admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-14 04:29:07 +00:00
parent 02e160a009
commit dd103c1812
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -3513,6 +3513,7 @@
{"ID":"CVE-2025-45985","Info":{"Name":"Blink Router - Command Injection","Severity":"critical","Description":"Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-45985.yaml"}
{"ID":"CVE-2025-4632","Info":{"Name":"Samsung MagicINFO 9 Server - File Upload \u0026 Remote Code Execution","Severity":"critical","Description":"Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-4632.yaml"}
{"ID":"CVE-2025-46349","Info":{"Name":"YesWiki Reflected XSS via File Upload","Severity":"high","Description":"YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2025/CVE-2025-46349.yaml"}
{"ID":"CVE-2025-46549","Info":{"Name":"YesWiki \u003c= 4.5.1 - Cross-Site Scripting","Severity":"medium","Description":"YesWiki \u003c= 4.5.1 contains a reflected cross-site scripting caused by insufficient sanitization in user input, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-46549.yaml"}
{"ID":"CVE-2025-46550","Info":{"Name":"YesWiki \u003c 4.5.4 - Cross-Site Scripting","Severity":"medium","Description":"YesWiki \u003c 4.5.4 contains a reflected cross-site scripting caused by unsanitized `idformulaire` parameter in `/?BazaR` endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2025/CVE-2025-46550.yaml"}
{"ID":"CVE-2025-46554","Info":{"Name":"XWiki REST API - Attachments Disclosure","Severity":"high","Description":"A vulnerability in XWiki's REST API allows unauthenticated users to access attachments list and metadata through the attachments endpoint. This could lead to disclosure of sensitive information stored in attachments metadata.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-46554.yaml"}
{"ID":"CVE-2025-46822","Info":{"Name":"Java-springboot-codebase 1.1 - Arbitrary File Read","Severity":"high","Description":"OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-46822.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
45db50253a51f8b7492d63b47d0d5aed
1ea89cdb77479113daad120bd6827ddb