diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml
index dd2b8b5604..272270c8a2 100644
--- a/cves/2017/CVE-2017-1000028.yaml
+++ b/cves/2017/CVE-2017-1000028.yaml
@@ -4,6 +4,7 @@ info:
  name: GlassFish LFI
  author: pikpikcu
  severity: high
+ description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
  reference: https://www.exploit-db.com/exploits/45196
  tags: cve,cve2017,oracle,glassfish,lfi
 
diff --git a/cves/2017/CVE-2017-10075.yaml b/cves/2017/CVE-2017-10075.yaml
index 6763b0d68c..34dde57e91 100644
--- a/cves/2017/CVE-2017-10075.yaml
+++ b/cves/2017/CVE-2017-10075.yaml
@@ -5,6 +5,7 @@ info:
   author: madrobot
   severity: medium
   description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
+  reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
   tags: cve,cve2017,xss,oracle
 
 requests:
diff --git a/cves/2017/CVE-2017-11444.yaml b/cves/2017/CVE-2017-11444.yaml
index c3914c05a6..dff3a19741 100644
--- a/cves/2017/CVE-2017-11444.yaml
+++ b/cves/2017/CVE-2017-11444.yaml
@@ -5,6 +5,7 @@ info:
   author: dwisiswant0
   severity: high
   description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
+  reference: https://github.com/intelliants/subrion/issues/479
   tags: cve,cve2017,sqli,subrion
 
   # Source:
diff --git a/cves/2017/CVE-2017-12611.yaml b/cves/2017/CVE-2017-12611.yaml
index 08f492bb34..274485205b 100644
--- a/cves/2017/CVE-2017-12611.yaml
+++ b/cves/2017/CVE-2017-12611.yaml
@@ -4,7 +4,8 @@ info:
   name: Apache Struts2 S2-053 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12611
+  description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
+  reference: https://struts.apache.org/docs/s2-053.html
   tags: cve,cve2017,apache,rce,struts
 
 requests:
diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml
index 087d3b32fd..2410a7bb13 100644
--- a/cves/2017/CVE-2017-12635.yaml
+++ b/cves/2017/CVE-2017-12635.yaml
@@ -4,6 +4,7 @@ info:
   name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 RPE
   author: pikpikcu
   severity: high
+  description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
   reference: https://github.com/assalielmehdi/CVE-2017-12635
   tags: cve,cve2017,couchdb,rpe
 
diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml
index aea145ae48..d4f40bcb2b 100644
--- a/cves/2017/CVE-2017-14537.yaml
+++ b/cves/2017/CVE-2017-14537.yaml
@@ -5,6 +5,7 @@ info:
   author: pikpikcu
   severity: medium
   tags: cve,cve2017,trixbox,lfi
+  description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
   reference: |
       - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
       - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
diff --git a/cves/2017/CVE-2017-16877.yaml b/cves/2017/CVE-2017-16877.yaml
index 2b19af42f4..ea73d4b0f1 100644
--- a/cves/2017/CVE-2017-16877.yaml
+++ b/cves/2017/CVE-2017-16877.yaml
@@ -4,6 +4,7 @@ info:
   name: Nextjs v2.4.1 LFI
   author: pikpikcu
   severity: high
+  description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
   reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
   tags: cve,cve2017,nextjs,lfi
 
diff --git a/cves/2017/CVE-2017-17562.yaml b/cves/2017/CVE-2017-17562.yaml
index 100b6d29f9..5d46e8977b 100644
--- a/cves/2017/CVE-2017-17562.yaml
+++ b/cves/2017/CVE-2017-17562.yaml
@@ -4,7 +4,7 @@ info:
   name: Embedthis GoAhead RCE
   description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
   author: geeknik
-  reference:
+  reference: |
     - https://www.elttam.com/blog/goahead/
     - https://github.com/ivanitlearning/CVE-2017-17562
     - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
diff --git a/cves/2017/CVE-2017-7921.yaml b/cves/2017/CVE-2017-7921.yaml
index 29ca8293c2..e0498d6b07 100644
--- a/cves/2017/CVE-2017-7921.yaml
+++ b/cves/2017/CVE-2017-7921.yaml
@@ -3,7 +3,10 @@ info:
   name: Hikvision Authentication Bypass
   author: princechaddha
   severity: high
-  reference: https://www.cvedetails.com/cve/CVE-2017-7921/
+  description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
+  reference: |
+    - http://www.hikvision.com/us/about_10805.html
+    - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
   tags: cve,cve2017,auth-bypass
 
 requests:
diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml
index 9b4bbaa8b2..5f3d9fd808 100644
--- a/cves/2017/CVE-2017-9506.yaml
+++ b/cves/2017/CVE-2017-9506.yaml
@@ -5,6 +5,10 @@ info:
   author: pdteam
   severity: high
   description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
+  reference: |
+    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
+    - https://ecosystem.atlassian.net/browse/OAUTH-344
+    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
   tags: cve,cve2017,atlassian,jira,ssrf
 
 requests:
diff --git a/cves/2017/CVE-2017-9791.yaml b/cves/2017/CVE-2017-9791.yaml
index 78cbd13bfa..824467240e 100644
--- a/cves/2017/CVE-2017-9791.yaml
+++ b/cves/2017/CVE-2017-9791.yaml
@@ -4,7 +4,10 @@ info:
   name: Apache Struts2 S2-053 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9791
+  description: The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
+  reference: |
+    - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
+    - http://struts.apache.org/docs/s2-048.html
   tags: cve,cve2017,apache,rce
 
 requests:
diff --git a/cves/2017/CVE-2017-9805.yaml b/cves/2017/CVE-2017-9805.yaml
index 5a1193818f..94268c3540 100644
--- a/cves/2017/CVE-2017-9805.yaml
+++ b/cves/2017/CVE-2017-9805.yaml
@@ -4,7 +4,10 @@ info:
   name: Apache Struts2 S2-052 RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9805
+  description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
+  reference: |
+    - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
+    - https://struts.apache.org/docs/s2-052.html
   tags: cve,cve2017,apache,rce,struts
 
 requests:
diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml
index c4fa2cc8df..1e78db74a6 100644
--- a/cves/2017/CVE-2017-9841.yaml
+++ b/cves/2017/CVE-2017-9841.yaml
@@ -6,10 +6,9 @@ info:
   severity: high
   description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
   tags: cve,cve2017,php,phpunit,rce
-
-  # Reference to exploit
-  # https://github.com/cyberharsh/Php-unit-CVE-2017-9841
-  # https://github.com/RandomRobbieBF/phpunit-brute
+  reference: |
+    - https://github.com/cyberharsh/Php-unit-CVE-2017-9841
+    - https://github.com/RandomRobbieBF/phpunit-brute
 
 requests:
   - method: GET
diff --git a/cves/2019/CVE-2019-8903.yaml b/cves/2019/CVE-2019-8903.yaml
index 18e7a490e0..c33deca749 100644
--- a/cves/2019/CVE-2019-8903.yaml
+++ b/cves/2019/CVE-2019-8903.yaml
@@ -1,7 +1,7 @@
 id: CVE-2019-8903
 
 info:
-  name: Totaljs - Unathenticated Directory Traversal
+  name: Totaljs - Unauthenticated Directory Traversal
   author: madrobot
   severity: high
   description: index.js in Total.js Platform before 3.2.3 allows path traversal.