admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-21 08:57:17 +00:00
parent 6225ce1f1b
commit 951c47da54
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@@ -1109,6 +1109,7 @@
{"ID":"CVE-2020-26876","Info":{"Name":"WordPress WP Courses Plugin Information Disclosure","Severity":"high","Description":"WordPress WP Courses Plugin \u003c 2.0.29 contains a critical information disclosure which exposes private course videos and materials.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-26876.yaml"}
{"ID":"CVE-2020-26879","Info":{"Name":"Ruckus vRioT IoT Controller - Authentication Bypass","Severity":"critical","Description":"Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validate_token.py,letting unauthenticated attackers interact with the API without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26879.yaml"}
{"ID":"CVE-2020-26919","Info":{"Name":"NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution","Severity":"critical","Description":"NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26919.yaml"}
{"ID":"CVE-2020-26935","Info":{"Name":"phpMyAdmin \u003c 5.0.3 - SQL Injection","Severity":"critical","Description":"phpMyAdmin before 4.9.6 and 5.x before 5.0.3 contains a SQL injection caused by improper processing of SQL statements in the search feature, letting attackers inject malicious SQL, exploit requires crafted search input.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26935.yaml"}
{"ID":"CVE-2020-26948","Info":{"Name":"Emby \u003c 4.5.0 - Server Server-Side Request Forgery","Severity":"critical","Description":"Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-26948.yaml"}
{"ID":"CVE-2020-27191","Info":{"Name":"LionWiki \u003c3.2.12 - Local File Inclusion","Severity":"high","Description":"LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27191.yaml"}
{"ID":"CVE-2020-2733","Info":{"Name":"JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure","Severity":"critical","Description":"JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-2733.yaml"}
@@ -3649,7 +3650,6 @@
{"ID":"CVE-2025-9985","Info":{"Name":"Featured Image from URL (FIFU) \u003c= 5.2.7 - Unauthenticated Information Exposure via Log File","Severity":"medium","Description":"The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-9985.yaml"}
{"ID":"CVE-2026-21858","Info":{"Name":"n8n Webhooks - Remote Code Execution","Severity":"critical","Description":"n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2026/CVE-2026-21858.yaml"}
{"ID":"CVE-2026-23550","Info":{"Name":"Modular DS - Broken Access Control","Severity":"high","Description":"Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2026/CVE-2026-23550.yaml"}
{"ID":"CVE-2020-26935","Info":{"Name":"phpMyAdmin \u003c 5.0.3 - SQL Injection","Severity":"critical","Description":"phpMyAdmin before 4.9.6 and 5.x before 5.0.3 contains a SQL injection caused by improper processing of SQL statements in the search feature, letting attackers inject malicious SQL, exploit requires crafted search input.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/CVE-2020-26935.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2004-0437","Info":{"Name":"Titan FTP Server 3.01 - DoS via LIST Command Disconnection","Severity":"medium","Description":"Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting, leading to server instability.\n","Classification":{"CVSSScore":"5"}},"file_path":"network/cves/2004/CVE-2004-0437.yaml"}
{"ID":"CVE-2004-0656","Info":{"Name":"Pure-FTPd ≤ 1.0.18 - DoS via Connection Limit Exhaustion","Severity":"medium","Description":"Pure-FTPd versions ≤ 1.0.18 are vulnerable to denial of service through connection limit exhaustion. The vulnerability occurs in the accept_client function when the maximum number of connections is exceeded, potentially causing the server to become unresponsive or crash.\n","Classification":{"CVSSScore":"5"}},"file_path":"network/cves/2004/CVE-2004-0656.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
517651b6db97053f1aa7cbb34d3e45b3
966d5ddebac5dba1b02d595b42596c2c