diff --git a/cves.json b/cves.json
index 0a490d0d63..f6d718d2f7 100644
--- a/cves.json
+++ b/cves.json
@@ -402,7 +402,7 @@
 {"ID":"CVE-2017-15287","Info":{"Name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-15287.yaml"}
 {"ID":"CVE-2017-15363","Info":{"Name":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion","Severity":"high","Description":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15363.yaml"}
 {"ID":"CVE-2017-15647","Info":{"Name":"FiberHome Routers - Local File Inclusion","Severity":"high","Description":"FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-15647.yaml"}
-{"ID":"CVE-2017-15715","Info":{"Name":"Apache httpd \u003c=2.4.29 - Arbitrary File Upload","Severity":"high","Description":"Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in \u003cFilesMatch\u003e, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-15715.yaml"}
+{"ID":"CVE-2017-15715","Info":{"Name":"Apache httpd \u003c=2.4.29 - Arbitrary File Upload","Severity":"high","Description":"Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in \u003cFilesMatch\u003e, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-15715.yaml"}
 {"ID":"CVE-2017-15944","Info":{"Name":"Palo Alto Network PAN-OS - Remote Code Execution","Severity":"critical","Description":"Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-15944.yaml"}
 {"ID":"CVE-2017-16806","Info":{"Name":"Ulterius Server \u003c 1.9.5.0 - Directory Traversal","Severity":"high","Description":"Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16806.yaml"}
 {"ID":"CVE-2017-16877","Info":{"Name":"Nextjs \u003c2.4.1 - Local File Inclusion","Severity":"high","Description":"ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-16877.yaml"}
@@ -1453,6 +1453,7 @@
 {"ID":"CVE-2021-44528","Info":{"Name":"Open Redirect in Host Authorization Middleware","Severity":"medium","Description":"Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-44528.yaml"}
 {"ID":"CVE-2021-44529","Info":{"Name":"Ivanti EPM Cloud Services Appliance Code Injection","Severity":"critical","Description":"Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44529.yaml"}
 {"ID":"CVE-2021-44848","Info":{"Name":"Thinfinity VirtualUI User Enumeration","Severity":"medium","Description":"Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-44848.yaml"}
+{"ID":"CVE-2021-44910","Info":{"Name":"SpringBlade - Information Leakage","Severity":"high","Description":"SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGN_KEY, which can be exploited by attackers to obtain sensitive information such as user account password logs.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-44910.yaml"}
 {"ID":"CVE-2021-45043","Info":{"Name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","Severity":"high","Description":"Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-45043.yaml"}
 {"ID":"CVE-2021-45046","Info":{"Name":"Apache Log4j2 - Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-45046.yaml"}
 {"ID":"CVE-2021-45092","Info":{"Name":"Thinfinity Iframe Injection","Severity":"critical","Description":"A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default  could allow IFRAME injection via the \"vpath\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-45092.yaml"}
@@ -1990,6 +1991,7 @@
 {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
 {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
 {"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
+{"ID":"CVE-2023-22232","Info":{"Name":"Adobe Connect \u003c 12.1.5 - Local File Disclosure","Severity":"medium","Description":"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-22232.yaml"}
 {"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"}
 {"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"}
 {"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
@@ -2078,6 +2080,7 @@
 {"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 -  Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
 {"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"}
 {"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"}
+{"ID":"CVE-2023-30534","Info":{"Name":"Cacti \u003c 1.2.25 Insecure Deserialization","Severity":"medium","Description":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2023/CVE-2023-30534.yaml"}
 {"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1  - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"}
 {"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
 {"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"}
@@ -2159,7 +2162,7 @@
 {"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"}
 {"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"}
 {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
-{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
+{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
 {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
 {"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"}
 {"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"}
@@ -2184,6 +2187,8 @@
 {"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"}
 {"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"}
 {"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"}
+{"ID":"CVE-2023-41265","Info":{"Name":"Qlik Sense Enterprise - HTTP Request Smuggling","Severity":"critical","Description":"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-41265.yaml"}
+{"ID":"CVE-2023-41266","Info":{"Name":"Qlik Sense Enterprise - Path Traversal","Severity":"medium","Description":"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-41266.yaml"}
 {"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"}
 {"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"}
 {"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"}
@@ -2211,7 +2216,7 @@
 {"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
 {"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
 {"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"}
-{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"critical","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
+{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
 {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
 {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
 {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
@@ -2223,6 +2228,7 @@
 {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
 {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
 {"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
+{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
 {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
 {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
 {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
@@ -2240,4 +2246,3 @@
 {"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"}
 {"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"}
 {"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"}
-{"ID":"CVE-2023-46604","Info":{"Name":"Apache ActiveMQ - Remote Code Execution","Severity":"critical","Description":"Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2023/CVE-2023-46604.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 4117f61dfd..9f640ad90a 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-db8c3c3eb9d43b2fcd262a91dc910e0f
+832148939fd43f9093e3fb4905fb1730