admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-12 23:30:51 +00:00
parent cbd66ba25c
commit 9fd5884b36
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@@ -3486,7 +3486,7 @@
{"ID":"CVE-2025-3515","Info":{"Name":"Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload","Severity":"high","Description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2025/CVE-2025-3515.yaml"}
{"ID":"CVE-2025-3605","Info":{"Name":"WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation","Severity":"critical","Description":"Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress (versions \u003c= 1.0.7). An unauthenticated attacker can exploit the AJAX endpoint flr_blocks_user_settings_handle_ajax_callback() to change the administrator's email address. Subsequently, the attacker can use the \"Forgot Password\" feature to reset the administrator's password, thereby gaining unauthorized access to the admin account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-3605.yaml"}
{"ID":"CVE-2025-36604","Info":{"Name":"Dell UnityVSA \u003c 5.5 - Remote Command Injection","Severity":"critical","Description":"Dell Unity, version(s) 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-36604.yaml"}
{"ID":"CVE-2025-37164","Info":{"Name":"HPE OneView - Remote Code Execution","Severity":"critical","Description":"HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code, exploit requires unspecified conditions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-37164.yaml"}
{"ID":"CVE-2025-37164","Info":{"Name":"HPE OneView - Remote Code Execution","Severity":"critical","Description":"HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-37164.yaml"}
{"ID":"CVE-2025-4008","Info":{"Name":"MeteoBridge \u003c= 6.1 - Remote Code Execution","Severity":"high","Description":"The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-4008.yaml"}
{"ID":"CVE-2025-4009","Info":{"Name":"Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection","Severity":"critical","Description":"The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ewb by Evertz.This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2025/CVE-2025-4009.yaml"}
{"ID":"CVE-2025-40630","Info":{"Name":"IceWarp Mail Server ≤11.4.0 - Open Redirect","Severity":"medium","Description":"IceWarp Mail Server version 11.4.0 and below contains an open redirect vulnerability that allows attackers to redirect users to arbitrary external domains through malicious URLs.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2025/CVE-2025-40630.yaml"}