admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-29 07:38:40 +00:00
parent 3e02283ebf
commit 365ed13442
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@@ -2050,6 +2050,7 @@
{"ID":"CVE-2022-28666","Info":{"Name":"Custom Product Tabs for WooCommerce \u003c 1.7.8 - Unauthenticated Toggle Content Setting Update","Severity":"medium","Description":"YIKES Inc. Custom Product Tabs for WooCommerce plugin \\u003C= 1.7.7 contains a broken access control caused by improper permission checks in \u0026yikes-the-content-toggle option update, letting attackers modify content without authorization.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-28666.yaml"}
{"ID":"CVE-2022-28923","Info":{"Name":"Caddy 2.4.6 - Open Redirect","Severity":"medium","Description":"Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-28923.yaml"}
{"ID":"CVE-2022-28955","Info":{"Name":"D-Link DIR-816L - Improper Access Control","Severity":"high","Description":"D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-28955.yaml"}
{"ID":"CVE-2022-28987","Info":{"Name":"Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-28987.yaml"}
{"ID":"CVE-2022-29004","Info":{"Name":"Diary Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29004.yaml"}
{"ID":"CVE-2022-29005","Info":{"Name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","Severity":"medium","Description":"Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-29005.yaml"}
{"ID":"CVE-2022-29006","Info":{"Name":"Directory Management System 1.0 - SQL Injection","Severity":"critical","Description":"Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29006.yaml"}
@@ -3238,6 +3239,7 @@
{"ID":"CVE-2024-52763","Info":{"Name":"Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the \"g\" parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-52763.yaml"}
{"ID":"CVE-2024-52875","Info":{"Name":"Kerio Control v9.2.5 - CRLF Injection","Severity":"high","Description":"Kerio Control, formerly known as Kerio WinRoute Firewall, has been found vulnerable to multiple HTTP Response Splitting vulnerabilities in product affecting versions 9.2.5\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-52875.yaml"}
{"ID":"CVE-2024-5315","Info":{"Name":"Dolibarr ERP CMS `list.php` - SQL Injection","Severity":"critical","Description":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5315.yaml"}
{"ID":"CVE-2024-5333","Info":{"Name":"WordPress Events Calendar 6.8.2.1 - Information Disclosure","Severity":"medium","Description":"The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5333.yaml"}
{"ID":"CVE-2024-5334","Info":{"Name":"Devika - Local File Inclusion","Severity":"high","Description":"A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-5334.yaml"}
{"ID":"CVE-2024-53704","Info":{"Name":"SSL VPN Session Hijacking","Severity":"critical","Description":"An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-53704.yaml"}
{"ID":"CVE-2024-53900","Info":{"Name":"Mongoose \u003c 8.8.3 - Remote Code Execution","Severity":"critical","Description":"Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-53900.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
5c3dbe28bf016b85cf56d06f9e859ba8
e8c9881657fcc865d7327bd06791f9c7