chore: generate CVEs metadata 🤖

cves.json

@@ -2473,6 +2473,7 @@
 {"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"critical","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
 {"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"critical","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
 {"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
+{"ID":"CVE-2024-10914","Info":{"Name":"D-Link NAS - Command Injection via Name Parameter","Severity":"critical","Description":"A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-10914.yaml"}
 {"ID":"CVE-2024-1183","Info":{"Name":"Gradio - Server Side Request Forgery","Severity":"medium","Description":"An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-1183.yaml"}
 {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
 {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-5580472d37ca324251de3a0ca6231fb9
+4a246e7979768e538da05c326e49bfb1