admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-22 12:31:44 +00:00
parent 337b811a4f
commit 3dcce1ceeb
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cves.json
View File

@@ -1013,6 +1013,7 @@
{"ID":"CVE-2020-14882","Info":{"Name":"Oracle Weblogic Server - Remote Command Execution","Severity":"critical","Description":"Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14882.yaml"}
{"ID":"CVE-2020-14883","Info":{"Name":"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution","Severity":"high","Description":"The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-14883.yaml"}
{"ID":"CVE-2020-15050","Info":{"Name":"Suprema BioStar \u003c2.8.2 - Local File Inclusion","Severity":"high","Description":"Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-15050.yaml"}
{"ID":"CVE-2020-15081","Info":{"Name":"PrestaShop \u003c 1.7.6.6 - Information Exposure via Upload Directory","Severity":"low","Description":"PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-15081.yaml"}
{"ID":"CVE-2020-15129","Info":{"Name":"Traefik - Open Redirect","Severity":"medium","Description":"Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2020/CVE-2020-15129.yaml"}
{"ID":"CVE-2020-15148","Info":{"Name":"Yii 2 \u003c 2.0.38 - Remote Code Execution","Severity":"critical","Description":"Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-15148.yaml"}
{"ID":"CVE-2020-15227","Info":{"Name":"Nette Framework - Remote Code Execution","Severity":"critical","Description":"Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-15227.yaml"}
@@ -3568,6 +3569,7 @@
{"ID":"CVE-2025-52488","Info":{"Name":"DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure","Severity":"high","Description":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2025/CVE-2025-52488.yaml"}
{"ID":"CVE-2025-52665","Info":{"Name":"UniFi Access - Broken Access Control","Severity":"critical","Description":"UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-52665.yaml"}
{"ID":"CVE-2025-52691","Info":{"Name":"SmarterMail - Unrestricted File Upload","Severity":"critical","Description":"Mail server contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload arbitrary files to any location, potentially enabling remote code execution.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-52691.yaml"}
{"ID":"CVE-2025-52694","Info":{"Name":"Advantech WISE-IoTSuite/SaaS - SQL Injection","Severity":"critical","Description":"Advantech WISE-IoTSuite/SaaS Composer suffers from an unauthenticated SQL Injection vulnerability due to the unsafe use of the `filename` parameter within the URL path in PostgreSQL queries. Remote attackers can exploit this flaw by injecting SQL code (such as the use of `pg_sleep` for time delays) to verify the vulnerability, and may gain further impact such as Remote Code Execution (RCE) depending on the privileges granted to the database user.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-52694.yaml"}
{"ID":"CVE-2025-5287","Info":{"Name":"Likes and Dislikes Plugin \u003c= 1.0.0 - Unauthenticated SQL Injection","Severity":"high","Description":"The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-5287.yaml"}
{"ID":"CVE-2025-52970","Info":{"Name":"Fortinet FortiWeb - Authentication Bypass to Admin Privilege","Severity":"high","Description":"A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2025/CVE-2025-52970.yaml"}
{"ID":"CVE-2025-5301","Info":{"Name":"ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting","Severity":"medium","Description":"ONLYOFFICE Docs (DocumentServer) \u003c= 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2025/CVE-2025-5301.yaml"}
@@ -3591,6 +3593,7 @@
{"ID":"CVE-2025-55182","Info":{"Name":"React Server Components - Remote Code Execution","Severity":"critical","Description":"React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel,\nreact-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused\nby unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting\nunauthenticated attackers execute arbitrary code remotely, exploit requires no authentication.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-55182.yaml"}
{"ID":"CVE-2025-55184","Info":{"Name":"React Server Components - Denial of Service","Severity":"high","Description":"React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause denial of service by hanging the server process.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-55184.yaml"}
{"ID":"CVE-2025-55190","Info":{"Name":"ArgoCD Project API Token Repository Credentials Exposure","Severity":"critical","Description":"Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials\n(usernames, passwords) through the project details API endpoint, even when the token only has standard\napplication management permissions and no explicit access to secrets. This vulnerability affects versions\nv2.2.0-rc1 and later, including 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12,\nand 3.1.0-rc1 through 3.1.1. Any token with project get permissions is vulnerable, including global permissions.\nNote: This template requires valid ArgoCD credentials (username/password) to test the vulnerability.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2025/CVE-2025-55190.yaml"}
{"ID":"CVE-2025-55303","Info":{"Name":"Astro - Unauthorized Third-Party Image Access","Severity":"medium","Description":"Astro \u003c 5.13.2 and \u003c 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2025/CVE-2025-55303.yaml"}
{"ID":"CVE-2025-55523","Info":{"Name":"Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download","Severity":"high","Description":"Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/download_work_dir_file.py, letting attackers access unauthorized files, exploit requires crafted request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-55523.yaml"}
{"ID":"CVE-2025-5569","Info":{"Name":"IdeaCMS \u003c= 1.7 - SQL Injection","Severity":"critical","Description":"IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-5569.yaml"}
{"ID":"CVE-2025-55747","Info":{"Name":"XWiki Platform - Information Disclosure","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2025/CVE-2025-55747.yaml"}
@@ -3643,6 +3646,7 @@
{"ID":"CVE-2025-6970","Info":{"Name":"WordPress Events Manager \u003c= 7.0.3 - SQL Injection","Severity":"critical","Description":"The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-6970.yaml"}
{"ID":"CVE-2025-7160","Info":{"Name":"Zoo Management System 1.0 - SQL Injection","Severity":"critical","Description":"Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-7160.yaml"}
{"ID":"CVE-2025-8085","Info":{"Name":"Ditty \u003c 3.1.58 - Server-Side Request Forgery","Severity":"high","Description":"The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-8085.yaml"}
{"ID":"CVE-2025-8110","Info":{"Name":"Gogs \u003c= 0.13.3 - Remote Code Execution","Severity":"high","Description":"Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a symlink pointing to sensitive targets, leading to remote code execution. As of December 2025, this remains an unpatched zero-day with active exploitation ongoing. Approximately 1,400 exposed Gogs instances exist, with over 700 showing signs of compromise. The vulnerability stems from the API writing to file paths without checking if targets are symlinks pointing outside the repository. Gogs maintainers are working on a fix.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2025/CVE-2025-8110.yaml"}
{"ID":"CVE-2025-8848","Info":{"Name":"LibreChat \u003c= 0.7.9 - HTML Injection via Accept-Language Header","Severity":"medium","Description":"danny-avila/librechat 0.7.9 contains a stored XSS caused by improper sanitization of the Accept-Language header, letting logged-in users inject arbitrary HTML into the html lang= tag, exploit requires user to be logged in.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2025/CVE-2025-8848.yaml"}
{"ID":"CVE-2025-8868","Info":{"Name":"Chef Automate \u003c 4.13.295 — SQL Injection","Severity":"critical","Description":"In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-8868.yaml"}
{"ID":"CVE-2025-8943","Info":{"Name":"Flowise \u003c 3.0.1 - Remote Command Execution","Severity":"critical","Description":"The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-8943.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
d29f1a2f282fdf062c4d86fd9098bc17
712f16ab2ec04500df2a1268d0c8a181