daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-12
ghost 2024-10-05 13:21:43 +00:00
parent 74beba615a
commit 316f9fb499
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2646,6 +2646,7 @@
{"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"}
{"ID":"CVE-2024-7339","Info":{"Name":"TVT DVR Sensitive Device - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-7339.yaml"}
{"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"}
{"ID":"CVE-2024-7354","Info":{"Name":"Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting","Severity":"medium","Description":"The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-7354.yaml"}
{"ID":"CVE-2024-7593","Info":{"Name":"Ivanti vTM - Authentication Bypass","Severity":"critical","Description":"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7593.yaml"}
{"ID":"CVE-2024-7714","Info":{"Name":"AI Assistant with ChatGPT by AYS \u003c= 2.0.9 - Unauthenticated AJAX Calls","Severity":"medium","Description":"The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-7714.yaml"}
{"ID":"CVE-2024-7786","Info":{"Name":"Sensei LMS \u003c 4.24.2 - Email Template Leak","Severity":"high","Description":"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-7786.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
2635ac259e852d71ed94dd93666a0e18
34d767d0d4ce4e7d79ac3e12ad34b41b