daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-12
ghost 2024-10-05 08:21:31 +00:00
parent 340f0a62d7
commit 7996930a02
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2640,6 +2640,7 @@
{"ID":"CVE-2024-7339","Info":{"Name":"TVT DVR Sensitive Device - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-7339.yaml"}
{"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"}
{"ID":"CVE-2024-7593","Info":{"Name":"Ivanti vTM - Authentication Bypass","Severity":"critical","Description":"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7593.yaml"}
{"ID":"CVE-2024-7714","Info":{"Name":"AI Assistant with ChatGPT by AYS \u003c= 2.0.9 - Unauthenticated AJAX Calls","Severity":"medium","Description":"The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-7714.yaml"}
{"ID":"CVE-2024-7786","Info":{"Name":"Sensei LMS \u003c 4.24.2 - Email Template Leak","Severity":"high","Description":"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-7786.yaml"}
{"ID":"CVE-2024-7928","Info":{"Name":"FastAdmin \u003c V1.3.4.20220530 - Path Traversal","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-7928.yaml"}
{"ID":"CVE-2024-7954","Info":{"Name":"SPIP Porte Plume Plugin - Remote Code Execution","Severity":"critical","Description":"The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7954.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
b6a34b5af003995fdb01f1a9faa80b94
c6716fce97e97ada00a48a9228b5f153