Merge branch 'main' into patch-70

2026-01-31 15:53:33 +08:00 · 2026-01-20 12:04:54 +07:00
parent e681baa00d 02416690c1
commit da7a8d82e2
2625 changed files with 8930 additions and 7961 deletions
--- a/headless/cves/2018/CVE-2018-25031.yaml
+++ b/headless/cves/2018/CVE-2018-25031.yaml
@@ -56,4 +56,4 @@ headless:
        words:
          - "swagger"
        case-insensitive: true
-# digest: 4b0a00483046022100dea89bdab25fa4a9bd2298154c881a27e943d41b2f52ea13a946c3fcf3a7a6d5022100d8b5bb841b8f4c523bc841f60295f8cd58f101fc262031cb2c25ce974d43131e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100de2238b2df33e770f5591f7d68a9af302a75da2b6f347941e1170e8744a75a6202201675d4e1d6b2ba66fe2be65c5bc705365ef2667bd1e7670e997f7f669fa00a31:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2022/CVE-2022-29455-headless.yaml
+++ b/headless/cves/2022/CVE-2022-29455-headless.yaml
@@ -22,7 +22,7 @@ info:
    cve-id: CVE-2022-29455
    cwe-id: CWE-79
    epss-score: 0.52986
-    epss-percentile: 0.97866
+    epss-percentile: 0.97862
    cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
@@ -52,4 +52,4 @@ headless:
        words:
          - "elementor"
        case-insensitive: true
-# digest: 490a004630440220741319307affb573d1fc1f2c716307baa784d83b976ac99c4b21e1957f97ce7e02207896dbdc4944fa8b04ada67c0362790269bb0322ace9ee18fb098bf2bb2011c7:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ecbf788ebf1ff9c7cad2532fa0f399085f586438aaea1375e4eedc5eb47bf6c8022034ec9d8faa395a546414e224e131f823ac685f330dec7fffaf31e7d84a19e692:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2024/CVE-2024-29882.yaml
+++ b/headless/cves/2024/CVE-2024-29882.yaml
@@ -18,8 +18,8 @@ info:
    cvss-score: 7.2
    cve-id: CVE-2024-29882
    cwe-id: CWE-79
-    epss-score: 0.07333
-    epss-percentile: 0.91434
+    epss-score: 0.07702
+    epss-percentile: 0.91656
  metadata:
    verified: true
    max-request: 1
@@ -50,4 +50,4 @@ headless:
          - "ConnectSRS</a>"
        condition: or
        case-insensitive: true
-# digest: 4a0a00473045022022d730cf7f3a71c15147da0196d0571860dadee59f974d6213917ea17d455f26022100ea68d97d24d5aafd88d5bf6f88101c2ae11d93d148cba02671063fcaa916850f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ba54bd1d593f52a8107bb712f89e86be651f41f79c889cc9c9a1d62870ab3b2702202da882b46fc01a30ae3dd403e58df318b4329e33c557f9243f2852eb252fe969:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2024/CVE-2024-38526.yaml
+++ b/headless/cves/2024/CVE-2024-38526.yaml
@@ -21,7 +21,7 @@ info:
    cvss-score: 7.2
    cve-id: CVE-2024-38526
    epss-score: 0.82064
-    epss-percentile: 0.99171
+    epss-percentile: 0.99173
  tags: cve,cve2024,supply-chain,polyfill,vkev,vuln
 headless:
  - steps:
@@ -60,4 +60,4 @@ headless:
          - "union.macoms.la"
          - "newcrbpc.com"
        part: urls
-# digest: 4a0a004730450221008ff6ba38eb2eac1b5d31c9a82439238342f98f9ad6a979b81f09768b27defc89022016d744748b2e29786178ededcec128fa57e33ce615934eb18b7622ccbb18a1d1:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100eba2ec6e7f881272e7869125ada9c0e2b0467de496cf54a8cf9f6ba4fff5dd53022100e2ae72329cf6f91a9a0020d8f1b079b0e84db874a168f81d5ab21e3c6ef62f5a:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2025/CVE-2025-24752.yaml
+++ b/headless/cves/2025/CVE-2025-24752.yaml
@@ -16,7 +16,7 @@ info:
    - https://github.com/Sachinart/essential-addons-for-elementor-xss-poc/blob/main/poc.py
  classification:
    epss-score: 0.03042
-    epss-percentile: 0.8628
+    epss-percentile: 0.86275
  metadata:
    verified: true
    max-request: 1
@@ -46,4 +46,4 @@ headless:
        words:
          - "{{random_int}}"
        case-insensitive: true
-# digest: 4b0a00483046022100dba65c1c8871f4bdb586d2588baf12890de0801b29353b93d99a36dc30294ba9022100b8c5322c972ce7764b61db3f90c6cafde42900b4c7bb4ef3451ec60c98b27f3f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100a84fbf672f75228c5e86cc6692c20dc1983b31d669561413ca83520020f82860022100eec0ee7000c234f4b50720d9e359b312c8eb212698441fb2b4ddcd71c433bdcb:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2025/CVE-2025-25062.yaml
+++ b/headless/cves/2025/CVE-2025-25062.yaml
@@ -21,7 +21,7 @@ info:
    cve-id: CVE-2025-25062
    cwe-id: CWE-79
    epss-score: 0.34064
-    epss-percentile: 0.96841
+    epss-percentile: 0.96843
    cpe: cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*
  metadata:
    max-request: 7
@@ -190,4 +190,4 @@ headless:
        dsl:
          - reflected_text_xss_type
          - reflected_text_xss_message
-# digest: 490a004630440220517b5614892603cfe4e198a0fa7bce14527a437281e8e1d991921fae5b4d2880022013625da405adee1ac167e7dc38f17994b52b7080fd6aaf2ed4fdff607fccdf39:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220663b86324e6fbbfa794be77cbb8d081e696a78b217770782eace8407c9b0312a0221008af85345867a5f124048338f2af50aaf206c0f94bfefd4fc43ca77334f04815a:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml
+++ b/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml
@@ -20,7 +20,7 @@ info:
    cve-id: CVE-2025-29927
    cwe-id: CWE-285
    epss-score: 0.92896
-    epss-percentile: 0.9976
+    epss-percentile: 0.99759
  metadata:
    vendor: vercel
    product: Next.js
@@ -59,4 +59,4 @@ headless:
          - "compare_versions(nextjs_version, '> 14.0.0', '< 14.2.25')"
          - "compare_versions(nextjs_version, '> 15.0.0', '< 15.2.3')"
        condition: or
-# digest: 4b0a0048304602210089c51e9cf021e6dddb3d06594a3203e755603bcffc75da78d57cf0fe3d523657022100ec6cd89ab622b3a92780317c83b20f933f6c6f0fd95dd71abf127413378c9270:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022057328f1735bddb77893eb0c5db962ac47a2a9204562b97dc4d4b70d8093b0802022100880d18fa1d58320ab5d4e30929c2dfad08b3c72801daf64df45fea2b3f98eb3f:922c64590222798bb761d5b6d8e72950
--- a/headless/cves/2025/CVE-2025-8191.yaml
+++ b/headless/cves/2025/CVE-2025-8191.yaml
@@ -18,8 +18,8 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2025-8191
    cwe-id: CWE-79
-    epss-score: 0.01065
-    epss-percentile: 0.77231
+    epss-score: 0.01078
+    epss-percentile: 0.77351
    cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
  metadata:
    verified: true
@@ -69,4 +69,4 @@ headless:
        words:
          - "swagger"
        case-insensitive: true
-# digest: 4a0a00473045022060bb31b4012db4c88a4b4536fcefa690ccf1c09a2ee896419fdf6f351f6582760221008b0f54c07b29dab2e4522cde8dbb6b3fed89de56fb674e993e30cd9182d6eda1:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201c163196cd7c99e7599c4d686f2c114e969aee6420cc8d4d766a02b087fa7c1602207de0e21e5acc26636b3ddfbabb9628d4e33d357e7266c95d416fc8811e55fb44:922c64590222798bb761d5b6d8e72950