daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Mon Jun 3 09:05:44 UTC 2024] 🤖

patch-4
GitHub Action 2024-06-03 09:05:44 +00:00
parent 9a5c0cae2d
commit 5e30a1480c
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2389,6 +2389,7 @@
{"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"}
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
{"ID":"CVE-2024-27348","Info":{"Name":"Apache HugeGraph-Server - Remote Command Execution","Severity":"high","Description":"Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27348.yaml"}
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
{"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"}
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
e808b27672b538f74b345e3d92eb4a9f
d337d7264c683ea11584b411b8bcb172