admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-21 08:26:26 +00:00
parent bfc4f8bae4
commit 6b9dbce21b
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -3647,6 +3647,7 @@
{"ID":"CVE-2025-9985","Info":{"Name":"Featured Image from URL (FIFU) \u003c= 5.2.7 - Unauthenticated Information Exposure via Log File","Severity":"medium","Description":"The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-9985.yaml"}
{"ID":"CVE-2026-21858","Info":{"Name":"n8n Webhooks - Remote Code Execution","Severity":"critical","Description":"n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2026/CVE-2026-21858.yaml"}
{"ID":"CVE-2026-23550","Info":{"Name":"Modular DS - Broken Access Control","Severity":"high","Description":"Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2026/CVE-2026-23550.yaml"}
{"ID":"CVE-2020-26935","Info":{"Name":"phpMyAdmin \u003c 5.0.3 - SQL Injection","Severity":"critical","Description":"phpMyAdmin before 4.9.6 and 5.x before 5.0.3 contains a SQL injection caused by improper processing of SQL statements in the search feature, letting attackers inject malicious SQL, exploit requires crafted search input.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/CVE-2020-26935.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2004-0437","Info":{"Name":"Titan FTP Server 3.01 - DoS via LIST Command Disconnection","Severity":"medium","Description":"Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting, leading to server instability.\n","Classification":{"CVSSScore":"5"}},"file_path":"network/cves/2004/CVE-2004-0437.yaml"}
{"ID":"CVE-2004-0656","Info":{"Name":"Pure-FTPd ≤ 1.0.18 - DoS via Connection Limit Exhaustion","Severity":"medium","Description":"Pure-FTPd versions ≤ 1.0.18 are vulnerable to denial of service through connection limit exhaustion. The vulnerability occurs in the accept_client function when the maximum number of connections is exceeded, potentially causing the server to become unresponsive or crash.\n","Classification":{"CVSSScore":"5"}},"file_path":"network/cves/2004/CVE-2004-0656.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
47b9371f093f3cb2561bbdef1c583c13
e488ff5b1015cf75837cf3463ec4f8f8