admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-20 14:50:15 +00:00
parent e31d039244
commit 3d3e59b99d
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -2939,6 +2939,7 @@
{"ID":"CVE-2024-22476","Info":{"Name":"Intel Neural Compressor \u003c2.5.0 - SQL Injection","Severity":"critical","Description":"Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-22476.yaml"} {"ID":"CVE-2024-22476","Info":{"Name":"Intel Neural Compressor \u003c2.5.0 - SQL Injection","Severity":"critical","Description":"Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-22476.yaml"}
{"ID":"CVE-2024-22729","Info":{"Name":"Netis MW5360 V1.0.1.3031 - Command Injection","Severity":"critical","Description":"NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22729.yaml"} {"ID":"CVE-2024-22729","Info":{"Name":"Netis MW5360 V1.0.1.3031 - Command Injection","Severity":"critical","Description":"NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22729.yaml"}
{"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"} {"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"}
{"ID":"CVE-2024-23055","Info":{"Name":"Plone Docker - Host Header Injection","Severity":"medium","Description":"Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting (XSS) attacks when the malicious Host header value is reflected in the response.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-23055.yaml"}
{"ID":"CVE-2024-23163","Info":{"Name":"GestSup - Account Takeover","Severity":"critical","Description":"GestSup contains an authentication bypass vulnerability allowing attackers to take over user accounts, leading to full compromise including data disclosure and modification.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23163.yaml"} {"ID":"CVE-2024-23163","Info":{"Name":"GestSup - Account Takeover","Severity":"critical","Description":"GestSup contains an authentication bypass vulnerability allowing attackers to take over user accounts, leading to full compromise including data disclosure and modification.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23163.yaml"}
{"ID":"CVE-2024-23167","Info":{"Name":"GestSup - Cross-Site Scripting","Severity":"high","Description":"GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-23167.yaml"} {"ID":"CVE-2024-23167","Info":{"Name":"GestSup - Cross-Site Scripting","Severity":"high","Description":"GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-23167.yaml"}
{"ID":"CVE-2024-2330","Info":{"Name":"NS-ASG Application Security Gateway 6.3 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2330.yaml"} {"ID":"CVE-2024-2330","Info":{"Name":"NS-ASG Application Security Gateway 6.3 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2330.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
de09d4f1905b23e1c703bbfa0c602b2d 47b9371f093f3cb2561bbdef1c583c13