chore: generate CVEs metadata 🤖

cves.json

@@ -3288,6 +3288,7 @@
 {"ID":"CVE-2024-6205","Info":{"Name":"PayPlus Payment Gateway \u003c 6.6.9 - SQL Injection","Severity":"critical","Description":"The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6205.yaml"}
 {"ID":"CVE-2024-6220","Info":{"Name":"WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload","Severity":"critical","Description":"The Keydatas plugin for WordPress (known in Chinese as \"简数采集器\") is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatas_downloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server — potentially leading to remote code execution, site takeover, or other severe compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6220.yaml"}
 {"ID":"CVE-2024-6235","Info":{"Name":"NetScaler Console - Sensitive Information Disclosure","Severity":"critical","Description":"Sensitive information disclosure in NetScaler Console\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6235.yaml"}
+{"ID":"CVE-2024-6250","Info":{"Name":"LOLLMS WebUI - Absolute Path Traversal","Severity":"high","Description":"An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the open_file endpoint of lollms_advanced.py. The sanitize_path function with allow_absolute_path=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6250.yaml"}
 {"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
 {"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
 {"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-e8c9881657fcc865d7327bd06791f9c7
+cb11ebe30a670daeda50ac79f6ccc072