From a115379982dd67cb6f6b77fe67630fc6247c8613 Mon Sep 17 00:00:00 2001 From: ghost Date: Wed, 21 Jan 2026 08:55:47 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index dafb28c5241..bc2fc73386e 100644 --- a/cves.json +++ b/cves.json @@ -2227,6 +2227,7 @@ {"ID":"CVE-2022-41412","Info":{"Name":"perfSONAR 4.x \u003c= 4.4.4 - Server-Side Request Forgery","Severity":"high","Description":"An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-41412.yaml"} {"ID":"CVE-2022-41441","Info":{"Name":"ReQlogic v11.3 - Cross Site Scripting","Severity":"medium","Description":"ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41441.yaml"} {"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"} +{"ID":"CVE-2022-41697","Info":{"Name":"Ghost CMS - User Enumeration","Severity":"medium","Description":"Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-41697.yaml"} {"ID":"CVE-2022-41800","Info":{"Name":"F5 BIG-IP Appliance Mode - Command Injection","Severity":"high","Description":"When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2022/CVE-2022-41800.yaml"} {"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"} {"ID":"CVE-2022-42094","Info":{"Name":"Backdrop CMS version 1.23.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42094.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index f7aa2be18db..4cd560ba941 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -efd714bb30f3edb79c8b0a68bbdd6e20 +517651b6db97053f1aa7cbb34d3e45b3