description:Report templates with false negative results.
title:"[FALSE-NEGATIVE] ..."
labels:["false-negative"]
body:
- type:markdown
attributes:
value:|
Thanks for taking the time to fill out this false-negative report!
:warning:**Issuesmissing important information may be closed without further investigation.**
- type:textarea
attributes:
label:Template IDs or paths
description:|
Examples:
- CVE-202A-YYYYY
- CVE-202B-YYYYY
- http/cves/CVE-202C-YYYYY.yaml
value:|
- ...
render:markdown
validations:
required:true
- type:textarea
attributes:
label:Environment
description:|
Examples:
- **OS**:Ubuntu 20.04
- **Nuclei**(`nuclei -version`):v3.3.3
- **Go**(`go version`):go1.22.0 _(only if you've installed it via `go install` command)_
value:|
- OS:
- Nuclei:
- Go:
render:markdown
validations:
required:false
- type:textarea
attributes:
label:Steps To Reproduce
description:|
Steps to reproduce the behavior, for example, commands to run the templates with Nuclei.
:warning:**Pleaseredact any literal target hosts/URLs or other sensitive information.**
placeholder:|
1. Run `nuclei -t ...`
validations:
required:true
- type:textarea
attributes:
label:Relevant dumped responses
description:|
Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks.
:warning:**Pleaseredact any literal target hosts/URLs or other sensitive information.**
render:shell
- type:textarea
attributes:
label:Anything else?
description:|
Links? References? Trace (`-tlog`/`-trace-log`) or error (`-elog`/`-error-log`) log? Anything that will give us more context about the issue you are encountering!
Tip:You can attach images or log files by clicking this area to highlight it and then dragging files in.
description:Report templates with false positive results.
title:"[FALSE-POSITIVE] ..."
labels:["false-positive"]
body:
- type:markdown
attributes:
value:|
Thanks for taking the time to fill out this false-positive report!
:warning:**Issuesmissing important information may be closed without further investigation.**
- type:textarea
attributes:
label:Template IDs or paths
description:|
Examples:
- CVE-202A-YYYYY
- CVE-202B-YYYYY
- http/cves/CVE-202C-YYYYY.yaml
value:|
- ...
render:markdown
validations:
required:true
- type:textarea
attributes:
label:Environment
description:|
Examples:
- **OS**:Ubuntu 20.04
- **Nuclei**(`nuclei -version`):v3.3.3
- **Go**(`go version`):go1.22.0 _(only if you've installed it via `go install` command)_
value:|
- OS:
- Nuclei:
- Go:
render:markdown
validations:
required:false
- type:textarea
attributes:
label:Steps To Reproduce
description:|
Steps to reproduce the behavior, for example, commands to run the templates with Nuclei.
:warning:**Pleaseredact any literal target hosts/URLs or other sensitive information.**
placeholder:|
1. Run `nuclei -t ...`
validations:
required:true
- type:textarea
attributes:
label:Relevant dumped responses
description:|
Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks.
:warning:**Pleaseredact any literal target hosts/URLs or other sensitive information.**
render:shell
- type:textarea
attributes:
label:Anything else?
description:|
Links? References? Trace (`-tlog`/`-trace-log`) or error (`-elog`/`-error-log`) log? Anything that will give us more context about the issue you are encountering!
Tip:You can attach images or log files by clicking this area to highlight it and then dragging files in.
1. Please search to see if an issue already exists for the bug you encountered.
2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei-templates/discussions or
3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei-templates channel.
-->
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
### Issue description:
<!-- A concise description of what you're experiencing. -->
### Anything else:
<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->
Thanks for taking the time to contribute a Nuclei template!
:warning:**Pleasesubmit only one template per issue. This helps us manage and review contributions more effectively.**
- type:checkboxes
attributes:
label:Is there an existing template for this?
description:Please search to see if an template or issue already exists for the template you contributed.
options:
- label:I have searched the existing templates.
required:true
- type:textarea
attributes:
label:Nuclei Template
description:Please copy and paste the Nuclei template below. This will be automatically formatted into code, so no need for backticks.
render:yaml
- type:textarea
attributes:
label:Relevant dumped responses
description:|
Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks.
:warning:**Pleaseredact any literal target hosts/URLs or other sensitive information.**
render:shell
- type:textarea
attributes:
label:Anything else?
description:|
Links? References? Anything that can speed up the review or validation process.
Templates are the core of the[nuclei scanner](https://github.com/projectdiscovery/nuclei)which powers the actual scanning engine. The Nuclei Templates repository stores and houses various templates for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. for the scanner provided by our team, as well as contributed by the community.
This documentation contains a set of guidelines to help you during the contribution process.
We are happy to welcome all the contributions from anyone willing to **improve/add** new **templates** to this project.
Thank you for helping out and remember, **no contribution is too small.**
We have over **9000+** templates contributed by**more than 800**security researchers and engineers. We hope that you contribute by sending templates via**pull requests**or[Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+)to grow the list. By contributing, you won't only help the community **❤️** but can also gain experience, increase community and peer recognition, improving your job prospects
# Submitting Nuclei Templates 👩💻👨💻
This documentation contains a set of guidelines to help you during the contribution process. We are happy to welcome all the contributions from anyone willing to**improve/add**new**templates**to this project. Thank you for helping out and remember,**no contribution is too small.**
Below you will find the process and workflow used to review and merge your changes.
- [Sharing idea / feature for nuclei-templates](#Sharing-idea-/-feature-for-nuclei-templates)
- Take a look at the [Existing Templates](https://github.com/projectdiscovery/nuclei-templates) before creating new one.
- Take a look at Existing Templates in [GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues) and [Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls) section to avoid duplicate work.
- Take a look at [Templates](https://nuclei.projectdiscovery.io/templating-guide/) and [Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers) Guideline for creating new template.
### **Submitting Nuclei Templates**
## Step 2 : Fork the Project
**Before Submitting an Issue or Pull Request**
- Fork this Repository. This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in `upstream` remote.
- Take a look at the[Existing Templates](https://github.com/projectdiscovery/nuclei-templates)or search for endpoints before creating new one.
- Take a look at Existing Templates in[GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues)and[Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls)section to avoid duplicate work.
- Take a look at[Templates](https://nuclei.projectdiscovery.io/templating-guide/)and[Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)Guideline for creating new template.
Along with the P.O.C following are the required fields in the info section for submitting new template.
1. `id`: It should be short ideally max of 3-4 words. For example `grafana-unauth-rce`
2. `name` : The name should be short in this format `<Vendor> <Product> <Version> - <Vulnerability>`
3. `author`: It can be your github/twitter username or alias. You can also create a PR to add more details associated with the author name here (https://github.com/projectdiscovery/nuclei-templates/blob/main/contributors.json)
4. `severity` : Based on the CVSS score but can vary based on the exploit and real-world impact
5. `description` : Short description of the vulnerability
6. `reference` : Please provide the reference to the POC, setup guide or the product details to help the team verify the template.
**Do’s**
- If you have verified the template, mark it as `verified: true` under metadata field and share the debug data using `-debug` flag after redacting the vulnerable server information in the PR
- Make sure to add more than one matcher to prevent false positive results. Avoid short word that could be encountered anywhere
- If possible submit the vulnerable environment based on docker-compose. For example: https://github.com/vulhub/vulhub.
- We only accept templates with complete P.O.Cs instead of just detection based on version
**Don’t**
- Don’t not share any real world target on the PR. If you have setup an vulnerable environment please share it privately on Discord with the team to easily validate the template.
- Avoid submitting templates with weak matchers. For example: Adding GET/POST data as the matchers in the template, as it can result in false positive results on few hosts
- Don’t make unnecessary changes to the existing templates like adding more requests to the templates when the existing requests or paths are good enough to verify that the bug exists
- Try to keep the requests per template as low as possible
**Best Practices**
- Make sure to add the template in the appropriate directory.
- Add part with the matchers. For example if the matcher is in response body add `part:` body
- Use `cmd` variable for RCE templates so that they are unified throughout the repo
- Use `{{username}}` and `{{password}}` variables in all authenticated templates
- Use `{{token}}` variable in all the template that deals with keys or tokens
- If there are more than 1 template for a tech create a separate folder for it
- Don't share any vulnerable URL publicly on Github or Discord channel.
- We should only upload a web shell as a last resort to validate the vulnerability, and if we do upload a file, make sure the file name is random(`{{randstr}}`)
### **Submitting a PR**
**Fork the Project**
- This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in`upstream`remote.
- If you have already forked the project, update your copy before working.
```sh
```jsx
git remote update
git checkout main
git rebase upstream/main
```
## Step 3 : Create your Template Branch
**Create your Template Branch**
Create a new branch. Use its name to identify the issue your addressing.
- Create a new branch. Use its name to identify the issue your addressing.
```sh
```jsx
# It will create a new branch with name template_branch_name and switch to that branch
git checkout -b template_branch_name
```
## Step 4 : Create Template and Commit
**Create Template and Commit**
- Create your template.
- Add all the files/folders needed.
- After you've made changes or completed template creation, add changes to the branch you've just created by:
```sh
```jsx
# To add all new files to branch template_branch_name
git add .
```
- To commit, give a descriptive message for the convenience of the reviewer by:
```sh
```jsx
# This message get associated with all files you have changed
git commit -m "Added/Fixed/Updated XXX Template"
```
**NOTE**:
- A Pull Request should have only one unique template to make it simple for review.
- Multiple templates for same technology can be grouped into single Pull Request.
- Try to add only one templates per Pull Request as it will make it simple for us to review and the PR will not be blocked because of one of the templates
- Multiple templates for same technology can be grouped into single Pull Request.
## Step 5 : Push Your Changes
**Push Your Changes**
- Now you are ready to push your template to the remote (forked) repository.
- When your work is ready and complies with the project conventions, upload your changes to your fork:
```sh
```jsx
# To push your work to your remote repository
git push -u origin template_branch_name
```
## Step 6 : Pull Request
**Pull Request**
- Fire up your favorite browser, navigate to your GitHub repository, then click on the New pull request button within the Pull requests tab. Provide a meaningful name and description to your pull request, that describes the purpose of the template.
- Voila! Your Pull Request has been submitted. It will be reviewed and merged by the moderators, if it complies with project standards, otherwise a feedback will be provided.🥳
You can refer to the following articles of Git and GitHub basics. In case you are stuck, feel free to contact the Project Mentors and Community by joining [PD Community](https://discord.gg/projectdiscovery) Discord server.
You can contribute to the project by creating issue/PR for templates which are missing valid/expected result.
- [Forking a Repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
- [Cloning a Repo](https://help.github.com/en/desktop/contributing-to-projects/creating-an-issue-or-pull-request)
- [How to create a Pull Request](https://opensource.com/article/19/7/create-pull-request-github)
- [Getting started with Git and GitHub](https://towardsdatascience.com/getting-started-with-git-and-github-6fcd0f2d4ac6)
- [Learn GitHub from Scratch](https://lab.github.com/githubtraining/introduction-to-github)
- Share you nuclei version and the path of the template
- Share the `-debug` data for the host where the template is not matching the vulnerable target
- If possible share the improved or valid matchers, references and the information to setup vulnerable environment.
> Note: If host information can not be shared publicly, please reach out to us on discord server in DM.
>
## Tip from us😇
**Creating a [False negative issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?template=false-negative.yml) or Submit a PR**
- **Nuclei** outcomes are only as excellent as **template matchers💡**
- Declare at least two matchers to reduce false positive
- Avoid matching words reflected in the URL to reduce false positive
- Avoid short word that could be encountered anywhere
- Click on the Issues Tab and then click on `new issue.`
- Click on `get started` in front of **`False Negative`**
You can contribute to the project by creating issue/PR for templates which are producing invalid/unexpected result.
- Share you nuclei version and the path of the template
- Share the `-debug` data and if possible the host where the template is matching the non-vulnerable target and producing invalid/unexpected result.
- If possible share the improved or valid matchers and reference to the vulnerability.
**Creating a [False positive issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?template=false-positive.yml) or Submit a PR**
- Click on the Issues Tab and then click on `new issue.`
- Click on `get started` in front of **`False Positive`**
### Enhancing existing templates
You can contribute to the project by creating issue/PR for enhancement of nuclei-templates repository which includes changing directory structure, adding new categories or fields to the templates etc
Share the reason or requirement for the enhancement and how can it improve the overall quality of the template(s).
**Creating a Issue for Suggesting Enhancements or Submit a PR**
- Click on the Issues Tab and then click on `new issue`
- Click on `get started` in front of `Enhancement request`
### Reporting Invalid templates
If you have encountered some invalid template or any template in the repo resulting in unexpected errors then please report it as invalid template. Make sure to provide the following info:
- Share you nuclei version and the path of the template
- Share the screenshot with the error and the `-verbose` output and if applicable also provide the debug data using `-debug` flag
- If this is specific to one environment and the bug don’t exist on the other setup please provide the OS and details your setup
**Creating a Issue for reporting Invalid template**
- Click on the Issues Tab and then click on `new issue`
- Click on `get started` in front of `Report Issue`
### Request Template
If you have a reference to the POC of any vulnerbaility or new CVE. You can create an issue to template the template and the team will create one. Make sure to provide the following info:
- Reference to the vulnerability with the complete P.O.C
- If possible share the vulnerable docker image or steps to setup vulnerable environment
> Note: If have setup the vulnerable environment. You can share the host with the team on discord server in DM.
>
**Creating a Issue for requesting nuclei template**
- Click on the Issues Tab and then click on `new issue`
- Click on `get started` in front of `Request Template`
### Sharing idea / feature for nuclei-templates
If you have any ideas or want to request a feature for nuclei-templates you can do so by creating a new discussion.
**Creating a Discussion for sharing idea / feature**
- Click on the Issues Tab and then click on `new issue`
- Click on `open` in front of `Share idea / feature to discuss for nuclei-templates`
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response.
impact:|
An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.
{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"medium","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"}
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-8349.yaml"}
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-8399.yaml"}
{"ID":"CVE-2015-8562","Info":{"Name":"Joomla HTTP Header Unauthenticated - Remote Code Execution","Severity":"high","Description":"Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-8562.yaml"}
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2015/CVE-2015-8813.yaml"}
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c=1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file \"includes/nsp_search.php\", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9312.yaml"}
{"ID":"CVE-2015-9323","Info":{"Name":"404 to 301 \u003c= 2.0.2 - Authenticated Blind SQL Injection","Severity":"critical","Description":"The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-9323.yaml"}
@ -458,6 +459,7 @@
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
{"ID":"CVE-2017-3131","Info":{"Name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in \"Applications\" under FortiView.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3131.yaml"}
{"ID":"CVE-2017-3132","Info":{"Name":"Fortinet FortiOS \u003c 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-3132.yaml"}
{"ID":"CVE-2017-3133","Info":{"Name":"Fortinet FortiOS \u003c 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-3133.yaml"}
{"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"}
{"ID":"CVE-2017-3528","Info":{"Name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","Severity":"medium","Description":"The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3528.yaml"}
@ -466,6 +468,7 @@
{"ID":"CVE-2017-5631","Info":{"Name":"KMCIS CaseAware - Cross-Site Scripting","Severity":"medium","Description":"KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-5631.yaml"}
{"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-5638.yaml"}
{"ID":"CVE-2017-5689","Info":{"Name":"Intel Active Management - Authentication Bypass","Severity":"critical","Description":"Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-5689.yaml"}
{"ID":"CVE-2017-5871","Info":{"Name":"Odoo \u003c= 8.0-20160726 \u0026 9.0 - Open Redirect","Severity":"medium","Description":"An Open Redirect vulnerability in Odoo versions \u003c= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-5871.yaml"}
{"ID":"CVE-2017-5982","Info":{"Name":"Kodi 17.1 - Local File Inclusion","Severity":"high","Description":"Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-5982.yaml"}
{"ID":"CVE-2017-6090","Info":{"Name":"PhpColl 2.5.1 Arbitrary File Upload","Severity":"high","Description":"PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-6090.yaml"}
{"ID":"CVE-2017-7269","Info":{"Name":"Windows Server 2003 \u0026 IIS 6.0 - Remote Code Execution","Severity":"critical","Description":"Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with \"If \u003chttp://\" in a PROPFIND request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7269.yaml"}
@ -626,6 +629,9 @@
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
{"ID":"CVE-2018-6605","Info":{"Name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6605.yaml"}
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
{"ID":"CVE-2018-7192","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7192.yaml"}
{"ID":"CVE-2018-7193","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7193.yaml"}
{"ID":"CVE-2018-7196","Info":{"Name":"osTicket \u003c 1.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7196.yaml"}
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
{"ID":"CVE-2018-7314","Info":{"Name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7314.yaml"}
@ -747,6 +753,7 @@
{"ID":"CVE-2019-1898","Info":{"Name":"Cisco RV110W RV130W RV215W Router - Information leakage","Severity":"medium","Description":"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-1898.yaml"}
{"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"}
{"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"}
{"ID":"CVE-2019-19411","Info":{"Name":"Huawei Firewall - Local File Inclusion","Severity":"low","Description":"USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.\n","Classification":{"CVSSScore":"3.7"}},"file_path":"http/cves/2019/CVE-2019-19411.yaml"}
{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
{"ID":"CVE-2019-19781","Info":{"Name":"Citrix ADC and Gateway - Directory Traversal","Severity":"critical","Description":"Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-19781.yaml"}
{"ID":"CVE-2019-19824","Info":{"Name":"TOTOLINK Realtek SD Routers - Remote Command Injection","Severity":"high","Description":"TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-19824.yaml"}
@ -1224,6 +1231,7 @@
{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"}
{"ID":"CVE-2021-25079","Info":{"Name":"Contact Form Entries \u003c 1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25079.yaml"}
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"}
{"ID":"CVE-2021-25094","Info":{"Name":"Wordpress Tatsubuilder \u003c= 3.3.11 - Remote Code Execution","Severity":"high","Description":"An unrestricted file upload in WordPress Tatsubuilder plugin version \u003c= 3.3.11 enables an unauthenticated attacker to perform a remote code execution (RCE) on the server host due to multiple weaknesses in the font import feature and put 100,000 websites at risk.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-25094.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"}
{"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25111.yaml"}
@ -1405,6 +1413,7 @@
{"ID":"CVE-2021-39501","Info":{"Name":"EyouCMS 1.5.4 Open Redirect","Severity":"medium","Description":"EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-39501.yaml"}
{"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"}
{"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"}
{"ID":"CVE-2021-40272","Info":{"Name":"IRTS OP5 Monitor - Cross-Site Scripting","Severity":"medium","Description":"OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-40272.yaml"}
{"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"}
{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
{"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"}
@ -1496,6 +1505,7 @@
{"ID":"CVE-2021-45382","Info":{"Name":"D-Link - Remote Command Execution","Severity":"critical","Description":"A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45382.yaml"}
{"ID":"CVE-2021-45422","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process \"count\" parameter via GET.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-45422.yaml"}
{"ID":"CVE-2021-45428","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45428.yaml"}
{"ID":"CVE-2021-45811","Info":{"Name":"osTicket 1.15.x - SQL Injection","Severity":"medium","Description":"A SQL injection vulnerability in the \"Search\" functionality of \"tickets.php\" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the \"keywords\" and \"topic_id\" URL parameters combination.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-45811.yaml"}
{"ID":"CVE-2021-45967","Info":{"Name":"Pascom CPS Server-Side Request Forgery","Severity":"critical","Description":"Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45967.yaml"}
{"ID":"CVE-2021-45968","Info":{"Name":"Pascom CPS - Local File Inclusion","Severity":"high","Description":"Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45968.yaml"}
{"ID":"CVE-2021-46005","Info":{"Name":"Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting","Severity":"medium","Description":"Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-46005.yaml"}
@ -2003,6 +2013,7 @@
{"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"}
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-0676","Info":{"Name":"phpIPAM 1.5.1 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0676.yaml"}
{"ID":"CVE-2023-0678","Info":{"Name":"PHPIPAM \u003cv1.5.1 - Missing Authorization","Severity":"medium","Description":"In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via find_full_subnets.php endpoint. The bug lies in the fact that find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-0678.yaml"}
{"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"}
{"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"}
@ -2014,6 +2025,9 @@
{"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"}
{"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"}
{"ID":"CVE-2023-1263","Info":{"Name":"Coming Soon \u0026 Maintenance \u003c 4.1.7 - Unauthenticated Post/Page Access","Severity":"medium","Description":"The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-1263.yaml"}
{"ID":"CVE-2023-1315","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1315.yaml"}
{"ID":"CVE-2023-1317","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1317.yaml"}
{"ID":"CVE-2023-1318","Info":{"Name":"osTicket \u003c v1.16.6 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1318.yaml"}
{"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"}
{"ID":"CVE-2023-1408","Info":{"Name":"Video List Manager \u003c= 1.7 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-1408.yaml"}
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
@ -2097,7 +2111,7 @@
{"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27032","Info":{"Name":"PrestaShop AdvancedPopupCreator - SQL Injection","Severity":"critical","Description":"In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27032.yaml"}
{"ID":"CVE-2023-27034","Info":{"Name":"Blind SQL injection vulnerability in Jms Blog","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"}
{"ID":"CVE-2023-27034","Info":{"Name":"Jms Blog - SQL Injection","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"}
@ -2106,9 +2120,11 @@
{"ID":"CVE-2023-27372","Info":{"Name":"SPIP - Remote Command Execution","Severity":"critical","Description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27372.yaml"}
{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"}
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27584","Info":{"Name":"Dragonfly2 \u003c 2.1.0-beta.1 - Hardcoded JWT Secret","Severity":"critical","Description":"Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, \"Secret Key\", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27584.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-27639","Info":{"Name":"PrestaShop TshirteCommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27639.yaml"}
{"ID":"CVE-2023-27640","Info":{"Name":"PrestaShop tshirtecommerce - Directory Traversal","Severity":"high","Description":"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27640.yaml"}
{"ID":"CVE-2023-27641","Info":{"Name":"L-Soft LISTSERV 16.5 - Cross-Site Scripting","Severity":"medium","Description":"The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27641.yaml"}
{"ID":"CVE-2023-2766","Info":{"Name":"Weaver OA 9.5 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2766.yaml"}
{"ID":"CVE-2023-2779","Info":{"Name":"Super Socializer \u003c 7.13.52 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2779.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
@ -2255,6 +2271,7 @@
{"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"}
{"ID":"CVE-2023-38992","Info":{"Name":"Jeecg-Boot v3.5.1 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38992.yaml"}
{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
{"ID":"CVE-2023-39007","Info":{"Name":"OPNsense - Cross-Site Scripting to RCE","Severity":"critical","Description":"There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-39007.yaml"}
{"ID":"CVE-2023-39024","Info":{"Name":"Harman Media Suite \u003c= 4.2.0 - Local File Disclosure","Severity":"high","Description":"Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39024.yaml"}
{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
{"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"}
@ -2287,6 +2304,7 @@
{"ID":"CVE-2023-41265","Info":{"Name":"Qlik Sense Enterprise - HTTP Request Smuggling","Severity":"critical","Description":"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-41265.yaml"}
{"ID":"CVE-2023-41266","Info":{"Name":"Qlik Sense Enterprise - Path Traversal","Severity":"medium","Description":"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-41266.yaml"}
{"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"}
{"ID":"CVE-2023-4151","Info":{"Name":"Store Locator WordPress \u003c 1.4.13 - Cross-Site Scripting","Severity":"medium","Description":"The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4151.yaml"}
{"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"}
{"ID":"CVE-2023-41597","Info":{"Name":"EyouCms v1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41597.yaml"}
{"ID":"CVE-2023-41599","Info":{"Name":"JFinalCMS v5.0.0 - Directory Traversal","Severity":"medium","Description":"An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-41599.yaml"}
@ -2343,6 +2361,7 @@
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
{"ID":"CVE-2023-46805","Info":{"Name":"Ivanti ICS - Authentication Bypass","Severity":"high","Description":"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2023/CVE-2023-46805.yaml"}
{"ID":"CVE-2023-46818","Info":{"Name":"ISPConfig - PHP Code Injection","Severity":"high","Description":"An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-46818.yaml"}
{"ID":"CVE-2023-47105","Info":{"Name":"Chaosblade \u003c 1.7.4 - Remote Code Execution","Severity":"high","Description":"exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-47105.yaml"}
{"ID":"CVE-2023-47115","Info":{"Name":"Label Studio - Cross-Site Scripting","Severity":"high","Description":"Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2023/CVE-2023-47115.yaml"}
{"ID":"CVE-2023-47117","Info":{"Name":"Label Studio - Sensitive Information Exposure","Severity":"high","Description":"An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-47117.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
@ -2498,6 +2517,8 @@
{"ID":"CVE-2024-29895","Info":{"Name":"Cacti cmd_realtime.php - Command Injection","Severity":"critical","Description":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-29895.yaml"}
{"ID":"CVE-2024-29972","Info":{"Name":"Zyxel NAS326 Firmware \u003c V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account","Severity":"critical","Description":"The command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.\n","Classification":{"CVSSScore":"9.88"}},"file_path":"http/cves/2024/CVE-2024-29972.yaml"}
{"ID":"CVE-2024-29973","Info":{"Name":"Zyxel NAS326 Firmware \u003c V5.21(AAZF.17)C0 - Command Injection","Severity":"critical","Description":"The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.\n","Classification":{"CVSSScore":"9.88"}},"file_path":"http/cves/2024/CVE-2024-29973.yaml"}
{"ID":"CVE-2024-30188","Info":{"Name":"Apache DolphinScheduler \u003e= 3.1.0, \u003c 3.2.2 Resource File Read And Write","Severity":"high","Description":"File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler from 3.1.0 before 3.2.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-30188.yaml"}
{"ID":"CVE-2024-30269","Info":{"Name":"DataEase \u003c= 2.4.1 - Sensitive Information Exposure","Severity":"medium","Description":"DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-30269.yaml"}
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
@ -2510,12 +2531,19 @@
{"ID":"CVE-2024-32113","Info":{"Name":"Apache OFBiz Directory Traversal - Remote Code Execution","Severity":"high","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32113.yaml"}
{"ID":"CVE-2024-32231","Info":{"Name":"Stash \u003c 0.26.0 - SQL Injection","Severity":"critical","Description":"Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32231.yaml"}
{"ID":"CVE-2024-32238","Info":{"Name":"H3C ER8300G2-X - Password Disclosure","Severity":"critical","Description":"H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-32238.yaml"}
{"ID":"CVE-2024-3234","Info":{"Name":"Chuanhu Chat - Directory Traversal","Severity":"critical","Description":"The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3234.yaml"}
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
{"ID":"CVE-2024-32709","Info":{"Name":"WP-Recall \u003c= 16.26.5 - SQL Injection","Severity":"critical","Description":"The WP-Recall Registration, Profile, Commerce \u0026 More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-32709.yaml"}
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"critical","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
{"ID":"CVE-2024-32735","Info":{"Name":"CyberPower - Missing Authentication","Severity":"critical","Description":"An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-32735.yaml"}
{"ID":"CVE-2024-32736","Info":{"Name":"CyberPower \u003c v2.8.3 - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to .\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32736.yaml"}
{"ID":"CVE-2024-32737","Info":{"Name":"CyberPower - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32737.yaml"}
{"ID":"CVE-2024-32738","Info":{"Name":"CyberPower - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32738.yaml"}
{"ID":"CVE-2024-32739","Info":{"Name":"CyberPower \u003c v2.8.3 - SQL Injection","Severity":"high","Description":"A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-32739.yaml"}
{"ID":"CVE-2024-3274","Info":{"Name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3274.yaml"}
{"ID":"CVE-2024-32964","Info":{"Name":"Lobe Chat \u003c= v0.150.5 - Server-Side Request Forgery","Severity":"critical","Description":"Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2024/CVE-2024-32964.yaml"}
{"ID":"CVE-2024-33113","Info":{"Name":"D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure","Severity":"medium","Description":"D-LINK DIR-845L \u003c=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33113.yaml"}
{"ID":"CVE-2024-33288","Info":{"Name":"Prison Management System - SQL Injection Authentication Bypass","Severity":"high","Description":"Sql injection vulnerability was found on the login page in Prison Management System\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33288.yaml"}
{"ID":"CVE-2024-33575","Info":{"Name":"User Meta WP Plugin \u003c 3.1 - Sensitive Information Exposure","Severity":"medium","Description":"The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-33575.yaml"}
@ -2531,6 +2559,7 @@
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
{"ID":"CVE-2024-34982","Info":{"Name":"LyLme-Spage - Arbitary File Upload","Severity":"high","Description":"An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-34982.yaml"}
{"ID":"CVE-2024-3552","Info":{"Name":"Web Directory Free \u003c 1.7.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3552.yaml"}
{"ID":"CVE-2024-35627","Info":{"Name":"TileServer API - Cross Site Scripting","Severity":"medium","Description":"tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-35627.yaml"}
{"ID":"CVE-2024-36104","Info":{"Name":"Apache OFBiz - Path Traversal","Severity":"critical","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-36104.yaml"}
{"ID":"CVE-2024-36401","Info":{"Name":"GeoServer RCE in Evaluating Property Name Expressions","Severity":"critical","Description":"In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36401.yaml"}
{"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"}
@ -2543,17 +2572,21 @@
{"ID":"CVE-2024-37152","Info":{"Name":"Argo CD Unauthenticated Access to sensitive setting","Severity":"medium","Description":"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37152.yaml"}
{"ID":"CVE-2024-37393","Info":{"Name":"SecurEnvoy Two Factor Authentication - LDAP Injection","Severity":"critical","Description":"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37393.yaml"}
{"ID":"CVE-2024-3742","Info":{"Name":"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure","Severity":"high","Description":"Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-3742.yaml"}
{"ID":"CVE-2024-3753","Info":{"Name":"Hostel \u003c 1.1.5.3 - Cross-Site Scripting","Severity":"medium","Description":"The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2024/CVE-2024-3753.yaml"}
{"ID":"CVE-2024-37843","Info":{"Name":"Craft CMS \u003c=v3.7.31 - SQL Injection","Severity":"critical","Description":"Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-37843.yaml"}
{"ID":"CVE-2024-37881","Info":{"Name":"SiteGuard WP Plugin \u003c= 1.7.6 - Login Page Disclosure","Severity":"medium","Description":"The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37881.yaml"}
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
{"ID":"CVE-2024-38288","Info":{"Name":"TurboMeeting - Post-Authentication Command Injection","Severity":"high","Description":"The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38288.yaml"}
{"ID":"CVE-2024-38289","Info":{"Name":"TurboMeeting - Boolean-based SQL Injection","Severity":"critical","Description":"A Boolean-based SQL injection vulnerability in the \"RHUB TurboMeeting\" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38289.yaml"}
{"ID":"CVE-2024-38472","Info":{"Name":"Apache HTTPd Windows UNC - Server-Side Request Forgery","Severity":"high","Description":"SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-38472.yaml"}
{"ID":"CVE-2024-38473","Info":{"Name":"Apache HTTP Server - ACL Bypass","Severity":"high","Description":"Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-38473.yaml"}
{"ID":"CVE-2024-3850","Info":{"Name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","Severity":"medium","Description":"Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the finding as well as the CVSS score.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-3850.yaml"}
{"ID":"CVE-2024-38514","Info":{"Name":"NextChat - Server-Side Request Forgery","Severity":"high","Description":"NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.\n","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2024/CVE-2024-38514.yaml"}
{"ID":"CVE-2024-38816","Info":{"Name":"WebMvc.fn/WebFlux.fn - Path Traversal","Severity":"high","Description":"Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-38816.yaml"}
{"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"}
{"ID":"CVE-2024-3922","Info":{"Name":"Dokan Pro \u003c= 3.10.3 - SQL Injection","Severity":"critical","Description":"The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3922.yaml"}
{"ID":"CVE-2024-39250","Info":{"Name":"EfroTech Timetrax v8.3 - Sql Injection","Severity":"high","Description":"EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-39250.yaml"}
{"ID":"CVE-2024-39713","Info":{"Name":"Rocket.Chat - Server-Side Request Forgery (SSRF)","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39713.yaml"}
{"ID":"CVE-2024-39903","Info":{"Name":"Solara \u003c1.35.1 - Local File Inclusion","Severity":"high","Description":"A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version \u003c1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39903.yaml"}
{"ID":"CVE-2024-39907","Info":{"Name":"1Panel SQL Injection - Authenticated","Severity":"critical","Description":"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39907.yaml"}
{"ID":"CVE-2024-39914","Info":{"Name":"FOG Project \u003c 1.5.10.34 - Remote Command Execution","Severity":"critical","Description":"FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39914.yaml"}
@ -2563,26 +2596,36 @@
{"ID":"CVE-2024-41107","Info":{"Name":"Apache CloudStack - SAML Signature Exclusion","Severity":"critical","Description":"The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-41107.yaml"}
{"ID":"CVE-2024-41628","Info":{"Name":"Cluster Control CMON API - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-41628.yaml"}
{"ID":"CVE-2024-41667","Info":{"Name":"OpenAM\u003c=15.0.3 FreeMarker - Template Injection","Severity":"high","Description":"OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-41667.yaml"}
{"ID":"CVE-2024-41810","Info":{"Name":"Twisted - Open Redirect \u0026 XSS","Severity":"medium","Description":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-41810.yaml"}
{"ID":"CVE-2024-41955","Info":{"Name":"Open Redirect in Login Redirect - MobSF","Severity":"medium","Description":"Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.\n","Classification":{"CVSSScore":"5.2"}},"file_path":"http/cves/2024/CVE-2024-41955.yaml"}
{"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"}
{"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"}
{"ID":"CVE-2024-43160","Info":{"Name":"BerqWP \u003c= 1.7.6 - Arbitrary File Uplaod","Severity":"critical","Description":"The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-43160.yaml"}
{"ID":"CVE-2024-43360","Info":{"Name":"ZoneMinder - SQL Injection","Severity":"critical","Description":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43360.yaml"}
{"ID":"CVE-2024-43425","Info":{"Name":"Moodle - Remote Code Execution","Severity":"critical","Description":"Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43425.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
{"ID":"CVE-2024-43917","Info":{"Name":"WordPress TI WooCommerce Wishlist Plugin \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"In the latest version (2.8.2 as of writing the article) and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched on the latest version and is tracked as the CVE-2024-43917.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-43917.yaml"}
{"ID":"CVE-2024-44000","Info":{"Name":"LiteSpeed Cache \u003c= 6.4.1 - Sensitive Information Exposure","Severity":"high","Description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log file. The log file may contain user cookies making it possible for an attacker to log in with any session that is actively valid and exposed in the log file. Note: the debug feature must be enabled for this to be a concern and this feature is disabled by default.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-44000.yaml"}
{"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"}
{"ID":"CVE-2024-44349","Info":{"Name":"AnteeoWMS \u003c v4.7.34 - SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44349.yaml"}
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
{"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
{"ID":"CVE-2024-45488","Info":{"Name":"SafeGuard for Privileged Passwords \u003c 7.5.2 - Authentication Bypass","Severity":"critical","Description":"One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45488.yaml"}
{"ID":"CVE-2024-45507","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45507.yaml"}
{"ID":"CVE-2024-45622","Info":{"Name":"ASIS - SQL Injection Authentication Bypass","Severity":"critical","Description":"ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45622.yaml"}
{"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"}
{"ID":"CVE-2024-46627","Info":{"Name":"DATAGERRY - REST API Auth Bypass","Severity":"critical","Description":"Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-46627.yaml"}
{"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
{"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
{"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
{"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}
{"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"}
{"ID":"CVE-2024-4940","Info":{"Name":"Gradio - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-4940.yaml"}
{"ID":"CVE-2024-4956","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","Severity":"high","Description":"Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-4956.yaml"}
{"ID":"CVE-2024-5084","Info":{"Name":"Hash Form \u003c= 1.1.0 - Arbitrary File Upload","Severity":"critical","Description":"The Hash Form Drag \u0026 Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5084.yaml"}
{"ID":"CVE-2024-5217","Info":{"Name":"ServiceNow - Incomplete Input Validation","Severity":"critical","Description":"ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5217.yaml"}
@ -2591,9 +2634,11 @@
{"ID":"CVE-2024-5315","Info":{"Name":"Dolibarr ERP CMS `list.php` - SQL Injection","Severity":"critical","Description":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5315.yaml"}
{"ID":"CVE-2024-5420","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting","Severity":"high","Description":"A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-5420.yaml"}
{"ID":"CVE-2024-5421","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure","Severity":"high","Description":"A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is required, the vulnerability poses a significant risk of data exposure. This vulnerability is publicly disclosed and identified as CVE-2024-5421.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-5421.yaml"}
{"ID":"CVE-2024-5488","Info":{"Name":"SEOPress \u003c 7.9 - Authentication Bypass","Severity":"critical","Description":"The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5488.yaml"}
{"ID":"CVE-2024-5522","Info":{"Name":"WordPress HTML5 Video Player \u003c 2.5.27 - SQL Injection","Severity":"critical","Description":"The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5522.yaml"}
{"ID":"CVE-2024-5765","Info":{"Name":"WpStickyBar \u003c= 2.1.0 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5765.yaml"}
{"ID":"CVE-2024-5827","Info":{"Name":"Vanna - SQL injection","Severity":"critical","Description":"Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents `\u003c?php system($_GET[0]); ?\u003e`. This can lead to command execution or the creation of backdoors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5827.yaml"}
{"ID":"CVE-2024-5910","Info":{"Name":"Palo Alto Expedition - Admin Account Takeover","Severity":"critical","Description":"Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2024/CVE-2024-5910.yaml"}
{"ID":"CVE-2024-5932","Info":{"Name":"GiveWP - PHP Object Injection","Severity":"critical","Description":"The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5932.yaml"}
{"ID":"CVE-2024-5936","Info":{"Name":"PrivateGPT \u003c 0.5.0 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-5936.yaml"}
{"ID":"CVE-2024-5947","Info":{"Name":"Deep Sea Electronics DSE855 - Authentication Bypass","Severity":"medium","Description":"Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5947.yaml"}
@ -2606,6 +2651,7 @@
{"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
{"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
{"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}
{"ID":"CVE-2024-6517","Info":{"Name":"Contact Form 7 Math Captcha \u003c= 2.0.1 - Cross-site Scripting","Severity":"medium","Description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-6517.yaml"}
{"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"}
{"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}
{"ID":"CVE-2024-6646","Info":{"Name":"Netgear-WN604 downloadFile.php - Information Disclosure","Severity":"medium","Description":"There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6646.yaml"}
@ -2614,6 +2660,7 @@
{"ID":"CVE-2024-6781","Info":{"Name":"Calibre \u003c= 7.14.0 Arbitrary File Read","Severity":"high","Description":"Arbitrary file read via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6781.yaml"}
{"ID":"CVE-2024-6782","Info":{"Name":"Calibre \u003c= 7.14.0 Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6782.yaml"}
{"ID":"CVE-2024-6842","Info":{"Name":"AnythingLLM - Information Disclosure","Severity":"high","Description":"AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6842.yaml"}
{"ID":"CVE-2024-6845","Info":{"Name":"SmartSearchWP \u003c 2.4.6 - OpenAI Key Disclosure","Severity":"medium","Description":"The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6845.yaml"}
{"ID":"CVE-2024-6846","Info":{"Name":"SmartSearchWP \u003c= 2.4.4 - Unauthenticated Log Purge","Severity":"medium","Description":"The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6846.yaml"}
{"ID":"CVE-2024-6893","Info":{"Name":"Journyx - XML External Entities Injection (XXE)","Severity":"high","Description":"The \"soap_cgi.pyc\" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6893.yaml"}
{"ID":"CVE-2024-6911","Info":{"Name":"PerkinElmer ProcessPlus \u003c= 1.11.6507.0 - Local File Inclusion","Severity":"high","Description":"Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-6911.yaml"}
@ -2628,16 +2675,25 @@
{"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"}
{"ID":"CVE-2024-7339","Info":{"Name":"TVT DVR Sensitive Device - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-7339.yaml"}
{"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"}
{"ID":"CVE-2024-7354","Info":{"Name":"Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting","Severity":"medium","Description":"The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-7354.yaml"}
{"ID":"CVE-2024-7593","Info":{"Name":"Ivanti vTM - Authentication Bypass","Severity":"critical","Description":"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7593.yaml"}
{"ID":"CVE-2024-7714","Info":{"Name":"AI Assistant with ChatGPT by AYS \u003c= 2.0.9 - Unauthenticated AJAX Calls","Severity":"medium","Description":"The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-7714.yaml"}
{"ID":"CVE-2024-7786","Info":{"Name":"Sensei LMS \u003c 4.24.2 - Email Template Leak","Severity":"high","Description":"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-7786.yaml"}
{"ID":"CVE-2024-7854","Info":{"Name":"Woo Inquiry \u003c= 0.1 - SQL Injection","Severity":"critical","Description":"The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7854.yaml"}
{"ID":"CVE-2024-7928","Info":{"Name":"FastAdmin \u003c V1.3.4.20220530 - Path Traversal","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-7928.yaml"}
{"ID":"CVE-2024-7954","Info":{"Name":"SPIP Porte Plume Plugin - Remote Code Execution","Severity":"critical","Description":"The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7954.yaml"}
{"ID":"CVE-2024-8021","Info":{"Name":"Gradio - Open Redirect","Severity":"medium","Description":"Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-8021.yaml"}
{"ID":"CVE-2024-8181","Info":{"Name":"Flowise \u003c= 1.8.2 Authentication Bypass","Severity":"high","Description":"An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-8181.yaml"}
{"ID":"CVE-2024-8484","Info":{"Name":"REST API TO MiniProgram \u003c= 4.7.1 - SQL Injection","Severity":"high","Description":"The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8484.yaml"}
{"ID":"CVE-2024-8503","Info":{"Name":"VICIdial - SQL Injection","Severity":"critical","Description":"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8503.yaml"}
{"ID":"CVE-2024-8517","Info":{"Name":"SPIP BigUp Plugin - Remote Code Execution","Severity":"critical","Description":"SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8517.yaml"}
{"ID":"CVE-2024-8522","Info":{"Name":"LearnPress – WordPress LMS - SQL Injection","Severity":"critical","Description":"The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8522.yaml"}
{"ID":"CVE-2024-8752","Info":{"Name":"WebIQ 2.15.9 - Directory Traversal","Severity":"high","Description":"The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8752.yaml"}
{"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"}
{"ID":"CVE-2024-8883","Info":{"Name":"Keycloak - Open Redirect","Severity":"medium","Description":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2024/CVE-2024-8883.yaml"}
{"ID":"CVE-2024-9014","Info":{"Name":"pgAdmin 4 - Authentication Bypass","Severity":"critical","Description":"pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9014.yaml"}
{"ID":"CVE-2024-9463","Info":{"Name":"PaloAlto Networks Expedition - Remote Code Execution","Severity":"critical","Description":"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9463.yaml"}
{"ID":"CVE-2024-9465","Info":{"Name":"Palo Alto Expedition - SQL Injection","Severity":"high","Description":"An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-9465.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2004-2687","Info":{"Name":"Distccd v1 - Remote Code Execution","Severity":"high","Description":"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"network/cves/2004/CVE-2004-2687.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
@ -2655,3 +2711,13 @@
{"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"}
{"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"}
{"ID":"CVE-2012-2122","Info":{"Name":"MySQL - Authentication Bypass","Severity":"medium","Description":"sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.\n","Classification":{"CVSSScore":"5.1"}},"file_path":"javascript/cves/2012/CVE-2012-2122.yaml"}
{"ID":"CVE-2016-8706","Info":{"Name":"Memcached Server SASL Authentication - Remote Code Execution","Severity":"high","Description":"An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"javascript/cves/2016/CVE-2016-8706.yaml"}
{"ID":"CVE-2019-9193","Info":{"Name":"PostgreSQL 9.3-12.3 Authenticated Remote Code Execution","Severity":"high","Description":"In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"javascript/cves/2019/CVE-2019-9193.yaml"}
{"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2020/CVE-2020-7247.yaml"}
{"ID":"CVE-2023-34039","Info":{"Name":"VMWare Aria Operations - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\nVersion: All versions from 6.0 to 6.10\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2023/CVE-2023-34039.yaml"}
{"ID":"CVE-2023-46604","Info":{"Name":"Apache ActiveMQ - Remote Code Execution","Severity":"critical","Description":"Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"javascript/cves/2023/CVE-2023-46604.yaml"}
{"ID":"CVE-2023-48795","Info":{"Name":"OpenSSH Terrapin Attack - Detection","Severity":"medium","Description":"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"javascript/cves/2023/CVE-2023-48795.yaml"}
{"ID":"CVE-2024-23897","Info":{"Name":"Jenkins \u003c 2.441 - Arbitrary File Read","Severity":"high","Description":"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"javascript/cves/2024/CVE-2024-23897.yaml"}
{"ID":"CVE-2024-45519","Info":{"Name":"Zimbra Collaboration Suite \u003c 9.0.0 - Remote Code Execution","Severity":"critical","Description":"SMTP-based vulnerability in the PostJournal service of Zimbra Collaboration Suite that allows unauthenticated attackers to inject arbitrary commands. This vulnerability arises due to improper sanitization of SMTP input, enabling attackers to craft malicious SMTP messages that execute commands under the Zimbra user context. Successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"javascript/cves/2024/CVE-2024-45519.yaml"}
{"ID":"CVE-2024-47176","Info":{"Name":"CUPS - Remote Code Execution","Severity":"high","Description":"CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDR_ANY-631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL.\nDue to the service binding to *-631 ( INADDR_ANY ), multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"javascript/cves/2024/CVE-2024-47176.yaml"}
Dhiyaneshwaran
GitHub
