admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 07:43:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2025-11-26 08:34:18 +00:00
parent 19e9599ef3
commit 4b3f3ffe6a
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -1679,6 +1679,7 @@
{"ID":"CVE-2021-44515","Info":{"Name":"Zoho ManageEngine Desktop Central - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44515.yaml"}
{"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"}
{"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"}
{"ID":"CVE-2021-4462","Info":{"Name":"Employee Records System 1.0 - Unauthenticated File Upload RCE","Severity":"critical","Description":"Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-4462.yaml"}
{"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"}
{"ID":"CVE-2021-44910","Info":{"Name":"SpringBlade - Information Leakage","Severity":"high","Description":"SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-44910.yaml"}
{"ID":"CVE-2021-45027","Info":{"Name":"Oliver 5 Library Server \u003c8.00.008.053 - Local File Inclusion","Severity":"high","Description":"Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45027.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
a8f8707a5ba704eb87ed0af91bf14b37
11e24934bca31ac67239d9bb87f6cead