daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Wed May 15 06:47:46 UTC 2024] 🤖

patch-2
GitHub Action 2024-05-15 06:47:46 +00:00
parent 7ebbcc7ac1
commit 72c6d1ba3c
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves.json
View File

@ -2115,6 +2115,7 @@
{"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"}
{"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
{"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"}
{"ID":"CVE-2023-29827","Info":{"Name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","Severity":"critical","Description":"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29827.yaml"}
{"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"}
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
@ -2174,6 +2175,7 @@
{"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"}
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
@ -2183,6 +2185,7 @@
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36347","Info":{"Name":"POS Codekop v2.0 - Broken Authentication","Severity":"high","Description":"A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36347.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
@ -2268,6 +2271,7 @@
{"ID":"CVE-2023-44353","Info":{"Name":"Adobe ColdFusion WDDX Deserialization Gadgets","Severity":"critical","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-44353.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-44812","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the admin_redirect_url parameter of the user login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44812.yaml"}
{"ID":"CVE-2023-44813","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44813.yaml"}
{"ID":"CVE-2023-4521","Info":{"Name":"Import XML and RSS Feeds \u003c 2.1.5 - Unauthenticated RCE","Severity":"critical","Description":"The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4521.yaml"}
{"ID":"CVE-2023-45375","Info":{"Name":"PrestaShop PireosPay - SQL Injection","Severity":"high","Description":"In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-45375.yaml"}
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
@ -2275,6 +2279,7 @@
{"ID":"CVE-2023-45671","Info":{"Name":"Frigate \u003c 0.13.0 Beta 3 - Cross-Site Scripting","Severity":"medium","Description":"Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-45671.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
{"ID":"CVE-2023-45855","Info":{"Name":"qdPM 9.2 - Directory Traversal","Severity":"high","Description":"qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-45855.yaml"}
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-46347","Info":{"Name":"PrestaShop Step by Step products Pack - SQL Injection","Severity":"critical","Description":"In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46347.yaml"}
@ -2310,6 +2315,7 @@
{"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"}
{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"}
{"ID":"CVE-2023-5991","Info":{"Name":"Hotel Booking Lite \u003c 4.8.5 - Arbitrary File Download \u0026 Deletion","Severity":"critical","Description":"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5991.yaml"}
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
@ -2348,6 +2354,7 @@
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
@ -2380,6 +2387,7 @@
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"critical","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
{"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
235e457ee422c2956ae8e7b3cc7ca1d6
6cee9d81045ba3fb25589784532a78e4