/wp-simple-301-redirects-fpd.yaml
 http/misconfiguration/wordpress/wp-smushit-fpd.yaml
+http/misconfiguration/wordpress/wp-svg-support-fpd.yaml
+http/misconfiguration/wordpress/wp-table-of-contents-plus-fpd.yaml
 http/misconfiguration/wordpress/wp-the-events-calendar-fpd.yaml
 http/misconfiguration/wordpress/wp-toc-plus-fpd.yaml
 http/misconfiguration/wordpress/wp-wordfence-fpd.yaml
 http/misconfiguration/wordpress/wp-wp-mail-smtp-fpd.yaml
+http/misconfiguration/wordpress/wp-yith-woocommerce-wishlist-fpd.yaml
 http/misconfiguration/wordpress/wp-yoast-seo-fpd.yaml
 http/misconfiguration/x-backend-server-header-detect.yaml
 http/technologies/fastcgi-test-page.yaml
 http/technologies/krpano-detect.yaml
 http/vulnerabilities/cross-site-tracing-xss.yaml
+http/vulnerabilities/jira/jira-https-mode-open-redirect.yaml
 http/vulnerabilities/wordpress/wordpress-meta-box-fpd.yaml
 http/vulnerabilities/wordpress/wp-acf-fpd.yaml
 http/vulnerabilities/wordpress/wp-admin-menu-editor-fpd.yaml
@@ -112,6 +139,7 @@ http/vulnerabilities/wordpress/wp-astra-fpd.yaml
 http/vulnerabilities/wordpress/wp-better-wp-security-login-disclosure.yaml
 http/vulnerabilities/wordpress/wp-buddypress-open-redirect.yaml
 http/vulnerabilities/wordpress/wp-caldera-forms-xss.yaml
+http/vulnerabilities/wordpress/wp-contact-form-7-fpd.yaml
 http/vulnerabilities/wordpress/wp-contact-form-fpd.yaml
 http/vulnerabilities/wordpress/wp-duplicate-post-fpd.yaml
 http/vulnerabilities/wordpress/wp-duracelltomi-google-tag-manager-fpd.yaml
@@ -134,3 +162,15 @@ http/vulnerabilities/wordpress/wp-woocommerce-admin-fpd.yaml
 http/vulnerabilities/wordpress/wp-worker-fpd.yaml
 javascript/misconfiguration/apache-kvrocks-exposed.yaml
 network/cves/2025/CVE-2025-47188.yaml
+network/detection/ics/allen-bradley/allen-bradley-compactlogix-detect.yaml
+network/detection/ics/allen-bradley/allen-bradley-guardplc-detect.yaml
+network/detection/ics/allen-bradley/allen-bradley-micro800-detect.yaml
+network/detection/ics/allen-bradley/allen-bradley-micrologix-detect.yaml
+network/detection/ics/allen-bradley/allen-bradley-plc5-detect.yaml
+network/detection/ics/allen-bradley/allen-bradley-slc-500-detect.yaml
+network/detection/ics/red-lion-enip-detect.yaml
+network/detection/ics/schneider-modicon/schneider-modicon-340-detect.yaml
+network/detection/ics/schneider-modicon/schneider-modicon-580-detect.yaml
+network/enumeration/modicon-info.yaml
+network/honeypot/cpppo-ethernetip-cip-honeypot.yaml
+network/honeypot/snap7-honeypot-default-config.yaml

code/cves/2019/CVE-2019-0604.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2019-0604
     cwe-id: CWE-20
     epss-score: 0.94441
-    epss-percentile: 0.99987
+    epss-percentile: 0.99989
   metadata:
     verified: true
     vendor: microsoft
@@ -156,4 +156,4 @@ code:
           - 'contains(interactsh_protocol, "dns")'
           - 'contains(interactsh_request, hex_encode(marker))'
         condition: and
-# digest: 4a0a004730450220600627600e33850058bda0d2fedbccee3cdb29c89da7d07cf44425cfb7d25dcc022100907e0ee946aec1b4d4d686bb6cc22e09c035672c7595e4c2bbfa575c84a58b72:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e3197ee26d9a33ce29fd4c4d0641965e50f542e4fb7bb0f5ba6941627d2dcf0502201f3daf9691d36d40df94de608d0e527a506b79315ccff56abb94fe6d8df1446e:922c64590222798bb761d5b6d8e72950

code/cves/2019/CVE-2019-14287.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2019-14287
     cwe-id: CWE-755
     epss-score: 0.86126
-    epss-percentile: 0.99362
+    epss-percentile: 0.99363
     cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -51,4 +51,4 @@ code:
           - '!contains(code_1_response, "root")'
           - 'contains(code_2_response, "root")'
         condition: and
-# digest: 4a0a00473045022100f5d6f1c29f7b3636a4732fb28b51323249ff337eee53d5989e440fa9cf735b570220408063459aa47dbac7de7bdc8fed2d17e1ef8ba534daf253db160bf459e823a1:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402207da3bb682a789a7befbba813fd1ffd86e0b8f4256cb07ef859129b6c5ad2d7b602206521b9e23d2ab773c9a3261121074090d038e2282951efab12bb1d6a0a4fcc7f:922c64590222798bb761d5b6d8e72950

code/cves/2020/CVE-2020-0646.yaml

@@ -106,4 +106,4 @@ code:
           - 'contains(content_type, "text/xml")'
           - 'status_code == 200'
         condition: and
-# digest: 490a00463044022041a7ae65857291d9e5e3716a9e3c05795ca37f767229f56e91677546f8f896c20220169ad7d648465aaef9fbb6bcf5f6b78a4f5e21d028419891e139ea45c3be176a:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c96573c5a4813321bb19d7fbc07d2cf214ec421e5420d23a865cc2e73a273af7022100d1cdfeb81dd7ddeab0c6b62f36add3be2c6dc9c580b44f5efebb072e31f177d6:922c64590222798bb761d5b6d8e72950

code/cves/2020/CVE-2020-13935.yaml

@@ -14,8 +14,8 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
     cvss-score: 7.5
     cve-id: CVE-2020-13935
-    epss-score: 0.91745
-    epss-percentile: 0.99663
+    epss-score: 0.92155
+    epss-percentile: 0.99694
   reference:
     - http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
     - http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html

code/cves/2021/CVE-2021-3156.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2021-3156
     cwe-id: CWE-193
     epss-score: 0.92391
-    epss-percentile: 0.99713
+    epss-percentile: 0.99714
     cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -44,4 +44,4 @@ code:
           - "malloc(): memory corruption"
           - "Aborted (core dumped)"
         condition: and
-# digest: 490a0046304402205cfcfa397bb2608165b4222e0c38dad3e73fc733e6960656c52df93dd3751f7302207b36084a4b35a19edd4ce94b42f35f00d018ef1fb8f0500424dc04f8a503924b:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203df9be461a57614c6b46ca49c35b41fa6b2fb2534c980d84e6236ce47fdb4e8e02204fa5b6af49da2b129dc26e6eb1d3c60fc01f59a836a7940f4ec9e751519fccc5:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-2640.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 7.8
     cve-id: CVE-2023-2640
     cwe-id: CWE-863
-    epss-score: 0.91742
-    epss-percentile: 0.99663
+    epss-score: 0.91622
+    epss-percentile: 0.99657
     cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -55,4 +55,4 @@ code:
           - '!contains(code_1_response, "(root)")'
           - 'contains(code_2_response, "(root)")'
         condition: and
-# digest: 4a0a00473045022100d3a5d0c93ae0db1aec4ed3298693356385389c2a3904faa3f1598cf66be17b6a02205f5c6b9982a210c77c649492b93de08b90fefa55aa003c8ad448739ad54586ac:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f28c89bda9b71065f22cdb961366a405a7ff70cab3b32fa4121c4c5169b99783022100c4626e893dd6d4d1222bc88cd8ef54de9040c38ec1a28c81b1b6ba16b29bd345:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-2986.yaml

@@ -21,7 +21,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2023-2986
     epss-score: 0.91644
-    epss-percentile: 0.99658
+    epss-percentile: 0.99657
     cpe: cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*
   metadata:
     verified: true
@@ -630,4 +630,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022008a14b4c6185d0bc2c69d71aaa1b2328762f561452ad966026615e59dbf04990022100ed0e980dcd1616714e09727046b3ca727b8ae8db4b5681477777e454ab7d38ba:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100bf5d88244dafec46b9a1c485da172072206337f5b655980de897ee0e8adb2312022100e18f9d073b8719c2450ae08c9a76473cdeadc4726f2024179ccccf156fbb8a2d:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-49105.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2023-49105
     cwe-id: CWE-287
-    epss-score: 0.89272
-    epss-percentile: 0.99519
+    epss-score: 0.89605
+    epss-percentile: 0.99534
     cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -94,4 +94,4 @@ http:
       - type: dsl
         dsl:
           - '"Username => "+ username'
-# digest: 4a0a004730450220429ad695a2f91f2466f2451866717b21b5f4b6073a008576bca1243242e85dae022100bba07b4ff0a1d1c16e741c437882baa4da951d53bac7ad7ba1f2a5b1d54c46c1:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f2c8146f3a68b4e6c557638c0ca3513a594bb918996e84e79d2fea143a0bf17b022100fdd20b9d914958210586cac97c98e3a87edc8527b8d1e2d17804cbb926e6c301:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-4911.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2023-4911
     cwe-id: CWE-787,CWE-122
     epss-score: 0.67806
-    epss-percentile: 0.98512
+    epss-percentile: 0.98514
     cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ code:
       - type: word
         words:
           - "139"     # Segmentation Fault Exit Code
-# digest: 490a00463044022076da9c731115d9954b91f459db5225734d74415ab2689f245f727d2c01b2807502206ee633dcd8818546d3be18db948572bf757376d2cbc3f1b057ebbce34110e45e:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022022ec2980e8d990ae3cdd528b8cbbdd77a35f173cddff532448d362e5074657ba02201883d9455c8c67e03a6757fb1ae61a88a75baf45995e984c01ef1b45219fe318:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-6246.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 7.8
     cve-id: CVE-2023-6246
     cwe-id: CWE-787,CWE-122
-    epss-score: 0.29143
-    epss-percentile: 0.96409
+    epss-score: 0.22922
+    epss-percentile: 0.95712
     cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ code:
       - type: word
         words:
           - "127"     # Segmentation Fault Exit Code
-# digest: 4a0a00473045022100a1a80718f7ac6e9348290a741c745eb5cdf9f0193873f35de00407e0b062c4d60220282d173fd43407415eec2dc95008de9f96440070aa8ed3aa5864ea30ad10516b:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022008ea0e1d19e6cd011eda4d8b8dcb960f7a6ba1867bedbadbd2f911734d9050b9022100cc3879611fcd1bb9a5f07c9606501175c03175ea70af86bf5c40a3d0f8cce02d:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-10443.yaml

@@ -17,8 +17,8 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2024-10443
     cwe-id: CWE-77
-    epss-score: 0.69055
-    epss-percentile: 0.98569
+    epss-score: 0.7214
+    epss-percentile: 0.98689
     cpe: cpe:2.3:a:synology:photos:*:*:*:*:*:diskstation_manager:*:*
   metadata:
     verified: true
@@ -58,4 +58,4 @@ code:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "dns"
-# digest: 4b0a00483046022100d3e04b1a81fa1667f85060c9cb2742bf9f20555d72f0c9e1de3b22c3a45ea068022100a2cb03bd80e74158eb2d002a6d73e7bca863c559f21e9679cbdecaa65dcfdb1f:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220374d293099f0da779fff1b1ec2eb02947b67221160a226020942362a77ffcb9f02203f1bb6ada3f8683f6b43f51e02f23bad0cdb26510acceb45d50d103b4b9f3d83:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-12356.yaml

@@ -18,7 +18,7 @@ info:
     cve-id: CVE-2024-12356
     cwe-id: CWE-77
     epss-score: 0.93687
-    epss-percentile: 0.99833
+    epss-percentile: 0.99832
     cpe: cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
   metadata:
     vendor: beyondtrust
@@ -41,4 +41,4 @@ code:
         words:
           - "0 success"
           - "1 try again later"
-# digest: 490a00463044022031883e8523fba2bdc5aa0009e1f9406e252d48f2ad971247895541e6d2503da40220468743f44ef99fdabf662caf744c73b08798ccc56bf68a339658e5a086930fdc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d22f13c871af74d4d54736cd710e0c61d35d86950ea5e2498da77777c49093c602206800f1ce2cd662725e1214dd4bfad26d4c92da140c586d1aa9e20f5a71e6d3f1:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-3094.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 10
     cve-id: CVE-2024-3094
     cwe-id: CWE-506
-    epss-score: 0.86551
-    epss-percentile: 0.99382
+    epss-score: 0.86337
+    epss-percentile: 0.99373
     cpe: cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -63,4 +63,4 @@ code:
       - type: dsl
         dsl:
           - response
-# digest: 490a00463044022014fd1e5eb3022a651bf87f38ed8f507a52bc8d6d9f7cb008bfeebe4d5ee404c20220465047efb6aeb95c67015b0ffea815ceac3fbc950ae5737058ae800c9aa36b23:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d88732ff6ab18871a93e119e21aeba1e72ddedab750a2b9839b79cd4dd6a465e022049955049f492403207fa73fbc70f83443388408d57c885d00129bc0bd122c3bc:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-4340.yaml

@@ -15,7 +15,7 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2024-4340
     epss-score: 0.16207
-    epss-percentile: 0.94586
+    epss-percentile: 0.94592
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-4340
   tags: cve,cve2024,py,code,dos,python,sqlparse,vuln
@@ -33,4 +33,4 @@ code:
         part: stderr
         words:
           - "RecursionError: maximum recursion depth exceeded"
-# digest: 4a0a004730450221008445c5b343b31c7c11cf98927229e3ad5b8f58033c60a49150c0b3caa3261f9a02205055c0578fb3c250b931d4fad851ca15c667b5a831e77c41625df155bb17d899:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b7e5231bb73f5191d7c29e57159b1361c52d90a075c710be2f0211a1ff6cd283022100d78011532136088c72bdbea14135f12af76a6f41755c4b48bd8461bf0d87a799:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-45409.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2024-45409
     cwe-id: CWE-347
     epss-score: 0.4139
-    epss-percentile: 0.97253
+    epss-percentile: 0.97256
   metadata:
     verified: true
     shodan-query: http.title:"GitLab"
@@ -123,4 +123,4 @@ http:
       - type: kval
         kval:
           - _gitlab_session
-# digest: 4b0a00483046022100c7f4afb56eeedd4240914948ab5d367f00edf09677838a4fd2e520da8f9c6ba1022100e1f762c58b03c7523ef350ef26844265033e808dbaadc2dec54578866c03d900:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205e1e58c24c7c303ef9f7cd6a7ab5011310029bd59b92e4ac3a9c028d3b5d87c80220238e2e9f37840c9e8288d4f11b42a8fb9ff078ca3359de4904640fc514848805:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-55556.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2024-55556
     cwe-id: CWE-502
     epss-score: 0.8111
-    epss-percentile: 0.99115
+    epss-percentile: 0.99117
   metadata:
     verified: true
     max-request: 2
@@ -195,4 +195,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a004830460221008c53a3d6242e7592a9565dc4369af5936aabe40abc249ee5f72208bc90d2b68b022100f5ffb6b426c8d1bcdfb46a0a48d6052d8fa9b115b0c3f6ce8b36a332dfcc8c31:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a9125429fa23be79c8f83ac804947393ed1a038fe8fb9d0a2f2b58d19102effc02204ccdb0294abeb3f2c3a6863fabaa0253f027d386cf62e8afdc56bc0ae5b74224:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-56331.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2024-56331
     cwe-id: CWE-22
     epss-score: 0.41406
-    epss-percentile: 0.97255
+    epss-percentile: 0.97258
   metadata:
     verified: true
     shodan-query: http.title:"Uptime Kuma"
@@ -124,4 +124,4 @@ code:
       - type: word
         words:
           - "/etc/passwd: {'ok': True, 'msg': 'successAdded'"
-# digest: 4b0a0048304602210081e1042706a64b70db0ab64b76d21297329a5341f297f585f63bcfcf21371459022100ba42f7f74b411b08ba3b2f399bf99ee5b72a893a94e7139caac7c3442d8c1e95:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a0048304602210081d663266d1a8e020034b26b334e6ea9e77d3d9e559d0214133f5597fb95743c022100c3b983222b475d1d5392816cdb463564febf97af2d55971cd5d4d81bcc277872:922c64590222798bb761d5b6d8e72950

code/cves/2024/CVE-2024-9487.yaml

@@ -15,7 +15,7 @@ info:
     - https://github.com/advisories/GHSA-g83h-4727-5rpv
   classification:
     epss-score: 0.55491
-    epss-percentile: 0.97963
+    epss-percentile: 0.97962
   metadata:
     verified: true
     shodan-query: title:"GitHub Enterprise"
@@ -192,4 +192,4 @@ http:
       - type: kval
         kval:
           - user_session
-# digest: 4a0a0047304502207ef2ddc017cd9d473413145910bf3ff9fc85e12eb5bc48ac49855be2ba866d0d022100c9b40bb36975093c598f16088207a0cb1c353bb30c187fe66eb6e57980781498:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c770ceeca2c28599d58e831bb3abb9c1e49ca0e6389596cb27b53dbda677dd2b02207fc9ee2ff8cee94f825f9e7bdcbb424611235b3f8b0bc0fd486e9179b1e24a67:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-1550.yaml

@@ -16,7 +16,7 @@ info:
     - https://towerofhanoi.it/writeups/cve-2025-1550/
   classification:
     epss-score: 0.04785
-    epss-percentile: 0.89105
+    epss-percentile: 0.89113
   metadata:
     max-request: 1
   tags: cve,cve2025,code,keras,rce,ml
@@ -77,4 +77,4 @@ code:
         part: response
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022100d7f2d658048610f9bfca12dce3884c7bbc1b71c4725630f3ed362fdc1aa60d2402200ef37aed20f7ab70b95f79e25a13ba76369336a4ee16a3731b40bbfcf258c28c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100aeb9a8661a3c1e41f14d272ea05313fcf68b0b79f351c6602ad4b195f51c2e29022053ea2c3df2f8900e8961ae7ad89cef2e6bd900e1bb27793c9e161716eb46af8e:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-25291.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2025-25291
     cwe-id: CWE-347
     epss-score: 0.17247
-    epss-percentile: 0.948
+    epss-percentile: 0.94803
   metadata:
     verified: true
     vendor: gitlab
@@ -80,4 +80,4 @@ http:
       - type: kval
         kval:
           - _gitlab_session
-# digest: 4a0a00473045022036bb3cc40046a1ef71a2d32ee557a23427c47ae5bcc8ee0eb5b0775897a785e7022100ef2ae6ac5f8cb4d4c6cc3375d174658974fa65f63d770ed7d3c251eae6fa6703:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220199e22ffc707e5e70a31ea0a473ad005099d5b181b09e23e4c9704e05b1a1b42022100ea364205256ab01eb82189f31c010a392d8c2b60846438c83bff80efcc3dd4e1:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-32433.yaml

@@ -22,8 +22,8 @@ info:
     cvss-score: 10
     cve-id: CVE-2025-32433
     cwe-id: CWE-306
-    epss-score: 0.36694
-    epss-percentile: 0.96978
+    epss-score: 0.39914
+    epss-percentile: 0.97172
   metadata:
     verified: true
     max-request: 1
@@ -174,4 +174,4 @@ code:
         dsl:
           - 'contains(interactsh_protocol, "dns")'
         condition: and
-# digest: 4a0a00473045022068463b8fc122f93e4c9fa0f160da47eab232fe29596f28b098c068761426c2ea022100c3f55c996013d09e934b2d2c611663fe2a51d337cc02d8e4af28e925ef58e40b:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210089caff65890152593d77472891d17c1e5c58752e8b9c2026ddc62cddbdaf2cbc02203d41262aa4b38979d8947b4493eae5763b8c72009a2c5dee2bde4dfd39a6aad1:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-54309.yaml

@@ -18,7 +18,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2025-54309
     epss-score: 0.62076
-    epss-percentile: 0.98261
+    epss-percentile: 0.9826
     cwe-id: CWE-287,CWE-362
     cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*
   metadata:
@@ -200,4 +200,4 @@ code:
       - type: word
         words:
           - "VULNERABLE:"
-# digest: 4b0a00483046022100a762208b9bde1e0690ea7ea47f89cff74454e4a2a4bbf9b754266aa33d869aa5022100ea0edee48c304bf264f7478c5c168e8393ae5e60cdb0ca31c4fc435ae3fa0e63:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b8b0ff3ae7c02f2f27104534b69a39f7638c48f72b80949f0abf06f53494c2e6022100c9a7bf7331ea4af2a8959faa9352c1db6ee785cc238cdf56b6faa94f9665336d:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-6216.yaml

@@ -15,8 +15,8 @@ info:
     - https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2
     - https://nvd.nist.gov/vuln/detail/CVE-2025-6216
   classification:
-    epss-score: 0.22305
-    epss-percentile: 0.95618
+    epss-score: 0.24065
+    epss-percentile: 0.95851
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2025-6216
@@ -115,4 +115,4 @@ code:
       - type: dsl  # type of the extractor
         dsl:
           - '"Reset URL: " + code_response'
-# digest: 4b0a00483046022100dffd2e7cc6c9f81ce806ade510d18941771962110bed5fa117d9c8e158c3f66d022100c106cc951d5aad29230bd934e578ad72e1e2eb805684b909f17b880e9c97c4d2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100bac331e2e9e612056556bf52e03b87accc55b591c0c48083aabc8d819e9ca8b1022011f71b2a8dc89d81088df9d2b68ed1f8cc449420ffd96646c15bff5effeebe2a:922c64590222798bb761d5b6d8e72950

code/cves/2025/CVE-2025-9242.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2025-9242
     cwe-id: CWE-787,CWE-362
     epss-score: 0.73453
-    epss-percentile: 0.98746
+    epss-percentile: 0.98749
     cpe: cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -552,4 +552,4 @@ code:
       - type: dsl
         dsl:
           - response
-# digest: 4a0a0047304502206612cc63a0a9ecb82c38292247845264fa8f0613eb9f792a5ba27a51d4e6cb4a022100824bd78e8ff4f955048ce2d89638b0b2121986ff219c099bd961cd9c4250e5c3:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220595c7b38f61f58887e22c732df7502e6a93a95721db2295487f20a3073d125c2022100e90ed71640aa83d728b09cef604bab554d4b122c1848c296d1ea06e8518e8a09:922c64590222798bb761d5b6d8e72950

cves.json

@@ -901,6 +901,7 @@
 {"ID":"CVE-2019-8943","Info":{"Name":"WordPress Core 5.0.0 - Crop-image Shell Upload","Severity":"medium","Description":"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-8943.yaml"}
 {"ID":"CVE-2019-8982","Info":{"Name":"Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent\u0026inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2019/CVE-2019-8982.yaml"}
 {"ID":"CVE-2019-9041","Info":{"Name":"ZZZCMS 1.6.1 - Remote Code Execution","Severity":"high","Description":"ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-9041.yaml"}
+{"ID":"CVE-2019-9082","Info":{"Name":"ThinkPHP \u003c 3.2.4 - Remote Code Execution","Severity":"high","Description":"ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-9082.yaml"}
 {"ID":"CVE-2019-9194","Info":{"Name":"elFinder \u003c= 2.1.47 - Command Injection","Severity":"critical","Description":"elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.\nThe vulnerability occurs when performing image operations on JPEG files, where the filename\nis passed to the `exiftran` utility without proper sanitization, allowing command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9194.yaml"}
 {"ID":"CVE-2019-9618","Info":{"Name":"WordPress GraceMedia Media Player 1.0 - Local File Inclusion","Severity":"critical","Description":"WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9618.yaml"}
 {"ID":"CVE-2019-9621","Info":{"Name":"Zimbra Collaboration Suite - SSRF","Severity":"high","Description":"Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9621.yaml"}
@@ -1274,6 +1275,7 @@
 {"ID":"CVE-2021-22054","Info":{"Name":"VMWare Workspace ONE UEM - Server-Side Request Forgery","Severity":"high","Description":"VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-22054.yaml"}
 {"ID":"CVE-2021-22122","Info":{"Name":"FortiWeb - Cross Site Scripting","Severity":"medium","Description":"FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22122.yaml"}
 {"ID":"CVE-2021-22145","Info":{"Name":"Elasticsearch 7.10.0-7.13.3 - Information Disclosure","Severity":"medium","Description":"ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-22145.yaml"}
+{"ID":"CVE-2021-22175","Info":{"Name":"GitLab CI Lint API - Server-Side Request Forgery","Severity":"high","Description":"GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22175.yaml"}
 {"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"}
 {"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"}
 {"ID":"CVE-2021-22502","Info":{"Name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","Severity":"critical","Description":"Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22502.yaml"}
@@ -1801,6 +1803,7 @@
 {"ID":"CVE-2022-0735","Info":{"Name":"GitLab CE/EE - Information Disclosure","Severity":"critical","Description":"GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0735.yaml"}
 {"ID":"CVE-2022-0747","Info":{"Name":"Infographic Maker iList \u003c 4.3.8 - SQL Injection","Severity":"critical","Description":"The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0747.yaml"}
 {"ID":"CVE-2022-0760","Info":{"Name":"WordPress Simple Link Directory \u003c7.7.2 - SQL injection","Severity":"critical","Description":"WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0760.yaml"}
+{"ID":"CVE-2022-0765","Info":{"Name":"WordPress Loco Translate \u003c 2.6.1 - Cross-Site Scripting","Severity":"medium","Description":"Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vulnerability caused by improper removal of inline events from source translation strings, allowing authenticated users to inject arbitrary JavaScript payloads.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0765.yaml"}
 {"ID":"CVE-2022-0769","Info":{"Name":"Users Ultra \u003c= 3.1.0 - SQL Injection","Severity":"critical","Description":"The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0769.yaml"}
 {"ID":"CVE-2022-0773","Info":{"Name":"Documentor \u003c= 1.5.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0773.yaml"}
 {"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"}
@@ -2928,6 +2931,7 @@
 {"ID":"CVE-2024-24809","Info":{"Name":"Traccar - Unrestricted File Upload","Severity":"high","Description":"Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2024/CVE-2024-24809.yaml"}
 {"ID":"CVE-2024-24919","Info":{"Name":"Check Point Quantum Gateway - Information Disclosure","Severity":"high","Description":"Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-24919.yaml"}
 {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
+{"ID":"CVE-2024-25608","Info":{"Name":"Liferay Portal - Open Redirect","Severity":"medium","Description":"HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25608.yaml"}
 {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in 2017\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
 {"ID":"CVE-2024-25723","Info":{"Name":"ZenML ZenML Server - Improper Authentication","Severity":"critical","Description":"ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25723.yaml"}
 {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
@@ -2949,6 +2953,7 @@
 {"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
 {"ID":"CVE-2024-27956","Info":{"Name":"WordPress Automatic Plugin \u003c= 3.92.0 - SQL Injection","Severity":"critical","Description":"The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-27956.yaml"}
 {"ID":"CVE-2024-28000","Info":{"Name":"WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin","Severity":"critical","Description":"Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28000.yaml"}
+{"ID":"CVE-2024-28200","Info":{"Name":"N-able N-central \u003c 2024.2 - Authentication Bypass Detection","Severity":"critical","Description":"N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-28200.yaml"}
 {"ID":"CVE-2024-28253","Info":{"Name":"OpenMetaData - SpEL Injection in PUT /api/v1/policies","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2024/CVE-2024-28253.yaml"}
 {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
 {"ID":"CVE-2024-28397","Info":{"Name":"pyload-ng js2py - Remote Code Execution","Severity":"medium","Description":"An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-28397.yaml"}
@@ -3021,6 +3026,7 @@
 {"ID":"CVE-2024-33724","Info":{"Name":"SOPlanning 1.52.00 Cross Site Scripting","Severity":"medium","Description":"SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33724.yaml"}
 {"ID":"CVE-2024-3378","Info":{"Name":"iboss Secure Web Gateway - Stored Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the exploit has been disclosed to the public.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-3378.yaml"}
 {"ID":"CVE-2024-33832","Info":{"Name":"OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)","Severity":"medium","Description":"OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-33832.yaml"}
+{"ID":"CVE-2024-33939","Info":{"Name":"Masteriyo LMS \u003c= 1.7.3 - Insecure Direct Object Reference","Severity":"medium","Description":"Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-33939.yaml"}
 {"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
 {"ID":"CVE-2024-34061","Info":{"Name":"Changedetection.io \u003c=v0.45.21 - Cross-Site Scripting","Severity":"medium","Description":"Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-34061.yaml"}
 {"ID":"CVE-2024-34102","Info":{"Name":"Adobe Commerce \u0026 Magento - CosmicSting","Severity":"critical","Description":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-34102.yaml"}
@@ -3334,6 +3340,7 @@
 {"ID":"CVE-2025-11750","Info":{"Name":"Dify - User Enumeration via \"Account not found\" Message","Severity":"medium","Description":"A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as \"account_not_found\" or \"Account not found.\", allowing attackers to identify valid accounts.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-11750.yaml"}
 {"ID":"CVE-2025-11833","Info":{"Name":"Post SMTP \u003c= 3.6.0 - Email Log Disclosure","Severity":"critical","Description":"Post SMTP WordPress plugin \u003c= 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in __construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-11833.yaml"}
 {"ID":"CVE-2025-12055","Info":{"Name":"MPDV Mikrolab GmbH HYDRA X, MIP 2 \u0026 FEDRA 2 - Path Traversal","Severity":"high","Description":"MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 \u003c= Maintenance Pack 36 with Servicepack 8 (week 36/2025) contain an unauthenticated local file disclosure vulnerability caused by improper validation of the \"Filename\" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows OS files, exploit requires local access.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-12055.yaml"}
+{"ID":"CVE-2025-12139","Info":{"Name":"Integrate Google Drive \u003c= 1.5.3 - Information Disclosure","Severity":"high","Description":"File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress \u003c= 1.5.3 contains sensitive information exposure caused by improper protection of the get_localize_data function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses, exploit requires no authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-12139.yaml"}
 {"ID":"CVE-2025-12480","Info":{"Name":"Triofox - Improper Access Control","Severity":"critical","Description":"The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-12480.yaml"}
 {"ID":"CVE-2025-1302","Info":{"Name":"JSONPath Plus \u003c 10.3.0 - Remote Code Execution","Severity":"critical","Description":"Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534]\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-1302.yaml"}
 {"ID":"CVE-2025-1323","Info":{"Name":"WP-Recall – Plugin \u003c= 16.26.10 - Unauthenticated SQL Injection","Severity":"high","Description":"The WP-Recall – Registration, Profile, Commerce \u0026 More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-1323.yaml"}
@@ -3567,6 +3574,7 @@
 {"ID":"CVE-2025-64525","Info":{"Name":"Astro - Broken Access Control","Severity":"medium","Description":"Astro 2.16.0 to 5.15.5 contains a broken access control caused by insecure use of unsanitized x-forwarded-proto and x-forwarded-port headers in URL building, letting attackers bypass middleware protection, cause DoS, SSRF, and URL pollution, exploit requires crafted headers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-64525.yaml"}
 {"ID":"CVE-2025-64764","Info":{"Name":"Astro - Reflected XSS via server islands feature","Severity":"high","Description":"Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-64764.yaml"}
 {"ID":"CVE-2025-6851","Info":{"Name":"WordPress Broken Link Notifier \u003c 1.3.1 - Unauthenticated SSRF","Severity":"high","Description":"The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-6851.yaml"}
+{"ID":"CVE-2025-68613","Info":{"Name":"n8n - Remote Code Execution via Expression Injection","Severity":"critical","Description":"n8n \u003c 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2025/CVE-2025-68613.yaml"}
 {"ID":"CVE-2025-6934","Info":{"Name":"The Opal Estate Pro – Property Management \u003c= 1.7.5 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The Opal Estate Pro plugin (≤ 1.7.5) is vulnerable to privilege escalation. Due to missing role restrictions in the on_register_user function, users can register with any role. This allows unauthenticated attackers to create administrator accounts.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-6934.yaml"}
 {"ID":"CVE-2025-6970","Info":{"Name":"WordPress Events Manager \u003c= 7.0.3 - SQL Injection","Severity":"critical","Description":"The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-6970.yaml"}
 {"ID":"CVE-2025-7160","Info":{"Name":"Zoo Management System 1.0 - SQL Injection","Severity":"critical","Description":"Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-7160.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-585052fa022f0907e9fda9366698eb84
+188004331e3eb2ee19254b46afe3b680

dast/cves/2022/CVE-2022-34265.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2022-34265
     cwe-id: CWE-89
     epss-score: 0.92734
-    epss-percentile: 0.99741
+    epss-percentile: 0.99742
   tags: sqli,dast,vulhub,cve,cve2022,django,vuln
 
 variables:
@@ -50,4 +50,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100f69a71a44c810d752ab9b2514958d42ede0ed53da8860ed84585be921d95221e022057b8ae2fbadf3ed438b371c00f5c43a109e68f740fe576683c86b4d9ee32a17b:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100dfa2a9468f5b0655e1bfdf4314e2098b4bb72c903848350d1ed02750382946ad022100c8d2ef6e853b8a8b946a406ccc18dd86130a107669e3a80987372d9641d8e7f9:922c64590222798bb761d5b6d8e72950

dast/cves/2024/CVE-2024-2961.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2024-2961
     cwe-id: CWE-787
     epss-score: 0.9286
-    epss-percentile: 0.99754
+    epss-percentile: 0.99755
   tags: cve,cve2024,php,iconv,glibc,lfr,rce,dast,vkev,vuln
 
 flow: http(1) && http(2)
@@ -57,4 +57,4 @@ http:
       - type: regex
         regex:
           - "root:x:0:0"
-# digest: 4a0a0047304502204d3e8323f31ae3800deac4616cc0fefbcad9f44eba4de482858fb823fc0080ea022100a0f0cf80959712bef6ea0f201d6474ae9a850086a76ebe18af91b49f67d870fc:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203546e873a7a46d0bbb69486dd6b801f6e078c2828da6dae801c4f7f760e4a8ac022062afe465758259f7710a4f0a901e7278a80f4926701b9c3de0021e82ebf8bd25:922c64590222798bb761d5b6d8e72950

dns/soa-detect.yaml

@@ -81,4 +81,90 @@ dns:
         name: "edge-cast"
         words:
           - "edgecastdns.net"
-# digest: 4a0a00473045022100824cbf0b2e3fdd94cdf2e11e45435eb10f42bd29a5bc94152c2c52b51151de78022076bc570001930b73605650359eb64ee172ad317e077d53abf78746649ed7a9a9:922c64590222798bb761d5b6d8e72950
+
+      - type: word
+        name: "csc-corporate-domains"
+        words:
+          - "cscdns.net"
+
+      - type: word
+        name: "network-solutions"
+        words:
+          - "worldnic.com"
+
+      - type: word
+        name: "name-services"
+        words:
+          - "name-services.com"
+
+      - type: word
+        name: "ultradns"
+        words:
+          - "ultradns.com"
+
+      - type: word
+        name: "verisign"
+        words:
+          - "verisign-grs.com"
+
+      - type: word
+        name: "ovh"
+        words:
+          - "ovh.net"
+
+      - type: word
+        name: "comlaude"
+        words:
+          - "comlaude.com"
+          - "comlaude-dns.com"
+
+      - type: word
+        name: "one-dot-com"
+        words:
+          - "one.com"
+
+      - type: word
+        name: "netnames"
+        words:
+          - "netnames.net"
+
+      - type: word
+        name: "dnsmadeeasy"
+        words:
+          - "dnsmadeeasy.com"
+
+      - type: word
+        name: "bluehost"
+        words:
+          - "bluehost.com"
+
+      - type: word
+        name: "managed-ip"
+        words:
+          - "managed-ip.com"
+
+      - type: word
+        name: "gandi"
+        words:
+          - "gandi.net"
+
+      - type: word
+        name: "brandshelter"
+        words:
+          - "brandshelter.com"
+
+      - type: word
+        name: "hinet"
+        words:
+          - "hinet.net"
+
+      - type: word
+        name: "vultr"
+        words:
+          - "vultr.com"
+
+      - type: word
+        name: "switch-ch"
+        words:
+          - "switch.ch"
+# digest: 4a0a00473045022100b4dad1997875b188a453a6a8b9055c9e1fcf66e49457f37577469ae14628918302207b349f96312120a881fe72369742a9d1b4404e1ae689f07f053ca18ae482eddd:922c64590222798bb761d5b6d8e72950

dns/txt-service-detect.yaml

@@ -223,4 +223,279 @@ dns:
         name: "whimsical"
         words:
           - "whimsical"
-# digest: 490a00463044022053d535c4a465d24114fe02771cd054b2056c06853e6ff85526bc2aacfc8b13a502207577ad1c2d10e58d30f961375e14aa6b5f699e681d03e6799d417cb35097bad5:922c64590222798bb761d5b6d8e72950
+
+      - type: word
+        name: "nintex"
+        words:
+          - "nintex."
+
+      - type: word
+        name: "openai"
+        words:
+          - "openai-domain-verification"
+
+      - type: word
+        name: "mailerlite"
+        words:
+          - "mailerlite-domain-verification"
+
+      - type: word
+        name: "docker"
+        words:
+          - "docker-verification"
+
+      - type: word
+        name: "shopify"
+        words:
+          - "shopify-verification-code"
+
+      - type: word
+        name: "smartsheet"
+        words:
+          - "smartsheet-site-validation"
+
+      - type: word
+        name: "site24x7"
+        words:
+          - "site24x7-signals-domain-verification"
+
+      - type: word
+        name: "dynatrace"
+        words:
+          - "dynatrace-site-verification"
+
+      - type: word
+        name: "cisco-cloud-intelligence"
+        words:
+          - "cisco-ci-domain-verification"
+
+      - type: word
+        name: "infor-cloudsuite"
+        words:
+          - "infor-cloudsuite-domain-verification"
+
+      - type: word
+        name: "postman"
+        words:
+          - "postman-domain-verification"
+
+      - type: word
+        name: "miro"
+        words:
+          - "miro-verification"
+
+      - type: word
+        name: "microsoft-federation"
+        words:
+          - "msfpkey"
+
+      - type: word
+        name: "dynamics-365-marketing"
+        words:
+          - "d365mktkey"
+
+      - type: word
+        name: "zoom-alternative"
+        words:
+          - "zoom_verify"
+
+      - type: word
+        name: "brevo"
+        words:
+          - "brevo-code"
+
+      - type: word
+        name: "perplexity-ai"
+        words:
+          - "perplexity-ai-domain-verification"
+
+      - type: word
+        name: "pexip"
+        words:
+          - "pexip-ms-tenant-domain-verification"
+
+      - type: word
+        name: "anthropic"
+        words:
+          - "anthropic-domain-verification"
+
+      - type: word
+        name: "airtable"
+        words:
+          - "airtable-verification"
+
+      - type: word
+        name: "wrike"
+        words:
+          - "wrike-verification"
+
+      - type: word
+        name: "salesforce-pardot"
+        words:
+          - "pardot"
+
+      - type: word
+        name: "notion"
+        words:
+          - "notion-domain-verification"
+
+      - type: word
+        name: "jetbrains"
+        words:
+          - "jetbrains-domain-verification"
+
+      - type: word
+        name: "onetrust"
+        words:
+          - "onetrust-domain-verification"
+
+      - type: word
+        name: "nulab"
+        words:
+          - "nulab-verification-code"
+
+      - type: word
+        name: "sap-successfactors"
+        words:
+          - "successfactors-site-verification"
+
+      - type: word
+        name: "synthesia"
+        words:
+          - "synthesia"
+
+      - type: word
+        name: "monday"
+        words:
+          - "monday-com-verification"
+
+      - type: word
+        name: "globalsign"
+        words:
+          - "globalsign-domain-verification"
+
+      - type: word
+        name: "heyhack"
+        words:
+          - "heyhack-verification"
+
+      - type: word
+        name: "foxit"
+        words:
+          - "foxit-domain-verification"
+
+      - type: word
+        name: "facebook-workplace"
+        words:
+          - "workplace-domain-verification"
+
+      - type: word
+        name: "pendo"
+        words:
+          - "pendo-domain-verification"
+
+      - type: word
+        name: "stytch"
+        words:
+          - "stytch_verification_dns"
+
+      - type: word
+        name: "mixpanel"
+        words:
+          - "mixpanel-domain-verify"
+
+      - type: word
+        name: "astro"
+        words:
+          - "astro-domain-verification"
+
+      - type: word
+        name: "box"
+        words:
+          - "box-domain-verification"
+
+      - type: word
+        name: "wiz"
+        words:
+          - "wiz-domain-verification"
+
+      - type: word
+        name: "figma"
+        words:
+          - "figma-domain-verification"
+
+      - type: word
+        name: "solarwinds"
+        words:
+          - "solarwinds-service0desk-verification"
+
+      - type: word
+        name: "hubspot"
+        words:
+          - "hubspot-domain-verification"
+
+      - type: word
+        name: "microsoft-domain"
+        words:
+          - "ms-domain-verification"
+
+      - type: word
+        name: "swisssign"
+        words:
+          - "swisssign-check"
+
+      - type: word
+        name: "infoblox"
+        words:
+          - "infoblox-domain-mastery"
+
+      - type: word
+        name: "ahrefs"
+        words:
+          - "ahrefs-site-verification"
+
+      - type: word
+        name: "logmein"
+        words:
+          - "logmein-verification-code"
+
+      - type: word
+        name: "mailru"
+        words:
+          - "mailru-verification"
+
+      - type: word
+        name: "mandrill"
+        words:
+          - "mandrill_verify"
+
+      - type: word
+        name: "nitro"
+        words:
+          - "nitro-verification-code"
+
+      - type: word
+        name: "parkable"
+        words:
+          - "parkable-domain-verification"
+
+      - type: word
+        name: "seculio"
+        words:
+          - "seculio-domain-verification-code"
+
+      - type: word
+        name: "trustpilot"
+        words:
+          - "trustpilot-one-time-verification"
+
+      - type: word
+        name: "esputnik"
+        words:
+          - "esputnik-verification"
+
+      - type: word
+        name: "atlassian-sending"
+        words:
+          - "atlassian-sending-domain-verification"
+# digest: 4b0a00483046022100e3476fc5074cd4e72fe68c52ad8931f78bb0f1754b8cde42d851c6938d0121f50221009d85ca08cd4c46e0f11b7b9f5530c0c6afbed5f04093d1766ee6cdf50d42de41:922c64590222798bb761d5b6d8e72950

file/logs/aspnet-framework-exceptions.yaml

@@ -22,4 +22,4 @@ file:
           - 'InvalidOperationException'
           - 'UnauthorizedAccessException'
           - 'NotFound'
-# digest: 4a0a00473045022100ea987a3e09f6b7a2ea7dbf3c8bcae968c2e10e8560c652f62a19c4d53d46ca6c02206ddbe1ad6e1ad96045687d7f40f98fc70bf4aaa6785d80c1151669a9f965d867:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207e69d4fcc176d1366e4cabed756c31009972bb9ed5e46847027dffd12bd1146a0221008cd3523d149c20573d77749093f971a35fb08804fe7f97bd36a2c18b634ecc3c:922c64590222798bb761d5b6d8e72950

file/logs/nodejs-framework-exceptions.yaml

@@ -30,4 +30,4 @@ file:
           - 'BadRequestError'
           - 'MongoError'
           - 'SequelizeDatabaseError'
-# digest: 4b0a00483046022100c411e376c23ff5e2762c935aecdc7c0599eda6514d3d87a3df89c35fcf80c391022100e674dd7d7abcdbb79ec7745bd505ff4f222694b5721ef959b55891c0478a6bf4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206c82857c3fd3609aac63917c5d01ba9844ef3aca57f3e261da1ef0745204191502210088c8b6e76cc7b7028b26478ed150014f152cf1226e251812aedef2cc5bde90e3:922c64590222798bb761d5b6d8e72950

headless/cves/2018/CVE-2018-25031.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2018-25031
     cwe-id: CWE-20
     epss-score: 0.83676
-    epss-percentile: 0.99248
+    epss-percentile: 0.99251
     cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -56,4 +56,4 @@ headless:
         words:
           - "swagger"
         case-insensitive: true
-# digest: 4a0a0047304502207c8148d3cfe46ba7abb9c089cfe63e1d46f143fdb05b0aeafad2d2cb41d3a93f02210081d0fe890cf1d8738da4d5faf4674ce4d4cf53d1a1f29511c7b392eb555f6650:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b118d3f77d769169eff4f56af7261fb995e3c33cf30b3fc29e15801cfc9d436102210087ee9263ab00fdcf056be94cc09b1546abad0f0024a76187454b2db6e87b6d3e:922c64590222798bb761d5b6d8e72950

headless/cves/2022/CVE-2022-29455-headless.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2022-29455
     cwe-id: CWE-79
-    epss-score: 0.63811
-    epss-percentile: 0.98337
+    epss-score: 0.58028
+    epss-percentile: 0.98083
     cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
   metadata:
     verified: true
@@ -52,4 +52,4 @@ headless:
         words:
           - "elementor"
         case-insensitive: true
-# digest: 490a00463044022039dfddf08678a2a91761d7a2483bcd764634f4fc4ae4ec079876e918c49fe89802206bc16577383a3b0ab59b15bdc0666b3eda6490d35c41277d448546e9d14a063d:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009ed9fb433d16b8941e4003ce0a7f74a1f8c366beb9ee2fad2a4e7e1444e15e5802210083d3e36c98aff36039fcc51c7ce56a676eb732aa30f8720f1ea30c526aff8706:922c64590222798bb761d5b6d8e72950

headless/cves/2024/CVE-2024-29882.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2024-29882
     cwe-id: CWE-79
     epss-score: 0.03404
-    epss-percentile: 0.87038
+    epss-percentile: 0.87047
   metadata:
     verified: true
     max-request: 1
@@ -50,4 +50,4 @@ headless:
           - "ConnectSRS</a>"
         condition: or
         case-insensitive: true
-# digest: 4b0a00483046022100a4e5053156f6b1ec812a5b3e54d6ecd98c3d4c3e240845ff37aacf991c9ed2070221008ac07d7fa4fde587a7cc3dbe64bdf441fc89f6c3b1186b29764e94f4f4fc129a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502203a00b600a9e6bd7c4c749cacd51b2936dbf62286ceec50ed1d288fbeddff8870022100a4cdce69fbb285ff4bc78caf9f3053a07c848ac23edafaaef7976434a718bf6f:922c64590222798bb761d5b6d8e72950

headless/cves/2024/CVE-2024-38526.yaml

@@ -21,7 +21,7 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2024-38526
     epss-score: 0.82064
-    epss-percentile: 0.99165
+    epss-percentile: 0.99167
   tags: cve,cve2024,supply-chain,polyfill,vkev,vuln
 headless:
   - steps:
@@ -60,4 +60,4 @@ headless:
           - "union.macoms.la"
           - "newcrbpc.com"
         part: urls
-# digest: 4b0a004830460221009362f42c44c97c0dc89badc86544b68ce358d17c0d25f74deb7856448f911ba3022100a5129053827bceeb3d6b375b7264da843b803eadf04d0b16af96ba14e552b637:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205de9d9228481d4aa73323b32d21c06c55f7a7f9e6a54b3154759ed23415867de022100a714efca8771543f8bf08b65b91c3b9acf2459455f5ff869bbe923f444bf2e8d:922c64590222798bb761d5b6d8e72950

headless/cves/2025/CVE-2025-24752.yaml

@@ -16,7 +16,7 @@ info:
     - https://github.com/Sachinart/essential-addons-for-elementor-xss-poc/blob/main/poc.py
   classification:
     epss-score: 0.03281
-    epss-percentile: 0.86787
+    epss-percentile: 0.86792
   metadata:
     verified: true
     max-request: 1
@@ -46,4 +46,4 @@ headless:
         words:
           - "{{random_int}}"
         case-insensitive: true
-# digest: 4b0a00483046022100957ebcd707226a5a9b2e7fee9fcd25921178b734881f60dff66d8eb5c7a3fd8d022100c1cc42a655aa59366e7a07bf1ebf819e15be87a7d56fbb9a4f326c65fb381189:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203062b0edba7fef16228c73295c7280e231b13d62827bb04b8b254fea786278e902205d64278af545861fec04830b6aa94d83c720f43a03f3ecf3f5016e2968cac840:922c64590222798bb761d5b6d8e72950

headless/cves/2025/CVE-2025-25062.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2025-25062
     cwe-id: CWE-79
     epss-score: 0.34064
-    epss-percentile: 0.9681
+    epss-percentile: 0.96813
     cpe: cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*
   metadata:
     max-request: 7
@@ -190,4 +190,4 @@ headless:
         dsl:
           - reflected_text_xss_type
           - reflected_text_xss_message
-# digest: 490a00463044022060ca7c71452d7a0963018fd0f6261d86c37ebd0e7bb6a071c63b3c37500ad1a302204ff17da9e7e71e6ceb42485df40d9b9117a356d5828a58a252dfdb11b25d9ba2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204a5958ad80a1b771f7697ed41c0a53cf4645b225385e8c5eea9a46ab9d2dbcc8022100ebdabcb26d2fd47f8a0716e7652baa06da5191fee5bdf89d564e930ed9defae4:922c64590222798bb761d5b6d8e72950

headless/cves/2025/CVE-2025-29927-HEADLESS.yaml

@@ -19,8 +19,8 @@ info:
     cvss-score: 9.1
     cve-id: CVE-2025-29927
     cwe-id: CWE-285
-    epss-score: 0.9253
-    epss-percentile: 0.99723
+    epss-score: 0.93093
+    epss-percentile: 0.99775
   metadata:
     vendor: vercel
     product: Next.js
@@ -59,4 +59,4 @@ headless:
           - "compare_versions(nextjs_version, '> 14.0.0', '< 14.2.25')"
           - "compare_versions(nextjs_version, '> 15.0.0', '< 15.2.3')"
         condition: or
-# digest: 490a004630440220267f8e765dacb9bfba541f9b7ff78e55f28433741c36d42ec64da6488b00a62102201b8b3d42971a0d8549cccc3a89c04e83d0b34270f5f543e94b784838cd23447b:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b060430bc18f9636a100f77b84656c90378e3ca0e1d63c89e585bee2c2a6506d022100d439e6aff19a12aabdd96afbe8c6160b91cafedafe7767030eccf8b0ab2901d5:922c64590222798bb761d5b6d8e72950

headless/cves/2025/CVE-2025-8191.yaml

@@ -18,8 +18,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2025-8191
     cwe-id: CWE-79
-    epss-score: 0.01236
-    epss-percentile: 0.78728
+    epss-score: 0.00915
+    epss-percentile: 0.75332
     cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -69,4 +69,4 @@ headless:
         words:
           - "swagger"
         case-insensitive: true
-# digest: 490a0046304402203cf791e722536eeb2aba6c35702524df83f5244b7f24949bfd13dcb9dbafa8860220102a6fe81c11b3b7387e2b2aa0822eeacbde78aded0d2de90e64dd5811fc4fd4:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b3374204633e470d7a87d8dfdce4444c527b850745d168d1ff80de654f2e44790221008c28c3c726ccb605213cf423cbfbbdf4ee9187cc4888a665f1ade1cab4324647:922c64590222798bb761d5b6d8e72950

headless/mozilla-pdfjs-content-spoofing.yaml

@@ -0,0 +1,57 @@
+id: pdfjs-content-spoofing
+
+info:
+  name: Mozilla PDF.js - Content Spoofing
+  author: 0x_Akoko
+  severity: medium
+  description: |
+    Detected PDF.js viewer loads and renders external PDF files without proper origin validation. Versions < v1.3.91 are vulnerable to content spoofing attacks.
+  reference:
+    - https://groups.google.com/g/mozilla.dev.pdf-js/c/_WdU9T0TRfo
+    - https://github.com/mozilla/pdf.js/issues/6920
+  classification:
+    cwe-id: CWE-451
+  metadata:
+    verified: true
+    max-request: 5
+  tags: pdfjs,spoofing,headless
+
+headless:
+  - steps:
+      - args:
+          url: "{{BaseURL}}/{{path}}?file=https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/helpers/payloads/mozila-content-spoof.pdf"
+        action: navigate
+
+      - action: waitload
+
+    payloads:
+      path:
+        - "pdf.js/web/viewer.html"
+        - "pdfjs/web/viewer.html"
+        - "web/viewer.html"
+        - "pdfjs-dist/web/viewer.html"
+        - "uiFramework/js/pdfjs/web/viewer.html"
+
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mozila-content-spoof.pdf"
+
+      - type: word
+        part: body
+        words:
+          - "pdf.js"
+
+      - type: word
+        part: body
+        negative: true
+        words:
+          - "file origin does not match"
+          - "blocked"
+          - "Not Found"
+        condition: or
+# digest: 490a0046304402207dc1eb1cfd5bc25039d729f591a15f5a9a37667ed6ad50d1c1c73fe20004b9a8022071080c75bcced708e51b213a2d9887954d7145d3666a5b1de77a04eb08905a67:922c64590222798bb761d5b6d8e72950

http/cves/2000/CVE-2000-0114.yaml

@@ -19,7 +19,7 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2000-0114
     epss-score: 0.05458
-    epss-percentile: 0.89866
+    epss-percentile: 0.89875
     cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -62,4 +62,4 @@ http:
         group: 1
         regex:
           - 'version:([0-9.]+)'
-# digest: 490a004630440220260fd699ef4e76b5933bfa0d5ab73b4afda232f53d80f5409151d0c9527e105a02203ca279991ac601422b9d067fbf74bd7883c4b58c1955cd39af845e10136be178:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200711109f7c6b10e5264147f11552fec1a1c2b657291c5db4efe3f61484e986cd022100e2fefe1823a38fcd37cbe06171c8075776b8c4e60e2988f83f1fb3acf75a545a:922c64590222798bb761d5b6d8e72950

http/cves/2000/CVE-2000-0760.yaml

@@ -18,7 +18,7 @@ info:
     cvss-score: 6.4
     cve-id: CVE-2000-0760
     epss-score: 0.33099
-    epss-percentile: 0.96732
+    epss-percentile: 0.96733
     cpe: cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -55,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204abf69b3064d8cdcbb42f13e903ce6853b86468dc22288a4d534c7fb574886cb0220405f81c5d45eb921de8da4629cf2e7ed6c82159a656a05de662701e75a373854:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009e5a640328d68806c25d03c46df900ad061b3a30eb24b228aeced973219e20b9022100edf7fe83f071b4e9d3d5fd2003b8d4a6829b67aa041ee27219720bac65458e79:922c64590222798bb761d5b6d8e72950

http/cves/2002/CVE-2002-1131.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2002-1131
     cwe-id: CWE-80
     epss-score: 0.03877
-    epss-percentile: 0.87874
+    epss-percentile: 0.87882
     cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
   metadata:
     max-request: 5
@@ -60,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204c5d0e0d6c5bd60f07bd2f9a518cb1bf2083da2fb5ab9b7519c505a2a1d7ffac022100f141b44c9776c16fa341763ef0827d9bb2301719428e11e73dae54fef017f8d9:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c1db632ad5af690924448aac91337a35f8af2e7d82082062d13cbfaac99f6c00022100929973ec2c442268b5390b806d1ad66a1905407e4b8537797ed09cd8b9fe7d78:922c64590222798bb761d5b6d8e72950

http/cves/2004/CVE-2004-0519.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2004-0519
     cwe-id: NVD-CWE-Other
     epss-score: 0.00124
-    epss-percentile: 0.3245
+    epss-percentile: 0.32411
     cpe: cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -48,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022002cd5cc7ced1f64e417b2dbe530a353a24b31e69ffe5c7bcba3e695688b6cd3702206e40c6f14913a602c00bbba3cab4792689ab9628192ed979d3727e05fb714735:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c846bdf542963edd0b35a4601154bd428e10fce18e6ed0849cf65e4e72c9a797022064ab41a8b825bfd5f0712be975833aedbed9c05940b8e9032af83428bdb10277:922c64590222798bb761d5b6d8e72950

http/cves/2004/CVE-2004-1965.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2004-1965
     cwe-id: NVD-CWE-Other
     epss-score: 0.00265
-    epss-percentile: 0.49803
+    epss-percentile: 0.49795
     cpe: cpe:2.3:a:openbb:openbb:1.0.0_beta1:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -40,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 4a0a00473045022100a6cc300f91aeeffe8d1722acacce113aaec60ea2eda57523fab3d4d0d32e7d64022044e438c0fea4211af95d4383b315024e4d0e8fd6a7cde9ba4132a9576c1fbf87:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202ddaa102e2f7d3a7db97dad8e7f54a0421325012f23adccd29b123920d8e9970022100b9231bfc39ee20d3289fe84641e9ae3d3cf0b27bb8a8f9f90f40c2a0ebab1cbf:922c64590222798bb761d5b6d8e72950

http/cves/2005/CVE-2005-2428.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2005-2428
     cwe-id: CWE-200
     epss-score: 0.08605
-    epss-percentile: 0.9212
+    epss-percentile: 0.92126
     cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -44,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100aa77a20ce88ddc263c3261f4a8171b70e3bb0e1914971c93cdb486a19a10e1e702207f9dc7f304fc2c1c787f92b09d964374aad802ff7d64b1cb5f49cd4e2c9823f7:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009fdd317b2994322aa976ace12875345904a5539bb3b37935d6b5588ec6960a6f022100af2198637a557ac01fa951c36d434157acb83f9c37eeb8e46754bcbd1a939a61:922c64590222798bb761d5b6d8e72950

http/cves/2005/CVE-2005-3128.yaml

@@ -17,7 +17,7 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2005-3128
     epss-score: 0.01733
-    epss-percentile: 0.81984
+    epss-percentile: 0.81993
     cwe-id: CWE-80
   metadata:
     max-request: 1
@@ -44,4 +44,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4a0a00473045022041eda0c733f68ba29c7e6e334ed84dfa9dcc5fb0346fd647d38cbacba913bcff022100eade3928070ff1d01f18661d614e1ef3a6d6a6f6b39a799308ee75125b450337:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402202e2e03d41fe250d141953b79c70eab59210686753a6a1be0a378cb1f84b5f51302203ae35f9a27d4f615896ae8d4a103407c091eb08af7a4c0094377f90dd472c7e1:922c64590222798bb761d5b6d8e72950

http/cves/2005/CVE-2005-3344.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2005-3344
     cwe-id: NVD-CWE-Other
     epss-score: 0.1015
-    epss-percentile: 0.92858
+    epss-percentile: 0.92859
     cpe: cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -47,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220400f8a213d4f541a379e2d6f195ca7ecb44cc1a4eb24f4430f16610e607a0ee502203f0f5ccc1039b7539e217dbb62190a88a85c8bdd3669b0590f02490623d9f012:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100960666d9e249ef6973ee6aec55aa7cce5f44e1800cfe65c15dcaf3171ceef9580220136ae5bc95ddc04ffaaceeaee5d798e6bce601461100096ee2a47e1687847490:922c64590222798bb761d5b6d8e72950

http/cves/2005/CVE-2005-3634.yaml

@@ -23,7 +23,7 @@ info:
     cve-id: CVE-2005-3634
     cwe-id: NVD-CWE-Other
     epss-score: 0.01653
-    epss-percentile: 0.8156
+    epss-percentile: 0.81572
     cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -45,4 +45,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 490a004630440220489d3cf927d2958335e235025f939a563b3bba1caeea0a52a66cedc30b6893a702206558c8ca6409ea78909f1f4630e616abf79539c38f78f765b85003c408adbecb:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e05602f2551da5143909f529ad2966582ab8dd8d01419e92859577602650fbfb02203d34d4ce4f4a488bcf6af38d2c264b6d6b237eb4237b3d9c8a6c2cc0df1a61c0:922c64590222798bb761d5b6d8e72950

http/cves/2005/CVE-2005-4385.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2005-4385
     cwe-id: NVD-CWE-Other
     epss-score: 0.00373
-    epss-percentile: 0.58393
+    epss-percentile: 0.58398
     cpe: cpe:2.3:a:cofax:cofax:1.9.9c:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022072ae0a8c72dd7bcd52b8d139c351ecc2e50a9e47aa9a2a152e7419646ca8d7ae0220496b4c6b27c5f0c6a948566d6145e7ba500303766a8277e82638c20849879221:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022004b44869dcc46bdabde180a8b0487678d39445e54a1a5ce32de63bd66cbbba23022100b3fd3acdb24e55c96968c52b61d699d76b5b99e8baafdd2f6a510cba3dca478e:922c64590222798bb761d5b6d8e72950

http/cves/2006/CVE-2006-1681.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2006-1681
     cwe-id: NVD-CWE-Other
     epss-score: 0.00299
-    epss-percentile: 0.52862
+    epss-percentile: 0.52853
     cpe: cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -62,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210089f371ffb5caede7df998fdd5ffcb52468c988519920070558ffa7463e4f5dda022100fb9e4ff16f6d115b34ae75dade937ceb7db83c7319bde1163568dd3a4e9b0c15:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c30aee3d70c6991533c711d0898365fcdc2dacfd59a5a285253599497c597b8c02201aa55759fe8f1fb81c3ce3b52d9259254c070a7f459fa3948f12af29db1c9abe:922c64590222798bb761d5b6d8e72950

http/cves/2006/CVE-2006-2842.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2006-2842
     cwe-id: CWE-22
     epss-score: 0.0094
-    epss-percentile: 0.75644
+    epss-percentile: 0.75654
     cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -48,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022017bdc8b0734f3bab5b0d52dba11e96165724f67c78f92a074b77a6636dcfac9002210081c610ec0da4caf133ba514019f04b141eeb75ff7d9409cc6551c2c7435d428f:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220503df203b72737a2f101b1be895e7fa766078fb75b7645f14a19c178004a5bfc022007d4d494739ad3a644386462aee62aa57d4695423bb4bd7d7b351f55e2daeb32:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-0885.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2007-0885
     cwe-id: NVD-CWE-Other
     epss-score: 0.02133
-    epss-percentile: 0.83692
+    epss-percentile: 0.83704
     cpe: cpe:2.3:a:rainbow_portal:rainbow.zen:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -46,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204a59fc38165e03502e57acf2665116d335bff3eadb9d8f5d8e746d85d391bf45022100c66baf6fd492025ddfee8385d198a189a6081cd5a25a0b03a932461985383e4e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009926810628549a92e2c497bbd2b459f920f7d75b79faa535532df69f19b076fd022100d57573121fd8b00f91175d2db278d12d420989ce16514d48a3bb22508f77a1db:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-2449.yaml

@@ -18,7 +18,7 @@ info:
     cvss-score: 7.2
     cwe-id: CWE-79
     epss-score: 0.80643
-    epss-percentile: 0.99093
+    epss-percentile: 0.99095
   metadata:
     max-request: 1
     verified: true
@@ -47,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205afc19f41dd262ac97100583927f037be17a7f1dafdae34822568d63c52e6dbc0221008cc1cc253a50f1a672ab2dde8b24b086208c4e651c05daf2a9e86ad64384d110:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008bb33f6dc9dc4405974e21b20075c2ff00c6763db8229c3756bc1694d2d547df022100edb02f35d86fbffcc16d09b07cd7e0a66089bf0ec90f4ed87dfa95b69f4492db:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-3010.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 10
     cve-id: CVE-2007-3010
     cwe-id: CWE-20
-    epss-score: 0.93855
-    epss-percentile: 0.99859
+    epss-score: 0.94007
+    epss-percentile: 0.99884
     cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
   metadata:
     verified: true
@@ -59,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ad8d0b5c2eeac17d3e1672daca58ec5d78d466de6ce0fdbc65d628b2e9d51f000220350b19eee8ed703ad9c60b00b4968260c25e86bb4ee062ba0bcd684380e5f5af:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220169ef0aa83ea95dfbfdb66f63021da282712bcc917aacc55d439716a2cf2e947022100ddc42a31e7773aa53a4ebe5f583f474e7464f2b07a4c00ced265fd2b2d1eaea0:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-4504.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2007-4504
     cwe-id: CWE-22
     epss-score: 0.00177
-    epss-percentile: 0.3968
+    epss-percentile: 0.39676
     cpe: cpe:2.3:a:joomla:rsfiles:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200cca115bf0cffddb1c464cc15573b0f8f624931d12bdc1e332ff79d6c3c103e30221008cfcd7dbd23e710a5e7864b600ba985f1ee36fb57b8efbe210a50404c38f9e57:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f1263581e0954a5de2bd892b8aa95e3a7abe4e09c59275241f75d388440a0afe0220396b62d9ae929475a97f4eac35fb985136c8198cfc6d79d1c0a13166e1e8d3f1:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-4556.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2007-4556
     cwe-id: NVD-CWE-Other
     epss-score: 0.02359
-    epss-percentile: 0.8447
+    epss-percentile: 0.84481
     cpe: cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -51,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b1d11d4afca0c61140e1f54cac940e19c7adfeb04ff1ad968b765c39af4bc73d022100af99986832727a0df67058c8a62794e7f79e501f45737b97be4ca404fdd0ed0d:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220173f44282db02bf5b8ad23ce9562ad2df355a5aa0ee816a4685b3a99954e9bab0220262e6272569d33687713d799bb8e497af7f0f4ce9b16a69dbf8b3d511538b555:922c64590222798bb761d5b6d8e72950

http/cves/2007/CVE-2007-5728.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2007-5728
     cwe-id: CWE-79
     epss-score: 0.00523
-    epss-percentile: 0.66244
+    epss-percentile: 0.66245
     cpe: cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -57,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e29810688c1dec9ffae4828c93805a11b3168eb2fad049c16515d19a5b6decf702206c06004395cf97de84e6198a05bc9a435f62db00a7e1c91391a25602d0503aae:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ab302fb3593c43da2bce9006403ddf45a2856ca903f4502d973191e4ffc1c3310220674836613f3b61ac4f9ee5878542b25572e2be8870ff3e2fd95d59e44425f336:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-1059.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-1059
     cwe-id: CWE-94
     epss-score: 0.00265
-    epss-percentile: 0.49828
+    epss-percentile: 0.4982
     cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -47,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009f84826dd13479d0a055f9157bae1356362e945ec569583e38d0375c54a8a88c022064b49ebd3ffc29d1c55d0d0fa600d8103b6c9f4b58e76d7c727648d086d3337e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220793ad8c93ae543707c56967e19d8b16604f283fe1af1e6441299e66ca56dd5f5022100875da0afcdb71673f385fa082dc02bba139f05e1936c43af13034c042506d3b4:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-1061.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-1061
     cwe-id: CWE-79
     epss-score: 0.00158
-    epss-percentile: 0.37243
+    epss-percentile: 0.37232
     cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -62,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ad126dfddcad164bb65696a2c82b3987d6eeb79380ebde9893871afb67693900022100b41cba505d26af15418d43e344440323190bdc27da1c9bb268f12b1b3979ee1a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205c3557b8beda35f65300c873b8e148524c8ed399d709baa3f9226258c304c7bb02210086052e8ad0b4340ba3ffdb8666ccf35df81a9f209f37e8730d027a5860276f31:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-1547.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-1547
     cwe-id: CWE-601
     epss-score: 0.6311
-    epss-percentile: 0.98308
+    epss-percentile: 0.98306
     cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -51,4 +51,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4b0a0048304602210090d6f738cf27891b1ddd334266fe2f618890df3291b4c9ac07b23a934f8ce190022100b31bfc0ce0639ba011af8f5dd6b20a046417529d36652626ffd9664dc982e4f4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200cd7c3f3b8285afb68a6e294c2305a9f8398de7f33bf44f5295227209ab61c27022100e3cb2e01de4de3de1034eb961db0c2e3b7e892bd0814ef96e0a048fe4f24400f:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-2398.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2008-2398
     cwe-id: CWE-79
     epss-score: 0.00437
-    epss-percentile: 0.62452
+    epss-percentile: 0.62468
     cpe: cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -47,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204ee76dead34c94043843eb6071dc73629e2c3dfd2ad71143a0a1ecb8dcce6b350220597e6c5ab4b6b2c1e4e5a3a73085a2a17871dc6ec3a7abe0db1fcb4b9aeb58ba:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502203412b06751578553117d3287d4db8fbf58488828acc83776d93ec34795dc5dd7022100c4315fa2d8bcb3a736e21780cb22a1414d6acbaa3436d2d05f50c1cdcdf50cee:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-2650.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-2650
     cwe-id: CWE-22
     epss-score: 0.01643
-    epss-percentile: 0.81496
+    epss-percentile: 0.81508
     cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -48,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022003e6fafddf4bda555fbde739e82e3bbd1e9bfe56c752f4e43b3a78b8dc572c260220194143dfa32ea79a5443b19cfe1f50fa0e795f3909053c89162e5d954ea1d4fa:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203acb658827ec83e52fa2778d166230a0aa754328f1a2aba47e6a6973df0115cd022023d306797a3d1d67cbbc0b9cae67e4754006b90b6ec80eb9b392e50a0fdb08d2:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-4668.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2008-4668
     cwe-id: CWE-22
     epss-score: 0.00144
-    epss-percentile: 0.35302
+    epss-percentile: 0.35267
     cpe: cpe:2.3:a:joomla:com_imagebrowser:0.1.5:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204c9289a240644f8f1381fcd0a45bfd3181fa17bacdb28103d065e736e259c93602204725b3931f8bc671853ee0243bd48a0e5719a9c7aa2be50fb7bdd4a84b6ad4e5:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220251fbd2ac0bd354b7376ed0cfc6fc7240fce6dac755cfbd902233198aabdaabb02206168165b672b97dc82690a11e6da80639caae30849b0eb12ee06b7cc992710d3:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-4764.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-4764
     cwe-id: CWE-22
     epss-score: 0.01041
-    epss-percentile: 0.76903
+    epss-percentile: 0.7691
     cpe: cpe:2.3:a:extplorer:com_extplorer:*:rc2:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220048bee68c22e7965353b6696b02b41b3227b5252cfdefaa682dc885a167bc91f0221009fc5cea75ee9e517c2f84d072559ece4d92044a74d02a782c6adafc5f210d3ce:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202ac1379f3da328300a7c8c5473f6598e174b1613b7be5b29cd145286173adfb502210082c4c996c13e3b68cfa5bb5079d71454c9747d1d9bf35d0e7cf4c7edfcbf7e52:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-5587.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2008-5587
     cwe-id: CWE-22
     epss-score: 0.01986
-    epss-percentile: 0.83129
+    epss-percentile: 0.83145
     cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -49,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201cf823c974cba30096a5272c0efa6cad4dfe814d5705d173f18c14f0ace3842802207936b58f91ad0b0fa91bfc0810d3d93f49cbc09c0263500716f6e9883dcde5a9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205a9523376e0cda6bb7c6ecdc9f04669cf1def7a72fe7c4fb8997e10faf15204c02210097a846291e5e62de769ae96142868a028276f3012aa86a48f69d9e0cc1318614:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6080.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-6080
     cwe-id: CWE-22
     epss-score: 0.06734
-    epss-percentile: 0.90956
+    epss-percentile: 0.90969
     cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204e2658c746d3ac1fdb5064ce1b12c3a652bd59f2a0c282bbcf84c2a7be4f48c202201739eed0e7a55fb2b4099f7dd3f7294958dc73b513899c631779fc5296f9ddff:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d4aeb4a9760acdfb0dbd70044316b27f18d23612556b5b4d631fda94e8ad9c71022069a7e46188b65774bd9339d560b2156058b035942422ec718c6377a830ecc73d:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6172.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-6172
     cwe-id: CWE-22
     epss-score: 0.05386
-    epss-percentile: 0.89789
+    epss-percentile: 0.89799
     cpe: cpe:2.3:a:weberr:rwcards:3.0.11:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220276367eeba4eb97664579a27bd3f76e34a0d6366a2b8971affa95590eafd4765022100eba9ec4e1036985d6a4f0d7f2d49cdcf0be8275a5b37d237c8c30179d4cfeb09:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022020941a512e9463daf4e188b41ea3847ee17335a3f42e3b91dbea3711506d31e1022100ceb2e9e4ee80f29f8b48125b4524ef84c9a0ae460275ef8d99de2ad32377766f:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6222.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-6222
     cwe-id: CWE-22
     epss-score: 0.03072
-    epss-percentile: 0.86323
+    epss-percentile: 0.86322
     cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022030f5f118d40ab7b04e5affdb579ceb817d293a7be7bb7539593aacf10a10b53f0221009c90393f73f46b76004a1b6bb46997afae1bfa901cc1892e869052cba7e3ff0a:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205b22c6dbeb4cc64a4b2091812c9e202a88a4be66788a70bff9fdc62dfec9861902200413419b8a189eb4db60bdb2e1da52154ebe66bf79c4c06fa5063896c5a2e158:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6465.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-6465
     cwe-id: CWE-79
     epss-score: 0.01157
-    epss-percentile: 0.78052
+    epss-percentile: 0.78069
     cpe: cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:*
   metadata:
     verified: true
@@ -63,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206432d5ed4ed2e76d5642dde083c08a45be73d992f2b104f1ca458ad7a6beb67d0220647ab8a9d9f6f271663823d2d5f06cbe14d4830320eda06aef52a2ef54a6faee:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205213c3a9d5bc3b30c046c90dced75ac1f907dbb56d4b761f0f3ca32093eedce7022100e6a7d1d654a480d1aa21dff2fd9c6c6c02d852abfadf4ba6e8467b6df64e0e97:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6668.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2008-6668
     cwe-id: CWE-22
     epss-score: 0.00573
-    epss-percentile: 0.67973
+    epss-percentile: 0.67979
     cpe: cpe:2.3:a:dirk_bartley:nweb2fax:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -45,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008e5c0f9509e8121d7f84c6ffece264072600e104bdde091e1dbf8332664e1045022100b48e955879ba56655e6a50bd6d2786913fbae9784e14826b4c03207615778389:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022029489f761e1bf8c19fc772bfd7bc076c83ba3710a141f8ab5b7f80d47f0ca614022020e2954e1bbf51234f1f182d9b3c6c6f7d7db9d178fe555a26848aad80e5a2f3:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-6982.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-6982
     cwe-id: CWE-79
     epss-score: 0.08587
-    epss-percentile: 0.92112
+    epss-percentile: 0.92117
     cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -51,4 +51,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402200880553a158963025b0e52c6ef9c86876f1e73d7d84ef4894cbab817855306ee0220031bcf74369629b092c88395132b08928576b63850766584df30517f0b46c8f3:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e6d1f0e33221c75142743a3da0e994642f07f59d1531e0ee7778c9a6f7d329fe022045ab7386a26689240123d4d847471e808d594623027d5f4b11e0e02376763267:922c64590222798bb761d5b6d8e72950

http/cves/2008/CVE-2008-7269.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-7269
     cwe-id: CWE-20
     epss-score: 0.03171
-    epss-percentile: 0.86521
+    epss-percentile: 0.86525
     cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:*
   metadata:
     verified: "true"
@@ -43,4 +43,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a00473045022016c3c87ec12896066229393842aa2ed9ca27fca94ae4a8efea6a28b46b012bab022100f7a79d885ff87e4cfc666baa1a1f4fb8b1f1cac1adc89c07be5fb04b2f8a9e06:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022060c6b75f26fd7e00042278ead7e21a1109d69aa7d411a19ec38444a64a6afb1c022100e06f5eb27ea1123d82cff50da08156186f19561b12de5f093f4b190acee5bdf8:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-0347.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2009-0347
     cwe-id: CWE-59
     epss-score: 0.03639
-    epss-percentile: 0.87467
+    epss-percentile: 0.87479
     cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -40,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 490a0046304402201d1c201c7f5dff0d949b94dc6b19ee842bda2af6537e8524fc1203c18bb20d350220703396261b1693452c80d8cf36c46eb1a0e0259d5fb7886dd319297587d8e1d3:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100a3281313a5c0bde52203c87cf3332fa3bbefc645503703a7665332f229301ab30221008eb6a77f43c94dde84fe9fdbc49d05a8b919a5eb978efb274d84a08d4680e393:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-0545.yaml

@@ -20,8 +20,8 @@ info:
     cvss-score: 10
     cve-id: CVE-2009-0545
     cwe-id: CWE-20
-    epss-score: 0.94134
-    epss-percentile: 0.99907
+    epss-score: 0.94006
+    epss-percentile: 0.99883
     cpe: cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a0046304402200234060c97ce6b563f00be797a2f65ea9db6429e07e1be281465b046bd6edfed02206424558216d047332054df5aeb4c7dbebdadb04fd0924e5017eb0c936754c9cd:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009d95530541d737bfb99a88ec6bcb71318aa34af4276c6425b3006277bd4856cb022100e6719ebd498e0e5c46c7f98582f8e675eefd51ae55d79700b1b1c4aef2fd3a7f:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-0932.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-0932
     cwe-id: CWE-22
     epss-score: 0.05612
-    epss-percentile: 0.90017
+    epss-percentile: 0.90025
     cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bcbccee0a6166de201fa428b268940669ce0d082b0478249c684aa9a77d18f2b02204c830c45badeaed2599cc016013fbf9c22d04cc0b4754f2457554188f3eb6013:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100bac1cf6fd6b80a706f0c17728c605e9bfe4adb318f1f249d34c58797e3ab2d57022100e44358b804a06f7994f123427f5828bd8efcbe4cc987bb6f214f069d8443c4e0:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-1496.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2009-1496
     cwe-id: CWE-22
     epss-score: 0.01473
-    epss-percentile: 0.80471
+    epss-percentile: 0.8049
     cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207d6ebbc46fded1afa9bfdf244e893db917fef5898a6168a9ae6f43102ffedf03022067ed50e8902cca1f0437ee4f0a37c7b89ecc375f6c81228de4f2136c9c745235:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e25e941829350f084b098b4d611386d08e1360580eae72172adf8f3e38e2e5b602204116d5b78e1d593f6b07e1ff344c29d0fd6a69453f4ed55a848b5c8a5bf7bc48:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-1558.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-1558
     cwe-id: CWE-22
     epss-score: 0.09101
-    epss-percentile: 0.92379
+    epss-percentile: 0.92384
     cpe: cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dff9dea5a1d3392126f2bd6a8cb72fc1fe3bc8fd5198dbc950068825e0460eb80221008aa256bd8088234677cb154d9c0b49bc7fadfc224d282bfc4d8b2fb6a6fe6157:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e4aef94d0a1a6dbbe606d3cef73946298ee442a7df259ce628a3b74504d157c6022100ca65c39c2a8560da0dcf08a6656299a7408a4e247bf72418350e34403f42ca00:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-1872.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-1872
     cwe-id: CWE-79
     epss-score: 0.08673
-    epss-percentile: 0.92156
+    epss-percentile: 0.92161
     cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -59,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210093da2b0ded3e6d5ab5c1bf8939069945c3e637e13743527c3c17e159b2922c8d022100d0cbbec49bc9a3876823bcebe10530803f60a7b4ae7936b62e7079fc57e7a206:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206195d2bc338b97d5980b739b3cba14d178c7156e11a1049fc1423cbb05ee86580220315dfc3d7a220635e1f7dadd35e297372f85e0889a3935561dd545bf36109f85:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-2015.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2009-2015
     cwe-id: CWE-22
     epss-score: 0.01674
-    epss-percentile: 0.81667
+    epss-percentile: 0.81678
     cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f7eec341fbaff2092964c8135afe18a025754ceaefb08d57a2ab1b766e04586f022100c84a8cdc45c77e46d4d4b4cce53b799bb2928e0afd5b5f732855ca85e77f5c67:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022004a48d2ee3d8d3cd28865a1535c86eb9417a3bbe38409df97366b36ca6ea2f090220472e06a9329024edc2f0e50cd0cc5023510ec0be3adb834ec986f1abea280651:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-2100.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2009-2100
     cwe-id: CWE-22
     epss-score: 0.01877
-    epss-percentile: 0.82643
+    epss-percentile: 0.82659
     cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -41,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100957fbdd32adbdba9382c14b53145a5bb63f9a98b6e2b65761f38cf3de646668402210083c78a2cd3d4c65ec0286dd175e2abb4b52db122d9fbd595f0724667179b449c:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008d87eb28acfafc98d40f9182c509b6ce137455c7cd3149329414d0c3516f47b1022100a2cfc6b82504fbb68ae3e90cadea0aa62605f6ec98b9b5c6192cbcb853b07828:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-3053.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-3053
     cwe-id: CWE-22
     epss-score: 0.01573
-    epss-percentile: 0.81079
+    epss-percentile: 0.81093
     cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202095bcce6fc06838c1962460ac0fdce131e0820c24ae14543547a5e82e90f48e022100cdcfda020e0b9f0c8a9a970ae0c54d2ea1e7b0fc03753066ab82b4bb1be9ca1a:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100af5af060a6b9ece3ed363111d60234490ba129348c2f854eb0f2d2d00cb5b0ed022100f6859ebe0dd362f82fd095e18235951b4af10bc6817d11c1c74ed196a46d0545:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-3318.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2009-3318
     cwe-id: CWE-22
     epss-score: 0.01442
-    epss-percentile: 0.80264
+    epss-percentile: 0.80282
     cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202634da17a95d0a2d97984f79595c033b38fc7c3b3bee4bd85ace26d8a90f719e022100f4b876fe5b13c3b63b6c9208d331d50ae96c1aa0370798eea1257461df04561c:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c2abbc4cbd78a0d1a5c5fe3a6349c31bc378d81e93ae798a8eaba84d092c02c1022100ab3a7841ffe4707554f38a3a1ea73159c2ace01caa2339dd28d296b5cb6de6d6:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-4202.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-4202
     cwe-id: CWE-22
     epss-score: 0.04947
-    epss-percentile: 0.89284
+    epss-percentile: 0.89293
     cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -48,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f3ec0f7a823e27cbef3cf532055a799f1fb379deedd07698b3bf3a29f4d644d2022100bb383e617d571aa0bbfd3af9b557b2407548de2feb4854a701d8e1fa62702dc2:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f52ba631d2bc895f685566e1d36bf666c788198edbcca1e8031758952ed06408022100bb3e0990176ff89fc2847b150680321065885b1c507133a8f4bb4a686adf7a2b:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-4223.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-4223
     cwe-id: CWE-94
     epss-score: 0.04261
-    epss-percentile: 0.8844
+    epss-percentile: 0.88447
     cpe: cpe:2.3:a:gianni_tommasi:kr-php_web_content_server:*:beta_2:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -44,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203e618107ab5be71c584d97640758db8b64a8cc5892ec2c73731d9c59654d27670221008a8fdb8e04bbbb779c29f7a92fe81c48f1c7ffd03b56eff8e591ec89ef76f534:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100fcba094f94ea03d029adb10f46f5eb999ff97122e5f2bbc41915a8bd53b4e6d70221008d673ba5bfeef29aa44430c057d127948f5dfd5b8fbe87692c2f81f3b76d970f:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-4679.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2009-4679
     cwe-id: CWE-22
     epss-score: 0.23302
-    epss-percentile: 0.95762
+    epss-percentile: 0.95767
     cpe: cpe:2.3:a:inertialfate:com_if_nexus:1.5:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220456bb978a8a1429bb6320fbcbcb8c4aa7a06dada7fb57744c3bb5be0cee2ba090221009aff48887039929e0522b60b85e6c6db7f46cf36b1c3cc4bd1a5da3f67497407:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009a1a8505c93440b316a0dccf36e22c6c9cbdf58d8575455fac70520afdff56b6022100bdb5e8cddcbd7c359a30470401bccb7d262efedbc80304119856fc4fda709c68:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-5020.yaml

@@ -18,7 +18,7 @@ info:
     cve-id: CVE-2009-5020
     cwe-id: CWE-20
     epss-score: 0.01389
-    epss-percentile: 0.79884
+    epss-percentile: 0.799
     cpe: cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -39,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502203cd55a73fff27c550dac22488ce9c405303da599cfae64f7fdc9527d47703ee9022100c55ad331e5ba88a5dcee892a3143967fb14d24d06640d986e9c8a648622843b0:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204c73f63bb4ccf74c0a2410bc6558802e0cfc21207b09a59afa46addbc9f27cda022100b7a5619e1e29eb308dbcd616b9d3bbe898c7097f3d4a5c8166fe5e888ff18d67:922c64590222798bb761d5b6d8e72950

http/cves/2009/CVE-2009-5114.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2009-5114
     cwe-id: CWE-22
     epss-score: 0.08663
-    epss-percentile: 0.92152
+    epss-percentile: 0.92157
     cpe: cpe:2.3:a:iwork:webglimpse:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022046e4449b738424e2b62bea0b8cee5e6aa73c0b6c7106029785c7610c1d8797c102200156da1fc2988701e4144f3ca68781929694f05ecb38658359ce884911bd044a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c1f70b486e9ff0984944c5c6ece865f6dd3dcbb15cae6dc4a70155b09df52334022013d02a5edf6cca632108fe6e975073ad797c53aa9f3c26df8867176139eabd57:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0157.yaml

@@ -19,7 +19,7 @@ info:
     cve-id: CVE-2010-0157
     cwe-id: CWE-22
     epss-score: 0.06394
-    epss-percentile: 0.90681
+    epss-percentile: 0.90695
     cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -46,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220379f97cbab0c6984fd5d695e07c61286eb96ad444a6cda95b5376b0f71f20dd50221008986956aedbe066ce4cfcd452b6adf5c30d84bb10d1e77506648a46539e67579:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022015a945bb924136011df92b735e28d24de24106ce61c39eb3963d6e80c6082e2f02201c2a81a5ba0eecd768e3d763f75e0b5c9dfee2bd6f61c46787ffc6cc8f108456:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0467.yaml

@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022072009c07defdac935ff37697ffa32d41cef70a77f6e57bc3dcb316a1432e4406022100d5fa8f040d1bdd47701600de947e832fd80c957cdf7852b74cc2a151b1578fae:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201c66734a12a9a02586a9ad489be33b2199028e06c60c2f702f123a610b185a3c022010d3d2a5a99a95e21c80b05a3a89610fb0191115640d7c5bdc15d26840ba6a2f:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0696.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2010-0696
     cwe-id: CWE-22
     epss-score: 0.25498
-    epss-percentile: 0.96028
+    epss-percentile: 0.96033
     cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009eef439beef50adf87923450c42a7a9829cea22f024a0c0900fa164939aadbb4022100ccb037b15688366d63dd243fe7c9dad572b7a49cbb2332e2ae2451dac0988b60:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e832a4e23e2d937d311b9e78ad33abc9df5d200a2c2fd741391403b40b9e9fe2022054e1d8b31d55ec8c6c35bfd39aa8fab7fb1b0019aada7b0f1e4c6703fde52b88:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0759.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2010-0759
     cwe-id: CWE-22
     epss-score: 0.06605
-    epss-percentile: 0.90841
+    epss-percentile: 0.90854
     cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022017c4fa3f8c595eb8fa4c6565c6a013b7936cc6d05584a7de91edcd51b0afee22022100db0baf3ee18948970ee3fc772f521256a9f266762463d42d72567516b85b0e18:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e3230b0c4c2a8bcb01307a089aaecfd520acc62573489672f628aa7e1f032e950220013f635049c5922407af36d41a3b56d3cbe584d56b6a9daf782cf3cbad20b4d9:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0942.yaml

@@ -19,8 +19,8 @@ info:
     cvss-score: 5
     cve-id: CVE-2010-0942
     cwe-id: CWE-22
-    epss-score: 0.04088
-    epss-percentile: 0.88205
+    epss-score: 0.1146
+    epss-percentile: 0.93355
     cpe: cpe:2.3:a:jvideodirect:com_jvideodirect:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220581a554980036130fed8a8b9264122faff2cdf9e54254c105bf95dd881a8a17d022100d92abba6d9f9473e3abb6827857ca779ec769f6d7d66061daed77b74351071ad:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220035f405746decef7243b4261c084a7c782ef8caf03daefeb7fb6d39f766ac6ad022077350ef5a782415dbc1d66fcd04414248114b4bf82483245a23d7dd911171232:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0943.yaml

@@ -19,8 +19,8 @@ info:
     cvss-score: 5
     cve-id: CVE-2010-0943
     cwe-id: CWE-22
-    epss-score: 0.01978
-    epss-percentile: 0.83098
+    epss-score: 0.14795
+    epss-percentile: 0.94278
     cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204e8aa992533291ba97e06f804ad2508b2de05114c565b6aaa2181bdad41e9d2b0220496c6372aae31f8a2ca66bdd6a8a34abd3c9f9ec0802c097865016995375ebe7:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402202f6b34cd30a3ffc3cfbc2ca1caac1671f8cbffbd8c0dce29aac905a2805b6dad022032e0681548ac45a7d43a0fa7d5d61a111575999f2cf267c1fb9b7ac979bfe12a:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0944.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2010-0944
     cwe-id: CWE-22
     epss-score: 0.01386
-    epss-percentile: 0.79869
+    epss-percentile: 0.79886
     cpe: cpe:2.3:a:thorsten_riess:com_jcollection:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210092bc9bcf9e57bbf79922ecf243587006040163631f07ba984f44ed383ac9f30302210081a300bc9985be9fdbde5ba7fa6f4567fb251ab2d46acaed3147c4398f13d919:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ff63d8a560f2a73b5a016b666d0923726093611b55f788d1344c0df1f103191a0220663ac4ccf285ab36f84a937bf8c2f7d15472b64ffc9d3194b8bbdafb362ce12d:922c64590222798bb761d5b6d8e72950

http/cves/2010/CVE-2010-0972.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2010-0972
     cwe-id: CWE-22
     epss-score: 0.04611
-    epss-percentile: 0.88887
+    epss-percentile: 0.88894
     cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008f72bf8fcb8a974114a13fe237dbc94d7c7b65c65d7a012b338a1271b0ccfb09022100adc460c30b5458e94d2d84e341cd2dbf4b509830197cc311759c53cba7f6cd25:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100d133b477f9c30403fd37358db1349c93fc1b38c9f25407cc3bba40a9511ae11b022100a2dd160e1cfc514b21b46c4b20077120e0336abdbb85333f83e847ec09d6559c:922c64590222798bb761d5b6d8e72950