From e23aa9800b7948db464c547b594c23d589650a43 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Wed, 12 Apr 2023 16:25:48 +0530 Subject: [PATCH] Added CPE and EPSS Score to CVE Templates --- cves/2010/CVE-2010-0467.yaml | 1 + cves/2010/CVE-2010-4239.yaml | 2 ++ cves/2011/CVE-2011-4336.yaml | 2 ++ cves/2013/CVE-2013-7285.yaml | 2 ++ cves/2014/CVE-2014-1203.yaml | 2 ++ cves/2014/CVE-2014-2323.yaml | 1 + cves/2014/CVE-2014-4535.yaml | 2 ++ cves/2014/CVE-2014-4536.yaml | 2 ++ cves/2014/CVE-2014-4539.yaml | 2 ++ cves/2014/CVE-2014-4544.yaml | 2 ++ cves/2014/CVE-2014-4550.yaml | 2 ++ cves/2014/CVE-2014-4558.yaml | 2 ++ cves/2014/CVE-2014-4561.yaml | 2 ++ cves/2014/CVE-2014-4592.yaml | 2 ++ cves/2014/CVE-2014-6271.yaml | 2 ++ cves/2014/CVE-2014-6287.yaml | 2 ++ cves/2014/CVE-2014-9606.yaml | 2 ++ cves/2014/CVE-2014-9607.yaml | 2 ++ cves/2014/CVE-2014-9608.yaml | 2 ++ cves/2014/CVE-2014-9609.yaml | 2 ++ cves/2014/CVE-2014-9614.yaml | 2 ++ cves/2014/CVE-2014-9615.yaml | 2 ++ cves/2014/CVE-2014-9617.yaml | 2 ++ cves/2015/CVE-2015-9414.yaml | 2 ++ cves/2015/CVE-2015-9480.yaml | 2 ++ cves/2016/CVE-2016-10033.yaml | 1 + cves/2016/CVE-2016-10940.yaml | 2 ++ cves/2016/CVE-2016-10956.yaml | 2 ++ cves/2016/CVE-2016-10960.yaml | 2 ++ cves/2016/CVE-2016-10993.yaml | 2 ++ cves/2017/CVE-2017-1000170.yaml | 2 ++ cves/2017/CVE-2017-12629.yaml | 1 + cves/2017/CVE-2017-12637.yaml | 2 ++ cves/2017/CVE-2017-14535.yaml | 2 ++ cves/2017/CVE-2017-14537.yaml | 5 ++++- cves/2017/CVE-2017-14651.yaml | 1 + cves/2017/CVE-2017-15363.yaml | 2 ++ cves/2017/CVE-2017-18598.yaml | 2 ++ cves/2017/CVE-2017-18638.yaml | 2 ++ cves/2017/CVE-2017-3881.yaml | 1 + cves/2017/CVE-2017-5689.yaml | 2 ++ cves/2017/CVE-2017-7615.yaml | 2 ++ cves/2017/CVE-2017-9791.yaml | 2 ++ cves/2017/CVE-2017-9822.yaml | 2 ++ cves/2017/CVE-2017-9833.yaml | 2 ++ cves/2017/CVE-2017-9841.yaml | 1 + cves/2018/CVE-2018-0127.yaml | 1 + cves/2018/CVE-2018-0296.yaml | 1 + cves/2018/CVE-2018-1000533.yaml | 2 ++ cves/2018/CVE-2018-1000861.yaml | 1 + cves/2018/CVE-2018-12613.yaml | 2 ++ cves/2018/CVE-2018-12634.yaml | 2 ++ cves/2018/CVE-2018-1271.yaml | 1 + cves/2018/CVE-2018-12998.yaml | 1 + cves/2018/CVE-2018-13379.yaml | 4 +++- cves/2018/CVE-2018-13380.yaml | 1 + cves/2018/CVE-2018-13980.yaml | 2 ++ cves/2018/CVE-2018-16668.yaml | 2 ++ cves/2018/CVE-2018-16763.yaml | 2 ++ cves/2018/CVE-2018-16836.yaml | 2 ++ cves/2018/CVE-2018-17254.yaml | 4 +++- cves/2018/CVE-2018-17431.yaml | 2 ++ cves/2018/CVE-2018-19365.yaml | 2 ++ cves/2018/CVE-2018-20470.yaml | 2 ++ cves/2018/CVE-2018-3714.yaml | 2 ++ cves/2018/CVE-2018-6910.yaml | 2 ++ cves/2018/CVE-2018-7602.yaml | 1 + cves/2018/CVE-2018-8006.yaml | 2 ++ cves/2018/CVE-2018-8770.yaml | 2 ++ cves/2019/CVE-2019-0230.yaml | 1 + cves/2019/CVE-2019-10092.yaml | 1 + cves/2019/CVE-2019-10405.yaml | 2 ++ cves/2019/CVE-2019-10475.yaml | 2 ++ cves/2019/CVE-2019-10692.yaml | 2 ++ cves/2019/CVE-2019-10758.yaml | 2 ++ cves/2019/CVE-2019-11248.yaml | 2 ++ cves/2019/CVE-2019-11510.yaml | 5 ++++- cves/2019/CVE-2019-11580.yaml | 5 ++++- cves/2019/CVE-2019-12962.yaml | 4 +++- cves/2019/CVE-2019-13101.yaml | 1 + cves/2019/CVE-2019-13392.yaml | 2 ++ cves/2019/CVE-2019-14205.yaml | 2 ++ cves/2019/CVE-2019-14223.yaml | 2 ++ cves/2019/CVE-2019-14251.yaml | 2 ++ cves/2019/CVE-2019-14322.yaml | 1 + cves/2019/CVE-2019-14530.yaml | 2 ++ cves/2019/CVE-2019-15107.yaml | 2 ++ cves/2019/CVE-2019-15858.yaml | 2 ++ cves/2019/CVE-2019-15859.yaml | 1 + cves/2019/CVE-2019-16097.yaml | 2 ++ cves/2019/CVE-2019-16123.yaml | 2 ++ cves/2019/CVE-2019-16278.yaml | 2 ++ cves/2019/CVE-2019-16313.yaml | 1 + cves/2019/CVE-2019-16332.yaml | 5 ++++- cves/2019/CVE-2019-16525.yaml | 2 ++ cves/2019/CVE-2019-1653.yaml | 1 + cves/2019/CVE-2019-16662.yaml | 5 ++++- cves/2019/CVE-2019-16759.yaml | 2 ++ cves/2019/CVE-2019-16920.yaml | 1 + cves/2019/CVE-2019-16931.yaml | 2 ++ cves/2019/CVE-2019-16932.yaml | 2 ++ cves/2019/CVE-2019-16996.yaml | 2 ++ cves/2019/CVE-2019-16997.yaml | 2 ++ cves/2019/CVE-2019-17270.yaml | 2 ++ cves/2019/CVE-2019-17382.yaml | 2 ++ cves/2019/CVE-2019-17418.yaml | 2 ++ cves/2019/CVE-2019-17444.yaml | 2 ++ cves/2019/CVE-2019-17503.yaml | 2 ++ cves/2019/CVE-2019-17506.yaml | 1 + cves/2019/CVE-2019-17538.yaml | 2 ++ cves/2019/CVE-2019-17558.yaml | 4 +++- cves/2019/CVE-2019-18371.yaml | 1 + cves/2019/CVE-2019-18393.yaml | 2 ++ cves/2019/CVE-2019-18394.yaml | 2 ++ cves/2019/CVE-2019-18665.yaml | 2 ++ cves/2019/CVE-2019-18818.yaml | 2 ++ cves/2019/CVE-2019-18922.yaml | 2 ++ cves/2019/CVE-2019-18957.yaml | 3 +++ cves/2019/CVE-2019-19134.yaml | 2 ++ cves/2019/CVE-2019-19368.yaml | 2 ++ cves/2019/CVE-2019-19781.yaml | 4 +++- cves/2019/CVE-2019-19824.yaml | 1 + cves/2019/CVE-2019-19908.yaml | 4 +++- cves/2019/CVE-2019-19985.yaml | 2 ++ cves/2019/CVE-2019-20085.yaml | 1 + cves/2019/CVE-2019-20141.yaml | 2 ++ cves/2019/CVE-2019-20183.yaml | 2 ++ cves/2019/CVE-2019-20210.yaml | 1 + cves/2019/CVE-2019-20224.yaml | 2 ++ cves/2019/CVE-2019-20933.yaml | 1 + cves/2019/CVE-2019-2725.yaml | 1 + cves/2019/CVE-2019-2729.yaml | 1 + cves/2019/CVE-2019-3396.yaml | 1 + cves/2019/CVE-2019-3401.yaml | 1 + cves/2019/CVE-2019-3403.yaml | 4 ++-- cves/2019/CVE-2019-3799.yaml | 1 + cves/2019/CVE-2019-3911.yaml | 2 ++ cves/2019/CVE-2019-3912.yaml | 2 ++ cves/2019/CVE-2019-3929.yaml | 1 + cves/2019/CVE-2019-5127.yaml | 4 +++- cves/2019/CVE-2019-5418.yaml | 1 + cves/2019/CVE-2019-6112.yaml | 2 ++ cves/2019/CVE-2019-6715.yaml | 2 ++ cves/2019/CVE-2019-7254.yaml | 1 + cves/2019/CVE-2019-7255.yaml | 1 + cves/2019/CVE-2019-7256.yaml | 1 + cves/2019/CVE-2019-7275.yaml | 1 + cves/2019/CVE-2019-7481.yaml | 1 + cves/2019/CVE-2019-7609.yaml | 1 + cves/2019/CVE-2019-8442.yaml | 1 + cves/2019/CVE-2019-8446.yaml | 2 ++ cves/2019/CVE-2019-8449.yaml | 2 ++ cves/2019/CVE-2019-8451.yaml | 5 +++-- cves/2019/CVE-2019-9922.yaml | 2 ++ cves/2020/CVE-2020-0618.yaml | 2 ++ cves/2020/CVE-2020-10148.yaml | 2 ++ cves/2020/CVE-2020-10546.yaml | 5 +++-- cves/2020/CVE-2020-10547.yaml | 2 ++ cves/2020/CVE-2020-10548.yaml | 5 +++-- cves/2020/CVE-2020-10549.yaml | 5 +++-- cves/2020/CVE-2020-10770.yaml | 2 ++ cves/2020/CVE-2020-10973.yaml | 2 ++ cves/2020/CVE-2020-11034.yaml | 2 ++ cves/2020/CVE-2020-11110.yaml | 1 + cves/2020/CVE-2020-11450.yaml | 2 ++ cves/2020/CVE-2020-11455.yaml | 2 ++ cves/2020/CVE-2020-11529.yaml | 3 +++ cves/2020/CVE-2020-11530.yaml | 2 ++ cves/2020/CVE-2020-11546.yaml | 2 ++ cves/2020/CVE-2020-11547.yaml | 8 +++++--- cves/2020/CVE-2020-11710.yaml | 2 ++ cves/2020/CVE-2020-11738.yaml | 2 ++ cves/2020/CVE-2020-11853.yaml | 1 + cves/2020/CVE-2020-11854.yaml | 1 + cves/2020/CVE-2020-11930.yaml | 2 ++ cves/2020/CVE-2020-11978.yaml | 2 ++ cves/2020/CVE-2020-11991.yaml | 2 ++ cves/2020/CVE-2020-12054.yaml | 2 ++ cves/2020/CVE-2020-12116.yaml | 2 ++ cves/2020/CVE-2020-12127.yaml | 1 + cves/2020/CVE-2020-12447.yaml | 1 + cves/2020/CVE-2020-12478.yaml | 2 ++ cves/2020/CVE-2020-12720.yaml | 2 ++ cves/2020/CVE-2020-12800.yaml | 2 ++ cves/2020/CVE-2020-13117.yaml | 3 ++- cves/2020/CVE-2020-13121.yaml | 4 +++- cves/2020/CVE-2020-13158.yaml | 2 ++ cves/2020/CVE-2020-13167.yaml | 2 ++ cves/2020/CVE-2020-13258.yaml | 2 ++ cves/2020/CVE-2020-13379.yaml | 1 + cves/2020/CVE-2020-13405.yaml | 2 ++ cves/2020/CVE-2020-13483.yaml | 2 ++ cves/2020/CVE-2020-13700.yaml | 2 ++ cves/2020/CVE-2020-13820.yaml | 2 ++ cves/2020/CVE-2020-13927.yaml | 8 +++++--- cves/2020/CVE-2020-13937.yaml | 2 ++ cves/2020/CVE-2020-13942.yaml | 2 ++ cves/2020/CVE-2020-13945.yaml | 2 ++ cves/2020/CVE-2020-14092.yaml | 2 ++ cves/2020/CVE-2020-14144.yaml | 2 ++ cves/2020/CVE-2020-14179.yaml | 1 + cves/2020/CVE-2020-14181.yaml | 4 ++-- cves/2020/CVE-2020-14408.yaml | 10 ++++++---- cves/2020/CVE-2020-14413.yaml | 5 +++-- cves/2020/CVE-2020-14750.yaml | 2 ++ cves/2020/CVE-2020-14864.yaml | 2 ++ cves/2020/CVE-2020-14882.yaml | 2 ++ cves/2020/CVE-2020-14883.yaml | 2 ++ cves/2020/CVE-2020-15050.yaml | 2 ++ cves/2020/CVE-2020-15129.yaml | 2 ++ cves/2020/CVE-2020-15148.yaml | 2 ++ cves/2020/CVE-2020-15227.yaml | 1 + cves/2020/CVE-2020-15500.yaml | 2 ++ cves/2020/CVE-2020-15505.yaml | 1 + cves/2020/CVE-2020-15568.yaml | 2 ++ cves/2020/CVE-2020-15867.yaml | 2 ++ cves/2020/CVE-2020-15895.yaml | 1 + cves/2020/CVE-2020-15920.yaml | 2 ++ cves/2020/CVE-2020-16139.yaml | 1 + cves/2020/CVE-2020-16846.yaml | 1 + cves/2020/CVE-2020-16952.yaml | 1 + cves/2020/CVE-2020-17362.yaml | 2 ++ cves/2020/CVE-2020-17453.yaml | 1 + cves/2020/CVE-2020-17456.yaml | 1 + cves/2020/CVE-2020-17496.yaml | 2 ++ cves/2020/CVE-2020-17505.yaml | 2 ++ cves/2020/CVE-2020-17506.yaml | 2 ++ cves/2020/CVE-2020-17518.yaml | 2 ++ cves/2020/CVE-2020-17519.yaml | 2 ++ cves/2020/CVE-2020-17526.yaml | 2 ++ cves/2020/CVE-2020-17530.yaml | 1 + cves/2020/CVE-2020-18268.yaml | 2 ++ cves/2020/CVE-2020-19282.yaml | 2 ++ cves/2020/CVE-2020-19283.yaml | 2 ++ cves/2020/CVE-2020-19295.yaml | 2 ++ cves/2020/CVE-2020-19360.yaml | 2 ++ cves/2020/CVE-2020-1938.yaml | 1 + cves/2020/CVE-2020-1943.yaml | 2 ++ cves/2020/CVE-2020-19625.yaml | 2 ++ cves/2020/CVE-2020-20285.yaml | 2 ++ cves/2020/CVE-2020-20300.yaml | 4 +++- cves/2020/CVE-2020-2036.yaml | 2 ++ cves/2020/CVE-2020-2096.yaml | 2 ++ cves/2020/CVE-2020-20982.yaml | 6 ++++-- cves/2020/CVE-2020-20988.yaml | 2 ++ cves/2020/CVE-2020-21012.yaml | 2 ++ cves/2020/CVE-2020-2103.yaml | 2 ++ cves/2020/CVE-2020-21224.yaml | 2 ++ cves/2020/CVE-2020-2140.yaml | 2 ++ cves/2020/CVE-2020-22208.yaml | 2 ++ cves/2020/CVE-2020-22209.yaml | 2 ++ cves/2020/CVE-2020-22210.yaml | 2 ++ cves/2020/CVE-2020-22211.yaml | 2 ++ cves/2020/CVE-2020-22840.yaml | 2 ++ cves/2020/CVE-2020-23015.yaml | 2 ++ cves/2020/CVE-2020-23517.yaml | 6 ++++-- cves/2020/CVE-2020-23575.yaml | 1 + cves/2020/CVE-2020-23697.yaml | 2 ++ cves/2020/CVE-2020-23972.yaml | 2 ++ cves/2020/CVE-2020-24148.yaml | 3 +++ cves/2020/CVE-2020-24186.yaml | 2 ++ cves/2020/CVE-2020-24223.yaml | 2 ++ cves/2020/CVE-2020-24312.yaml | 2 ++ cves/2020/CVE-2020-24391.yaml | 2 ++ cves/2020/CVE-2020-24550.yaml | 2 ++ cves/2020/CVE-2020-24571.yaml | 2 ++ cves/2020/CVE-2020-24579.yaml | 1 + cves/2020/CVE-2020-24589.yaml | 4 ++-- cves/2020/CVE-2020-24902.yaml | 2 ++ cves/2020/CVE-2020-24903.yaml | 2 ++ cves/2020/CVE-2020-24912.yaml | 2 ++ cves/2020/CVE-2020-24949.yaml | 2 ++ cves/2020/CVE-2020-25078.yaml | 1 + cves/2020/CVE-2020-25213.yaml | 5 ++++- cves/2020/CVE-2020-25223.yaml | 2 ++ cves/2020/CVE-2020-25495.yaml | 2 ++ cves/2020/CVE-2020-25506.yaml | 1 + cves/2020/CVE-2020-2551.yaml | 2 ++ cves/2020/CVE-2020-25540.yaml | 2 ++ cves/2020/CVE-2020-25780.yaml | 2 ++ cves/2020/CVE-2020-25864.yaml | 2 ++ cves/2020/CVE-2020-26153.yaml | 2 ++ cves/2020/CVE-2020-26214.yaml | 2 ++ cves/2020/CVE-2020-26217.yaml | 1 + cves/2020/CVE-2020-26248.yaml | 2 ++ cves/2020/CVE-2020-26258.yaml | 1 + cves/2020/CVE-2020-26413.yaml | 2 ++ cves/2020/CVE-2020-26876.yaml | 2 ++ cves/2020/CVE-2020-26919.yaml | 1 + cves/2020/CVE-2020-26948.yaml | 2 ++ cves/2020/CVE-2020-27191.yaml | 2 ++ cves/2020/CVE-2020-2733.yaml | 2 ++ cves/2020/CVE-2020-27361.yaml | 2 ++ cves/2020/CVE-2020-27467.yaml | 2 ++ cves/2020/CVE-2020-27735.yaml | 2 ++ cves/2020/CVE-2020-27866.yaml | 1 + cves/2020/CVE-2020-27982.yaml | 2 ++ cves/2020/CVE-2020-27986.yaml | 4 +++- cves/2020/CVE-2020-28188.yaml | 2 ++ cves/2020/CVE-2020-28208.yaml | 5 ++++- cves/2020/CVE-2020-28351.yaml | 2 ++ cves/2020/CVE-2020-28871.yaml | 5 ++++- cves/2020/CVE-2020-28976.yaml | 2 ++ cves/2020/CVE-2020-29164.yaml | 2 ++ cves/2020/CVE-2020-29227.yaml | 2 ++ cves/2020/CVE-2020-29284.yaml | 2 ++ cves/2020/CVE-2020-29395.yaml | 5 ++++- cves/2020/CVE-2020-29453.yaml | 1 + cves/2020/CVE-2020-29597.yaml | 2 ++ cves/2020/CVE-2020-3187.yaml | 1 + cves/2020/CVE-2020-3452.yaml | 2 ++ cves/2020/CVE-2020-35234.yaml | 2 ++ cves/2020/CVE-2020-35338.yaml | 2 ++ cves/2020/CVE-2020-35476.yaml | 4 +++- cves/2020/CVE-2020-35489.yaml | 2 ++ cves/2020/CVE-2020-35580.yaml | 2 ++ cves/2020/CVE-2020-35598.yaml | 2 ++ cves/2020/CVE-2020-35713.yaml | 2 ++ cves/2020/CVE-2020-35729.yaml | 2 ++ cves/2020/CVE-2020-35736.yaml | 2 ++ cves/2020/CVE-2020-35749.yaml | 2 ++ cves/2020/CVE-2020-35774.yaml | 2 ++ cves/2020/CVE-2020-3580.yaml | 1 + cves/2020/CVE-2020-35846.yaml | 2 ++ cves/2020/CVE-2020-35847.yaml | 2 ++ cves/2020/CVE-2020-35848.yaml | 2 ++ cves/2020/CVE-2020-35951.yaml | 2 ++ cves/2020/CVE-2020-36112.yaml | 4 +++- cves/2020/CVE-2020-36289.yaml | 1 + cves/2020/CVE-2020-36365.yaml | 2 ++ cves/2020/CVE-2020-36510.yaml | 6 ++++-- cves/2020/CVE-2020-4463.yaml | 2 ++ cves/2020/CVE-2020-5191.yaml | 2 ++ cves/2020/CVE-2020-5192.yaml | 2 ++ cves/2020/CVE-2020-5284.yaml | 4 +++- cves/2020/CVE-2020-5307.yaml | 2 ++ cves/2020/CVE-2020-5405.yaml | 2 ++ cves/2020/CVE-2020-5410.yaml | 2 ++ cves/2020/CVE-2020-5412.yaml | 5 +++-- cves/2020/CVE-2020-5775.yaml | 2 ++ cves/2020/CVE-2020-5776.yaml | 2 ++ cves/2020/CVE-2020-5777.yaml | 2 ++ cves/2020/CVE-2020-5847.yaml | 2 ++ cves/2020/CVE-2020-5902.yaml | 1 + cves/2020/CVE-2020-6171.yaml | 2 ++ cves/2020/CVE-2020-6207.yaml | 2 ++ cves/2020/CVE-2020-6287.yaml | 2 ++ cves/2020/CVE-2020-6308.yaml | 4 +++- cves/2020/CVE-2020-6637.yaml | 2 ++ cves/2020/CVE-2020-7107.yaml | 2 ++ cves/2020/CVE-2020-7136.yaml | 2 ++ cves/2020/CVE-2020-7209.yaml | 4 +++- cves/2020/CVE-2020-7247.yaml | 1 + cves/2020/CVE-2020-7318.yaml | 2 ++ cves/2020/CVE-2020-7796.yaml | 2 ++ cves/2020/CVE-2020-7943.yaml | 1 + cves/2020/CVE-2020-7961.yaml | 2 ++ cves/2020/CVE-2020-7980.yaml | 2 ++ cves/2020/CVE-2020-8115.yaml | 2 ++ cves/2020/CVE-2020-8163.yaml | 1 + cves/2020/CVE-2020-8191.yaml | 1 + cves/2020/CVE-2020-8193.yaml | 1 + cves/2020/CVE-2020-8194.yaml | 4 ++-- cves/2020/CVE-2020-8209.yaml | 2 ++ cves/2020/CVE-2020-8497.yaml | 2 ++ cves/2020/CVE-2020-8512.yaml | 2 ++ cves/2020/CVE-2020-8515.yaml | 1 + cves/2020/CVE-2020-8641.yaml | 2 ++ cves/2020/CVE-2020-8644.yaml | 5 ++++- cves/2020/CVE-2020-8654.yaml | 2 ++ cves/2020/CVE-2020-8771.yaml | 2 ++ cves/2020/CVE-2020-8772.yaml | 4 +++- cves/2020/CVE-2020-8813.yaml | 1 + cves/2020/CVE-2020-8982.yaml | 2 ++ cves/2020/CVE-2020-9036.yaml | 2 ++ cves/2020/CVE-2020-9043.yaml | 2 ++ cves/2020/CVE-2020-9047.yaml | 1 + cves/2020/CVE-2020-9054.yaml | 1 + cves/2020/CVE-2020-9315.yaml | 2 ++ cves/2020/CVE-2020-9344.yaml | 2 ++ cves/2020/CVE-2020-9376.yaml | 1 + cves/2020/CVE-2020-9402.yaml | 1 + cves/2020/CVE-2020-9425.yaml | 2 ++ cves/2020/CVE-2020-9483.yaml | 2 ++ cves/2020/CVE-2020-9484.yaml | 1 + cves/2020/CVE-2020-9496.yaml | 2 ++ cves/2020/CVE-2020-9757.yaml | 2 ++ cves/2021/CVE-2021-1472.yaml | 1 + cves/2021/CVE-2021-1497.yaml | 1 + cves/2021/CVE-2021-1498.yaml | 1 + cves/2021/CVE-2021-1499.yaml | 1 + cves/2021/CVE-2021-20031.yaml | 1 + cves/2021/CVE-2021-20038.yaml | 2 ++ cves/2021/CVE-2021-20090.yaml | 2 ++ cves/2021/CVE-2021-20091.yaml | 1 + cves/2021/CVE-2021-20092.yaml | 1 + cves/2021/CVE-2021-20114.yaml | 2 ++ cves/2021/CVE-2021-20123.yaml | 4 +++- cves/2021/CVE-2021-20124.yaml | 4 +++- cves/2021/CVE-2021-20137.yaml | 9 +++++---- cves/2021/CVE-2021-20150.yaml | 1 + cves/2021/CVE-2021-20158.yaml | 1 + cves/2021/CVE-2021-20167.yaml | 1 + cves/2021/CVE-2021-20323.yaml | 2 ++ cves/2021/CVE-2021-20792.yaml | 2 ++ cves/2021/CVE-2021-20837.yaml | 2 ++ cves/2021/CVE-2021-21087.yaml | 2 ++ cves/2021/CVE-2021-21234.yaml | 2 ++ cves/2021/CVE-2021-21287.yaml | 2 ++ cves/2021/CVE-2021-21307.yaml | 3 +++ cves/2021/CVE-2021-21311.yaml | 1 + cves/2021/CVE-2021-21315.yaml | 1 + cves/2021/CVE-2021-21345.yaml | 1 + cves/2021/CVE-2021-21351.yaml | 1 + cves/2021/CVE-2021-21389.yaml | 4 +++- cves/2021/CVE-2021-21402.yaml | 6 ++++-- cves/2021/CVE-2021-21479.yaml | 2 ++ cves/2021/CVE-2021-21745.yaml | 1 + cves/2021/CVE-2021-21799.yaml | 2 ++ cves/2021/CVE-2021-21800.yaml | 2 ++ cves/2021/CVE-2021-21801.yaml | 2 ++ cves/2021/CVE-2021-21802.yaml | 2 ++ cves/2021/CVE-2021-21803.yaml | 2 ++ cves/2021/CVE-2021-21805.yaml | 2 ++ cves/2021/CVE-2021-21816.yaml | 1 + cves/2021/CVE-2021-21881.yaml | 1 + cves/2021/CVE-2021-21972.yaml | 1 + cves/2021/CVE-2021-21973.yaml | 1 + cves/2021/CVE-2021-21975.yaml | 1 + cves/2021/CVE-2021-21978.yaml | 2 ++ cves/2021/CVE-2021-21985.yaml | 4 +++- cves/2021/CVE-2021-22005.yaml | 1 + cves/2021/CVE-2021-22053.yaml | 2 ++ cves/2021/CVE-2021-22054.yaml | 2 ++ cves/2021/CVE-2021-22122.yaml | 2 ++ cves/2021/CVE-2021-22145.yaml | 1 + cves/2021/CVE-2021-22205.yaml | 2 ++ cves/2021/CVE-2021-22214.yaml | 2 ++ cves/2021/CVE-2021-22502.yaml | 2 ++ cves/2021/CVE-2021-22873.yaml | 2 ++ cves/2021/CVE-2021-22911.yaml | 2 ++ cves/2021/CVE-2021-22986.yaml | 1 + cves/2021/CVE-2021-23241.yaml | 1 + cves/2021/CVE-2021-24145.yaml | 2 ++ cves/2021/CVE-2021-24146.yaml | 2 ++ cves/2021/CVE-2021-24150.yaml | 2 ++ cves/2021/CVE-2021-24155.yaml | 5 ++++- cves/2021/CVE-2021-24165.yaml | 2 ++ cves/2021/CVE-2021-24169.yaml | 2 ++ cves/2021/CVE-2021-24176.yaml | 2 ++ cves/2021/CVE-2021-24210.yaml | 2 ++ cves/2021/CVE-2021-24214.yaml | 4 +++- cves/2021/CVE-2021-24226.yaml | 2 ++ cves/2021/CVE-2021-24227.yaml | 2 ++ cves/2021/CVE-2021-24235.yaml | 2 ++ cves/2021/CVE-2021-24236.yaml | 2 ++ cves/2021/CVE-2021-24237.yaml | 2 ++ cves/2021/CVE-2021-24239.yaml | 2 ++ cves/2021/CVE-2021-24245.yaml | 3 +++ cves/2021/CVE-2021-24274.yaml | 2 ++ cves/2021/CVE-2021-24275.yaml | 2 ++ cves/2021/CVE-2021-24276.yaml | 2 ++ cves/2021/CVE-2021-24278.yaml | 2 ++ cves/2021/CVE-2021-24284.yaml | 2 ++ cves/2021/CVE-2021-24285.yaml | 2 ++ cves/2021/CVE-2021-24287.yaml | 2 ++ cves/2021/CVE-2021-24288.yaml | 2 ++ cves/2021/CVE-2021-24291.yaml | 2 ++ cves/2021/CVE-2021-24298.yaml | 2 ++ cves/2021/CVE-2021-24300.yaml | 2 ++ cves/2021/CVE-2021-24316.yaml | 2 ++ cves/2021/CVE-2021-24320.yaml | 6 +++--- cves/2021/CVE-2021-24335.yaml | 2 ++ cves/2021/CVE-2021-24340.yaml | 2 ++ cves/2021/CVE-2021-24342.yaml | 2 ++ cves/2021/CVE-2021-24347.yaml | 5 ++++- cves/2021/CVE-2021-24351.yaml | 2 ++ cves/2021/CVE-2021-24358.yaml | 2 ++ cves/2021/CVE-2021-24364.yaml | 2 ++ cves/2021/CVE-2021-24370.yaml | 2 ++ cves/2021/CVE-2021-24387.yaml | 2 ++ cves/2021/CVE-2021-24389.yaml | 2 ++ cves/2021/CVE-2021-24406.yaml | 5 +++-- cves/2021/CVE-2021-24407.yaml | 2 ++ cves/2021/CVE-2021-24436.yaml | 2 ++ cves/2021/CVE-2021-24452.yaml | 4 +++- cves/2021/CVE-2021-24472.yaml | 1 + cves/2021/CVE-2021-24488.yaml | 2 ++ cves/2021/CVE-2021-24495.yaml | 2 ++ cves/2021/CVE-2021-24498.yaml | 2 ++ cves/2021/CVE-2021-24499.yaml | 2 ++ cves/2021/CVE-2021-24510.yaml | 2 ++ cves/2021/CVE-2021-24554.yaml | 2 ++ cves/2021/CVE-2021-24666.yaml | 2 ++ cves/2021/CVE-2021-24746.yaml | 2 ++ cves/2021/CVE-2021-24750.yaml | 2 ++ cves/2021/CVE-2021-24762.yaml | 2 ++ cves/2021/CVE-2021-24827.yaml | 2 ++ cves/2021/CVE-2021-24838.yaml | 2 ++ cves/2021/CVE-2021-24862.yaml | 5 ++++- cves/2021/CVE-2021-24875.yaml | 4 +++- cves/2021/CVE-2021-24891.yaml | 2 ++ cves/2021/CVE-2021-24910.yaml | 2 ++ cves/2021/CVE-2021-24917.yaml | 3 +++ cves/2021/CVE-2021-24926.yaml | 2 ++ cves/2021/CVE-2021-24931.yaml | 5 ++++- cves/2021/CVE-2021-24940.yaml | 4 +++- cves/2021/CVE-2021-24946.yaml | 5 ++++- cves/2021/CVE-2021-24947.yaml | 2 ++ cves/2021/CVE-2021-24970.yaml | 2 ++ cves/2021/CVE-2021-24987.yaml | 2 ++ cves/2021/CVE-2021-24991.yaml | 2 ++ cves/2021/CVE-2021-24997.yaml | 2 ++ cves/2021/CVE-2021-25003.yaml | 2 ++ cves/2021/CVE-2021-25008.yaml | 2 ++ cves/2021/CVE-2021-25028.yaml | 5 +++-- cves/2021/CVE-2021-25033.yaml | 2 ++ cves/2021/CVE-2021-25052.yaml | 2 ++ cves/2021/CVE-2021-25055.yaml | 2 ++ cves/2021/CVE-2021-25063.yaml | 2 ++ cves/2021/CVE-2021-25067.yaml | 4 +++- cves/2021/CVE-2021-25074.yaml | 2 ++ cves/2021/CVE-2021-25075.yaml | 2 ++ cves/2021/CVE-2021-25085.yaml | 4 +++- cves/2021/CVE-2021-25099.yaml | 3 +++ cves/2021/CVE-2021-25104.yaml | 2 ++ cves/2021/CVE-2021-25111.yaml | 6 ++++-- cves/2021/CVE-2021-25112.yaml | 2 ++ cves/2021/CVE-2021-25114.yaml | 2 ++ cves/2021/CVE-2021-25118.yaml | 2 ++ cves/2021/CVE-2021-25120.yaml | 2 ++ cves/2021/CVE-2021-25281.yaml | 1 + cves/2021/CVE-2021-25296.yaml | 2 ++ cves/2021/CVE-2021-25297.yaml | 2 ++ cves/2021/CVE-2021-25298.yaml | 2 ++ cves/2021/CVE-2021-25299.yaml | 2 ++ cves/2021/CVE-2021-25646.yaml | 2 ++ cves/2021/CVE-2021-25864.yaml | 2 ++ cves/2021/CVE-2021-25899.yaml | 2 ++ cves/2021/CVE-2021-26084.yaml | 1 + cves/2021/CVE-2021-26085.yaml | 2 ++ cves/2021/CVE-2021-26086.yaml | 1 + cves/2021/CVE-2021-26247.yaml | 2 ++ cves/2021/CVE-2021-26295.yaml | 2 ++ cves/2021/CVE-2021-26475.yaml | 2 ++ cves/2021/CVE-2021-26598.yaml | 2 ++ cves/2021/CVE-2021-26702.yaml | 2 ++ cves/2021/CVE-2021-26710.yaml | 2 ++ cves/2021/CVE-2021-26723.yaml | 2 ++ cves/2021/CVE-2021-26812.yaml | 2 ++ cves/2021/CVE-2021-26855.yaml | 2 ++ cves/2021/CVE-2021-27132.yaml | 1 + cves/2021/CVE-2021-27309.yaml | 4 +++- cves/2021/CVE-2021-27310.yaml | 2 ++ cves/2021/CVE-2021-27330.yaml | 2 ++ cves/2021/CVE-2021-27358.yaml | 2 ++ cves/2021/CVE-2021-27519.yaml | 2 ++ cves/2021/CVE-2021-27520.yaml | 2 ++ cves/2021/CVE-2021-27561.yaml | 2 ++ cves/2021/CVE-2021-27651.yaml | 2 ++ cves/2021/CVE-2021-27850.yaml | 2 ++ cves/2021/CVE-2021-27905.yaml | 2 ++ cves/2021/CVE-2021-27909.yaml | 2 ++ cves/2021/CVE-2021-27931.yaml | 2 ++ cves/2021/CVE-2021-28149.yaml | 1 + cves/2021/CVE-2021-28150.yaml | 1 + cves/2021/CVE-2021-28151.yaml | 1 + cves/2021/CVE-2021-28164.yaml | 4 +++- cves/2021/CVE-2021-28169.yaml | 1 + cves/2021/CVE-2021-28377.yaml | 2 ++ cves/2021/CVE-2021-28419.yaml | 5 ++++- cves/2021/CVE-2021-28918.yaml | 2 ++ cves/2021/CVE-2021-28937.yaml | 1 + cves/2021/CVE-2021-29156.yaml | 2 ++ cves/2021/CVE-2021-29203.yaml | 2 ++ cves/2021/CVE-2021-29441.yaml | 2 ++ cves/2021/CVE-2021-29442.yaml | 2 ++ cves/2021/CVE-2021-29484.yaml | 2 ++ cves/2021/CVE-2021-29490.yaml | 6 ++++-- cves/2021/CVE-2021-29505.yaml | 1 + cves/2021/CVE-2021-29622.yaml | 4 +++- cves/2021/CVE-2021-29625.yaml | 2 ++ cves/2021/CVE-2021-3002.yaml | 2 ++ cves/2021/CVE-2021-30049.yaml | 2 ++ cves/2021/CVE-2021-30128.yaml | 2 ++ cves/2021/CVE-2021-30134.yaml | 1 + cves/2021/CVE-2021-30151.yaml | 1 + cves/2021/CVE-2021-3017.yaml | 1 + cves/2021/CVE-2021-3019.yaml | 2 ++ cves/2021/CVE-2021-30213.yaml | 2 ++ cves/2021/CVE-2021-30461.yaml | 2 ++ cves/2021/CVE-2021-30497.yaml | 2 ++ cves/2021/CVE-2021-3110.yaml | 2 ++ cves/2021/CVE-2021-31195.yaml | 2 ++ cves/2021/CVE-2021-31249.yaml | 1 + cves/2021/CVE-2021-31250.yaml | 1 + cves/2021/CVE-2021-3129.yaml | 1 + cves/2021/CVE-2021-31537.yaml | 2 ++ cves/2021/CVE-2021-31581.yaml | 1 + cves/2021/CVE-2021-31589.yaml | 2 ++ cves/2021/CVE-2021-31602.yaml | 1 + cves/2021/CVE-2021-31682.yaml | 5 ++++- cves/2021/CVE-2021-31755.yaml | 4 ++-- cves/2021/CVE-2021-31805.yaml | 3 +++ cves/2021/CVE-2021-31856.yaml | 5 +++-- cves/2021/CVE-2021-31862.yaml | 2 ++ cves/2021/CVE-2021-32030.yaml | 1 + cves/2021/CVE-2021-32172.yaml | 2 ++ cves/2021/CVE-2021-3223.yaml | 6 ++++-- cves/2021/CVE-2021-32305.yaml | 2 ++ cves/2021/CVE-2021-32618.yaml | 2 ++ cves/2021/CVE-2021-32682.yaml | 2 ++ cves/2021/CVE-2021-32789.yaml | 2 ++ cves/2021/CVE-2021-32819.yaml | 2 ++ cves/2021/CVE-2021-32820.yaml | 2 ++ cves/2021/CVE-2021-32853.yaml | 2 ++ cves/2021/CVE-2021-3293.yaml | 2 ++ cves/2021/CVE-2021-3297.yaml | 1 + cves/2021/CVE-2021-33044.yaml | 1 + cves/2021/CVE-2021-33221.yaml | 2 ++ cves/2021/CVE-2021-33357.yaml | 2 ++ cves/2021/CVE-2021-33544.yaml | 1 + cves/2021/CVE-2021-33564.yaml | 2 ++ cves/2021/CVE-2021-3374.yaml | 2 ++ cves/2021/CVE-2021-3377.yaml | 4 +++- cves/2021/CVE-2021-3378.yaml | 2 ++ cves/2021/CVE-2021-33807.yaml | 2 ++ cves/2021/CVE-2021-33851.yaml | 2 ++ cves/2021/CVE-2021-33904.yaml | 2 ++ cves/2021/CVE-2021-34370.yaml | 2 ++ cves/2021/CVE-2021-34429.yaml | 1 + cves/2021/CVE-2021-34473.yaml | 2 ++ cves/2021/CVE-2021-34621.yaml | 2 ++ cves/2021/CVE-2021-34640.yaml | 2 ++ cves/2021/CVE-2021-34643.yaml | 2 ++ cves/2021/CVE-2021-34805.yaml | 2 ++ cves/2021/CVE-2021-35265.yaml | 2 ++ cves/2021/CVE-2021-35336.yaml | 1 + cves/2021/CVE-2021-35380.yaml | 2 ++ cves/2021/CVE-2021-35464.yaml | 1 + cves/2021/CVE-2021-35488.yaml | 2 ++ cves/2021/CVE-2021-35587.yaml | 4 +++- cves/2021/CVE-2021-3577.yaml | 1 + cves/2021/CVE-2021-36260.yaml | 1 + cves/2021/CVE-2021-36356.yaml | 2 ++ cves/2021/CVE-2021-36380.yaml | 2 ++ cves/2021/CVE-2021-36450.yaml | 2 ++ cves/2021/CVE-2021-3654.yaml | 1 + cves/2021/CVE-2021-36748.yaml | 2 ++ cves/2021/CVE-2021-36749.yaml | 3 +++ cves/2021/CVE-2021-36873.yaml | 2 ++ cves/2021/CVE-2021-37216.yaml | 1 + cves/2021/CVE-2021-37416.yaml | 6 ++++-- cves/2021/CVE-2021-37538.yaml | 2 ++ cves/2021/CVE-2021-37573.yaml | 2 ++ cves/2021/CVE-2021-37580.yaml | 2 ++ cves/2021/CVE-2021-37589.yaml | 2 ++ cves/2021/CVE-2021-37704.yaml | 2 ++ cves/2021/CVE-2021-37833.yaml | 2 ++ cves/2021/CVE-2021-38314.yaml | 7 +++---- cves/2021/CVE-2021-38540.yaml | 4 +++- cves/2021/CVE-2021-38647.yaml | 1 + cves/2021/CVE-2021-38702.yaml | 4 +++- cves/2021/CVE-2021-38704.yaml | 2 ++ cves/2021/CVE-2021-38751.yaml | 5 +++-- cves/2021/CVE-2021-39141.yaml | 1 + cves/2021/CVE-2021-39144.yaml | 1 + cves/2021/CVE-2021-39146.yaml | 1 + cves/2021/CVE-2021-39152.yaml | 1 + cves/2021/CVE-2021-39211.yaml | 2 ++ cves/2021/CVE-2021-39226.yaml | 1 + cves/2021/CVE-2021-39312.yaml | 2 ++ cves/2021/CVE-2021-39316.yaml | 2 ++ cves/2021/CVE-2021-39320.yaml | 2 ++ cves/2021/CVE-2021-39322.yaml | 2 ++ cves/2021/CVE-2021-39327.yaml | 3 +++ cves/2021/CVE-2021-39350.yaml | 2 ++ cves/2021/CVE-2021-39433.yaml | 2 ++ cves/2021/CVE-2021-39501.yaml | 2 ++ cves/2021/CVE-2021-40149.yaml | 4 +++- cves/2021/CVE-2021-40150.yaml | 1 + cves/2021/CVE-2021-40323.yaml | 2 ++ cves/2021/CVE-2021-40438.yaml | 2 ++ cves/2021/CVE-2021-40539.yaml | 2 ++ cves/2021/CVE-2021-40542.yaml | 2 ++ cves/2021/CVE-2021-40661.yaml | 1 + cves/2021/CVE-2021-40822.yaml | 2 ++ cves/2021/CVE-2021-40856.yaml | 1 + cves/2021/CVE-2021-40859.yaml | 1 + cves/2021/CVE-2021-40868.yaml | 2 ++ cves/2021/CVE-2021-40870.yaml | 5 ++++- cves/2021/CVE-2021-40875.yaml | 2 ++ cves/2021/CVE-2021-40960.yaml | 2 ++ cves/2021/CVE-2021-40978.yaml | 3 +++ cves/2021/CVE-2021-41174.yaml | 2 ++ cves/2021/CVE-2021-41192.yaml | 3 +++ cves/2021/CVE-2021-41266.yaml | 6 +++--- cves/2021/CVE-2021-41277.yaml | 2 ++ cves/2021/CVE-2021-41282.yaml | 2 ++ cves/2021/CVE-2021-41291.yaml | 2 ++ cves/2021/CVE-2021-41293.yaml | 5 +++-- cves/2021/CVE-2021-41349.yaml | 2 ++ cves/2021/CVE-2021-41381.yaml | 5 ++++- cves/2021/CVE-2021-41432.yaml | 2 ++ cves/2021/CVE-2021-41467.yaml | 2 ++ cves/2021/CVE-2021-41569.yaml | 2 ++ cves/2021/CVE-2021-41648.yaml | 5 ++++- cves/2021/CVE-2021-41649.yaml | 2 ++ cves/2021/CVE-2021-41653.yaml | 2 ++ cves/2021/CVE-2021-41773.yaml | 1 + cves/2021/CVE-2021-41826.yaml | 5 ++++- cves/2021/CVE-2021-41878.yaml | 5 ++++- cves/2021/CVE-2021-4191.yaml | 2 ++ cves/2021/CVE-2021-41951.yaml | 2 ++ cves/2021/CVE-2021-42013.yaml | 1 + cves/2021/CVE-2021-42063.yaml | 2 ++ cves/2021/CVE-2021-42071.yaml | 1 + cves/2021/CVE-2021-42192.yaml | 2 ++ cves/2021/CVE-2021-42237.yaml | 2 ++ cves/2021/CVE-2021-42258.yaml | 5 +++-- cves/2021/CVE-2021-42551.yaml | 2 ++ cves/2021/CVE-2021-42565.yaml | 2 ++ cves/2021/CVE-2021-42566.yaml | 2 ++ cves/2021/CVE-2021-42567.yaml | 2 ++ cves/2021/CVE-2021-42627.yaml | 2 ++ cves/2021/CVE-2021-42663.yaml | 2 ++ cves/2021/CVE-2021-42667.yaml | 2 ++ cves/2021/CVE-2021-42887.yaml | 1 + cves/2021/CVE-2021-43062.yaml | 2 ++ cves/2021/CVE-2021-43287.yaml | 2 ++ cves/2021/CVE-2021-43421.yaml | 2 ++ cves/2021/CVE-2021-43495.yaml | 5 +++-- cves/2021/CVE-2021-43496.yaml | 2 ++ cves/2021/CVE-2021-43510.yaml | 2 ++ cves/2021/CVE-2021-43574.yaml | 2 ++ cves/2021/CVE-2021-43734.yaml | 2 ++ cves/2021/CVE-2021-43778.yaml | 2 ++ cves/2021/CVE-2021-43798.yaml | 2 ++ cves/2021/CVE-2021-43810.yaml | 2 ++ cves/2021/CVE-2021-44077.yaml | 1 + cves/2021/CVE-2021-44152.yaml | 6 ++++-- cves/2021/CVE-2021-44228.yaml | 1 + cves/2021/CVE-2021-44427.yaml | 7 ++++--- cves/2021/CVE-2021-44451.yaml | 6 ++++-- cves/2021/CVE-2021-44515.yaml | 2 ++ cves/2021/CVE-2021-44521.yaml | 2 ++ cves/2021/CVE-2021-44528.yaml | 2 ++ cves/2021/CVE-2021-44529.yaml | 5 ++++- cves/2021/CVE-2021-44848.yaml | 5 ++++- cves/2021/CVE-2021-45043.yaml | 2 ++ cves/2021/CVE-2021-45046.yaml | 1 + cves/2021/CVE-2021-45092.yaml | 5 ++++- cves/2021/CVE-2021-45232.yaml | 2 ++ cves/2021/CVE-2021-45380.yaml | 2 ++ cves/2021/CVE-2021-45422.yaml | 3 +++ cves/2021/CVE-2021-45428.yaml | 1 + cves/2021/CVE-2021-45967.yaml | 1 + cves/2021/CVE-2021-45968.yaml | 1 + cves/2021/CVE-2021-46005.yaml | 2 ++ cves/2021/CVE-2021-46068.yaml | 2 ++ cves/2021/CVE-2021-46069.yaml | 2 ++ cves/2021/CVE-2021-46071.yaml | 2 ++ cves/2021/CVE-2021-46072.yaml | 2 ++ cves/2021/CVE-2021-46073.yaml | 2 ++ cves/2021/CVE-2021-46379.yaml | 1 + cves/2021/CVE-2021-46381.yaml | 4 +++- cves/2021/CVE-2021-46387.yaml | 1 + cves/2021/CVE-2021-46417.yaml | 1 + cves/2021/CVE-2021-46422.yaml | 1 + cves/2021/CVE-2021-46424.yaml | 1 + cves/2022/CVE-2022-0140.yaml | 2 ++ cves/2022/CVE-2022-0147.yaml | 3 +++ cves/2022/CVE-2022-0148.yaml | 2 ++ cves/2022/CVE-2022-0149.yaml | 2 ++ cves/2022/CVE-2022-0150.yaml | 2 ++ cves/2022/CVE-2022-0165.yaml | 2 ++ cves/2022/CVE-2022-0189.yaml | 2 ++ cves/2022/CVE-2022-0201.yaml | 1 + cves/2022/CVE-2022-0206.yaml | 2 ++ cves/2022/CVE-2022-0208.yaml | 2 ++ cves/2022/CVE-2022-0212.yaml | 2 ++ cves/2022/CVE-2022-0218.yaml | 2 ++ cves/2022/CVE-2022-0220.yaml | 2 ++ cves/2022/CVE-2022-0234.yaml | 2 ++ cves/2022/CVE-2022-0271.yaml | 2 ++ cves/2022/CVE-2022-0281.yaml | 2 ++ cves/2022/CVE-2022-0288.yaml | 1 + cves/2022/CVE-2022-0346.yaml | 2 ++ cves/2022/CVE-2022-0349.yaml | 2 ++ cves/2022/CVE-2022-0378.yaml | 2 ++ cves/2022/CVE-2022-0381.yaml | 2 ++ cves/2022/CVE-2022-0412.yaml | 3 +++ cves/2022/CVE-2022-0415.yaml | 2 ++ cves/2022/CVE-2022-0422.yaml | 2 ++ cves/2022/CVE-2022-0432.yaml | 2 ++ cves/2022/CVE-2022-0434.yaml | 2 ++ cves/2022/CVE-2022-0437.yaml | 2 ++ cves/2022/CVE-2022-0441.yaml | 2 ++ cves/2022/CVE-2022-0482.yaml | 2 ++ cves/2022/CVE-2022-0535.yaml | 2 ++ cves/2022/CVE-2022-0540.yaml | 1 + cves/2022/CVE-2022-0543.yaml | 1 + cves/2022/CVE-2022-0591.yaml | 6 ++++-- cves/2022/CVE-2022-0594.yaml | 2 ++ cves/2022/CVE-2022-0595.yaml | 2 ++ cves/2022/CVE-2022-0599.yaml | 2 ++ cves/2022/CVE-2022-0653.yaml | 2 ++ cves/2022/CVE-2022-0656.yaml | 2 ++ cves/2022/CVE-2022-0660.yaml | 2 ++ cves/2022/CVE-2022-0678.yaml | 2 ++ cves/2022/CVE-2022-0679.yaml | 2 ++ cves/2022/CVE-2022-0692.yaml | 2 ++ cves/2022/CVE-2022-0693.yaml | 2 ++ cves/2022/CVE-2022-0735.yaml | 2 ++ cves/2022/CVE-2022-0760.yaml | 3 +++ cves/2022/CVE-2022-0781.yaml | 2 ++ cves/2022/CVE-2022-0784.yaml | 2 ++ cves/2022/CVE-2022-0785.yaml | 2 ++ cves/2022/CVE-2022-0786.yaml | 2 ++ cves/2022/CVE-2022-0788.yaml | 2 ++ cves/2022/CVE-2022-0817.yaml | 2 ++ cves/2022/CVE-2022-0824.yaml | 2 ++ cves/2022/CVE-2022-0826.yaml | 4 +++- cves/2022/CVE-2022-0827.yaml | 2 ++ cves/2022/CVE-2022-0867.yaml | 2 ++ cves/2022/CVE-2022-0870.yaml | 2 ++ cves/2022/CVE-2022-0885.yaml | 2 ++ cves/2022/CVE-2022-0928.yaml | 4 +++- cves/2022/CVE-2022-0948.yaml | 2 ++ cves/2022/CVE-2022-0949.yaml | 4 +++- cves/2022/CVE-2022-0952.yaml | 2 ++ cves/2022/CVE-2022-0954.yaml | 2 ++ cves/2022/CVE-2022-0963.yaml | 2 ++ cves/2022/CVE-2022-0968.yaml | 2 ++ cves/2022/CVE-2022-1007.yaml | 3 +++ cves/2022/CVE-2022-1013.yaml | 4 +++- cves/2022/CVE-2022-1020.yaml | 2 ++ cves/2022/CVE-2022-1040.yaml | 2 ++ cves/2022/CVE-2022-1054.yaml | 2 ++ cves/2022/CVE-2022-1057.yaml | 2 ++ cves/2022/CVE-2022-1058.yaml | 2 ++ cves/2022/CVE-2022-1119.yaml | 2 ++ cves/2022/CVE-2022-1162.yaml | 5 ++++- cves/2022/CVE-2022-1168.yaml | 2 ++ cves/2022/CVE-2022-1221.yaml | 2 ++ cves/2022/CVE-2022-1329.yaml | 2 ++ cves/2022/CVE-2022-1386.yaml | 2 ++ cves/2022/CVE-2022-1388.yaml | 1 + cves/2022/CVE-2022-1390.yaml | 2 ++ cves/2022/CVE-2022-1391.yaml | 2 ++ cves/2022/CVE-2022-1392.yaml | 4 +++- cves/2022/CVE-2022-1398.yaml | 2 ++ cves/2022/CVE-2022-1439.yaml | 2 ++ cves/2022/CVE-2022-1442.yaml | 2 ++ cves/2022/CVE-2022-1574.yaml | 2 ++ cves/2022/CVE-2022-1595.yaml | 2 ++ cves/2022/CVE-2022-1597.yaml | 2 ++ cves/2022/CVE-2022-1598.yaml | 2 ++ cves/2022/CVE-2022-1713.yaml | 4 +++- cves/2022/CVE-2022-1724.yaml | 2 ++ cves/2022/CVE-2022-1768.yaml | 2 ++ cves/2022/CVE-2022-1815.yaml | 2 ++ cves/2022/CVE-2022-1883.yaml | 2 ++ cves/2022/CVE-2022-1904.yaml | 2 ++ cves/2022/CVE-2022-1906.yaml | 2 ++ cves/2022/CVE-2022-1910.yaml | 2 ++ cves/2022/CVE-2022-1916.yaml | 2 ++ cves/2022/CVE-2022-1933.yaml | 2 ++ cves/2022/CVE-2022-1937.yaml | 2 ++ cves/2022/CVE-2022-1946.yaml | 2 ++ cves/2022/CVE-2022-1952.yaml | 4 +++- cves/2022/CVE-2022-2034.yaml | 2 ++ cves/2022/CVE-2022-21371.yaml | 5 ++++- cves/2022/CVE-2022-21500.yaml | 1 + cves/2022/CVE-2022-21587.yaml | 5 ++++- cves/2022/CVE-2022-21661.yaml | 1 + cves/2022/CVE-2022-21705.yaml | 6 ++++-- cves/2022/CVE-2022-2185.yaml | 2 ++ cves/2022/CVE-2022-2187.yaml | 2 ++ cves/2022/CVE-2022-22242.yaml | 2 ++ cves/2022/CVE-2022-22536.yaml | 1 + cves/2022/CVE-2022-2290.yaml | 2 ++ cves/2022/CVE-2022-22947.yaml | 1 + cves/2022/CVE-2022-22954.yaml | 1 + cves/2022/CVE-2022-22963.yaml | 1 + cves/2022/CVE-2022-22965.yaml | 1 + cves/2022/CVE-2022-22972.yaml | 1 + cves/2022/CVE-2022-23131.yaml | 2 ++ cves/2022/CVE-2022-23134.yaml | 1 + cves/2022/CVE-2022-2314.yaml | 2 ++ cves/2022/CVE-2022-23178.yaml | 1 + cves/2022/CVE-2022-23347.yaml | 2 ++ cves/2022/CVE-2022-23348.yaml | 2 ++ cves/2022/CVE-2022-2373.yaml | 2 ++ cves/2022/CVE-2022-2376.yaml | 2 ++ cves/2022/CVE-2022-23779.yaml | 2 ++ cves/2022/CVE-2022-2379.yaml | 2 ++ cves/2022/CVE-2022-23808.yaml | 4 +++- cves/2022/CVE-2022-2383.yaml | 2 ++ cves/2022/CVE-2022-23854.yaml | 2 ++ cves/2022/CVE-2022-23881.yaml | 2 ++ cves/2022/CVE-2022-23898.yaml | 2 ++ cves/2022/CVE-2022-23944.yaml | 2 ++ cves/2022/CVE-2022-24112.yaml | 2 ++ cves/2022/CVE-2022-24124.yaml | 2 ++ cves/2022/CVE-2022-24129.yaml | 2 ++ cves/2022/CVE-2022-24181.yaml | 2 ++ cves/2022/CVE-2022-24260.yaml | 2 ++ cves/2022/CVE-2022-24288.yaml | 4 +++- cves/2022/CVE-2022-2462.yaml | 2 ++ cves/2022/CVE-2022-2467.yaml | 2 ++ cves/2022/CVE-2022-24681.yaml | 2 ++ cves/2022/CVE-2022-24816.yaml | 4 +++- cves/2022/CVE-2022-24856.yaml | 2 ++ cves/2022/CVE-2022-2486.yaml | 1 + cves/2022/CVE-2022-2487.yaml | 1 + cves/2022/CVE-2022-2488.yaml | 1 + cves/2022/CVE-2022-24899.yaml | 3 +++ cves/2022/CVE-2022-24900.yaml | 2 ++ cves/2022/CVE-2022-24990.yaml | 1 + cves/2022/CVE-2022-25082.yaml | 1 + cves/2022/CVE-2022-25125.yaml | 2 ++ cves/2022/CVE-2022-25216.yaml | 1 + cves/2022/CVE-2022-25323.yaml | 2 ++ cves/2022/CVE-2022-25356.yaml | 2 ++ cves/2022/CVE-2022-2544.yaml | 4 +++- cves/2022/CVE-2022-2546.yaml | 2 ++ cves/2022/CVE-2022-25481.yaml | 2 ++ cves/2022/CVE-2022-2551.yaml | 2 ++ cves/2022/CVE-2022-2599.yaml | 2 ++ cves/2022/CVE-2022-26134.yaml | 1 + cves/2022/CVE-2022-26138.yaml | 1 + cves/2022/CVE-2022-26148.yaml | 1 + cves/2022/CVE-2022-26159.yaml | 3 +++ cves/2022/CVE-2022-26233.yaml | 2 ++ cves/2022/CVE-2022-2627.yaml | 2 ++ cves/2022/CVE-2022-26352.yaml | 2 ++ cves/2022/CVE-2022-26564.yaml | 2 ++ cves/2022/CVE-2022-26833.yaml | 2 ++ cves/2022/CVE-2022-26960.yaml | 4 +++- cves/2022/CVE-2022-2756.yaml | 2 ++ cves/2022/CVE-2022-27593.yaml | 3 ++- cves/2022/CVE-2022-27849.yaml | 2 ++ cves/2022/CVE-2022-27927.yaml | 2 ++ cves/2022/CVE-2022-28079.yaml | 2 ++ cves/2022/CVE-2022-28080.yaml | 2 ++ cves/2022/CVE-2022-28117.yaml | 2 ++ cves/2022/CVE-2022-28219.yaml | 2 ++ cves/2022/CVE-2022-28290.yaml | 2 ++ cves/2022/CVE-2022-28363.yaml | 2 ++ cves/2022/CVE-2022-28365.yaml | 2 ++ cves/2022/CVE-2022-2863.yaml | 2 ++ cves/2022/CVE-2022-28923.yaml | 4 +++- cves/2022/CVE-2022-28955.yaml | 1 + cves/2022/CVE-2022-29004.yaml | 2 ++ cves/2022/CVE-2022-29005.yaml | 3 +++ cves/2022/CVE-2022-29006.yaml | 3 +++ cves/2022/CVE-2022-29007.yaml | 3 +++ cves/2022/CVE-2022-29009.yaml | 3 +++ cves/2022/CVE-2022-29014.yaml | 4 +++- cves/2022/CVE-2022-29078.yaml | 2 ++ cves/2022/CVE-2022-29153.yaml | 1 + cves/2022/CVE-2022-29272.yaml | 2 ++ cves/2022/CVE-2022-29298.yaml | 1 + cves/2022/CVE-2022-29303.yaml | 4 +++- cves/2022/CVE-2022-29349.yaml | 2 ++ cves/2022/CVE-2022-29383.yaml | 1 + cves/2022/CVE-2022-29455.yaml | 2 ++ cves/2022/CVE-2022-29464.yaml | 1 + cves/2022/CVE-2022-29548.yaml | 1 + cves/2022/CVE-2022-29775.yaml | 2 ++ cves/2022/CVE-2022-30073.yaml | 2 ++ cves/2022/CVE-2022-30489.yaml | 1 + cves/2022/CVE-2022-30512.yaml | 2 ++ cves/2022/CVE-2022-30513.yaml | 4 +++- cves/2022/CVE-2022-30514.yaml | 4 +++- cves/2022/CVE-2022-30525.yaml | 1 + cves/2022/CVE-2022-30776.yaml | 2 ++ cves/2022/CVE-2022-30777.yaml | 2 ++ cves/2022/CVE-2022-31126.yaml | 2 ++ cves/2022/CVE-2022-31268.yaml | 2 ++ cves/2022/CVE-2022-31269.yaml | 1 + cves/2022/CVE-2022-31299.yaml | 2 ++ cves/2022/CVE-2022-31373.yaml | 1 + cves/2022/CVE-2022-31474.yaml | 2 ++ cves/2022/CVE-2022-31499.yaml | 1 + cves/2022/CVE-2022-31656.yaml | 1 + cves/2022/CVE-2022-31793.yaml | 2 ++ cves/2022/CVE-2022-31798.yaml | 1 + cves/2022/CVE-2022-31814.yaml | 2 ++ cves/2022/CVE-2022-31845.yaml | 1 + cves/2022/CVE-2022-31846.yaml | 1 + cves/2022/CVE-2022-31847.yaml | 1 + cves/2022/CVE-2022-31854.yaml | 2 ++ cves/2022/CVE-2022-32007.yaml | 2 ++ cves/2022/CVE-2022-32015.yaml | 2 ++ cves/2022/CVE-2022-32018.yaml | 2 ++ cves/2022/CVE-2022-32022.yaml | 2 ++ cves/2022/CVE-2022-32024.yaml | 2 ++ cves/2022/CVE-2022-32025.yaml | 2 ++ cves/2022/CVE-2022-32026.yaml | 2 ++ cves/2022/CVE-2022-32028.yaml | 2 ++ cves/2022/CVE-2022-32094.yaml | 2 ++ cves/2022/CVE-2022-32195.yaml | 2 ++ cves/2022/CVE-2022-32409.yaml | 2 ++ cves/2022/CVE-2022-32429.yaml | 2 ++ cves/2022/CVE-2022-32444.yaml | 2 ++ cves/2022/CVE-2022-32770.yaml | 2 ++ cves/2022/CVE-2022-32771.yaml | 2 ++ cves/2022/CVE-2022-32772.yaml | 2 ++ cves/2022/CVE-2022-33119.yaml | 1 + cves/2022/CVE-2022-33174.yaml | 1 + cves/2022/CVE-2022-33891.yaml | 2 ++ cves/2022/CVE-2022-33901.yaml | 2 ++ cves/2022/CVE-2022-33965.yaml | 2 ++ cves/2022/CVE-2022-34045.yaml | 1 + cves/2022/CVE-2022-34046.yaml | 1 + cves/2022/CVE-2022-34047.yaml | 1 + cves/2022/CVE-2022-34048.yaml | 1 + cves/2022/CVE-2022-34049.yaml | 1 + cves/2022/CVE-2022-34121.yaml | 2 ++ cves/2022/CVE-2022-34328.yaml | 2 ++ cves/2022/CVE-2022-34576.yaml | 1 + cves/2022/CVE-2022-34590.yaml | 2 ++ cves/2022/CVE-2022-34753.yaml | 1 + cves/2022/CVE-2022-3484.yaml | 4 +++- cves/2022/CVE-2022-3506.yaml | 2 ++ cves/2022/CVE-2022-35151.yaml | 2 ++ cves/2022/CVE-2022-35405.yaml | 1 + cves/2022/CVE-2022-35413.yaml | 2 ++ cves/2022/CVE-2022-35416.yaml | 2 ++ cves/2022/CVE-2022-35493.yaml | 2 ++ cves/2022/CVE-2022-3578.yaml | 2 ++ cves/2022/CVE-2022-35914.yaml | 2 ++ cves/2022/CVE-2022-36446.yaml | 2 ++ cves/2022/CVE-2022-36537.yaml | 2 ++ cves/2022/CVE-2022-36642.yaml | 1 + cves/2022/CVE-2022-36804.yaml | 2 ++ cves/2022/CVE-2022-36883.yaml | 3 +++ cves/2022/CVE-2022-37042.yaml | 2 ++ cves/2022/CVE-2022-37153.yaml | 2 ++ cves/2022/CVE-2022-37299.yaml | 2 ++ cves/2022/CVE-2022-3768.yaml | 3 +++ cves/2022/CVE-2022-3800.yaml | 4 +++- cves/2022/CVE-2022-38463.yaml | 2 ++ cves/2022/CVE-2022-38553.yaml | 2 ++ cves/2022/CVE-2022-38637.yaml | 2 ++ cves/2022/CVE-2022-38794.yaml | 2 ++ cves/2022/CVE-2022-38817.yaml | 2 ++ cves/2022/CVE-2022-38870.yaml | 2 ++ cves/2022/CVE-2022-3908.yaml | 4 +++- cves/2022/CVE-2022-39195.yaml | 2 ++ cves/2022/CVE-2022-3933.yaml | 4 +++- cves/2022/CVE-2022-3934.yaml | 4 +++- cves/2022/CVE-2022-3982.yaml | 4 +++- cves/2022/CVE-2022-39952.yaml | 2 ++ cves/2022/CVE-2022-39960.yaml | 2 ++ cves/2022/CVE-2022-40083.yaml | 4 +++- cves/2022/CVE-2022-40359.yaml | 2 ++ cves/2022/CVE-2022-4050.yaml | 2 ++ cves/2022/CVE-2022-4060.yaml | 2 ++ cves/2022/CVE-2022-4063.yaml | 4 +++- cves/2022/CVE-2022-40684.yaml | 1 + cves/2022/CVE-2022-40734.yaml | 2 ++ cves/2022/CVE-2022-40879.yaml | 4 +++- cves/2022/CVE-2022-40881.yaml | 1 + cves/2022/CVE-2022-4117.yaml | 2 ++ cves/2022/CVE-2022-4140.yaml | 4 +++- cves/2022/CVE-2022-41473.yaml | 2 ++ cves/2022/CVE-2022-41840.yaml | 2 ++ cves/2022/CVE-2022-42233.yaml | 1 + cves/2022/CVE-2022-4260.yaml | 2 ++ cves/2022/CVE-2022-42746.yaml | 2 ++ cves/2022/CVE-2022-42747.yaml | 2 ++ cves/2022/CVE-2022-42748.yaml | 2 ++ cves/2022/CVE-2022-42749.yaml | 2 ++ cves/2022/CVE-2022-4301.yaml | 4 +++- cves/2022/CVE-2022-43014.yaml | 2 ++ cves/2022/CVE-2022-43015.yaml | 2 ++ cves/2022/CVE-2022-43016.yaml | 2 ++ cves/2022/CVE-2022-43017.yaml | 2 ++ cves/2022/CVE-2022-43018.yaml | 2 ++ cves/2022/CVE-2022-4306.yaml | 4 +++- cves/2022/CVE-2022-43140.yaml | 8 +++++--- cves/2022/CVE-2022-4320.yaml | 2 ++ cves/2022/CVE-2022-4325.yaml | 4 +++- cves/2022/CVE-2022-4447.yaml | 2 ++ cves/2022/CVE-2022-44877.yaml | 2 ++ cves/2022/CVE-2022-45917.yaml | 2 ++ cves/2022/CVE-2022-45933.yaml | 2 ++ cves/2022/CVE-2022-46169.yaml | 2 ++ cves/2022/CVE-2022-46381.yaml | 1 + cves/2022/CVE-2022-46888.yaml | 2 ++ cves/2022/CVE-2022-46934.yaml | 2 ++ cves/2022/CVE-2022-47002.yaml | 2 ++ cves/2022/CVE-2022-47003.yaml | 2 ++ cves/2022/CVE-2022-47945.yaml | 2 ++ cves/2022/CVE-2022-47966.yaml | 1 + cves/2022/CVE-2022-47986.yaml | 4 +++- cves/2022/CVE-2022-48012.yaml | 2 ++ cves/2022/CVE-2022-48165.yaml | 1 + cves/2022/CVE-2022-4897.yaml | 4 +++- cves/2023/CVE-2023-0236.yaml | 4 +++- cves/2023/CVE-2023-0261.yaml | 4 +++- cves/2023/CVE-2023-0552.yaml | 2 ++ cves/2023/CVE-2023-0669.yaml | 2 ++ cves/2023/CVE-2023-0942.yaml | 2 ++ cves/2023/CVE-2023-0968.yaml | 2 ++ cves/2023/CVE-2023-1080.yaml | 2 ++ cves/2023/CVE-2023-1177.yaml | 2 ++ cves/2023/CVE-2023-23488.yaml | 5 ++++- cves/2023/CVE-2023-23489.yaml | 2 ++ cves/2023/CVE-2023-23492.yaml | 2 ++ cves/2023/CVE-2023-23752.yaml | 4 +++- cves/2023/CVE-2023-24044.yaml | 2 ++ cves/2023/CVE-2023-24278.yaml | 2 ++ cves/2023/CVE-2023-24322.yaml | 4 +++- cves/2023/CVE-2023-24657.yaml | 2 ++ cves/2023/CVE-2023-24733.yaml | 2 ++ cves/2023/CVE-2023-24735.yaml | 2 ++ cves/2023/CVE-2023-24737.yaml | 2 ++ cves/2023/CVE-2023-26255.yaml | 2 ++ cves/2023/CVE-2023-26256.yaml | 2 ++ cves/2023/CVE-2023-27292.yaml | 2 ++ cves/2023/CVE-2023-27587.yaml | 2 ++ cves/2023/CVE-2023-28343.yaml | 4 +++- cves/2023/CVE-2023-28432.yaml | 2 ++ 1127 files changed, 2247 insertions(+), 193 deletions(-) diff --git a/cves/2010/CVE-2010-0467.yaml b/cves/2010/CVE-2010-0467.yaml index 93f0e41bc3..9ad915b8b8 100644 --- a/cves/2010/CVE-2010-0467.yaml +++ b/cves/2010/CVE-2010-0467.yaml @@ -16,6 +16,7 @@ info: cvss-score: 5.8 cve-id: CVE-2010-0467 cwe-id: CWE-22 + epss-score: 0.0586 tags: cve,cve2010,joomla,lfi,edb requests: diff --git a/cves/2010/CVE-2010-4239.yaml b/cves/2010/CVE-2010-4239.yaml index c2b4d8c476..4f4c843025 100644 --- a/cves/2010/CVE-2010-4239.yaml +++ b/cves/2010/CVE-2010-4239.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2010-4239 cwe-id: CWE-20 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* + epss-score: 0.00641 tags: cve,cve2010,tikiwiki,lfi requests: diff --git a/cves/2011/CVE-2011-4336.yaml b/cves/2011/CVE-2011-4336.yaml index e66d9aed23..94a08df056 100644 --- a/cves/2011/CVE-2011-4336.yaml +++ b/cves/2011/CVE-2011-4336.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2011-4336 cwe-id: CWE-79 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* + epss-score: 0.00182 tags: seclists,cve,cve2011,xss,tikiwiki requests: diff --git a/cves/2013/CVE-2013-7285.yaml b/cves/2013/CVE-2013-7285.yaml index 8ca6e1f145..13fb988365 100644 --- a/cves/2013/CVE-2013-7285.yaml +++ b/cves/2013/CVE-2013-7285.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2013-7285 cwe-id: CWE-78 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* + epss-score: 0.33561 tags: cve,cve2013,xstream,deserialization,rce,oast requests: diff --git a/cves/2014/CVE-2014-1203.yaml b/cves/2014/CVE-2014-1203.yaml index d8e32964a8..f8d5e09cdc 100644 --- a/cves/2014/CVE-2014-1203.yaml +++ b/cves/2014/CVE-2014-1203.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-1203 cwe-id: CWE-77 + cpe: cpe:2.3:a:eyou:eyou:*:*:*:*:*:*:*:* + epss-score: 0.02045 tags: seclists,rce,eyou requests: diff --git a/cves/2014/CVE-2014-2323.yaml b/cves/2014/CVE-2014-2323.yaml index 8b91e28223..f1d993db6b 100644 --- a/cves/2014/CVE-2014-2323.yaml +++ b/cves/2014/CVE-2014-2323.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2014-2323 cwe-id: CWE-89 + epss-score: 0.97012 tags: lighttpd,injection,seclists,cve,cve2014,sqli requests: diff --git a/cves/2014/CVE-2014-4535.yaml b/cves/2014/CVE-2014-4535.yaml index 292351960a..94439afe55 100644 --- a/cves/2014/CVE-2014-4535.yaml +++ b/cves/2014/CVE-2014-4535.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 + cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth requests: diff --git a/cves/2014/CVE-2014-4536.yaml b/cves/2014/CVE-2014-4536.yaml index 3bc8f45b92..e9b561f40e 100644 --- a/cves/2014/CVE-2014-4536.yaml +++ b/cves/2014/CVE-2014-4536.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4536 cwe-id: CWE-79 + cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:*:*:* + epss-score: 0.00149 metadata: google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth diff --git a/cves/2014/CVE-2014-4539.yaml b/cves/2014/CVE-2014-4539.yaml index 94b663a884..ec62b457bd 100644 --- a/cves/2014/CVE-2014-4539.yaml +++ b/cves/2014/CVE-2014-4539.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4539 cwe-id: CWE-79 + cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth requests: diff --git a/cves/2014/CVE-2014-4544.yaml b/cves/2014/CVE-2014-4544.yaml index 939d1ca226..3e0a77bb32 100644 --- a/cves/2014/CVE-2014-4544.yaml +++ b/cves/2014/CVE-2014-4544.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4544 cwe-id: CWE-79 + cpe: cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:*:*:* + epss-score: 0.00118 tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth requests: diff --git a/cves/2014/CVE-2014-4550.yaml b/cves/2014/CVE-2014-4550.yaml index e9a6830b42..bc5f07228f 100644 --- a/cves/2014/CVE-2014-4550.yaml +++ b/cves/2014/CVE-2014-4550.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4550 cwe-id: CWE-79 + cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:*:*:* + epss-score: 0.00135 metadata: google-query: inurl:"/wp-content/plugins/shortcode-ninja" tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth diff --git a/cves/2014/CVE-2014-4558.yaml b/cves/2014/CVE-2014-4558.yaml index 1566035c02..f15461bbb6 100644 --- a/cves/2014/CVE-2014-4558.yaml +++ b/cves/2014/CVE-2014-4558.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4558 cwe-id: CWE-79 + cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth requests: diff --git a/cves/2014/CVE-2014-4561.yaml b/cves/2014/CVE-2014-4561.yaml index 878abafb7a..56a61f3743 100644 --- a/cves/2014/CVE-2014-4561.yaml +++ b/cves/2014/CVE-2014-4561.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4561 cwe-id: CWE-79 + cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:*:*:*:*:*:*:*:* + epss-score: 0.00098 tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth requests: diff --git a/cves/2014/CVE-2014-4592.yaml b/cves/2014/CVE-2014-4592.yaml index 35eb2a7082..ec1cc7558a 100644 --- a/cves/2014/CVE-2014-4592.yaml +++ b/cves/2014/CVE-2014-4592.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4592 cwe-id: CWE-79 + cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:*:*:* + epss-score: 0.00135 metadata: google-query: inurl:"/wp-content/plugins/wp-planet" tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth diff --git a/cves/2014/CVE-2014-6271.yaml b/cves/2014/CVE-2014-6271.yaml index c7a2413d59..e75ec027e1 100644 --- a/cves/2014/CVE-2014-6271.yaml +++ b/cves/2014/CVE-2014-6271.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-6271 cwe-id: CWE-78 + cpe: cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* + epss-score: 0.9756 tags: cve,cve2014,rce,shellshock,kev requests: diff --git a/cves/2014/CVE-2014-6287.yaml b/cves/2014/CVE-2014-6287.yaml index bd9fdfd521..edeb5b2e07 100644 --- a/cves/2014/CVE-2014-6287.yaml +++ b/cves/2014/CVE-2014-6287.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-6287 cwe-id: CWE-94 + cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:* + epss-score: 0.97414 metadata: shodan-query: http.favicon.hash:2124459909 verified: "true" diff --git a/cves/2014/CVE-2014-9606.yaml b/cves/2014/CVE-2014-9606.yaml index 615077835d..139c7a2ce9 100644 --- a/cves/2014/CVE-2014-9606.yaml +++ b/cves/2014/CVE-2014-9606.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9606 cwe-id: CWE-79 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve2014,netsweeper,xss,packetstorm,cve requests: diff --git a/cves/2014/CVE-2014-9607.yaml b/cves/2014/CVE-2014-9607.yaml index 676c2def0f..6301a36f12 100644 --- a/cves/2014/CVE-2014-9607.yaml +++ b/cves/2014/CVE-2014-9607.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9607 cwe-id: CWE-79 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: packetstorm,cve,cve2014,netsweeper,xss requests: diff --git a/cves/2014/CVE-2014-9608.yaml b/cves/2014/CVE-2014-9608.yaml index b7bce998a1..22b4a9dfbd 100644 --- a/cves/2014/CVE-2014-9608.yaml +++ b/cves/2014/CVE-2014-9608.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9608 cwe-id: CWE-79 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve,cve2014,netsweeper,xss,packetstorm requests: diff --git a/cves/2014/CVE-2014-9609.yaml b/cves/2014/CVE-2014-9609.yaml index a3be2897e2..a984e2b008 100644 --- a/cves/2014/CVE-2014-9609.yaml +++ b/cves/2014/CVE-2014-9609.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2014-9609 cwe-id: CWE-22 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00149 tags: cve2014,netsweeper,lfi,packetstorm,cve requests: diff --git a/cves/2014/CVE-2014-9614.yaml b/cves/2014/CVE-2014-9614.yaml index 0936e0766c..c1701d6052 100644 --- a/cves/2014/CVE-2014-9614.yaml +++ b/cves/2014/CVE-2014-9614.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9614 cwe-id: CWE-798 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.01015 tags: cve,cve2014,netsweeper,default-login,packetstorm requests: diff --git a/cves/2014/CVE-2014-9615.yaml b/cves/2014/CVE-2014-9615.yaml index f787e8a2b6..337f989388 100644 --- a/cves/2014/CVE-2014-9615.yaml +++ b/cves/2014/CVE-2014-9615.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9615 cwe-id: CWE-79 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve,cve2014,netsweeper,xss,packetstorm requests: diff --git a/cves/2014/CVE-2014-9617.yaml b/cves/2014/CVE-2014-9617.yaml index f5ce9ecdde..8381a827ba 100644 --- a/cves/2014/CVE-2014-9617.yaml +++ b/cves/2014/CVE-2014-9617.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9617 cwe-id: CWE-601 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.00109 tags: cve,cve2014,netsweeper,redirect,packetstorm requests: diff --git a/cves/2015/CVE-2015-9414.yaml b/cves/2015/CVE-2015-9414.yaml index 1fc165349d..92805aafa8 100644 --- a/cves/2015/CVE-2015-9414.yaml +++ b/cves/2015/CVE-2015-9414.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9414 cwe-id: CWE-79 + cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:*:*:* + epss-score: 0.00111 metadata: google-query: inurl:"/wp-content/plugins/wp-symposium" tags: xss,wpscan,cve,cve2015,wordpress,wp-plugin diff --git a/cves/2015/CVE-2015-9480.yaml b/cves/2015/CVE-2015-9480.yaml index 8a5c211e3d..ecccb3658e 100644 --- a/cves/2015/CVE-2015-9480.yaml +++ b/cves/2015/CVE-2015-9480.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2015-9480 cwe-id: CWE-22 + cpe: cpe:2.3:a:robot-cpa:robotcpa:*:*:*:*:*:*:*:* + epss-score: 0.14215 metadata: google-query: inurl:"/wp-content/plugins/robotcpa" tags: wp-plugin,lfi,edb,cve,cve2015,wordpress diff --git a/cves/2016/CVE-2016-10033.yaml b/cves/2016/CVE-2016-10033.yaml index c902fc75a9..424507192f 100644 --- a/cves/2016/CVE-2016-10033.yaml +++ b/cves/2016/CVE-2016-10033.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2016-10033 cwe-id: CWE-77 + epss-score: 0.97459 tags: cve,cve2016,rce,edb,wordpress requests: diff --git a/cves/2016/CVE-2016-10940.yaml b/cves/2016/CVE-2016-10940.yaml index d082888437..8e6927c919 100644 --- a/cves/2016/CVE-2016-10940.yaml +++ b/cves/2016/CVE-2016-10940.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.2 cve-id: CVE-2016-10940 cwe-id: CWE-89 + cpe: cpe:2.3:a:zm-gallery_project:zm-gallery:*:*:*:*:*:*:*:* + epss-score: 0.00841 tags: wpscan,cve,cve2016,sqli,wp,wordpress,wp-plugin,authenticated requests: diff --git a/cves/2016/CVE-2016-10956.yaml b/cves/2016/CVE-2016-10956.yaml index 7890fd0914..371cadbdf4 100644 --- a/cves/2016/CVE-2016-10956.yaml +++ b/cves/2016/CVE-2016-10956.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2016-10956 cwe-id: CWE-20 + cpe: cpe:2.3:a:mail-masta_project:mail-masta:*:*:*:*:*:*:*:* + epss-score: 0.01011 metadata: google-query: inurl:"/wp-content/plugins/mail-masta" tags: cve,cve2016,wordpress,wp-plugin,lfi,mail diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index b448f10340..a80f4e80e6 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2016-10960 cwe-id: CWE-20 + cpe: cpe:2.3:a:joomlaserviceprovider:wsecure:*:*:*:*:*:*:*:* + epss-score: 0.01389 metadata: google-query: inurl:"/wp-content/plugins/wsecure" tags: cve,cve2016,wordpress,wp-plugin,rce diff --git a/cves/2016/CVE-2016-10993.yaml b/cves/2016/CVE-2016-10993.yaml index 6ad4301ebf..6dd7c307a7 100644 --- a/cves/2016/CVE-2016-10993.yaml +++ b/cves/2016/CVE-2016-10993.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2016-10993 cwe-id: CWE-79 + cpe: cpe:2.3:a:scoreme_project:scoreme:*:*:*:*:*:*:*:* + epss-score: 0.00257 tags: cve,cve2016,wordpress,wp-theme,xss requests: diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index fe5f26d393..935d3e642f 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000170 cwe-id: CWE-22 + cpe: cpe:2.3:a:jqueryfiletree_project:jqueryfiletree:*:*:*:*:*:*:*:* + epss-score: 0.74745 tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery,edb,packetstorm requests: diff --git a/cves/2017/CVE-2017-12629.yaml b/cves/2017/CVE-2017-12629.yaml index bab23dc8e6..72e650ad73 100644 --- a/cves/2017/CVE-2017-12629.yaml +++ b/cves/2017/CVE-2017-12629.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2017-12629 cwe-id: CWE-611 + epss-score: 0.97449 tags: oast,xxe,vulhub,cve,cve2017,solr,apache requests: diff --git a/cves/2017/CVE-2017-12637.yaml b/cves/2017/CVE-2017-12637.yaml index b604037e5a..733b3126f2 100644 --- a/cves/2017/CVE-2017-12637.yaml +++ b/cves/2017/CVE-2017-12637.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-12637 cwe-id: CWE-22 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* + epss-score: 0.00648 metadata: shodan-query: http.favicon.hash:-266008933 tags: cve,cve2017,sap,lfi,java,traversal diff --git a/cves/2017/CVE-2017-14535.yaml b/cves/2017/CVE-2017-14535.yaml index 330df119bb..60b2963806 100644 --- a/cves/2017/CVE-2017-14535.yaml +++ b/cves/2017/CVE-2017-14535.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2017-14535 cwe-id: CWE-78 + cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* + epss-score: 0.04 tags: cve,cve2017,trixbox,rce,injection,edb requests: diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml index 66f9cfe5ba..8bbbdf958e 100644 --- a/cves/2017/CVE-2017-14537.yaml +++ b/cves/2017/CVE-2017-14537.yaml @@ -9,12 +9,15 @@ info: - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://sourceforge.net/projects/asteriskathome/ + - http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2017-14537 cwe-id: CWE-22 - tags: cve,cve2017,trixbox,lfi + cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* + epss-score: 0.01679 + tags: cve,cve2017,trixbox,lfi,packetstorm requests: - raw: diff --git a/cves/2017/CVE-2017-14651.yaml b/cves/2017/CVE-2017-14651.yaml index c4f88c893d..ed5634b6f9 100644 --- a/cves/2017/CVE-2017-14651.yaml +++ b/cves/2017/CVE-2017-14651.yaml @@ -15,6 +15,7 @@ info: cvss-score: 4.8 cve-id: CVE-2017-14651 cwe-id: CWE-79 + epss-score: 0.00141 tags: cve,cve2017,wso2,xss requests: diff --git a/cves/2017/CVE-2017-15363.yaml b/cves/2017/CVE-2017-15363.yaml index 3e86aeddbc..67ef832774 100644 --- a/cves/2017/CVE-2017-15363.yaml +++ b/cves/2017/CVE-2017-15363.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-15363 cwe-id: CWE-22 + cpe: cpe:2.3:a:luracast:restler:*:*:*:*:*:*:*:* + epss-score: 0.04393 tags: cve,cve2017,restler,lfi,edb requests: diff --git a/cves/2017/CVE-2017-18598.yaml b/cves/2017/CVE-2017-18598.yaml index 974e3f8bae..f1d02cad6a 100644 --- a/cves/2017/CVE-2017-18598.yaml +++ b/cves/2017/CVE-2017-18598.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18598 cwe-id: CWE-79 + cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:*:*:* + epss-score: 0.00094 tags: wp-plugin,oast,wpscan,cve,cve2017,wordpress,ssrf,xss requests: diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index 19af342c52..98d775ebc0 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-18638 cwe-id: CWE-918 + cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:* + epss-score: 0.00639 tags: cve,cve2017,graphite,ssrf,oast requests: diff --git a/cves/2017/CVE-2017-3881.yaml b/cves/2017/CVE-2017-3881.yaml index 12e351f92f..aca1a95a83 100644 --- a/cves/2017/CVE-2017-3881.yaml +++ b/cves/2017/CVE-2017-3881.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2017-3881 cwe-id: CWE-20 + epss-score: 0.97431 tags: cve2017,cisco,rce,network,kev,msf,cve network: diff --git a/cves/2017/CVE-2017-5689.yaml b/cves/2017/CVE-2017-5689.yaml index 00ab832295..6dee01ccca 100644 --- a/cves/2017/CVE-2017-5689.yaml +++ b/cves/2017/CVE-2017-5689.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-5689 + cpe: cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:* + epss-score: 0.9746 metadata: shodan-query: title:"Active Management Technology" verified: "true" diff --git a/cves/2017/CVE-2017-7615.yaml b/cves/2017/CVE-2017-7615.yaml index 6293978354..47c7550abd 100644 --- a/cves/2017/CVE-2017-7615.yaml +++ b/cves/2017/CVE-2017-7615.yaml @@ -22,6 +22,8 @@ info: cvss-score: 8.8 cve-id: CVE-2017-7615 cwe-id: CWE-640 + cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* + epss-score: 0.97472 tags: cve,cve2017,mantisbt,unauth,edb requests: diff --git a/cves/2017/CVE-2017-9791.yaml b/cves/2017/CVE-2017-9791.yaml index 3bda9b4197..da679bf490 100644 --- a/cves/2017/CVE-2017-9791.yaml +++ b/cves/2017/CVE-2017-9791.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-9791 cwe-id: CWE-20 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* + epss-score: 0.9753 tags: cve,cve2017,apache,rce,struts,kev requests: diff --git a/cves/2017/CVE-2017-9822.yaml b/cves/2017/CVE-2017-9822.yaml index 40cd8e773a..e574faef29 100644 --- a/cves/2017/CVE-2017-9822.yaml +++ b/cves/2017/CVE-2017-9822.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2017-9822 cwe-id: CWE-20 + cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* + epss-score: 0.97311 tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev requests: diff --git a/cves/2017/CVE-2017-9833.yaml b/cves/2017/CVE-2017-9833.yaml index 692fca4313..bdc68c01a0 100644 --- a/cves/2017/CVE-2017-9833.yaml +++ b/cves/2017/CVE-2017-9833.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-9833 cwe-id: CWE-22 + cpe: cpe:2.3:a:boa:boa:*:*:*:*:*:*:*:* + epss-score: 0.90626 tags: boa,lfr,lfi,cve,cve2017,edb requests: diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml index f4fd0a1d69..d3feabf13e 100644 --- a/cves/2017/CVE-2017-9841.yaml +++ b/cves/2017/CVE-2017-9841.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2017-9841 cwe-id: CWE-94 + epss-score: 0.9749 tags: cve,cve2017,php,phpunit,rce,kev requests: diff --git a/cves/2018/CVE-2018-0127.yaml b/cves/2018/CVE-2018-0127.yaml index 5fbeda3b8e..00484e7a34 100644 --- a/cves/2018/CVE-2018-0127.yaml +++ b/cves/2018/CVE-2018-0127.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2018-0127 cwe-id: CWE-306 + epss-score: 0.13216 tags: cve,cve2018,cisco,router requests: diff --git a/cves/2018/CVE-2018-0296.yaml b/cves/2018/CVE-2018-0296.yaml index 32101da097..ca8fca20dd 100644 --- a/cves/2018/CVE-2018-0296.yaml +++ b/cves/2018/CVE-2018-0296.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2018-0296 cwe-id: CWE-22 + epss-score: 0.97492 tags: edb,cve,cve2018,cisco,lfi,traversal,asa,kev requests: diff --git a/cves/2018/CVE-2018-1000533.yaml b/cves/2018/CVE-2018-1000533.yaml index 491d39117e..64a7553929 100644 --- a/cves/2018/CVE-2018-1000533.yaml +++ b/cves/2018/CVE-2018-1000533.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000533 cwe-id: CWE-20 + cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* + epss-score: 0.97249 tags: git,cve,cve2018,gitlist,vulhub,rce requests: diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml index d19af14c58..3d8462011d 100644 --- a/cves/2018/CVE-2018-1000861.yaml +++ b/cves/2018/CVE-2018-1000861.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000861 cwe-id: CWE-502 + epss-score: 0.97348 tags: kev,vulhub,cve,cve2018,rce,jenkins requests: diff --git a/cves/2018/CVE-2018-12613.yaml b/cves/2018/CVE-2018-12613.yaml index 2391066bf6..c08f037380 100644 --- a/cves/2018/CVE-2018-12613.yaml +++ b/cves/2018/CVE-2018-12613.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2018-12613 cwe-id: CWE-287 + cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* + epss-score: 0.97516 tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi requests: diff --git a/cves/2018/CVE-2018-12634.yaml b/cves/2018/CVE-2018-12634.yaml index 85573f2681..0c47ecac64 100644 --- a/cves/2018/CVE-2018-12634.yaml +++ b/cves/2018/CVE-2018-12634.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-12634 cwe-id: CWE-200 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* + epss-score: 0.96925 tags: cve,cve2018,scada,circontrol,circarlife,logs,edb requests: diff --git a/cves/2018/CVE-2018-1271.yaml b/cves/2018/CVE-2018-1271.yaml index 7df75285eb..755be6948e 100644 --- a/cves/2018/CVE-2018-1271.yaml +++ b/cves/2018/CVE-2018-1271.yaml @@ -16,6 +16,7 @@ info: cvss-score: 5.9 cve-id: CVE-2018-1271 cwe-id: CWE-22 + epss-score: 0.01676 tags: cve,cve2018,spring,lfi,traversal requests: diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml index 58fcddbf81..310e0b52e2 100644 --- a/cves/2018/CVE-2018-12998.yaml +++ b/cves/2018/CVE-2018-12998.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12998 cwe-id: CWE-79 + epss-score: 0.97193 tags: cve,cve2018,zoho,xss,manageengine,packetstorm requests: diff --git a/cves/2018/CVE-2018-13379.yaml b/cves/2018/CVE-2018-13379.yaml index 2b87621918..e808fb187d 100644 --- a/cves/2018/CVE-2018-13379.yaml +++ b/cves/2018/CVE-2018-13379.yaml @@ -14,9 +14,11 @@ info: cvss-score: 9.8 cve-id: CVE-2018-13379 cwe-id: CWE-22 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* + epss-score: 0.975 metadata: - verified: true shodan-query: http.html:"/remote/login" "xxxxxxxx" + verified: "true" tags: cve,cve2018,fortios,lfi,kev requests: diff --git a/cves/2018/CVE-2018-13380.yaml b/cves/2018/CVE-2018-13380.yaml index d40b209981..68de3cb067 100644 --- a/cves/2018/CVE-2018-13380.yaml +++ b/cves/2018/CVE-2018-13380.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2018-13380 cwe-id: CWE-79 + epss-score: 0.00122 tags: cve,cve2018,fortios,xss,fortinet requests: diff --git a/cves/2018/CVE-2018-13980.yaml b/cves/2018/CVE-2018-13980.yaml index c116c9f866..abdf3b4d91 100644 --- a/cves/2018/CVE-2018-13980.yaml +++ b/cves/2018/CVE-2018-13980.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.5 cve-id: CVE-2018-13980 cwe-id: CWE-22 + cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* + epss-score: 0.00089 tags: cve,cve2018,lfi,edb,packetstorm requests: diff --git a/cves/2018/CVE-2018-16668.yaml b/cves/2018/CVE-2018-16668.yaml index 2c60a25f87..be659d7d93 100644 --- a/cves/2018/CVE-2018-16668.yaml +++ b/cves/2018/CVE-2018-16668.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16668 cwe-id: CWE-287 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* + epss-score: 0.00376 tags: cve,cve2018,circarlife,scada,iot,disclosure,edb requests: diff --git a/cves/2018/CVE-2018-16763.yaml b/cves/2018/CVE-2018-16763.yaml index a909a8ad58..874724f492 100644 --- a/cves/2018/CVE-2018-16763.yaml +++ b/cves/2018/CVE-2018-16763.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16763 cwe-id: CWE-74 + cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:* + epss-score: 0.88022 tags: cve,cve2018,fuelcms,rce,edb requests: diff --git a/cves/2018/CVE-2018-16836.yaml b/cves/2018/CVE-2018-16836.yaml index 259bf3e4f2..1a8b0f7e3f 100644 --- a/cves/2018/CVE-2018-16836.yaml +++ b/cves/2018/CVE-2018-16836.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16836 cwe-id: CWE-22 + cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* + epss-score: 0.25354 tags: cve,cve2018,rubedo,lfi,edb requests: diff --git a/cves/2018/CVE-2018-17254.yaml b/cves/2018/CVE-2018-17254.yaml index edbb1e3ff7..765e2ef864 100644 --- a/cves/2018/CVE-2018-17254.yaml +++ b/cves/2018/CVE-2018-17254.yaml @@ -8,12 +8,14 @@ info: reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - https://www.exploit-db.com/exploits/45423/ + remediation: Update or remove the affected plugin. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17254 cwe-id: CWE-89 - remediation: Update or remove the affected plugin. + cpe: cpe:2.3:a:arkextensions:jck_editor:*:*:*:*:*:*:*:* + epss-score: 0.8697 tags: cve,cve2018,packetstorm,edb,joomla,sqli requests: diff --git a/cves/2018/CVE-2018-17431.yaml b/cves/2018/CVE-2018-17431.yaml index 405069c686..6d3418cbac 100644 --- a/cves/2018/CVE-2018-17431.yaml +++ b/cves/2018/CVE-2018-17431.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-17431 cwe-id: CWE-287 + cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* + epss-score: 0.09083 tags: cve2018,comodo,rce,edb,cve requests: diff --git a/cves/2018/CVE-2018-19365.yaml b/cves/2018/CVE-2018-19365.yaml index d2b13cc14b..d217a1ecce 100644 --- a/cves/2018/CVE-2018-19365.yaml +++ b/cves/2018/CVE-2018-19365.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.1 cve-id: CVE-2018-19365 cwe-id: CWE-22 + cpe: cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:* + epss-score: 0.01368 tags: cve,cve2018,wowza,lfi requests: diff --git a/cves/2018/CVE-2018-20470.yaml b/cves/2018/CVE-2018-20470.yaml index 1c24c8261b..7fe4e68e3d 100644 --- a/cves/2018/CVE-2018-20470.yaml +++ b/cves/2018/CVE-2018-20470.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-20470 cwe-id: CWE-22 + cpe: cpe:2.3:a:sahipro:sahi_pro:*:*:*:*:*:*:*:* + epss-score: 0.74871 tags: cve,cve2018,lfi,packetstorm requests: diff --git a/cves/2018/CVE-2018-3714.yaml b/cves/2018/CVE-2018-3714.yaml index 25600bc025..d45fc9e491 100644 --- a/cves/2018/CVE-2018-3714.yaml +++ b/cves/2018/CVE-2018-3714.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.5 cve-id: CVE-2018-3714 cwe-id: CWE-22 + cpe: cpe:2.3:a:node-srv_project:node-srv:*:*:*:*:*:*:*:* + epss-score: 0.01196 tags: cve,cve2018,nodejs,lfi,hackerone requests: diff --git a/cves/2018/CVE-2018-6910.yaml b/cves/2018/CVE-2018-6910.yaml index 508338e6c6..c380318fba 100644 --- a/cves/2018/CVE-2018-6910.yaml +++ b/cves/2018/CVE-2018-6910.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-6910 cwe-id: CWE-668 + cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:* + epss-score: 0.03033 tags: cve,cve2018,dedecms requests: diff --git a/cves/2018/CVE-2018-7602.yaml b/cves/2018/CVE-2018-7602.yaml index 0829712f34..16de580416 100644 --- a/cves/2018/CVE-2018-7602.yaml +++ b/cves/2018/CVE-2018-7602.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-7602 + epss-score: 0.97425 metadata: shodan-query: http.component:"drupal" tags: cve2018,drupal,authenticated,kev,cisa,vulhub,edb,cve diff --git a/cves/2018/CVE-2018-8006.yaml b/cves/2018/CVE-2018-8006.yaml index 21660dca02..637a93ef73 100644 --- a/cves/2018/CVE-2018-8006.yaml +++ b/cves/2018/CVE-2018-8006.yaml @@ -22,6 +22,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-8006 cwe-id: CWE-79 + cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* + epss-score: 0.97273 tags: cve,cve2018,apache,activemq,xss requests: diff --git a/cves/2018/CVE-2018-8770.yaml b/cves/2018/CVE-2018-8770.yaml index c46c2271cb..8200662fa5 100644 --- a/cves/2018/CVE-2018-8770.yaml +++ b/cves/2018/CVE-2018-8770.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-8770 cwe-id: CWE-200 + cpe: cpe:2.3:a:cobub:razor:*:*:*:*:*:*:*:* + epss-score: 0.00282 tags: cve,cve2018,cobub,razor,exposure,edb requests: diff --git a/cves/2019/CVE-2019-0230.yaml b/cves/2019/CVE-2019-0230.yaml index 417a3be69b..cbc15b863a 100644 --- a/cves/2019/CVE-2019-0230.yaml +++ b/cves/2019/CVE-2019-0230.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-0230 cwe-id: CWE-915 + epss-score: 0.84527 tags: tenable,packetstorm,struts,rce,cve,cve2019,apache requests: diff --git a/cves/2019/CVE-2019-10092.yaml b/cves/2019/CVE-2019-10092.yaml index 6b0d55e990..5b31935ac9 100644 --- a/cves/2019/CVE-2019-10092.yaml +++ b/cves/2019/CVE-2019-10092.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2019-10092 cwe-id: CWE-79 + epss-score: 0.00639 tags: cve,cve2019,apache,htmli,injection requests: diff --git a/cves/2019/CVE-2019-10405.yaml b/cves/2019/CVE-2019-10405.yaml index 403d6573bf..42b41104eb 100644 --- a/cves/2019/CVE-2019-10405.yaml +++ b/cves/2019/CVE-2019-10405.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2019-10405 cwe-id: CWE-79 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* + epss-score: 0.0073 metadata: shodan-query: http.favicon.hash:81586312 tags: cve,cve2019,jenkins diff --git a/cves/2019/CVE-2019-10475.yaml b/cves/2019/CVE-2019-10475.yaml index d3a3b6f673..47a82608ab 100644 --- a/cves/2019/CVE-2019-10475.yaml +++ b/cves/2019/CVE-2019-10475.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-10475 cwe-id: CWE-79 + cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:*:*:* + epss-score: 0.97272 tags: cve,cve2019,jenkins,xss,plugin,packetstorm requests: diff --git a/cves/2019/CVE-2019-10692.yaml b/cves/2019/CVE-2019-10692.yaml index 085a48b4e0..3d9074a5d9 100644 --- a/cves/2019/CVE-2019-10692.yaml +++ b/cves/2019/CVE-2019-10692.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-10692 cwe-id: CWE-89 + cpe: cpe:2.3:a:codecabin:wp_google_maps:*:*:*:*:*:*:*:* + epss-score: 0.97416 metadata: verified: "true" tags: cve,cve2019,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan diff --git a/cves/2019/CVE-2019-10758.yaml b/cves/2019/CVE-2019-10758.yaml index d940f888fa..c28e0fb9f6 100644 --- a/cves/2019/CVE-2019-10758.yaml +++ b/cves/2019/CVE-2019-10758.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2019-10758 + cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:*:*:* + epss-score: 0.97363 metadata: shodan-query: http.title:"Mongo Express" tags: vulhub,cve,cve2019,mongo,mongo-express,kev diff --git a/cves/2019/CVE-2019-11248.yaml b/cves/2019/CVE-2019-11248.yaml index a5875ef6fe..a0a7f3fe9b 100644 --- a/cves/2019/CVE-2019-11248.yaml +++ b/cves/2019/CVE-2019-11248.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.2 cve-id: CVE-2019-11248 cwe-id: CWE-862 + cpe: cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* + epss-score: 0.80033 tags: cve,cve2019,debug,kubernetes,kubelet,devops,unauth,disclosure requests: diff --git a/cves/2019/CVE-2019-11510.yaml b/cves/2019/CVE-2019-11510.yaml index 3d0c0d8c5d..85bd2f91fd 100644 --- a/cves/2019/CVE-2019-11510.yaml +++ b/cves/2019/CVE-2019-11510.yaml @@ -9,12 +9,15 @@ info: - https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ - https://nvd.nist.gov/vuln/detail/CVE-2019-11510 + - http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2019-11510 cwe-id: CWE-22 - tags: cve,cve2019,pulsesecure,lfi,kev + cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:* + epss-score: 0.97517 + tags: packetstorm,cve,cve2019,pulsesecure,lfi,kev requests: - method: GET diff --git a/cves/2019/CVE-2019-11580.yaml b/cves/2019/CVE-2019-11580.yaml index d1e0ae6c20..6ec008452c 100644 --- a/cves/2019/CVE-2019-11580.yaml +++ b/cves/2019/CVE-2019-11580.yaml @@ -9,13 +9,16 @@ info: - https://github.com/jas502n/CVE-2019-11580 - https://jira.atlassian.com/browse/CWD-5388 - https://nvd.nist.gov/vuln/detail/CVE-2019-11580 + - http://packetstormsecurity.com/files/163810/Atlassian-Crowd-pdkinstall-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-11580 + cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* + epss-score: 0.97451 metadata: shodan-query: http.component:"Atlassian Jira" - tags: cve,cve2019,atlassian,rce,kev,cisa + tags: kev,cisa,packetstorm,cve,cve2019,atlassian,rce requests: - method: GET diff --git a/cves/2019/CVE-2019-12962.yaml b/cves/2019/CVE-2019-12962.yaml index 13749b9d0e..5a12368017 100644 --- a/cves/2019/CVE-2019-12962.yaml +++ b/cves/2019/CVE-2019-12962.yaml @@ -16,9 +16,11 @@ info: cvss-score: 6.1 cve-id: CVE-2019-12962 cwe-id: CWE-79 + cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:* + epss-score: 0.20689 metadata: shodan-query: http.html:LiveZilla - verified: true + verified: "true" tags: xss,edb,packetstorm,cve,cve2019,livezilla diff --git a/cves/2019/CVE-2019-13101.yaml b/cves/2019/CVE-2019-13101.yaml index 222f69c32f..f2239138b3 100644 --- a/cves/2019/CVE-2019-13101.yaml +++ b/cves/2019/CVE-2019-13101.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-13101 cwe-id: CWE-306 + epss-score: 0.04204 tags: edb,cve,cve2019,dlink,router,iot requests: diff --git a/cves/2019/CVE-2019-13392.yaml b/cves/2019/CVE-2019-13392.yaml index bc333220d3..d59846c931 100644 --- a/cves/2019/CVE-2019-13392.yaml +++ b/cves/2019/CVE-2019-13392.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-13392 cwe-id: CWE-79 + cpe: cpe:2.3:a:mindpalette:natemail:*:*:*:*:*:*:*:* + epss-score: 0.0014 tags: cve,cve2019,natemail,xss requests: diff --git a/cves/2019/CVE-2019-14205.yaml b/cves/2019/CVE-2019-14205.yaml index f70a84c306..e322e7c8e1 100644 --- a/cves/2019/CVE-2019-14205.yaml +++ b/cves/2019/CVE-2019-14205.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-14205 cwe-id: CWE-22 + cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:*:*:* + epss-score: 0.03445 tags: cve,cve2019,wordpress,wp-plugin,lfi,wp requests: diff --git a/cves/2019/CVE-2019-14223.yaml b/cves/2019/CVE-2019-14223.yaml index a2aedf6ded..383a03678f 100644 --- a/cves/2019/CVE-2019-14223.yaml +++ b/cves/2019/CVE-2019-14223.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-14223 cwe-id: CWE-601 + cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:*:*:*:* + epss-score: 0.00188 tags: cve,cve2019,redirect,alfresco requests: diff --git a/cves/2019/CVE-2019-14251.yaml b/cves/2019/CVE-2019-14251.yaml index 721e75c0db..ab3e916fee 100644 --- a/cves/2019/CVE-2019-14251.yaml +++ b/cves/2019/CVE-2019-14251.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-14251 cwe-id: CWE-22 + cpe: cpe:2.3:a:temenos:t24:*:*:*:*:*:*:*:* + epss-score: 0.01417 tags: cve,cve2019,temenos,lfi,unauth requests: diff --git a/cves/2019/CVE-2019-14322.yaml b/cves/2019/CVE-2019-14322.yaml index e6ba0a4d02..2a75c78da9 100644 --- a/cves/2019/CVE-2019-14322.yaml +++ b/cves/2019/CVE-2019-14322.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-14322 cwe-id: CWE-22 + epss-score: 0.49367 tags: cve2019,lfi,odoo,packetstorm,cve requests: diff --git a/cves/2019/CVE-2019-14530.yaml b/cves/2019/CVE-2019-14530.yaml index 9036514de2..b3bad2a3a6 100644 --- a/cves/2019/CVE-2019-14530.yaml +++ b/cves/2019/CVE-2019-14530.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-14530 cwe-id: CWE-22 + cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* + epss-score: 0.94591 metadata: verified: "true" tags: lfi,authenticated,edb,cve,cve2019,openemr diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml index e30369a2d0..fd0c0d22aa 100644 --- a/cves/2019/CVE-2019-15107.yaml +++ b/cves/2019/CVE-2019-15107.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-15107 cwe-id: CWE-78 + cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* + epss-score: 0.97524 tags: cve,cve2019,webmin,rce,kev,edb requests: diff --git a/cves/2019/CVE-2019-15858.yaml b/cves/2019/CVE-2019-15858.yaml index b5c14ada12..76ac49c37c 100644 --- a/cves/2019/CVE-2019-15858.yaml +++ b/cves/2019/CVE-2019-15858.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-15858 cwe-id: CWE-306 + cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:*:*:* + epss-score: 0.02375 tags: cve,cve2019,wordpress,wp-plugin,xss,wp requests: diff --git a/cves/2019/CVE-2019-15859.yaml b/cves/2019/CVE-2019-15859.yaml index 3f4801adcc..5d90cd5bfc 100644 --- a/cves/2019/CVE-2019-15859.yaml +++ b/cves/2019/CVE-2019-15859.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-15859 cwe-id: CWE-200 + epss-score: 0.06381 tags: seclists,packetstorm,cve,cve2019,disclosure,socomec,diris,iot requests: diff --git a/cves/2019/CVE-2019-16097.yaml b/cves/2019/CVE-2019-16097.yaml index ed12c1a447..0982772abd 100644 --- a/cves/2019/CVE-2019-16097.yaml +++ b/cves/2019/CVE-2019-16097.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.5 cve-id: CVE-2019-16097 cwe-id: CWE-862 + cpe: cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* + epss-score: 0.96843 tags: cve,cve2019,intrusive,harbor requests: diff --git a/cves/2019/CVE-2019-16123.yaml b/cves/2019/CVE-2019-16123.yaml index 3078881e7b..4b752ca1cb 100644 --- a/cves/2019/CVE-2019-16123.yaml +++ b/cves/2019/CVE-2019-16123.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-16123 cwe-id: CWE-22 + cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:* + epss-score: 0.56807 tags: piluscart,lfi,packetstorm,edb,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-16278.yaml b/cves/2019/CVE-2019-16278.yaml index 5ebfa0ba3d..b7dbf7eec3 100644 --- a/cves/2019/CVE-2019-16278.yaml +++ b/cves/2019/CVE-2019-16278.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16278 cwe-id: CWE-22 + cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:* + epss-score: 0.97411 tags: edb,cve,cve2019,rce,packetstorm requests: diff --git a/cves/2019/CVE-2019-16313.yaml b/cves/2019/CVE-2019-16313.yaml index a2de7bbecf..581e0e5b90 100644 --- a/cves/2019/CVE-2019-16313.yaml +++ b/cves/2019/CVE-2019-16313.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-16313 cwe-id: CWE-798 + epss-score: 0.02088 tags: cve,cve2019,exposure,router,iot requests: diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml index 1cf033a1f8..5b4d217f5a 100644 --- a/cves/2019/CVE-2019-16332.yaml +++ b/cves/2019/CVE-2019-16332.yaml @@ -9,12 +9,15 @@ info: - https://plugins.trac.wordpress.org/changeset/2152730 - https://wordpress.org/plugins/api-bearer-auth/#developers - https://nvd.nist.gov/vuln/detail/CVE-2019-16332 + - https://packetstormsecurity.com/files/154369/WordPress-API-Bearer-Auth-20181229-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-16332 cwe-id: CWE-79 - tags: cve,cve2019,wordpress,xss,wp-plugin,auth + cpe: cpe:2.3:a:api_bearer_auth_project:api_bearer_auth:*:*:*:*:*:*:*:* + epss-score: 0.00271 + tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin,auth requests: - method: GET diff --git a/cves/2019/CVE-2019-16525.yaml b/cves/2019/CVE-2019-16525.yaml index a7866e5ed2..4f570deff8 100644 --- a/cves/2019/CVE-2019-16525.yaml +++ b/cves/2019/CVE-2019-16525.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-16525 cwe-id: CWE-79 + cpe: cpe:2.3:a:checklist:checklist:*:*:*:*:*:*:*:* + epss-score: 0.00289 tags: xss,wp-plugin,packetstorm,cve,cve2019,wordpress requests: diff --git a/cves/2019/CVE-2019-1653.yaml b/cves/2019/CVE-2019-1653.yaml index 2b7d4683bb..1574f3cf35 100644 --- a/cves/2019/CVE-2019-1653.yaml +++ b/cves/2019/CVE-2019-1653.yaml @@ -18,6 +18,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-1653 cwe-id: CWE-200 + epss-score: 0.97569 tags: kev,edb,cve,cve2019,cisco,router,exposure requests: diff --git a/cves/2019/CVE-2019-16662.yaml b/cves/2019/CVE-2019-16662.yaml index 7daf096ba7..a5a9b2b402 100644 --- a/cves/2019/CVE-2019-16662.yaml +++ b/cves/2019/CVE-2019-16662.yaml @@ -9,12 +9,15 @@ info: - https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/ - https://nvd.nist.gov/vuln/detail/CVE-2019-16662 - https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu + - http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-16662 cwe-id: CWE-78 - tags: cve,cve2019,rce,intrusive,rconfig + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.97495 + tags: intrusive,rconfig,packetstorm,cve,cve2019,rce requests: - method: GET diff --git a/cves/2019/CVE-2019-16759.yaml b/cves/2019/CVE-2019-16759.yaml index a451f4239e..042070a3d5 100644 --- a/cves/2019/CVE-2019-16759.yaml +++ b/cves/2019/CVE-2019-16759.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16759 cwe-id: CWE-94 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* + epss-score: 0.97528 metadata: shodan-query: http.component:"vBulletin" verified: "true" diff --git a/cves/2019/CVE-2019-16920.yaml b/cves/2019/CVE-2019-16920.yaml index 3f120d40c0..b089bb2cdb 100644 --- a/cves/2019/CVE-2019-16920.yaml +++ b/cves/2019/CVE-2019-16920.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16920 cwe-id: CWE-78 + epss-score: 0.96885 tags: cve,cve2019,dlink,rce,router,unauth,kev requests: diff --git a/cves/2019/CVE-2019-16931.yaml b/cves/2019/CVE-2019-16931.yaml index 870a85d2d8..3d46d6b8bb 100644 --- a/cves/2019/CVE-2019-16931.yaml +++ b/cves/2019/CVE-2019-16931.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-16931 cwe-id: CWE-79 + cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:*:*:* + epss-score: 0.00244 metadata: verified: "true" tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth,wpscan diff --git a/cves/2019/CVE-2019-16932.yaml b/cves/2019/CVE-2019-16932.yaml index 97f300658a..4106ae8e4e 100644 --- a/cves/2019/CVE-2019-16932.yaml +++ b/cves/2019/CVE-2019-16932.yaml @@ -16,6 +16,8 @@ info: cvss-score: 10 cve-id: CVE-2019-16932 cwe-id: CWE-918 + cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:*:*:* + epss-score: 0.5805 tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth,wpscan requests: diff --git a/cves/2019/CVE-2019-16996.yaml b/cves/2019/CVE-2019-16996.yaml index cbe5bbb6d1..a26fa9577c 100644 --- a/cves/2019/CVE-2019-16996.yaml +++ b/cves/2019/CVE-2019-16996.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-16996 cwe-id: CWE-89 + cpe: cpe:2.3:a:metinfo:metinfo:*:*:*:*:*:*:*:* + epss-score: 0.45538 tags: metinfo,sqli,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-16997.yaml b/cves/2019/CVE-2019-16997.yaml index 17de819532..7231dae773 100644 --- a/cves/2019/CVE-2019-16997.yaml +++ b/cves/2019/CVE-2019-16997.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-16997 cwe-id: CWE-89 + cpe: cpe:2.3:a:metinfo:metinfo:*:*:*:*:*:*:*:* + epss-score: 0.45538 tags: metinfo,sqli,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-17270.yaml b/cves/2019/CVE-2019-17270.yaml index 610ea6c3e1..2e9586d2e7 100644 --- a/cves/2019/CVE-2019-17270.yaml +++ b/cves/2019/CVE-2019-17270.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17270 cwe-id: CWE-78 + cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:* + epss-score: 0.95529 tags: rce,yachtcontrol,cve,cve2019,edb,packetstorm requests: diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml index fcd443d7f7..83f114e475 100644 --- a/cves/2019/CVE-2019-17382.yaml +++ b/cves/2019/CVE-2019-17382.yaml @@ -13,6 +13,8 @@ info: cvss-score: 9.1 cve-id: CVE-2019-17382 cwe-id: CWE-639 + cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* + epss-score: 0.12648 tags: fuzz,auth-bypass,login,edb,cve,cve2019,zabbix requests: diff --git a/cves/2019/CVE-2019-17418.yaml b/cves/2019/CVE-2019-17418.yaml index 3883958539..a9ec32170b 100644 --- a/cves/2019/CVE-2019-17418.yaml +++ b/cves/2019/CVE-2019-17418.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-17418 cwe-id: CWE-89 + cpe: cpe:2.3:a:metinfo:metinfo:*:*:*:*:*:*:*:* + epss-score: 0.62858 tags: cve,cve2019,metinfo,sqli requests: diff --git a/cves/2019/CVE-2019-17444.yaml b/cves/2019/CVE-2019-17444.yaml index d7bb5dd6b7..624827f11f 100644 --- a/cves/2019/CVE-2019-17444.yaml +++ b/cves/2019/CVE-2019-17444.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17444 cwe-id: CWE-521 + cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:* + epss-score: 0.05882 tags: cve,cve2019,jfrog,default-login requests: diff --git a/cves/2019/CVE-2019-17503.yaml b/cves/2019/CVE-2019-17503.yaml index 946373cb0b..64ff5bff16 100644 --- a/cves/2019/CVE-2019-17503.yaml +++ b/cves/2019/CVE-2019-17503.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-17503 cwe-id: CWE-425 + cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:*:*:*:*:*:*:*:* + epss-score: 0.00289 tags: cve,cve2019,exposure,edb,packetstorm requests: diff --git a/cves/2019/CVE-2019-17506.yaml b/cves/2019/CVE-2019-17506.yaml index 0266aa2ecc..e43706c7ef 100644 --- a/cves/2019/CVE-2019-17506.yaml +++ b/cves/2019/CVE-2019-17506.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17506 cwe-id: CWE-306 + epss-score: 0.92946 tags: cve,cve2019,dlink,router,disclosure requests: diff --git a/cves/2019/CVE-2019-17538.yaml b/cves/2019/CVE-2019-17538.yaml index ebc2f42584..0cc9a57f78 100644 --- a/cves/2019/CVE-2019-17538.yaml +++ b/cves/2019/CVE-2019-17538.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-17538 cwe-id: CWE-22 + cpe: cpe:2.3:a:jnoj:jiangnan_online_judge:*:*:*:*:*:*:*:* + epss-score: 0.00838 tags: cve,cve2019,jnoj,lfi requests: diff --git a/cves/2019/CVE-2019-17558.yaml b/cves/2019/CVE-2019-17558.yaml index 97a4563023..cab5becb56 100644 --- a/cves/2019/CVE-2019-17558.yaml +++ b/cves/2019/CVE-2019-17558.yaml @@ -9,12 +9,14 @@ info: - https://issues.apache.org/jira/browse/SOLR-13971 - https://nvd.nist.gov/vuln/detail/CVE-2019-17558 - https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a@%3Cissues.lucene.apache.org%3E + - http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.5 cve-id: CVE-2019-17558 cwe-id: CWE-74 - tags: cve,cve2019,apache,rce,solr,oast,kev + epss-score: 0.97498 + tags: kev,packetstorm,cve,cve2019,apache,rce,solr,oast requests: - raw: diff --git a/cves/2019/CVE-2019-18371.yaml b/cves/2019/CVE-2019-18371.yaml index 49dfb3776c..e7711edfb7 100644 --- a/cves/2019/CVE-2019-18371.yaml +++ b/cves/2019/CVE-2019-18371.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-18371 cwe-id: CWE-22 + epss-score: 0.01614 tags: cve2019,cve,lfi,router,mi,xiaomi requests: diff --git a/cves/2019/CVE-2019-18393.yaml b/cves/2019/CVE-2019-18393.yaml index 031dbfd448..01780a28a3 100644 --- a/cves/2019/CVE-2019-18393.yaml +++ b/cves/2019/CVE-2019-18393.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-18393 cwe-id: CWE-22 + cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* + epss-score: 0.00161 tags: cve,cve2019,openfire,lfi requests: diff --git a/cves/2019/CVE-2019-18394.yaml b/cves/2019/CVE-2019-18394.yaml index 7edc1dc808..17a6f3b480 100644 --- a/cves/2019/CVE-2019-18394.yaml +++ b/cves/2019/CVE-2019-18394.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-18394 cwe-id: CWE-918 + cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* + epss-score: 0.65848 tags: cve,cve2019,ssrf,openfire,oast requests: diff --git a/cves/2019/CVE-2019-18665.yaml b/cves/2019/CVE-2019-18665.yaml index 0af194d419..49378903b7 100644 --- a/cves/2019/CVE-2019-18665.yaml +++ b/cves/2019/CVE-2019-18665.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-18665 cwe-id: CWE-22 + cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:* + epss-score: 0.07453 tags: cve,cve2019,domos,lfi requests: diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml index 72cb51e5e8..43dfaeabfe 100644 --- a/cves/2019/CVE-2019-18818.yaml +++ b/cves/2019/CVE-2019-18818.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-18818 cwe-id: CWE-640 + cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:* + epss-score: 0.75135 tags: cve2019,strapi,auth-bypass,intrusive,edb,cve requests: diff --git a/cves/2019/CVE-2019-18922.yaml b/cves/2019/CVE-2019-18922.yaml index 48d53d59c7..6ce7f17f63 100644 --- a/cves/2019/CVE-2019-18922.yaml +++ b/cves/2019/CVE-2019-18922.yaml @@ -10,11 +10,13 @@ info: - https://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html - https://pastebin.com/dpEGKUGz - https://nvd.nist.gov/vuln/detail/CVE-2019-18922 + - http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-18922 cwe-id: CWE-22 + epss-score: 0.0102 tags: allied,lfi,packetstorm,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-18957.yaml b/cves/2019/CVE-2019-18957.yaml index 5fc00dcf02..dc60ea27e6 100644 --- a/cves/2019/CVE-2019-18957.yaml +++ b/cves/2019/CVE-2019-18957.yaml @@ -10,12 +10,15 @@ info: - https://seclists.org/bugtraq/2019/Nov/23 - https://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2019-18957 + - http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-18957 cwe-id: CWE-79 + cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:* + epss-score: 0.00247 tags: cve2019,microstrategy,packetstorm,xss,seclists,cve requests: diff --git a/cves/2019/CVE-2019-19134.yaml b/cves/2019/CVE-2019-19134.yaml index aed3907378..b76bf3a2dd 100644 --- a/cves/2019/CVE-2019-19134.yaml +++ b/cves/2019/CVE-2019-19134.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-19134 cwe-id: CWE-79 + cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:*:*:* + epss-score: 0.00203 tags: wpscan,cve,cve2019,wordpress,xss,wp-plugin,maps requests: diff --git a/cves/2019/CVE-2019-19368.yaml b/cves/2019/CVE-2019-19368.yaml index 40f3ae2243..c961ef616f 100644 --- a/cves/2019/CVE-2019-19368.yaml +++ b/cves/2019/CVE-2019-19368.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-19368 cwe-id: CWE-79 + cpe: cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:* + epss-score: 0.00445 tags: xss,ftp,packetstorm,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-19781.yaml b/cves/2019/CVE-2019-19781.yaml index 96f5859012..b4dba3e143 100644 --- a/cves/2019/CVE-2019-19781.yaml +++ b/cves/2019/CVE-2019-19781.yaml @@ -9,12 +9,14 @@ info: - https://support.citrix.com/article/CTX267027 - https://nvd.nist.gov/vuln/detail/CVE-2019-19781 - https://www.kb.cert.org/vuls/id/619785 + - http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-19781 cwe-id: CWE-22 - tags: cve,cve2019,citrix,lfi,kev + epss-score: 0.97542 + tags: lfi,kev,packetstorm,cve,cve2019,citrix requests: - method: GET diff --git a/cves/2019/CVE-2019-19824.yaml b/cves/2019/CVE-2019-19824.yaml index fd13474731..3bb6084e7f 100644 --- a/cves/2019/CVE-2019-19824.yaml +++ b/cves/2019/CVE-2019-19824.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2019-19824 cwe-id: CWE-78 + epss-score: 0.97266 tags: cve,cve2019,totolink,rce,router requests: diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml index 032d1ce05a..928145cb45 100644 --- a/cves/2019/CVE-2019-19908.yaml +++ b/cves/2019/CVE-2019-19908.yaml @@ -16,9 +16,11 @@ info: cvss-score: 6.1 cve-id: CVE-2019-19908 cwe-id: CWE-79 + cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:*:*:*:*:*:*:*:* + epss-score: 0.00622 metadata: - verified: true google-query: inurl:"/plus/pass_reset.php" + verified: "true" tags: cve,cve2019,phpMyChat,xss requests: diff --git a/cves/2019/CVE-2019-19985.yaml b/cves/2019/CVE-2019-19985.yaml index 3933dcaec6..b731570b01 100644 --- a/cves/2019/CVE-2019-19985.yaml +++ b/cves/2019/CVE-2019-19985.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-19985 cwe-id: CWE-862 + cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:*:*:* + epss-score: 0.07816 tags: cve2019,wordpress,wp-plugin,edb,packetstorm,cve requests: diff --git a/cves/2019/CVE-2019-20085.yaml b/cves/2019/CVE-2019-20085.yaml index 5602b9547d..75f2acf0a9 100644 --- a/cves/2019/CVE-2019-20085.yaml +++ b/cves/2019/CVE-2019-20085.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-20085 cwe-id: CWE-22 + epss-score: 0.30362 tags: cve,cve2019,iot,lfi,kev,edb,packetstorm requests: diff --git a/cves/2019/CVE-2019-20141.yaml b/cves/2019/CVE-2019-20141.yaml index d70eda17e9..832c28b7fd 100644 --- a/cves/2019/CVE-2019-20141.yaml +++ b/cves/2019/CVE-2019-20141.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-20141 cwe-id: CWE-79 + cpe: cpe:2.3:a:laborator:neon:*:*:*:*:*:*:*:* + epss-score: 0.00118 tags: cve,cve2019,xss requests: diff --git a/cves/2019/CVE-2019-20183.yaml b/cves/2019/CVE-2019-20183.yaml index 15727a44ac..482b73374a 100644 --- a/cves/2019/CVE-2019-20183.yaml +++ b/cves/2019/CVE-2019-20183.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-20183 cwe-id: CWE-434 + cpe: cpe:2.3:a:employee_records_system_project:employee_records_system:*:*:*:*:*:*:*:* + epss-score: 0.02791 tags: edb,cve,cve2019,rce,intrusive,fileupload requests: diff --git a/cves/2019/CVE-2019-20210.yaml b/cves/2019/CVE-2019-20210.yaml index b3d521aaa9..7db4e4615c 100644 --- a/cves/2019/CVE-2019-20210.yaml +++ b/cves/2019/CVE-2019-20210.yaml @@ -16,6 +16,7 @@ info: cvss-score: 6.1 cve-id: CVE-2019-20210 cwe-id: CWE-79 + epss-score: 0.00249 tags: wp-theme,wpscan,cve,cve2019,wordpress,citybook,xss requests: diff --git a/cves/2019/CVE-2019-20224.yaml b/cves/2019/CVE-2019-20224.yaml index 6cde65fe36..863eb35767 100644 --- a/cves/2019/CVE-2019-20224.yaml +++ b/cves/2019/CVE-2019-20224.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-20224 cwe-id: CWE-78 + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* + epss-score: 0.18509 tags: pandorafms,rce,cve,cve2019,authenticated,oast requests: diff --git a/cves/2019/CVE-2019-20933.yaml b/cves/2019/CVE-2019-20933.yaml index 2c26a75a71..99b1a18b65 100644 --- a/cves/2019/CVE-2019-20933.yaml +++ b/cves/2019/CVE-2019-20933.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-20933 cwe-id: CWE-287 + epss-score: 0.03625 metadata: shodan-query: InfluxDB verified: "true" diff --git a/cves/2019/CVE-2019-2725.yaml b/cves/2019/CVE-2019-2725.yaml index 9e912928f1..c606ffa78b 100644 --- a/cves/2019/CVE-2019-2725.yaml +++ b/cves/2019/CVE-2019-2725.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-2725 cwe-id: CWE-74 + epss-score: 0.97542 tags: kev,edb,cve,cve2019,oracle,weblogic,rce requests: diff --git a/cves/2019/CVE-2019-2729.yaml b/cves/2019/CVE-2019-2729.yaml index 9d1eca4f52..75d73f9ed3 100644 --- a/cves/2019/CVE-2019-2729.yaml +++ b/cves/2019/CVE-2019-2729.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-2729 cwe-id: CWE-284 + epss-score: 0.9715 tags: cve,cve2019,oracle,rce,weblogic requests: diff --git a/cves/2019/CVE-2019-3396.yaml b/cves/2019/CVE-2019-3396.yaml index cda743ac16..edbf16b8e6 100644 --- a/cves/2019/CVE-2019-3396.yaml +++ b/cves/2019/CVE-2019-3396.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-3396 cwe-id: CWE-22 + epss-score: 0.97503 metadata: shodan-query: http.component:"Atlassian Confluence" tags: cve,cve2019,atlassian,confluence,lfi,rce,kev,packetstorm diff --git a/cves/2019/CVE-2019-3401.yaml b/cves/2019/CVE-2019-3401.yaml index dd8d223831..fc0db00782 100644 --- a/cves/2019/CVE-2019-3401.yaml +++ b/cves/2019/CVE-2019-3401.yaml @@ -14,6 +14,7 @@ info: cvss-score: 5.3 cve-id: CVE-2019-3401 cwe-id: CWE-863 + epss-score: 0.0055 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2019,jira,atlassian,exposure diff --git a/cves/2019/CVE-2019-3403.yaml b/cves/2019/CVE-2019-3403.yaml index 7b8fae74c5..203579e917 100644 --- a/cves/2019/CVE-2019-3403.yaml +++ b/cves/2019/CVE-2019-3403.yaml @@ -4,8 +4,7 @@ info: name: User enumeration via an incorrect authorisation check author: Ganofins severity: medium - description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames - via an incorrect authorisation check. + description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. reference: - https://jira.atlassian.com/browse/JRASERVER-69242 classification: @@ -13,6 +12,7 @@ info: cvss-score: 5.3 cve-id: CVE-2019-3403 cwe-id: CWE-863 + epss-score: 0.00379 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2019,atlassian,jira,enumeration diff --git a/cves/2019/CVE-2019-3799.yaml b/cves/2019/CVE-2019-3799.yaml index a7ec533c28..f15e43333d 100644 --- a/cves/2019/CVE-2019-3799.yaml +++ b/cves/2019/CVE-2019-3799.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.5 cve-id: CVE-2019-3799 cwe-id: CWE-22 + epss-score: 0.01248 tags: cve,cve2019,lfi requests: diff --git a/cves/2019/CVE-2019-3911.yaml b/cves/2019/CVE-2019-3911.yaml index debfaab3d3..999a1abc2f 100644 --- a/cves/2019/CVE-2019-3911.yaml +++ b/cves/2019/CVE-2019-3911.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-3911 cwe-id: CWE-79 + cpe: cpe:2.3:a:labkey:labkey_server:*:*:*:*:*:*:*:* + epss-score: 0.00178 metadata: shodan-query: 'Server: Labkey' tags: cve,cve2019,xss,labkey,tenable diff --git a/cves/2019/CVE-2019-3912.yaml b/cves/2019/CVE-2019-3912.yaml index b9918901e0..32b86942dc 100644 --- a/cves/2019/CVE-2019-3912.yaml +++ b/cves/2019/CVE-2019-3912.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-3912 cwe-id: CWE-601 + cpe: cpe:2.3:a:labkey:labkey_server:*:*:*:*:*:*:*:* + epss-score: 0.00185 metadata: shodan-query: 'Server: Labkey' tags: tenable,cve,cve2019,redirect,labkey diff --git a/cves/2019/CVE-2019-3929.yaml b/cves/2019/CVE-2019-3929.yaml index 1de3aa3ef9..bea0bd5348 100644 --- a/cves/2019/CVE-2019-3929.yaml +++ b/cves/2019/CVE-2019-3929.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2019-3929 cwe-id: CWE-78 + epss-score: 0.97434 tags: tenable,cve,cve2019,oast,injection,kev,edb,rce,packetstorm requests: diff --git a/cves/2019/CVE-2019-5127.yaml b/cves/2019/CVE-2019-5127.yaml index c508e1ddf3..e44246ceb1 100644 --- a/cves/2019/CVE-2019-5127.yaml +++ b/cves/2019/CVE-2019-5127.yaml @@ -4,7 +4,7 @@ info: name: YouPHPTube Encoder 2.3 - Remote Command Injection author: pikpikcu severity: critical - description: "YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php." + description: YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. reference: - https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917 - https://nvd.nist.gov/vuln/detail/CVE-2019-5127 @@ -13,6 +13,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-5127 cwe-id: CWE-78 + cpe: cpe:2.3:a:youphptube:youphptube_encoder:*:*:*:*:*:*:*:* + epss-score: 0.97491 tags: cve,cve2019,rce requests: diff --git a/cves/2019/CVE-2019-5418.yaml b/cves/2019/CVE-2019-5418.yaml index 7b97c4cb18..ef6b929bdf 100644 --- a/cves/2019/CVE-2019-5418.yaml +++ b/cves/2019/CVE-2019-5418.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-5418 + epss-score: 0.97379 tags: cve,cve2019,rails,lfi,disclosure,edb requests: diff --git a/cves/2019/CVE-2019-6112.yaml b/cves/2019/CVE-2019-6112.yaml index 0c0ecc83ea..ff5784fc6e 100644 --- a/cves/2019/CVE-2019-6112.yaml +++ b/cves/2019/CVE-2019-6112.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-6112 cwe-id: CWE-79 + cpe: cpe:2.3:a:graphpaperpress:sell_media:*:*:*:*:*:*:*:* + epss-score: 0.00115 tags: cve,cve2019,wordpress,wp-plugin,xss requests: diff --git a/cves/2019/CVE-2019-6715.yaml b/cves/2019/CVE-2019-6715.yaml index 2db45b9db1..a1073ff801 100644 --- a/cves/2019/CVE-2019-6715.yaml +++ b/cves/2019/CVE-2019-6715.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-6715 + cpe: cpe:2.3:a:w3-edge:total_cache:*:*:*:*:*:*:*:* + epss-score: 0.15194 tags: cve,cve2019,wordpress,wp-plugin,ssrf,packetstorm requests: diff --git a/cves/2019/CVE-2019-7254.yaml b/cves/2019/CVE-2019-7254.yaml index 84945b5507..ff43c03c6b 100644 --- a/cves/2019/CVE-2019-7254.yaml +++ b/cves/2019/CVE-2019-7254.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-7254 cwe-id: CWE-22 + epss-score: 0.83105 tags: emerge,lfi,edb,packetstorm,cve,cve2019 requests: diff --git a/cves/2019/CVE-2019-7255.yaml b/cves/2019/CVE-2019-7255.yaml index f754c57f8b..1721fa2ca0 100644 --- a/cves/2019/CVE-2019-7255.yaml +++ b/cves/2019/CVE-2019-7255.yaml @@ -16,6 +16,7 @@ info: cvss-score: 6.1 cve-id: CVE-2019-7255 cwe-id: CWE-79 + epss-score: 0.01111 metadata: shodan-query: http.title:"eMerge" verified: "true" diff --git a/cves/2019/CVE-2019-7256.yaml b/cves/2019/CVE-2019-7256.yaml index 2473f13b9a..51d6945539 100644 --- a/cves/2019/CVE-2019-7256.yaml +++ b/cves/2019/CVE-2019-7256.yaml @@ -15,6 +15,7 @@ info: cvss-score: 10 cve-id: CVE-2019-7256 cwe-id: CWE-78 + epss-score: 0.97447 tags: cve,cve2019,emerge,rce,edb requests: diff --git a/cves/2019/CVE-2019-7275.yaml b/cves/2019/CVE-2019-7275.yaml index 30d4e97567..295e900ed5 100644 --- a/cves/2019/CVE-2019-7275.yaml +++ b/cves/2019/CVE-2019-7275.yaml @@ -16,6 +16,7 @@ info: cvss-score: 6.1 cve-id: CVE-2019-7275 cwe-id: CWE-601 + epss-score: 0.00373 tags: cve,cve2019,redirect,packetstorm requests: diff --git a/cves/2019/CVE-2019-7481.yaml b/cves/2019/CVE-2019-7481.yaml index dd5378b07e..80e59f6255 100644 --- a/cves/2019/CVE-2019-7481.yaml +++ b/cves/2019/CVE-2019-7481.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2019-7481 cwe-id: CWE-89 + epss-score: 0.89778 tags: cve,cve2019,sonicwall,sqli,kev requests: diff --git a/cves/2019/CVE-2019-7609.yaml b/cves/2019/CVE-2019-7609.yaml index c98174106a..2de5f08100 100644 --- a/cves/2019/CVE-2019-7609.yaml +++ b/cves/2019/CVE-2019-7609.yaml @@ -15,6 +15,7 @@ info: cvss-score: 10 cve-id: CVE-2019-7609 cwe-id: CWE-94 + epss-score: 0.97303 tags: cve,cve2019,kibana,rce,kev requests: diff --git a/cves/2019/CVE-2019-8442.yaml b/cves/2019/CVE-2019-8442.yaml index 808edd8cfa..7bf27f0127 100644 --- a/cves/2019/CVE-2019-8442.yaml +++ b/cves/2019/CVE-2019-8442.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-8442 + epss-score: 0.96936 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2019,atlassian,jira,lfi diff --git a/cves/2019/CVE-2019-8446.yaml b/cves/2019/CVE-2019-8446.yaml index be81d54b6e..677e530bf3 100644 --- a/cves/2019/CVE-2019-8446.yaml +++ b/cves/2019/CVE-2019-8446.yaml @@ -13,6 +13,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-8446 cwe-id: CWE-863 + cpe: cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* + epss-score: 0.0874 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2019,jira diff --git a/cves/2019/CVE-2019-8449.yaml b/cves/2019/CVE-2019-8449.yaml index 162a8a0ff0..cc8a5ecec1 100644 --- a/cves/2019/CVE-2019-8449.yaml +++ b/cves/2019/CVE-2019-8449.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-8449 cwe-id: CWE-306 + cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* + epss-score: 0.12465 metadata: shodan-query: http.component:"Atlassian Jira" tags: atlassian,jira,disclosure,packetstorm,cve,cve2019 diff --git a/cves/2019/CVE-2019-8451.yaml b/cves/2019/CVE-2019-8451.yaml index df4392692a..7f68afddad 100644 --- a/cves/2019/CVE-2019-8451.yaml +++ b/cves/2019/CVE-2019-8451.yaml @@ -4,8 +4,7 @@ info: name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource author: TechbrunchFR severity: medium - description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability - due to a logic bug in the JiraWhitelist class. + description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. reference: - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in - https://jira.atlassian.com/browse/JRASERVER-69793 @@ -15,6 +14,8 @@ info: cvss-score: 6.5 cve-id: CVE-2019-8451 cwe-id: CWE-918 + cpe: cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* + epss-score: 0.97115 metadata: shodan-query: http.component:"Atlassian Jira" tags: atlassian,jira,ssrf,oast,tenable,hackerone,cve,cve2019 diff --git a/cves/2019/CVE-2019-9922.yaml b/cves/2019/CVE-2019-9922.yaml index 886303742c..2eb1e96bbd 100644 --- a/cves/2019/CVE-2019-9922.yaml +++ b/cves/2019/CVE-2019-9922.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-9922 cwe-id: CWE-22 + cpe: cpe:2.3:a:harmistechnology:je_messenger:*:*:*:*:*:*:*:* + epss-score: 0.0145 tags: cve,cve2019,joomla,messenger,lfi requests: diff --git a/cves/2020/CVE-2020-0618.yaml b/cves/2020/CVE-2020-0618.yaml index 459f230148..77c5e7b745 100644 --- a/cves/2020/CVE-2020-0618.yaml +++ b/cves/2020/CVE-2020-0618.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-0618 cwe-id: CWE-502 + cpe: cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:* + epss-score: 0.97473 tags: cve2020,rce,packetstorm,cve requests: diff --git a/cves/2020/CVE-2020-10148.yaml b/cves/2020/CVE-2020-10148.yaml index b9143655dc..b381c174fc 100644 --- a/cves/2020/CVE-2020-10148.yaml +++ b/cves/2020/CVE-2020-10148.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10148 cwe-id: CWE-287 + cpe: cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:* + epss-score: 0.97344 tags: cve,cve2020,solarwinds,rce,auth-bypass,kev requests: diff --git a/cves/2020/CVE-2020-10546.yaml b/cves/2020/CVE-2020-10546.yaml index 6f33f801d8..71ded22155 100644 --- a/cves/2020/CVE-2020-10546.yaml +++ b/cves/2020/CVE-2020-10546.yaml @@ -4,8 +4,7 @@ info: name: rConfig 3.9.4 - SQL Injection author: madrobot severity: critical - description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, - granting an attacker access to monitored network devices. + description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ @@ -15,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10546 cwe-id: CWE-89,CWE-522 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.37886 tags: cve,cve2020,rconfig,sqli requests: diff --git a/cves/2020/CVE-2020-10547.yaml b/cves/2020/CVE-2020-10547.yaml index 31954d0c5c..638f07d771 100644 --- a/cves/2020/CVE-2020-10547.yaml +++ b/cves/2020/CVE-2020-10547.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10547 cwe-id: CWE-89,CWE-522 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.37886 tags: cve,cve2020,rconfig,sqli requests: diff --git a/cves/2020/CVE-2020-10548.yaml b/cves/2020/CVE-2020-10548.yaml index 7970e43129..6a7df548fd 100644 --- a/cves/2020/CVE-2020-10548.yaml +++ b/cves/2020/CVE-2020-10548.yaml @@ -4,8 +4,7 @@ info: name: rConfig 3.9.4 - SQL Injection author: madrobot severity: critical - description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting - an attacker access to monitored network devices. + description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ @@ -15,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10548 cwe-id: CWE-89,CWE-522 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.37886 tags: cve,cve2020,rconfig,sqli requests: diff --git a/cves/2020/CVE-2020-10549.yaml b/cves/2020/CVE-2020-10549.yaml index 254606bf7f..86a7a4cfc9 100644 --- a/cves/2020/CVE-2020-10549.yaml +++ b/cves/2020/CVE-2020-10549.yaml @@ -4,8 +4,7 @@ info: name: rConfig <=3.9.4 - SQL Injection author: madrobot severity: critical - description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker - access to monitored network devices. + description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ @@ -15,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10549 cwe-id: CWE-89,CWE-522 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.37886 tags: cve,cve2020,rconfig,sqli requests: diff --git a/cves/2020/CVE-2020-10770.yaml b/cves/2020/CVE-2020-10770.yaml index 4177c0adca..f28ff2a9a9 100644 --- a/cves/2020/CVE-2020-10770.yaml +++ b/cves/2020/CVE-2020-10770.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-10770 cwe-id: CWE-918 + cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* + epss-score: 0.36659 tags: keycloak,ssrf,oast,cve,cve2020,blind,packetstorm,edb requests: diff --git a/cves/2020/CVE-2020-10973.yaml b/cves/2020/CVE-2020-10973.yaml index f1d09232e0..395fb61cb8 100644 --- a/cves/2020/CVE-2020-10973.yaml +++ b/cves/2020/CVE-2020-10973.yaml @@ -10,11 +10,13 @@ info: - https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 - https://github.com/sudo-jtcsec/Nyra - https://nvd.nist.gov/vuln/detail/CVE-2020-10973 + - https://github.com/Roni-Carta/nyra classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-10973 cwe-id: CWE-306 + epss-score: 0.0178 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml index fa1e54195e..2d3ad8fd92 100644 --- a/cves/2020/CVE-2020-11034.yaml +++ b/cves/2020/CVE-2020-11034.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-11034 cwe-id: CWE-601 + cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* + epss-score: 0.00396 tags: cve,cve2020,redirect,glpi requests: diff --git a/cves/2020/CVE-2020-11110.yaml b/cves/2020/CVE-2020-11110.yaml index 9759083d4a..eba572f331 100644 --- a/cves/2020/CVE-2020-11110.yaml +++ b/cves/2020/CVE-2020-11110.yaml @@ -17,6 +17,7 @@ info: cvss-score: 5.4 cve-id: CVE-2020-11110 cwe-id: CWE-79 + epss-score: 0.001 metadata: shodan-query: title:"Grafana" tags: cve,cve2020,xss,grafana,hackerone diff --git a/cves/2020/CVE-2020-11450.yaml b/cves/2020/CVE-2020-11450.yaml index edeb71dc40..054505aee3 100644 --- a/cves/2020/CVE-2020-11450.yaml +++ b/cves/2020/CVE-2020-11450.yaml @@ -16,6 +16,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-11450 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:* + epss-score: 0.0751 tags: microstrategy,exposure,jvm,config,packetstorm,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-11455.yaml b/cves/2020/CVE-2020-11455.yaml index ccc23e1221..ea6d3fde37 100644 --- a/cves/2020/CVE-2020-11455.yaml +++ b/cves/2020/CVE-2020-11455.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11455 cwe-id: CWE-22 + cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:* + epss-score: 0.23781 tags: cve2020,lfi,edb,packetstorm,cve requests: diff --git a/cves/2020/CVE-2020-11529.yaml b/cves/2020/CVE-2020-11529.yaml index be81e7b018..c329fde22c 100644 --- a/cves/2020/CVE-2020-11529.yaml +++ b/cves/2020/CVE-2020-11529.yaml @@ -9,11 +9,14 @@ info: - https://github.com/getgrav/grav/issues/3134 - https://nvd.nist.gov/vuln/detail/CVE-2020-11529 - https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7 + - https://getgrav.org/#changelog classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-11529 cwe-id: CWE-601 + cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:* + epss-score: 0.00349 tags: cve,cve2020,redirect,grav,getgrav requests: diff --git a/cves/2020/CVE-2020-11530.yaml b/cves/2020/CVE-2020-11530.yaml index 03139da1fc..0c4b93937b 100644 --- a/cves/2020/CVE-2020-11530.yaml +++ b/cves/2020/CVE-2020-11530.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11530 cwe-id: CWE-89 + cpe: cpe:2.3:a:idangero:chop_slider:*:*:*:*:*:*:*:* + epss-score: 0.65475 metadata: verified: "true" tags: cve,cve2020,sqli,wpscan,wordpress,wp-plugin,wp,chopslider,unauth diff --git a/cves/2020/CVE-2020-11546.yaml b/cves/2020/CVE-2020-11546.yaml index 29207aceec..54c20f3ce8 100644 --- a/cves/2020/CVE-2020-11546.yaml +++ b/cves/2020/CVE-2020-11546.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11546 cwe-id: CWE-94 + cpe: cpe:2.3:a:superwebmailer:superwebmailer:*:*:*:*:*:*:*:* + epss-score: 0.96668 metadata: shodan-query: title:"SuperWebMailer" tags: cve,cve2020,rce,superwebmailer diff --git a/cves/2020/CVE-2020-11547.yaml b/cves/2020/CVE-2020-11547.yaml index 428b26219d..c497d0ec4c 100644 --- a/cves/2020/CVE-2020-11547.yaml +++ b/cves/2020/CVE-2020-11547.yaml @@ -5,9 +5,6 @@ info: author: x6263 severity: medium description: PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself via an HTTP request. - metadata: - verified: true - shodan-query: title:"prtg" reference: - https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure - https://nvd.nist.gov/vuln/detail/CVE-2020-11547 @@ -17,6 +14,11 @@ info: cvss-score: 5.3 cve-id: CVE-2020-11547 cwe-id: CWE-200 + cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* + epss-score: 0.0011 + metadata: + shodan-query: title:"prtg" + verified: "true" tags: cve,cve2020,prtg,disclosure,network requests: diff --git a/cves/2020/CVE-2020-11710.yaml b/cves/2020/CVE-2020-11710.yaml index e6a4facc87..28291d27ba 100644 --- a/cves/2020/CVE-2020-11710.yaml +++ b/cves/2020/CVE-2020-11710.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-11710 + cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:*:*:* + epss-score: 0.02084 tags: cve,cve2020,kong requests: diff --git a/cves/2020/CVE-2020-11738.yaml b/cves/2020/CVE-2020-11738.yaml index 09b17883ef..3752b7caf1 100644 --- a/cves/2020/CVE-2020-11738.yaml +++ b/cves/2020/CVE-2020-11738.yaml @@ -19,6 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-11738 cwe-id: CWE-22 + cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:*:*:* + epss-score: 0.9729 tags: kev,tenable,packetstorm,cve,cve2020,wordpress,wp-plugin,lfi requests: diff --git a/cves/2020/CVE-2020-11853.yaml b/cves/2020/CVE-2020-11853.yaml index d97b164e6c..7b8ae3782b 100644 --- a/cves/2020/CVE-2020-11853.yaml +++ b/cves/2020/CVE-2020-11853.yaml @@ -16,6 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-11853 + epss-score: 0.94771 tags: opm,rce,packetstorm,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-11854.yaml b/cves/2020/CVE-2020-11854.yaml index acc7fb772c..ef239584c5 100644 --- a/cves/2020/CVE-2020-11854.yaml +++ b/cves/2020/CVE-2020-11854.yaml @@ -17,6 +17,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11854 cwe-id: CWE-798 + epss-score: 0.97417 tags: microfocus,packetstorm,cve,cve2020,ucmdb,rce requests: diff --git a/cves/2020/CVE-2020-11930.yaml b/cves/2020/CVE-2020-11930.yaml index feca3dbdf3..5cd2c777c1 100644 --- a/cves/2020/CVE-2020-11930.yaml +++ b/cves/2020/CVE-2020-11930.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-11930 cwe-id: CWE-79 + cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:*:*:* + epss-score: 0.00396 tags: cve,cve2020,wordpress,xss,plugin,wpscan requests: diff --git a/cves/2020/CVE-2020-11978.yaml b/cves/2020/CVE-2020-11978.yaml index 7bbc89cdbe..90520d2a1d 100644 --- a/cves/2020/CVE-2020-11978.yaml +++ b/cves/2020/CVE-2020-11978.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-11978 cwe-id: CWE-77 + cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* + epss-score: 0.97529 metadata: shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs" verified: "true" diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml index 6afa373c29..df691009c9 100644 --- a/cves/2020/CVE-2020-11991.yaml +++ b/cves/2020/CVE-2020-11991.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-11991 cwe-id: CWE-611 + cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:* + epss-score: 0.91129 metadata: shodan-query: http.html:"Apache Cocoon" tags: cve,cve2020,apache,xml,cocoon,xxe diff --git a/cves/2020/CVE-2020-12054.yaml b/cves/2020/CVE-2020-12054.yaml index 105250058f..e96a41378b 100644 --- a/cves/2020/CVE-2020-12054.yaml +++ b/cves/2020/CVE-2020-12054.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-12054 cwe-id: CWE-79 + cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:*:*:* + epss-score: 0.00129 tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-12116.yaml b/cves/2020/CVE-2020-12116.yaml index 2aef7ea0b4..2fe7ffa860 100644 --- a/cves/2020/CVE-2020-12116.yaml +++ b/cves/2020/CVE-2020-12116.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12116 cwe-id: CWE-22 + cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* + epss-score: 0.97327 tags: cve,cve2020,zoho,lfi,manageengine requests: diff --git a/cves/2020/CVE-2020-12127.yaml b/cves/2020/CVE-2020-12127.yaml index 09398bfcdf..772e65bd6f 100644 --- a/cves/2020/CVE-2020-12127.yaml +++ b/cves/2020/CVE-2020-12127.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12127 cwe-id: CWE-306 + epss-score: 0.0509 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2020/CVE-2020-12447.yaml b/cves/2020/CVE-2020-12447.yaml index bf3bf2f717..c6f4da4446 100644 --- a/cves/2020/CVE-2020-12447.yaml +++ b/cves/2020/CVE-2020-12447.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12447 cwe-id: CWE-22 + epss-score: 0.01261 tags: cve,cve2020,onkyo,lfi,traversal requests: diff --git a/cves/2020/CVE-2020-12478.yaml b/cves/2020/CVE-2020-12478.yaml index ed7969f61c..852a2ef61c 100644 --- a/cves/2020/CVE-2020-12478.yaml +++ b/cves/2020/CVE-2020-12478.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12478 cwe-id: CWE-306 + cpe: cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:* + epss-score: 0.00893 metadata: shodan-query: http.html:"teampass" verified: "true" diff --git a/cves/2020/CVE-2020-12720.yaml b/cves/2020/CVE-2020-12720.yaml index 429e6fef80..1826f9d0b9 100644 --- a/cves/2020/CVE-2020-12720.yaml +++ b/cves/2020/CVE-2020-12720.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-12720 cwe-id: CWE-89,CWE-306 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* + epss-score: 0.84671 tags: cve2020,vbulletin,sqli,packetstorm,cve requests: diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml index 3b2acc1bfd..77fe9ed773 100644 --- a/cves/2020/CVE-2020-12800.yaml +++ b/cves/2020/CVE-2020-12800.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-12800 cwe-id: CWE-434 + cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:*:*:* + epss-score: 0.97428 tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive requests: diff --git a/cves/2020/CVE-2020-13117.yaml b/cves/2020/CVE-2020-13117.yaml index 9951041e70..e285828419 100644 --- a/cves/2020/CVE-2020-13117.yaml +++ b/cves/2020/CVE-2020-13117.yaml @@ -13,9 +13,10 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13117 cwe-id: CWE-77 + epss-score: 0.06609 metadata: - verified: true shodan-query: http.title:"Wi-Fi APP Login" + verified: "true" tags: cve,cve2020,wavlink,rce,oast,router requests: diff --git a/cves/2020/CVE-2020-13121.yaml b/cves/2020/CVE-2020-13121.yaml index b5852c424c..2170a38c17 100644 --- a/cves/2020/CVE-2020-13121.yaml +++ b/cves/2020/CVE-2020-13121.yaml @@ -10,9 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-13121 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 + cvss-score: 6.1 cve-id: CVE-2020-13121 cwe-id: CWE-601 + cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* + epss-score: 0.00235 tags: cve,cve2020,redirect,submitty,oos requests: diff --git a/cves/2020/CVE-2020-13158.yaml b/cves/2020/CVE-2020-13158.yaml index c4c2648f06..fa32f33642 100644 --- a/cves/2020/CVE-2020-13158.yaml +++ b/cves/2020/CVE-2020-13158.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13158 cwe-id: CWE-22 + cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* + epss-score: 0.96915 tags: cve,cve2020,artica,lfi requests: diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index feb7792cd2..21695b8106 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13167 cwe-id: CWE-78 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* + epss-score: 0.97387 metadata: hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out tags: cve,cve2020,netsweeper,rce,python,webadmin diff --git a/cves/2020/CVE-2020-13258.yaml b/cves/2020/CVE-2020-13258.yaml index 5034d00f30..aaa8171f44 100644 --- a/cves/2020/CVE-2020-13258.yaml +++ b/cves/2020/CVE-2020-13258.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13258 cwe-id: CWE-79 + cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:* + epss-score: 0.00464 tags: cve,cve2020,contentful,xss requests: diff --git a/cves/2020/CVE-2020-13379.yaml b/cves/2020/CVE-2020-13379.yaml index b858a7db38..727abbd793 100644 --- a/cves/2020/CVE-2020-13379.yaml +++ b/cves/2020/CVE-2020-13379.yaml @@ -17,6 +17,7 @@ info: cvss-score: 8.2 cve-id: CVE-2020-13379 cwe-id: CWE-918 + epss-score: 0.24779 metadata: shodan-query: title:"Grafana" verified: "true" diff --git a/cves/2020/CVE-2020-13405.yaml b/cves/2020/CVE-2020-13405.yaml index 12407d9ae9..251f212a7e 100644 --- a/cves/2020/CVE-2020-13405.yaml +++ b/cves/2020/CVE-2020-13405.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13405 cwe-id: CWE-306 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00591 metadata: shodan-query: http.html:"microweber" verified: "true" diff --git a/cves/2020/CVE-2020-13483.yaml b/cves/2020/CVE-2020-13483.yaml index 227a90432d..2b0dd35774 100644 --- a/cves/2020/CVE-2020-13483.yaml +++ b/cves/2020/CVE-2020-13483.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13483 cwe-id: CWE-79 + cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* + epss-score: 0.00113 tags: cve,cve2020,xss,bitrix requests: diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml index be39f7225e..c68e266172 100644 --- a/cves/2020/CVE-2020-13700.yaml +++ b/cves/2020/CVE-2020-13700.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13700 cwe-id: CWE-639 + cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:*:*:* + epss-score: 0.01462 tags: cve,cve2020,wordpress,plugin requests: diff --git a/cves/2020/CVE-2020-13820.yaml b/cves/2020/CVE-2020-13820.yaml index e84200a2d4..a8e7f75333 100644 --- a/cves/2020/CVE-2020-13820.yaml +++ b/cves/2020/CVE-2020-13820.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13820 cwe-id: CWE-79 + cpe: cpe:2.3:a:extremenetworks:extreme_management_center:*:*:*:*:*:*:*:* + epss-score: 0.00222 metadata: shodan-query: title:"Extreme Management Center" verified: "true" diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml index 8857b71317..42521f83a5 100644 --- a/cves/2020/CVE-2020-13927.yaml +++ b/cves/2020/CVE-2020-13927.yaml @@ -6,20 +6,22 @@ info: severity: critical description: | Airflow's Experimental API prior 1.10.11 allows all API requests without authentication. - remediation: | - From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references. reference: - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html - https://airflow.apache.org/docs/1.10.11/security.html#api-authenticatio - https://nvd.nist.gov/vuln/detail/CVE-2020-13927 + remediation: | + From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 + cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* + epss-score: 0.95492 metadata: - verified: true shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" + verified: "true" tags: packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev requests: diff --git a/cves/2020/CVE-2020-13937.yaml b/cves/2020/CVE-2020-13937.yaml index 9a2d318e74..8ee1b96a94 100644 --- a/cves/2020/CVE-2020-13937.yaml +++ b/cves/2020/CVE-2020-13937.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-13937 cwe-id: CWE-922 + cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* + epss-score: 0.97436 tags: cve,cve2020,apache requests: diff --git a/cves/2020/CVE-2020-13942.yaml b/cves/2020/CVE-2020-13942.yaml index c7148c6357..b0f161bb32 100644 --- a/cves/2020/CVE-2020-13942.yaml +++ b/cves/2020/CVE-2020-13942.yaml @@ -21,6 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13942 cwe-id: CWE-74 + cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:* + epss-score: 0.9752 tags: cve,cve2020,apache,rce requests: diff --git a/cves/2020/CVE-2020-13945.yaml b/cves/2020/CVE-2020-13945.yaml index a5e5b51b85..28766d6b2b 100644 --- a/cves/2020/CVE-2020-13945.yaml +++ b/cves/2020/CVE-2020-13945.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-13945 cwe-id: CWE-522 + cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* + epss-score: 0.00598 tags: intrusive,vulhub,packetstorm,cve,cve2020,apache,apisix requests: diff --git a/cves/2020/CVE-2020-14092.yaml b/cves/2020/CVE-2020-14092.yaml index 89bcafe298..29792e06eb 100644 --- a/cves/2020/CVE-2020-14092.yaml +++ b/cves/2020/CVE-2020-14092.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-14092 cwe-id: CWE-89 + cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:*:*:* + epss-score: 0.8613 tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress requests: diff --git a/cves/2020/CVE-2020-14144.yaml b/cves/2020/CVE-2020-14144.yaml index d521412ea2..d6f18d03d2 100644 --- a/cves/2020/CVE-2020-14144.yaml +++ b/cves/2020/CVE-2020-14144.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.2 cve-id: CVE-2020-14144 cwe-id: CWE-78 + cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* + epss-score: 0.96681 metadata: shodan-query: html:"Powered by Gitea Version" verified: "true" diff --git a/cves/2020/CVE-2020-14179.yaml b/cves/2020/CVE-2020-14179.yaml index 68e711ca3c..7af9a455f8 100644 --- a/cves/2020/CVE-2020-14179.yaml +++ b/cves/2020/CVE-2020-14179.yaml @@ -12,6 +12,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-14179 + epss-score: 0.00972 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,exposure,disclosure diff --git a/cves/2020/CVE-2020-14181.yaml b/cves/2020/CVE-2020-14181.yaml index ee5684064b..747178d447 100644 --- a/cves/2020/CVE-2020-14181.yaml +++ b/cves/2020/CVE-2020-14181.yaml @@ -4,8 +4,7 @@ info: name: User enumeration via insecure Jira endpoint author: bjhulst severity: medium - description: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected - versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. + description: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. reference: - https://jira.atlassian.com/browse/JRASERVER-71560 - http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html @@ -14,6 +13,7 @@ info: cvss-score: 5.3 cve-id: CVE-2020-14181 cwe-id: CWE-200 + epss-score: 0.97351 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,packetstorm diff --git a/cves/2020/CVE-2020-14408.yaml b/cves/2020/CVE-2020-14408.yaml index 8f848663db..fdc146dcd7 100644 --- a/cves/2020/CVE-2020-14408.yaml +++ b/cves/2020/CVE-2020-14408.yaml @@ -5,16 +5,18 @@ info: author: edoardottt severity: medium description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. + reference: + - https://github.com/agentejo/cockpit/issues/1310 + - https://nvd.nist.gov/vuln/detail/CVE-2020-14408 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-14408 cwe-id: CWE-79 - reference: - - https://github.com/agentejo/cockpit/issues/1310 - - https://nvd.nist.gov/vuln/detail/CVE-2020-14408 + cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* + epss-score: 0.00113 metadata: - verified: true + verified: "true" tags: cve,cve2020,cockpit,agentejo,xss,oss requests: diff --git a/cves/2020/CVE-2020-14413.yaml b/cves/2020/CVE-2020-14413.yaml index ade0545d95..ecbc460534 100644 --- a/cves/2020/CVE-2020-14413.yaml +++ b/cves/2020/CVE-2020-14413.yaml @@ -4,8 +4,7 @@ info: name: NeDi 1.9C - Cross-Site Scripting author: pikpikcu severity: medium - description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily - bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. + description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. reference: - https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 - https://nvd.nist.gov/vuln/detail/CVE-2020-14413 @@ -14,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14413 cwe-id: CWE-79 + cpe: cpe:2.3:a:nedi:nedi:*:*:*:*:*:*:*:* + epss-score: 0.00095 tags: cve,cve2020,nedi,xss requests: diff --git a/cves/2020/CVE-2020-14750.yaml b/cves/2020/CVE-2020-14750.yaml index 856d3a8885..dc6632d2a9 100644 --- a/cves/2020/CVE-2020-14750.yaml +++ b/cves/2020/CVE-2020-14750.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14750 + cpe: cpe:2.3:a:oracle:fusion_middleware:*:*:*:*:*:*:*:* + epss-score: 0.97539 metadata: shodan-query: http.html:"Weblogic Application Server" verified: "true" diff --git a/cves/2020/CVE-2020-14864.yaml b/cves/2020/CVE-2020-14864.yaml index dc197994c8..2eb9992c05 100644 --- a/cves/2020/CVE-2020-14864.yaml +++ b/cves/2020/CVE-2020-14864.yaml @@ -13,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-14864 + cpe: cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:* + epss-score: 0.35997 tags: cve,cve2020,oracle,lfi,kev,packetstorm requests: diff --git a/cves/2020/CVE-2020-14882.yaml b/cves/2020/CVE-2020-14882.yaml index 86ac0c5e8c..106f9f6b88 100644 --- a/cves/2020/CVE-2020-14882.yaml +++ b/cves/2020/CVE-2020-14882.yaml @@ -16,6 +16,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14882 + cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* + epss-score: 0.97553 tags: cve,cve2020,oracle,rce,weblogic,oast,kev requests: diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml index bee6ab6260..87672551d8 100644 --- a/cves/2020/CVE-2020-14883.yaml +++ b/cves/2020/CVE-2020-14883.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-14883 + cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* + epss-score: 0.97532 tags: oracle,rce,weblogic,kev,packetstorm,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-15050.yaml b/cves/2020/CVE-2020-15050.yaml index 141a14c32c..563335f342 100644 --- a/cves/2020/CVE-2020-15050.yaml +++ b/cves/2020/CVE-2020-15050.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-15050 cwe-id: CWE-22 + cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:* + epss-score: 0.26151 tags: suprema,biostar2,packetstorm,cve,cve2020,lfi requests: diff --git a/cves/2020/CVE-2020-15129.yaml b/cves/2020/CVE-2020-15129.yaml index 4f987e6fd9..2a67417540 100644 --- a/cves/2020/CVE-2020-15129.yaml +++ b/cves/2020/CVE-2020-15129.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.7 cve-id: CVE-2020-15129 cwe-id: CWE-601 + cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* + epss-score: 0.00519 tags: cve,cve2020,traefik,redirect requests: diff --git a/cves/2020/CVE-2020-15148.yaml b/cves/2020/CVE-2020-15148.yaml index 7442e9ee7b..7f5c41d041 100644 --- a/cves/2020/CVE-2020-15148.yaml +++ b/cves/2020/CVE-2020-15148.yaml @@ -16,6 +16,8 @@ info: cvss-score: 10 cve-id: CVE-2020-15148 cwe-id: CWE-502 + cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* + epss-score: 0.01843 tags: cve,cve2020,rce,yii requests: diff --git a/cves/2020/CVE-2020-15227.yaml b/cves/2020/CVE-2020-15227.yaml index 6384513e85..1344262d8d 100644 --- a/cves/2020/CVE-2020-15227.yaml +++ b/cves/2020/CVE-2020-15227.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15227 cwe-id: CWE-74 + epss-score: 0.97403 tags: cve,cve2020,nette,rce requests: diff --git a/cves/2020/CVE-2020-15500.yaml b/cves/2020/CVE-2020-15500.yaml index f28fdc107d..74bb3de39a 100644 --- a/cves/2020/CVE-2020-15500.yaml +++ b/cves/2020/CVE-2020-15500.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-15500 cwe-id: CWE-79 + cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* + epss-score: 0.0021 tags: cve,cve2020,xss,tileserver,packetstorm requests: diff --git a/cves/2020/CVE-2020-15505.yaml b/cves/2020/CVE-2020-15505.yaml index 5f09dcccb2..c0ad0e65eb 100644 --- a/cves/2020/CVE-2020-15505.yaml +++ b/cves/2020/CVE-2020-15505.yaml @@ -20,6 +20,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15505 + epss-score: 0.97524 tags: cve,cve2020,mobileiron,rce,sentry,kev requests: diff --git a/cves/2020/CVE-2020-15568.yaml b/cves/2020/CVE-2020-15568.yaml index 6204edee14..05392efe6a 100644 --- a/cves/2020/CVE-2020-15568.yaml +++ b/cves/2020/CVE-2020-15568.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15568 cwe-id: CWE-913 + cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* + epss-score: 0.96812 tags: cve,cve2020,terramaster,rce requests: diff --git a/cves/2020/CVE-2020-15867.yaml b/cves/2020/CVE-2020-15867.yaml index 0fc8dc189d..963bd01ffc 100644 --- a/cves/2020/CVE-2020-15867.yaml +++ b/cves/2020/CVE-2020-15867.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-15867 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* + epss-score: 0.9663 metadata: verified: "true" tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm diff --git a/cves/2020/CVE-2020-15895.yaml b/cves/2020/CVE-2020-15895.yaml index c053f7607b..420be27d42 100644 --- a/cves/2020/CVE-2020-15895.yaml +++ b/cves/2020/CVE-2020-15895.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-15895 cwe-id: CWE-79 + epss-score: 0.00187 metadata: shodan-query: html:"DIR-816L" tags: cve,cve2020,dlink,xss diff --git a/cves/2020/CVE-2020-15920.yaml b/cves/2020/CVE-2020-15920.yaml index fe5fa21964..675d089542 100644 --- a/cves/2020/CVE-2020-15920.yaml +++ b/cves/2020/CVE-2020-15920.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15920 cwe-id: CWE-78 + cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:* + epss-score: 0.97362 tags: cve,cve2020,mida,rce,packetstorm requests: diff --git a/cves/2020/CVE-2020-16139.yaml b/cves/2020/CVE-2020-16139.yaml index cf5468f60b..f349aa9404 100644 --- a/cves/2020/CVE-2020-16139.yaml +++ b/cves/2020/CVE-2020-16139.yaml @@ -16,6 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2020-16139 + epss-score: 0.00835 tags: cve,cve2020,dos,cisco,packetstorm requests: diff --git a/cves/2020/CVE-2020-16846.yaml b/cves/2020/CVE-2020-16846.yaml index ff7e0c4830..ab6916cd1f 100644 --- a/cves/2020/CVE-2020-16846.yaml +++ b/cves/2020/CVE-2020-16846.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-16846 cwe-id: CWE-78 + epss-score: 0.97535 tags: vulhub,cve,cve2020,saltstack,kev requests: diff --git a/cves/2020/CVE-2020-16952.yaml b/cves/2020/CVE-2020-16952.yaml index 314af66e91..a69ef2e169 100644 --- a/cves/2020/CVE-2020-16952.yaml +++ b/cves/2020/CVE-2020-16952.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.8 cve-id: CVE-2020-16952 cwe-id: CWE-346 + epss-score: 0.23324 tags: msf,cve,cve2020,sharepoint,iis,microsoft,ssi,rce requests: diff --git a/cves/2020/CVE-2020-17362.yaml b/cves/2020/CVE-2020-17362.yaml index 45e363b48f..161d808e5f 100644 --- a/cves/2020/CVE-2020-17362.yaml +++ b/cves/2020/CVE-2020-17362.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17362 cwe-id: CWE-79 + cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:*:*:* + epss-score: 0.00095 tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth requests: diff --git a/cves/2020/CVE-2020-17453.yaml b/cves/2020/CVE-2020-17453.yaml index ba1f0613e1..ce6aa9d196 100644 --- a/cves/2020/CVE-2020-17453.yaml +++ b/cves/2020/CVE-2020-17453.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17453 cwe-id: CWE-79 + epss-score: 0.02402 tags: xss,wso2,cve2020,cve requests: diff --git a/cves/2020/CVE-2020-17456.yaml b/cves/2020/CVE-2020-17456.yaml index a0c70a8edc..cd0932ce54 100644 --- a/cves/2020/CVE-2020-17456.yaml +++ b/cves/2020/CVE-2020-17456.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17456 cwe-id: CWE-78 + epss-score: 0.97283 tags: seowon,cve2020,oast,packetstorm,rce,router,unauth,iot,cve variables: diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index ef65ec4369..ce8f6e4ccc 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17496 cwe-id: CWE-74 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* + epss-score: 0.97519 tags: vbulletin,rce,kev,tenable,seclists,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-17505.yaml b/cves/2020/CVE-2020-17505.yaml index de43b60d33..606b3d30cd 100644 --- a/cves/2020/CVE-2020-17505.yaml +++ b/cves/2020/CVE-2020-17505.yaml @@ -14,6 +14,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-17505 cwe-id: CWE-78 + cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* + epss-score: 0.97122 tags: proxy,packetstorm,cve,cve2020,rce,artica requests: diff --git a/cves/2020/CVE-2020-17506.yaml b/cves/2020/CVE-2020-17506.yaml index 621a0cd7e6..2f02865bbd 100644 --- a/cves/2020/CVE-2020-17506.yaml +++ b/cves/2020/CVE-2020-17506.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17506 cwe-id: CWE-89 + cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* + epss-score: 0.96704 tags: cve,cve2020,artica,proxy,packetstorm requests: diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml index 31b0b89878..d6e505c2c1 100644 --- a/cves/2020/CVE-2020-17518.yaml +++ b/cves/2020/CVE-2020-17518.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-17518 cwe-id: CWE-22 + cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* + epss-score: 0.97462 tags: lfi,flink,fileupload,vulhub,cve,cve2020,apache,intrusive diff --git a/cves/2020/CVE-2020-17519.yaml b/cves/2020/CVE-2020-17519.yaml index 49e8144891..4861f7571c 100644 --- a/cves/2020/CVE-2020-17519.yaml +++ b/cves/2020/CVE-2020-17519.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-17519 cwe-id: CWE-552 + cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* + epss-score: 0.97486 tags: cve,cve2020,apache,lfi,flink requests: diff --git a/cves/2020/CVE-2020-17526.yaml b/cves/2020/CVE-2020-17526.yaml index 33fae9deff..209adae954 100644 --- a/cves/2020/CVE-2020-17526.yaml +++ b/cves/2020/CVE-2020-17526.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.7 cve-id: CVE-2020-17526 cwe-id: CWE-287 + cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* + epss-score: 0.02043 metadata: fofa-query: Apache Airflow verified: "true" diff --git a/cves/2020/CVE-2020-17530.yaml b/cves/2020/CVE-2020-17530.yaml index a2f8cf4382..5bea9e3a2b 100644 --- a/cves/2020/CVE-2020-17530.yaml +++ b/cves/2020/CVE-2020-17530.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17530 cwe-id: CWE-917 + epss-score: 0.96825 tags: cve,cve2020,apache,rce,struts,kev,packetstorm requests: diff --git a/cves/2020/CVE-2020-18268.yaml b/cves/2020/CVE-2020-18268.yaml index 3c7502449f..5e647272ed 100644 --- a/cves/2020/CVE-2020-18268.yaml +++ b/cves/2020/CVE-2020-18268.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-18268 cwe-id: CWE-601 + cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:* + epss-score: 0.00138 tags: cve,cve2020,redirect,zblogphp,authenticated requests: diff --git a/cves/2020/CVE-2020-19282.yaml b/cves/2020/CVE-2020-19282.yaml index 93069cfd34..182396de40 100644 --- a/cves/2020/CVE-2020-19282.yaml +++ b/cves/2020/CVE-2020-19282.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19282 cwe-id: CWE-79 + cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* + epss-score: 0.00165 tags: cve,cve2020,jeesns,xss requests: diff --git a/cves/2020/CVE-2020-19283.yaml b/cves/2020/CVE-2020-19283.yaml index fd87db4bc9..fdbad28cac 100644 --- a/cves/2020/CVE-2020-19283.yaml +++ b/cves/2020/CVE-2020-19283.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19283 cwe-id: CWE-79 + cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* + epss-score: 0.00165 tags: cve,cve2020,jeesns,xss requests: diff --git a/cves/2020/CVE-2020-19295.yaml b/cves/2020/CVE-2020-19295.yaml index 8f12471bc4..9611f58e11 100644 --- a/cves/2020/CVE-2020-19295.yaml +++ b/cves/2020/CVE-2020-19295.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19295 cwe-id: CWE-79 + cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve,cve2020,jeesns,xss requests: diff --git a/cves/2020/CVE-2020-19360.yaml b/cves/2020/CVE-2020-19360.yaml index 4e08bbfd40..240988d525 100644 --- a/cves/2020/CVE-2020-19360.yaml +++ b/cves/2020/CVE-2020-19360.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-19360 + cpe: cpe:2.3:a:fhem:fhem:*:*:*:*:*:*:*:* + epss-score: 0.08443 tags: fhem,lfi,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-1938.yaml b/cves/2020/CVE-2020-1938.yaml index b09c2972e7..4c24194ace 100644 --- a/cves/2020/CVE-2020-1938.yaml +++ b/cves/2020/CVE-2020-1938.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-1938 cwe-id: CWE-269 + epss-score: 0.97493 metadata: shodan-query: title:"Apache Tomcat" tags: cisa,tenable,cve2020,apache,lfi,network,kev,cve,tomcat diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml index 2c96e60b53..99a8e2f699 100644 --- a/cves/2020/CVE-2020-1943.yaml +++ b/cves/2020/CVE-2020-1943.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-1943 cwe-id: CWE-79 + cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* + epss-score: 0.97275 tags: cve,cve2020,apache,xss,ofbiz requests: diff --git a/cves/2020/CVE-2020-19625.yaml b/cves/2020/CVE-2020-19625.yaml index e6590a5113..bbdb7ddc1c 100644 --- a/cves/2020/CVE-2020-19625.yaml +++ b/cves/2020/CVE-2020-19625.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-19625 + cpe: cpe:2.3:a:gridx_project:gridx:*:*:*:*:*:*:*:* + epss-score: 0.87952 tags: cve,cve2020,gridx,rce requests: diff --git a/cves/2020/CVE-2020-20285.yaml b/cves/2020/CVE-2020-20285.yaml index 859834c7df..ef62939d61 100644 --- a/cves/2020/CVE-2020-20285.yaml +++ b/cves/2020/CVE-2020-20285.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20285 cwe-id: CWE-79 + cpe: cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:* + epss-score: 0.0009 metadata: fofa-query: zzcms verified: "true" diff --git a/cves/2020/CVE-2020-20300.yaml b/cves/2020/CVE-2020-20300.yaml index afad4d7ea2..448e05c395 100644 --- a/cves/2020/CVE-2020-20300.yaml +++ b/cves/2020/CVE-2020-20300.yaml @@ -12,8 +12,10 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cwe-id: CWE-89 cve-id: CVE-2020-20300 + cwe-id: CWE-89 + cpe: cpe:2.3:a:weiphp:weiphp:*:*:*:*:*:*:*:* + epss-score: 0.14786 metadata: shodan-query: http.html:"WeiPHP5.0" verified: "true" diff --git a/cves/2020/CVE-2020-2036.yaml b/cves/2020/CVE-2020-2036.yaml index 4b74fc8d77..4fdd549315 100644 --- a/cves/2020/CVE-2020-2036.yaml +++ b/cves/2020/CVE-2020-2036.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-2036 cwe-id: CWE-79 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* + epss-score: 0.01561 tags: cve,cve2020,vpn,xss requests: diff --git a/cves/2020/CVE-2020-2096.yaml b/cves/2020/CVE-2020-2096.yaml index ca04c04738..c373991482 100644 --- a/cves/2020/CVE-2020-2096.yaml +++ b/cves/2020/CVE-2020-2096.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2096 cwe-id: CWE-79 + cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:*:*:* + epss-score: 0.97056 metadata: shodan-query: http.title:"GitLab" tags: jenkins,xss,gitlab,plugin,packetstorm,cve,cve2020 diff --git a/cves/2020/CVE-2020-20982.yaml b/cves/2020/CVE-2020-20982.yaml index e53cbc1ccc..437dab4da1 100644 --- a/cves/2020/CVE-2020-20982.yaml +++ b/cves/2020/CVE-2020-20982.yaml @@ -8,13 +8,15 @@ info: reference: - https://github.com/shadoweb/wdja/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-20982 - metadata: - verified: true classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H cvss-score: 9.6 cve-id: CVE-2020-20982 cwe-id: CWE-79 + cpe: cpe:2.3:a:wdja:wdja_cms:*:*:*:*:*:*:*:* + epss-score: 0.01606 + metadata: + verified: "true" tags: cve,cve2020,xss,wdja,shadoweb requests: diff --git a/cves/2020/CVE-2020-20988.yaml b/cves/2020/CVE-2020-20988.yaml index 011eebb4ef..0fb3c84cd9 100644 --- a/cves/2020/CVE-2020-20988.yaml +++ b/cves/2020/CVE-2020-20988.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20988 cwe-id: CWE-79 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* + epss-score: 0.0009 metadata: verified: "true" tags: cve,cve2020,domainmod,xss,authenticated diff --git a/cves/2020/CVE-2020-21012.yaml b/cves/2020/CVE-2020-21012.yaml index 1b77bed559..5edfc1e415 100644 --- a/cves/2020/CVE-2020-21012.yaml +++ b/cves/2020/CVE-2020-21012.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21012 cwe-id: CWE-89 + cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:*:*:*:*:*:*:*:* + epss-score: 0.02586 metadata: verified: "true" tags: cve,cve2020,hotel,sqli,unauth diff --git a/cves/2020/CVE-2020-2103.yaml b/cves/2020/CVE-2020-2103.yaml index 9593563e0e..e0ea8e0493 100644 --- a/cves/2020/CVE-2020-2103.yaml +++ b/cves/2020/CVE-2020-2103.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-2103 cwe-id: CWE-200 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* + epss-score: 0.00535 metadata: shodan-query: http.favicon.hash:81586312 tags: cve,cve2020,jenkins diff --git a/cves/2020/CVE-2020-21224.yaml b/cves/2020/CVE-2020-21224.yaml index 9c65602ffd..0f3e5d75ee 100644 --- a/cves/2020/CVE-2020-21224.yaml +++ b/cves/2020/CVE-2020-21224.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21224 cwe-id: CWE-88 + cpe: cpe:2.3:a:inspur:clusterengine:*:*:*:*:*:*:*:* + epss-score: 0.02686 tags: cve,cve2020,clusterengine,rce requests: diff --git a/cves/2020/CVE-2020-2140.yaml b/cves/2020/CVE-2020-2140.yaml index e124a6fc81..995321871b 100644 --- a/cves/2020/CVE-2020-2140.yaml +++ b/cves/2020/CVE-2020-2140.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2140 cwe-id: CWE-79 + cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:*:*:* + epss-score: 0.00155 tags: cve,cve2020,jenkins,xss,plugin requests: diff --git a/cves/2020/CVE-2020-22208.yaml b/cves/2020/CVE-2020-22208.yaml index 57659b9d5d..8f8fb0b0ba 100644 --- a/cves/2020/CVE-2020-22208.yaml +++ b/cves/2020/CVE-2020-22208.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 + cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* + epss-score: 0.12933 metadata: fofa-query: app="74cms" shodan-query: http.html:"74cms" diff --git a/cves/2020/CVE-2020-22209.yaml b/cves/2020/CVE-2020-22209.yaml index 8b2adad1c9..cc10d61834 100644 --- a/cves/2020/CVE-2020-22209.yaml +++ b/cves/2020/CVE-2020-22209.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 + cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* + epss-score: 0.12933 metadata: fofa-query: app="74cms" shodan-query: http.html:"74cms" diff --git a/cves/2020/CVE-2020-22210.yaml b/cves/2020/CVE-2020-22210.yaml index fdc3408dfa..030eeabc18 100644 --- a/cves/2020/CVE-2020-22210.yaml +++ b/cves/2020/CVE-2020-22210.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 + cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* + epss-score: 0.12933 metadata: fofa-query: app="74cms" shodan-query: http.html:"74cms" diff --git a/cves/2020/CVE-2020-22211.yaml b/cves/2020/CVE-2020-22211.yaml index a303d4b08f..d996cf28f2 100644 --- a/cves/2020/CVE-2020-22211.yaml +++ b/cves/2020/CVE-2020-22211.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 + cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* + epss-score: 0.12933 metadata: fofa-query: app="74cms" shodan-query: http.html:"74cms" diff --git a/cves/2020/CVE-2020-22840.yaml b/cves/2020/CVE-2020-22840.yaml index 2f95022b5a..b41c3c1144 100644 --- a/cves/2020/CVE-2020-22840.yaml +++ b/cves/2020/CVE-2020-22840.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-22840 cwe-id: CWE-601 + cpe: cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:* + epss-score: 0.00649 tags: packetstorm,edb,cve,cve2020,redirect,b2evolution requests: diff --git a/cves/2020/CVE-2020-23015.yaml b/cves/2020/CVE-2020-23015.yaml index 44dfc2fe7b..c9faa857a5 100644 --- a/cves/2020/CVE-2020-23015.yaml +++ b/cves/2020/CVE-2020-23015.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23015 cwe-id: CWE-601 + cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* + epss-score: 0.00228 tags: cve,cve2020,redirect,opnsense requests: diff --git a/cves/2020/CVE-2020-23517.yaml b/cves/2020/CVE-2020-23517.yaml index e70c945575..d1795c8d6e 100644 --- a/cves/2020/CVE-2020-23517.yaml +++ b/cves/2020/CVE-2020-23517.yaml @@ -13,10 +13,12 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23517 cwe-id: CWE-79 + cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* + epss-score: 0.00118 metadata: - verified: true - shodan-query: title:"HighMail" fofa-query: title="HighMail" + shodan-query: title:"HighMail" + verified: "true" tags: cve,cve2020,xss,cms,highmail,aryanic requests: diff --git a/cves/2020/CVE-2020-23575.yaml b/cves/2020/CVE-2020-23575.yaml index d525cdaede..088cd423fc 100644 --- a/cves/2020/CVE-2020-23575.yaml +++ b/cves/2020/CVE-2020-23575.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23575 cwe-id: CWE-22 + epss-score: 0.02655 tags: cve,cve2020,printer,iot,lfi,edb requests: diff --git a/cves/2020/CVE-2020-23697.yaml b/cves/2020/CVE-2020-23697.yaml index f0079ef1ec..7cb9d44681 100644 --- a/cves/2020/CVE-2020-23697.yaml +++ b/cves/2020/CVE-2020-23697.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-23697 cwe-id: CWE-79 + cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* + epss-score: 0.0009 metadata: verified: "true" tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated diff --git a/cves/2020/CVE-2020-23972.yaml b/cves/2020/CVE-2020-23972.yaml index de9d0c9fe3..6daf352fb9 100644 --- a/cves/2020/CVE-2020-23972.yaml +++ b/cves/2020/CVE-2020-23972.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23972 cwe-id: CWE-434 + cpe: cpe:2.3:a:gmapfp:gmapfp:*:*:*:*:*:*:*:* + epss-score: 0.66354 tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive requests: diff --git a/cves/2020/CVE-2020-24148.yaml b/cves/2020/CVE-2020-24148.yaml index 9d00b24d93..0bdee190da 100644 --- a/cves/2020/CVE-2020-24148.yaml +++ b/cves/2020/CVE-2020-24148.yaml @@ -9,11 +9,14 @@ info: - https://github.com/dwisiswant0/CVE-2020-24148 - https://wordpress.org/plugins/import-xml-feed/#developers - https://nvd.nist.gov/vuln/detail/CVE-2020-24148 + - https://github.com/secwx/research/blob/main/cve/CVE-2020-24148.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24148 cwe-id: CWE-918 + cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:*:*:* + epss-score: 0.06154 tags: cve,cve2020,wordpress,wp-plugin,ssrf requests: diff --git a/cves/2020/CVE-2020-24186.yaml b/cves/2020/CVE-2020-24186.yaml index 3359b0debb..641cef2884 100644 --- a/cves/2020/CVE-2020-24186.yaml +++ b/cves/2020/CVE-2020-24186.yaml @@ -15,6 +15,8 @@ info: cvss-score: 10 cve-id: CVE-2020-24186 cwe-id: CWE-434 + cpe: cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:*:*:* + epss-score: 0.97485 tags: rce,fileupload,packetstorm,cve,cve2020,wordpress,wp-plugin,intrusive requests: diff --git a/cves/2020/CVE-2020-24223.yaml b/cves/2020/CVE-2020-24223.yaml index 7ec7a3e49f..c0ca703e02 100644 --- a/cves/2020/CVE-2020-24223.yaml +++ b/cves/2020/CVE-2020-24223.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24223 cwe-id: CWE-79 + cpe: cpe:2.3:a:mara_cms_project:mara_cms:*:*:*:*:*:*:*:* + epss-score: 0.01034 tags: cve,cve2020,mara,xss,edb requests: diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml index 0c6a124ffa..a4f4f35f83 100644 --- a/cves/2020/CVE-2020-24312.yaml +++ b/cves/2020/CVE-2020-24312.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24312 cwe-id: CWE-552 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* + epss-score: 0.02595 tags: cve,cve2020,wordpress,backups,plugin requests: diff --git a/cves/2020/CVE-2020-24391.yaml b/cves/2020/CVE-2020-24391.yaml index 8d737c98d5..1b201683e5 100644 --- a/cves/2020/CVE-2020-24391.yaml +++ b/cves/2020/CVE-2020-24391.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-24391 + cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:*:*:* + epss-score: 0.49283 tags: cve,cve2020,mongo,express,rce,intrusive requests: diff --git a/cves/2020/CVE-2020-24550.yaml b/cves/2020/CVE-2020-24550.yaml index 0be6d3e6ca..76f3bc71cd 100644 --- a/cves/2020/CVE-2020-24550.yaml +++ b/cves/2020/CVE-2020-24550.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24550 cwe-id: CWE-601 + cpe: cpe:2.3:a:episerver:find:*:*:*:*:*:*:*:* + epss-score: 0.00157 tags: cve,cve2020,redirect,episerver requests: diff --git a/cves/2020/CVE-2020-24571.yaml b/cves/2020/CVE-2020-24571.yaml index a89c9b23e4..ac614bf236 100644 --- a/cves/2020/CVE-2020-24571.yaml +++ b/cves/2020/CVE-2020-24571.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24571 cwe-id: CWE-22 + cpe: cpe:2.3:a:nexusdb:nexusdb:*:*:*:*:*:*:*:* + epss-score: 0.03491 tags: cve,cve2020,nexusdb,lfi requests: diff --git a/cves/2020/CVE-2020-24579.yaml b/cves/2020/CVE-2020-24579.yaml index b3b8bc7767..35344b0323 100644 --- a/cves/2020/CVE-2020-24579.yaml +++ b/cves/2020/CVE-2020-24579.yaml @@ -14,6 +14,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24579 cwe-id: CWE-287 + epss-score: 0.00215 tags: cve,cve2020,dlink,rce requests: diff --git a/cves/2020/CVE-2020-24589.yaml b/cves/2020/CVE-2020-24589.yaml index 85c9c535b0..5977ab4255 100644 --- a/cves/2020/CVE-2020-24589.yaml +++ b/cves/2020/CVE-2020-24589.yaml @@ -4,8 +4,7 @@ info: name: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection author: lethargynavigator severity: critical - description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend - or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. + description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. reference: - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 - https://nvd.nist.gov/vuln/detail/CVE-2020-24589 @@ -13,6 +12,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24589 + epss-score: 0.48841 tags: cve,cve2020,wso2,xxe,oast,blind requests: diff --git a/cves/2020/CVE-2020-24902.yaml b/cves/2020/CVE-2020-24902.yaml index 718cae1181..d631634489 100644 --- a/cves/2020/CVE-2020-24902.yaml +++ b/cves/2020/CVE-2020-24902.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24902 cwe-id: CWE-79 + cpe: cpe:2.3:a:quixplorer_project:quixplorer:*:*:*:*:*:*:*:* + epss-score: 0.00171 metadata: google-query: intitle:"My Download Server" shodan-query: http.title:"My Download Server" diff --git a/cves/2020/CVE-2020-24903.yaml b/cves/2020/CVE-2020-24903.yaml index 3dc77f1ae5..261c98bae7 100644 --- a/cves/2020/CVE-2020-24903.yaml +++ b/cves/2020/CVE-2020-24903.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24903 cwe-id: CWE-79 + cpe: cpe:2.3:a:cutesoft:cute_editor:*:*:*:*:*:*:*:* + epss-score: 0.00246 metadata: shodan-query: http.component:"ASP.NET" verified: "true" diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml index 5806510c92..0ee17069e4 100644 --- a/cves/2020/CVE-2020-24912.yaml +++ b/cves/2020/CVE-2020-24912.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24912 cwe-id: CWE-79 + cpe: cpe:2.3:a:qcubed:qcubed:*:*:*:*:*:*:*:* + epss-score: 0.00187 tags: cve,cve2020,qcubed,xss,seclists requests: diff --git a/cves/2020/CVE-2020-24949.yaml b/cves/2020/CVE-2020-24949.yaml index 0840b310e1..b9c2aa8b9f 100644 --- a/cves/2020/CVE-2020-24949.yaml +++ b/cves/2020/CVE-2020-24949.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24949 cwe-id: CWE-77 + cpe: cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:* + epss-score: 0.96895 tags: rce,php,packetstorm,cve,cve2020,phpfusion requests: diff --git a/cves/2020/CVE-2020-25078.yaml b/cves/2020/CVE-2020-25078.yaml index 9446eae118..03ea6f8de6 100644 --- a/cves/2020/CVE-2020-25078.yaml +++ b/cves/2020/CVE-2020-25078.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 + epss-score: 0.96698 tags: cve,cve2020,dlink requests: diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index 61c88f117a..0d845fb7a1 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -12,12 +12,15 @@ info: - https://plugins.trac.wordpress.org/changeset/2373068 - https://github.com/w4fz5uck5/wp-file-manager-0day - https://nvd.nist.gov/vuln/detail/CVE-2020-25213 + - http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25213 cwe-id: CWE-434 - tags: cve,cve2020,wordpress,rce,kev,fileupload,intrusive + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* + epss-score: 0.97389 + tags: wordpress,rce,kev,fileupload,intrusive,packetstorm,cve,cve2020 requests: - raw: diff --git a/cves/2020/CVE-2020-25223.yaml b/cves/2020/CVE-2020-25223.yaml index a5a62f627b..c80c620319 100644 --- a/cves/2020/CVE-2020-25223.yaml +++ b/cves/2020/CVE-2020-25223.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25223 + cpe: cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:* + epss-score: 0.97478 tags: cve,cve2020,sophos,rce,oast,unauth,kev requests: diff --git a/cves/2020/CVE-2020-25495.yaml b/cves/2020/CVE-2020-25495.yaml index 23cb0b698f..fccaca4283 100644 --- a/cves/2020/CVE-2020-25495.yaml +++ b/cves/2020/CVE-2020-25495.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-25495 cwe-id: CWE-79 + cpe: cpe:2.3:a:xinuos:openserver:*:*:*:*:*:*:*:* + epss-score: 0.00153 tags: cve,cve2020,sco,xss,edb,packetstorm requests: diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index 5eaf14d02b..bcef62f9a1 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-25506 cwe-id: CWE-78 + epss-score: 0.97445 tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev variables: diff --git a/cves/2020/CVE-2020-2551.yaml b/cves/2020/CVE-2020-2551.yaml index 2fe19b5bc6..ca002bf45c 100644 --- a/cves/2020/CVE-2020-2551.yaml +++ b/cves/2020/CVE-2020-2551.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2551 + cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* + epss-score: 0.97281 tags: cve,cve2020,oracle,weblogic,rce,unauth requests: diff --git a/cves/2020/CVE-2020-25540.yaml b/cves/2020/CVE-2020-25540.yaml index d903481caa..eac57b1fce 100644 --- a/cves/2020/CVE-2020-25540.yaml +++ b/cves/2020/CVE-2020-25540.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25540 cwe-id: CWE-22 + cpe: cpe:2.3:a:ctolog:thinkadmin:*:*:*:*:*:*:*:* + epss-score: 0.96472 tags: thinkadmin,lfi,edb,packetstorm,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-25780.yaml b/cves/2020/CVE-2020-25780.yaml index 651bd79aea..949dc15844 100644 --- a/cves/2020/CVE-2020-25780.yaml +++ b/cves/2020/CVE-2020-25780.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25780 cwe-id: CWE-22 + cpe: cpe:2.3:a:commvault:commcell:*:*:*:*:*:*:*:* + epss-score: 0.03084 tags: cve,cve2020,commvault,lfi requests: diff --git a/cves/2020/CVE-2020-25864.yaml b/cves/2020/CVE-2020-25864.yaml index ec0a74066b..c2a6d7f7cf 100644 --- a/cves/2020/CVE-2020-25864.yaml +++ b/cves/2020/CVE-2020-25864.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-25864 cwe-id: CWE-79 + cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* + epss-score: 0.00255 tags: cve,cve2020,consul,xss requests: diff --git a/cves/2020/CVE-2020-26153.yaml b/cves/2020/CVE-2020-26153.yaml index 3f65be6b76..7d06c8c34d 100644 --- a/cves/2020/CVE-2020-26153.yaml +++ b/cves/2020/CVE-2020-26153.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-26153 cwe-id: CWE-79 + cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:*:*:* + epss-score: 0.00127 tags: cve,cve2020,xss,wordpress,wp-plugin requests: diff --git a/cves/2020/CVE-2020-26214.yaml b/cves/2020/CVE-2020-26214.yaml index 04918c517f..839a5edf9d 100644 --- a/cves/2020/CVE-2020-26214.yaml +++ b/cves/2020/CVE-2020-26214.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-26214 cwe-id: CWE-287 + cpe: cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:* + epss-score: 0.01307 tags: cve,cve2020,alerta,auth-bypass requests: diff --git a/cves/2020/CVE-2020-26217.yaml b/cves/2020/CVE-2020-26217.yaml index f7b8cdf4af..9221a9fda0 100644 --- a/cves/2020/CVE-2020-26217.yaml +++ b/cves/2020/CVE-2020-26217.yaml @@ -15,6 +15,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-26217 cwe-id: CWE-78 + epss-score: 0.97456 tags: cve,cve2020,xstream,deserialization,rce,oast requests: diff --git a/cves/2020/CVE-2020-26248.yaml b/cves/2020/CVE-2020-26248.yaml index 17eec9a35c..04dd564129 100644 --- a/cves/2020/CVE-2020-26248.yaml +++ b/cves/2020/CVE-2020-26248.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.2 cve-id: CVE-2020-26248 cwe-id: CWE-89 + cpe: cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:*:*:* + epss-score: 0.0128 metadata: verified: "true" tags: cve,cve2020,sqli,prestshop,packetstorm diff --git a/cves/2020/CVE-2020-26258.yaml b/cves/2020/CVE-2020-26258.yaml index 2ddaf19d41..6d54a0136a 100644 --- a/cves/2020/CVE-2020-26258.yaml +++ b/cves/2020/CVE-2020-26258.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.7 cve-id: CVE-2020-26258 cwe-id: CWE-918 + epss-score: 0.93377 tags: cve,cve2020,xstream,ssrf,oast requests: diff --git a/cves/2020/CVE-2020-26413.yaml b/cves/2020/CVE-2020-26413.yaml index 8eb0253dd4..67146330e0 100644 --- a/cves/2020/CVE-2020-26413.yaml +++ b/cves/2020/CVE-2020-26413.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-26413 cwe-id: CWE-200 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.70208 metadata: shodan-query: http.title:"GitLab" tags: cve,cve2020,gitlab,exposure,enum,graphql diff --git a/cves/2020/CVE-2020-26876.yaml b/cves/2020/CVE-2020-26876.yaml index 2fdc04789f..49bf8f1f83 100644 --- a/cves/2020/CVE-2020-26876.yaml +++ b/cves/2020/CVE-2020-26876.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-26876 cwe-id: CWE-306 + cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:*:*:* + epss-score: 0.01185 tags: cve,cve2020,wordpress,wp-plugin,exposure,edb requests: diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index d885fae5d2..e02f0c7351 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-26919 + epss-score: 0.974 tags: cve,cve2020,netgear,rce,oast,router,unauth,kev requests: diff --git a/cves/2020/CVE-2020-26948.yaml b/cves/2020/CVE-2020-26948.yaml index 82117e89d1..332396e899 100644 --- a/cves/2020/CVE-2020-26948.yaml +++ b/cves/2020/CVE-2020-26948.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-26948 cwe-id: CWE-918 + cpe: cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:* + epss-score: 0.0284 tags: cve,cve2020,emby,jellyfin,ssrf requests: diff --git a/cves/2020/CVE-2020-27191.yaml b/cves/2020/CVE-2020-27191.yaml index 5a31464e24..88b4d05093 100644 --- a/cves/2020/CVE-2020-27191.yaml +++ b/cves/2020/CVE-2020-27191.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27191 cwe-id: CWE-22 + cpe: cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:* + epss-score: 0.00723 tags: cve,cve2020,lionwiki,lfi,oss requests: diff --git a/cves/2020/CVE-2020-2733.yaml b/cves/2020/CVE-2020-2733.yaml index fbfa6a0b1e..95fd28c699 100644 --- a/cves/2020/CVE-2020-2733.yaml +++ b/cves/2020/CVE-2020-2733.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2733 + cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* + epss-score: 0.10266 metadata: shodan-query: port:8999 product:"Oracle WebLogic Server" verified: "true" diff --git a/cves/2020/CVE-2020-27361.yaml b/cves/2020/CVE-2020-27361.yaml index b9f9b21595..71789fad8a 100644 --- a/cves/2020/CVE-2020-27361.yaml +++ b/cves/2020/CVE-2020-27361.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27361 cwe-id: CWE-668 + cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:*:*:*:*:*:*:*:* + epss-score: 0.03049 tags: cve,cve2020,akkadian,listing,exposure requests: diff --git a/cves/2020/CVE-2020-27467.yaml b/cves/2020/CVE-2020-27467.yaml index c3bfd9c523..5365b63cba 100644 --- a/cves/2020/CVE-2020-27467.yaml +++ b/cves/2020/CVE-2020-27467.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27467 cwe-id: CWE-22 + cpe: cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:* + epss-score: 0.00324 tags: cve,cve2020,processwire,lfi,cms,oss requests: diff --git a/cves/2020/CVE-2020-27735.yaml b/cves/2020/CVE-2020-27735.yaml index 1872a84f50..83e04cf269 100644 --- a/cves/2020/CVE-2020-27735.yaml +++ b/cves/2020/CVE-2020-27735.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27735 cwe-id: CWE-79 + cpe: cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:* + epss-score: 0.00179 tags: cve,cve2020,xss,wing-ftp requests: diff --git a/cves/2020/CVE-2020-27866.yaml b/cves/2020/CVE-2020-27866.yaml index 192bcb500f..41373eaabf 100644 --- a/cves/2020/CVE-2020-27866.yaml +++ b/cves/2020/CVE-2020-27866.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-27866 cwe-id: CWE-288 + epss-score: 0.00365 tags: cve,cve2020,netgear,auth-bypass requests: diff --git a/cves/2020/CVE-2020-27982.yaml b/cves/2020/CVE-2020-27982.yaml index 25499ad7a7..7b4137c826 100644 --- a/cves/2020/CVE-2020-27982.yaml +++ b/cves/2020/CVE-2020-27982.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27982 cwe-id: CWE-79 + cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* + epss-score: 0.0017 metadata: shodan-query: title:"icewarp" tags: xss,icewarp,packetstorm,cve,cve2020 diff --git a/cves/2020/CVE-2020-27986.yaml b/cves/2020/CVE-2020-27986.yaml index 7abfe56c38..28133ab0c2 100644 --- a/cves/2020/CVE-2020-27986.yaml +++ b/cves/2020/CVE-2020-27986.yaml @@ -7,15 +7,17 @@ info: description: | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. - remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." reference: - https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ - https://nvd.nist.gov/vuln/detail/CVE-2020-27866 + remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27986 cwe-id: CWE-306,CWE-312 + cpe: cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:* + epss-score: 0.23185 tags: cve,cve2020,sonarqube requests: diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index d36924cfe8..bf0c46bc95 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-28188 cwe-id: CWE-78 + cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* + epss-score: 0.97266 tags: cve,cve2020,terramaster,rce,oast,mirai,unauth variables: diff --git a/cves/2020/CVE-2020-28208.yaml b/cves/2020/CVE-2020-28208.yaml index 6e4100be64..df0efffb26 100644 --- a/cves/2020/CVE-2020-28208.yaml +++ b/cves/2020/CVE-2020-28208.yaml @@ -9,12 +9,15 @@ info: - https://trovent.io/security-advisory-2010-01 - https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt - http://www.openwall.com/lists/oss-security/2021/01/07/1 + - http://packetstormsecurity.com/files/160845/Rocket.Chat-3.7.1-Email-Address-Enumeration.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-28208 cwe-id: CWE-203 - tags: cve,cve2020,rocketchat + cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* + epss-score: 0.00732 + tags: packetstorm,cve,cve2020,rocketchat requests: - raw: diff --git a/cves/2020/CVE-2020-28351.yaml b/cves/2020/CVE-2020-28351.yaml index 626807e495..f90cc993ba 100644 --- a/cves/2020/CVE-2020-28351.yaml +++ b/cves/2020/CVE-2020-28351.yaml @@ -9,11 +9,13 @@ info: - https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html - https://www.mitel.com/articles/what-happened-shoretel-products - https://nvd.nist.gov/vuln/detail/CVE-2020-28351 + - http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-28351 cwe-id: CWE-79 + epss-score: 0.0031 tags: packetstorm,cve,cve2020,shoretel,xss requests: diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index b9b848b20b..82dd1e8372 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -9,12 +9,15 @@ info: - https://www.exploit-db.com/exploits/48980 - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 + - http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-28871 cwe-id: CWE-434 - tags: cve2020,monitorr,rce,oast,unauth,edb,cve,fileupload,intrusive + cpe: cpe:2.3:a:monitorr_project:monitorr:*:*:*:*:*:*:*:* + epss-score: 0.96822 + tags: unauth,cve,fileupload,monitorr,oast,edb,intrusive,packetstorm,cve2020,rce variables: useragent: '{{rand_base(6)}}' diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index 37ad9fad53..7b6d4d4ee6 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-28976 cwe-id: CWE-918 + cpe: cpe:2.3:a:canto:canto:*:*:*:*:*:*:*:* + epss-score: 0.004 tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast,edb requests: diff --git a/cves/2020/CVE-2020-29164.yaml b/cves/2020/CVE-2020-29164.yaml index a2208f4524..a67a7ea405 100644 --- a/cves/2020/CVE-2020-29164.yaml +++ b/cves/2020/CVE-2020-29164.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-29164 cwe-id: CWE-79 + cpe: cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:* + epss-score: 0.00159 tags: pacsone,xss,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-29227.yaml b/cves/2020/CVE-2020-29227.yaml index 2ad1cca8f4..7c478b7979 100644 --- a/cves/2020/CVE-2020-29227.yaml +++ b/cves/2020/CVE-2020-29227.yaml @@ -13,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29227 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00625 tags: cve,cve2020,lfi requests: diff --git a/cves/2020/CVE-2020-29284.yaml b/cves/2020/CVE-2020-29284.yaml index faa1ff8e44..523985311d 100644 --- a/cves/2020/CVE-2020-29284.yaml +++ b/cves/2020/CVE-2020-29284.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29284 cwe-id: CWE-89 + cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:*:*:*:*:*:*:*:* + epss-score: 0.02921 metadata: verified: "true" tags: cve2020,tablereservation,sqli,unauth,edb,cve diff --git a/cves/2020/CVE-2020-29395.yaml b/cves/2020/CVE-2020-29395.yaml index 72ee292a48..926389cfcf 100644 --- a/cves/2020/CVE-2020-29395.yaml +++ b/cves/2020/CVE-2020-29395.yaml @@ -9,12 +9,15 @@ info: - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS - https://www.myeventon.com/news/ - https://nvd.nist.gov/vuln/detail/CVE-2020-29395 + - http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-29395 cwe-id: CWE-79 - tags: cve,cve2020,wordpress,xss,wp-plugin + cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:*:*:* + epss-score: 0.03985 + tags: cve,cve2020,wordpress,xss,wp-plugin,packetstorm requests: - method: GET diff --git a/cves/2020/CVE-2020-29453.yaml b/cves/2020/CVE-2020-29453.yaml index 9e3aff7162..ffda746f30 100644 --- a/cves/2020/CVE-2020-29453.yaml +++ b/cves/2020/CVE-2020-29453.yaml @@ -13,6 +13,7 @@ info: cvss-score: 5.3 cve-id: CVE-2020-29453 cwe-id: CWE-22 + epss-score: 0.0129 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,lfi diff --git a/cves/2020/CVE-2020-29597.yaml b/cves/2020/CVE-2020-29597.yaml index 250129bae7..660e0db666 100644 --- a/cves/2020/CVE-2020-29597.yaml +++ b/cves/2020/CVE-2020-29597.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29597 cwe-id: CWE-434 + cpe: cpe:2.3:a:incomcms_project:incomcms:*:*:*:*:*:*:*:* + epss-score: 0.78911 metadata: verified: "true" tags: cve,cve2020,incomcms,fileupload,intrusive diff --git a/cves/2020/CVE-2020-3187.yaml b/cves/2020/CVE-2020-3187.yaml index ba9ff66e47..93dd614894 100644 --- a/cves/2020/CVE-2020-3187.yaml +++ b/cves/2020/CVE-2020-3187.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.1 cve-id: CVE-2020-3187 cwe-id: CWE-22 + epss-score: 0.97309 tags: cve,cve2020,cisco,packetstorm requests: diff --git a/cves/2020/CVE-2020-3452.yaml b/cves/2020/CVE-2020-3452.yaml index 3f087aa866..535be8470f 100644 --- a/cves/2020/CVE-2020-3452.yaml +++ b/cves/2020/CVE-2020-3452.yaml @@ -19,6 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-3452 cwe-id: CWE-20 + cpe: cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* + epss-score: 0.97563 tags: lfi,kev,packetstorm,cve,cve2020,cisco requests: diff --git a/cves/2020/CVE-2020-35234.yaml b/cves/2020/CVE-2020-35234.yaml index 62acb0ba37..abfa053d02 100644 --- a/cves/2020/CVE-2020-35234.yaml +++ b/cves/2020/CVE-2020-35234.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 + cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:*:*:* + epss-score: 0.53008 tags: cve,cve2020,wordpress,wp-plugin,smtp requests: diff --git a/cves/2020/CVE-2020-35338.yaml b/cves/2020/CVE-2020-35338.yaml index 5da111aa7e..80a241a43d 100644 --- a/cves/2020/CVE-2020-35338.yaml +++ b/cves/2020/CVE-2020-35338.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35338 cwe-id: CWE-798 + cpe: cpe:2.3:a:mobileviewpoint:wireless_multiplex_terminal_playout_server:*:*:*:*:*:*:*:* + epss-score: 0.04997 tags: cve,cve2020,wmt,default-login requests: diff --git a/cves/2020/CVE-2020-35476.yaml b/cves/2020/CVE-2020-35476.yaml index a494c29ea7..7e77c68718 100644 --- a/cves/2020/CVE-2020-35476.yaml +++ b/cves/2020/CVE-2020-35476.yaml @@ -15,9 +15,11 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35476 cwe-id: CWE-78 + cpe: cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:* + epss-score: 0.78489 metadata: - verified: true shodan-query: html:"OpenTSDB" + verified: "true" tags: cve,cve2020,opentsdb,rce,packetstorm requests: diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml index 9f6144dd36..28ed91d97d 100644 --- a/cves/2020/CVE-2020-35489.yaml +++ b/cves/2020/CVE-2020-35489.yaml @@ -15,6 +15,8 @@ info: cvss-score: 10 cve-id: CVE-2020-35489 cwe-id: CWE-434 + cpe: cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:*:*:* + epss-score: 0.90859 tags: cve,cve2020,wordpress,wp-plugin,rce,fileupload,intrusive requests: diff --git a/cves/2020/CVE-2020-35580.yaml b/cves/2020/CVE-2020-35580.yaml index 5aa3e621d1..efc0a57e45 100644 --- a/cves/2020/CVE-2020-35580.yaml +++ b/cves/2020/CVE-2020-35580.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35580 cwe-id: CWE-522 + cpe: cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:* + epss-score: 0.02178 tags: cve,cve2020,lfi requests: diff --git a/cves/2020/CVE-2020-35598.yaml b/cves/2020/CVE-2020-35598.yaml index 0a60638f12..f38b74466d 100644 --- a/cves/2020/CVE-2020-35598.yaml +++ b/cves/2020/CVE-2020-35598.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35598 cwe-id: CWE-22 + cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:*:*:*:*:*:*:*:* + epss-score: 0.11187 tags: acs,edb,seclists,cve,cve2020,lfi requests: diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index 42dbf98178..ec939c557b 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -9,11 +9,13 @@ info: - https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt - https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html - https://nvd.nist.gov/vuln/detail/CVE-2020-35713 + - https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35713 cwe-id: CWE-78 + epss-score: 0.97287 tags: cve,cve2020,linksys,rce,oast,router requests: diff --git a/cves/2020/CVE-2020-35729.yaml b/cves/2020/CVE-2020-35729.yaml index 3080fec1ca..f0ca883c81 100644 --- a/cves/2020/CVE-2020-35729.yaml +++ b/cves/2020/CVE-2020-35729.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35729 cwe-id: CWE-78 + cpe: cpe:2.3:a:klogserver:klog_server:*:*:*:*:*:*:*:* + epss-score: 0.95448 tags: cve,cve2020,klog,rce requests: diff --git a/cves/2020/CVE-2020-35736.yaml b/cves/2020/CVE-2020-35736.yaml index 6dde88ab8a..2442924afe 100644 --- a/cves/2020/CVE-2020-35736.yaml +++ b/cves/2020/CVE-2020-35736.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35736 cwe-id: CWE-22 + cpe: cpe:2.3:a:liftoffsoftware:gateone:*:*:*:*:*:*:*:* + epss-score: 0.01553 tags: cve,cve2020,gateone,lfi requests: diff --git a/cves/2020/CVE-2020-35749.yaml b/cves/2020/CVE-2020-35749.yaml index 084f2782b4..214ac39bfa 100644 --- a/cves/2020/CVE-2020-35749.yaml +++ b/cves/2020/CVE-2020-35749.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.7 cve-id: CVE-2020-35749 cwe-id: CWE-22 + cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:*:*:* + epss-score: 0.01796 tags: authenticated,packetstorm,wp,cve2020,lfi,wordpress,wp-plugin,wpscan,cve requests: diff --git a/cves/2020/CVE-2020-35774.yaml b/cves/2020/CVE-2020-35774.yaml index 261b7db48c..b5b64fba84 100644 --- a/cves/2020/CVE-2020-35774.yaml +++ b/cves/2020/CVE-2020-35774.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35774 cwe-id: CWE-79 + cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* + epss-score: 0.97219 tags: cve,cve2020,xss,twitter-server requests: diff --git a/cves/2020/CVE-2020-3580.yaml b/cves/2020/CVE-2020-3580.yaml index 7e213a029c..ab6e71967a 100644 --- a/cves/2020/CVE-2020-3580.yaml +++ b/cves/2020/CVE-2020-3580.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-3580 cwe-id: CWE-79 + epss-score: 0.97346 tags: cve,cve2020,xss,cisco,kev requests: diff --git a/cves/2020/CVE-2020-35846.yaml b/cves/2020/CVE-2020-35846.yaml index 707ae1c8f5..84fa704f56 100644 --- a/cves/2020/CVE-2020-35846.yaml +++ b/cves/2020/CVE-2020-35846.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35846 cwe-id: CWE-89 + cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* + epss-score: 0.78273 tags: cve,cve2020,nosqli,sqli,cockpit,injection requests: diff --git a/cves/2020/CVE-2020-35847.yaml b/cves/2020/CVE-2020-35847.yaml index 548eac30a2..6fa771fb83 100644 --- a/cves/2020/CVE-2020-35847.yaml +++ b/cves/2020/CVE-2020-35847.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35847 cwe-id: CWE-89 + cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* + epss-score: 0.80883 tags: cve,cve2020,nosqli,sqli,cockpit,injection requests: diff --git a/cves/2020/CVE-2020-35848.yaml b/cves/2020/CVE-2020-35848.yaml index 703b0efb37..924aa22477 100644 --- a/cves/2020/CVE-2020-35848.yaml +++ b/cves/2020/CVE-2020-35848.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35848 cwe-id: CWE-89 + cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* + epss-score: 0.72481 tags: cve,cve2020,nosqli,sqli,cockpit,injection requests: diff --git a/cves/2020/CVE-2020-35951.yaml b/cves/2020/CVE-2020-35951.yaml index 4cc26a7d66..d92fe9bd78 100644 --- a/cves/2020/CVE-2020-35951.yaml +++ b/cves/2020/CVE-2020-35951.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.9 cve-id: CVE-2020-35951 cwe-id: CWE-306 + cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:*:*:* + epss-score: 0.00217 tags: cve2020,wordpress,wp-plugin,wpscan,cve requests: diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml index 9992ca8313..db48ccf96c 100644 --- a/cves/2020/CVE-2020-36112.yaml +++ b/cves/2020/CVE-2020-36112.yaml @@ -4,7 +4,7 @@ info: name: CSE Bookstore 1.0 - SQL Injection author: geeknik severity: critical - description: "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database." + description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. reference: - https://www.exploit-db.com/exploits/49314 - https://www.tenable.com/cve/CVE-2020-36112 @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-36112 cwe-id: CWE-89 + cpe: cpe:2.3:a:cse_bookstore_project:cse_bookstore:*:*:*:*:*:*:*:* + epss-score: 0.47622 tags: cve,cve2020,sqli,cse,edb,tenable requests: diff --git a/cves/2020/CVE-2020-36289.yaml b/cves/2020/CVE-2020-36289.yaml index 47a28c4b4f..12516b18dc 100644 --- a/cves/2020/CVE-2020-36289.yaml +++ b/cves/2020/CVE-2020-36289.yaml @@ -14,6 +14,7 @@ info: cvss-score: 5.3 cve-id: CVE-2020-36289 cwe-id: CWE-200 + epss-score: 0.9733 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,jira,atlassian,unauth diff --git a/cves/2020/CVE-2020-36365.yaml b/cves/2020/CVE-2020-36365.yaml index 8f8a753a74..a289bf88b5 100644 --- a/cves/2020/CVE-2020-36365.yaml +++ b/cves/2020/CVE-2020-36365.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36365 cwe-id: CWE-601 + cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* + epss-score: 0.00331 metadata: shodan-query: http.html:'content="Smartstore' tags: cve,cve2020,redirect,smartstore diff --git a/cves/2020/CVE-2020-36510.yaml b/cves/2020/CVE-2020-36510.yaml index 9774ac692c..d8fd7c04a3 100644 --- a/cves/2020/CVE-2020-36510.yaml +++ b/cves/2020/CVE-2020-36510.yaml @@ -11,11 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-36510 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 + cvss-score: 6.1 cve-id: CVE-2020-36510 cwe-id: CWE-79 + cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:*:*:* + epss-score: 0.00119 metadata: - verified: false + verified: "false" tags: xss,wordpress,wp-theme,wp,cve,cve2020,wpscan requests: diff --git a/cves/2020/CVE-2020-4463.yaml b/cves/2020/CVE-2020-4463.yaml index 0d5edf18aa..7190a49988 100644 --- a/cves/2020/CVE-2020-4463.yaml +++ b/cves/2020/CVE-2020-4463.yaml @@ -20,6 +20,8 @@ info: cvss-score: 8.2 cve-id: CVE-2020-4463 cwe-id: CWE-611 + cpe: cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:* + epss-score: 0.74371 metadata: shodan-query: http.favicon.hash:-399298961 tags: cve,cve2020,ibm,xxe,disclosure diff --git a/cves/2020/CVE-2020-5191.yaml b/cves/2020/CVE-2020-5191.yaml index c14db103a8..f339ef82ab 100644 --- a/cves/2020/CVE-2020-5191.yaml +++ b/cves/2020/CVE-2020-5191.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-5191 cwe-id: CWE-79 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* + epss-score: 0.00311 metadata: verified: "true" tags: cve2020,hms,cms,xss,authenticated,edb,cve diff --git a/cves/2020/CVE-2020-5192.yaml b/cves/2020/CVE-2020-5192.yaml index 7897481cfa..9df4554135 100644 --- a/cves/2020/CVE-2020-5192.yaml +++ b/cves/2020/CVE-2020-5192.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5192 cwe-id: CWE-89 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* + epss-score: 0.00529 metadata: verified: "true" tags: cve2020,hms,cms,sqli,authenticated,edb,cve diff --git a/cves/2020/CVE-2020-5284.yaml b/cves/2020/CVE-2020-5284.yaml index 1315a10ebb..449437bbed 100644 --- a/cves/2020/CVE-2020-5284.yaml +++ b/cves/2020/CVE-2020-5284.yaml @@ -5,16 +5,18 @@ info: author: rootxharsh,iamnoooob,dwisiswant0 severity: medium description: Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. - remediation: This issue is fixed in version 9.3.2. reference: - https://github.com/zeit/next.js/releases/tag/v9.3.2 - https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj - https://nvd.nist.gov/vuln/detail/CVE-2020-5284 + remediation: This issue is fixed in version 9.3.2. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2020-5284 cwe-id: CWE-22 + cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* + epss-score: 0.00122 tags: cve,cve2020,nextjs,lfi requests: diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml index 91c5eaaffc..691c9840f4 100644 --- a/cves/2020/CVE-2020-5307.yaml +++ b/cves/2020/CVE-2020-5307.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5307 cwe-id: CWE-89 + cpe: cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:*:*:*:*:*:*:*:* + epss-score: 0.01029 tags: sqli,edb,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-5405.yaml b/cves/2020/CVE-2020-5405.yaml index bdd52136f0..56a97cb45c 100644 --- a/cves/2020/CVE-2020-5405.yaml +++ b/cves/2020/CVE-2020-5405.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-5405 cwe-id: CWE-22 + cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* + epss-score: 0.00258 tags: cve,cve2020,lfi,springcloud requests: diff --git a/cves/2020/CVE-2020-5410.yaml b/cves/2020/CVE-2020-5410.yaml index 8c2b24b7b5..beed5f4239 100644 --- a/cves/2020/CVE-2020-5410.yaml +++ b/cves/2020/CVE-2020-5410.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-5410 cwe-id: CWE-22 + cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* + epss-score: 0.9712 tags: cve,cve2020,lfi,springcloud,config,traversal,kev requests: diff --git a/cves/2020/CVE-2020-5412.yaml b/cves/2020/CVE-2020-5412.yaml index b461cb2068..e43c962ff7 100644 --- a/cves/2020/CVE-2020-5412.yaml +++ b/cves/2020/CVE-2020-5412.yaml @@ -4,8 +4,7 @@ info: name: Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard) author: dwisiswant0 severity: medium - description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests - to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. + description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. reference: - https://tanzu.vmware.com/security/cve-2020-5412 classification: @@ -13,6 +12,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-5412 cwe-id: CWE-610 + cpe: cpe:2.3:a:vmware:spring_cloud_netflix:*:*:*:*:*:*:*:* + epss-score: 0.03435 tags: cve,cve2020,ssrf,springcloud requests: diff --git a/cves/2020/CVE-2020-5775.yaml b/cves/2020/CVE-2020-5775.yaml index 66b3cb1d14..3fc3383157 100644 --- a/cves/2020/CVE-2020-5775.yaml +++ b/cves/2020/CVE-2020-5775.yaml @@ -13,6 +13,8 @@ info: cvss-score: 5.8 cve-id: CVE-2020-5775 cwe-id: CWE-918 + cpe: cpe:2.3:a:instructure:canvas_learning_management_service:*:*:*:*:*:*:*:* + epss-score: 0.00166 tags: cve,cve2020,ssrf,oast,blind,tenable requests: diff --git a/cves/2020/CVE-2020-5776.yaml b/cves/2020/CVE-2020-5776.yaml index 4f8d470800..76cea5065a 100644 --- a/cves/2020/CVE-2020-5776.yaml +++ b/cves/2020/CVE-2020-5776.yaml @@ -13,6 +13,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5776 cwe-id: CWE-352 + cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* + epss-score: 0.53263 metadata: shodan-query: http.component:"Magento" tags: magmi,magento,tenable,cve,cve2020 diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml index 6b4c111d5a..40c8a62085 100644 --- a/cves/2020/CVE-2020-5777.yaml +++ b/cves/2020/CVE-2020-5777.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5777 cwe-id: CWE-287 + cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* + epss-score: 0.01568 metadata: shodan-query: http.component:"Magento" tags: plugin,tenable,cve,cve2020,magmi,magento,auth,bypass diff --git a/cves/2020/CVE-2020-5847.yaml b/cves/2020/CVE-2020-5847.yaml index ad87e9a4ab..7b057f3148 100644 --- a/cves/2020/CVE-2020-5847.yaml +++ b/cves/2020/CVE-2020-5847.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5847 cwe-id: CWE-94,CWE-668 + cpe: cpe:2.3:a:unraid:unraid:*:*:*:*:*:*:*:* + epss-score: 0.97272 tags: cve,cve2020,rce,kev requests: diff --git a/cves/2020/CVE-2020-5902.yaml b/cves/2020/CVE-2020-5902.yaml index 6b48ac6d5d..7998d2b56e 100644 --- a/cves/2020/CVE-2020-5902.yaml +++ b/cves/2020/CVE-2020-5902.yaml @@ -23,6 +23,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5902 cwe-id: CWE-22,CWE-829 + epss-score: 0.97562 tags: cve2020,bigip,rce,kev,packetstorm,cve requests: diff --git a/cves/2020/CVE-2020-6171.yaml b/cves/2020/CVE-2020-6171.yaml index 084849cab7..c3634be608 100644 --- a/cves/2020/CVE-2020-6171.yaml +++ b/cves/2020/CVE-2020-6171.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-6171 cwe-id: CWE-79 + cpe: cpe:2.3:a:communilink:clink_office:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: cve,cve2020,xss,clink-office requests: diff --git a/cves/2020/CVE-2020-6207.yaml b/cves/2020/CVE-2020-6207.yaml index e2b8002165..f167b9e8e1 100644 --- a/cves/2020/CVE-2020-6207.yaml +++ b/cves/2020/CVE-2020-6207.yaml @@ -18,6 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-6207 cwe-id: CWE-306 + cpe: cpe:2.3:a:sap:solution_manager:*:*:*:*:*:*:*:* + epss-score: 0.97442 tags: cve,cve2020,sap,solman,rce,kev requests: diff --git a/cves/2020/CVE-2020-6287.yaml b/cves/2020/CVE-2020-6287.yaml index 6df8034fa4..bdf241116b 100644 --- a/cves/2020/CVE-2020-6287.yaml +++ b/cves/2020/CVE-2020-6287.yaml @@ -16,6 +16,8 @@ info: cvss-score: 10 cve-id: CVE-2020-6287 cwe-id: CWE-306 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* + epss-score: 0.97362 metadata: shodan-query: http.favicon.hash:-266008933 tags: cve,cve2020,sap,kev,cisa diff --git a/cves/2020/CVE-2020-6308.yaml b/cves/2020/CVE-2020-6308.yaml index cd76af94cc..8c75a4d154 100644 --- a/cves/2020/CVE-2020-6308.yaml +++ b/cves/2020/CVE-2020-6308.yaml @@ -5,7 +5,7 @@ info: author: madrobot severity: medium description: | - SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. + SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. reference: - https://github.com/InitRoot/CVE-2020-6308-PoC - https://launchpad.support.sap.com/#/notes/2943844 @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-6308 cwe-id: CWE-918 + cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:*:*:*:*:*:*:*:* + epss-score: 0.00264 tags: cve,cve2020,sap,ssrf,oast,unauth requests: diff --git a/cves/2020/CVE-2020-6637.yaml b/cves/2020/CVE-2020-6637.yaml index 925bd35355..2d543a1ffe 100644 --- a/cves/2020/CVE-2020-6637.yaml +++ b/cves/2020/CVE-2020-6637.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-6637 cwe-id: CWE-89 + cpe: cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:* + epss-score: 0.02214 metadata: shodan-query: http.title:"openSIS" tags: cve,cve2020,sqli,opensis diff --git a/cves/2020/CVE-2020-7107.yaml b/cves/2020/CVE-2020-7107.yaml index 78459e789c..d1d102f304 100644 --- a/cves/2020/CVE-2020-7107.yaml +++ b/cves/2020/CVE-2020-7107.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-7107 cwe-id: CWE-79 + cpe: cpe:2.3:a:etoilewebdesign:ultimate_faq:*:*:*:*:*:*:*:* + epss-score: 0.00517 metadata: verified: "true" tags: ultimate-faqs,wpscan,cve,cve2020,xss,wordpress,wp-plugin,wp diff --git a/cves/2020/CVE-2020-7136.yaml b/cves/2020/CVE-2020-7136.yaml index 32b67306ba..b127dc4e6c 100644 --- a/cves/2020/CVE-2020-7136.yaml +++ b/cves/2020/CVE-2020-7136.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7136 cwe-id: CWE-288 + cpe: cpe:2.3:a:hpe:smart_update_manager:*:*:*:*:*:*:*:* + epss-score: 0.04874 tags: cve,cve2020,hp,auth-bypass,hpe,tenable requests: diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index 080e2366ec..e9bbf2e18d 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -5,7 +5,6 @@ info: author: dwisiswant0 severity: critical description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. - remediation: This is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html @@ -13,10 +12,13 @@ info: - https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - https://www.hpe.com/us/en/home.html - https://nvd.nist.gov/vuln/detail/CVE-2020-7209 + remediation: This is resolved in release 6.0-2. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7209 + cpe: cpe:2.3:a:hp:linuxki:*:*:*:*:*:*:*:* + epss-score: 0.97348 tags: cve,cve2020,rce,packetstorm requests: diff --git a/cves/2020/CVE-2020-7247.yaml b/cves/2020/CVE-2020-7247.yaml index 2f77f23203..9253018875 100644 --- a/cves/2020/CVE-2020-7247.yaml +++ b/cves/2020/CVE-2020-7247.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7247 cwe-id: CWE-78,CWE-755 + epss-score: 0.9749 tags: cve,cve2020,smtp,opensmtpd,network,rce,oast,kev network: diff --git a/cves/2020/CVE-2020-7318.yaml b/cves/2020/CVE-2020-7318.yaml index bd832819f1..96b16c68a2 100644 --- a/cves/2020/CVE-2020-7318.yaml +++ b/cves/2020/CVE-2020-7318.yaml @@ -17,6 +17,8 @@ info: cvss-score: 4.3 cve-id: CVE-2020-7318 cwe-id: CWE-79 + cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* + epss-score: 0.00051 tags: cve,cve2020,xss,mcafee requests: diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 8c94eb0c98..eb741ab2bd 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7796 cwe-id: CWE-918 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* + epss-score: 0.70272 tags: cve,cve2020,zimbra,ssrf,oast requests: diff --git a/cves/2020/CVE-2020-7943.yaml b/cves/2020/CVE-2020-7943.yaml index 538d5e8f66..db7c5ccada 100644 --- a/cves/2020/CVE-2020-7943.yaml +++ b/cves/2020/CVE-2020-7943.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-7943 cwe-id: CWE-276 + epss-score: 0.02202 tags: cve,cve2020,puppet,exposure,puppetdb requests: diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index 18f09a0e04..91fb7a8d2e 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7961 cwe-id: CWE-502 + cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* + epss-score: 0.97464 tags: cve,cve2020,rce,liferay,kev requests: diff --git a/cves/2020/CVE-2020-7980.yaml b/cves/2020/CVE-2020-7980.yaml index 58bbb84619..c77bb4e9fe 100644 --- a/cves/2020/CVE-2020-7980.yaml +++ b/cves/2020/CVE-2020-7980.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7980 cwe-id: CWE-78 + cpe: cpe:2.3:a:intelliantech:aptus_web:*:*:*:*:*:*:*:* + epss-score: 0.972 metadata: shodan-query: http.title:"Intellian Aptus Web" tags: cve,cve2020,intellian,aptus,packetstorm,satellian,rce diff --git a/cves/2020/CVE-2020-8115.yaml b/cves/2020/CVE-2020-8115.yaml index 34d721aabf..639297393d 100644 --- a/cves/2020/CVE-2020-8115.yaml +++ b/cves/2020/CVE-2020-8115.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8115 cwe-id: CWE-79 + cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* + epss-score: 0.02261 tags: cve,cve2020,xss,hackerone requests: - method: GET diff --git a/cves/2020/CVE-2020-8163.yaml b/cves/2020/CVE-2020-8163.yaml index db20c9bebd..5db2418d5d 100644 --- a/cves/2020/CVE-2020-8163.yaml +++ b/cves/2020/CVE-2020-8163.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8163 cwe-id: CWE-94 + epss-score: 0.97359 tags: cve,cve2020,rails,rce,hackerone requests: diff --git a/cves/2020/CVE-2020-8191.yaml b/cves/2020/CVE-2020-8191.yaml index 1387fcbba3..280ba7dc61 100644 --- a/cves/2020/CVE-2020-8191.yaml +++ b/cves/2020/CVE-2020-8191.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8191 cwe-id: CWE-79 + epss-score: 0.00223 tags: cve,cve2020,citrix,xss requests: diff --git a/cves/2020/CVE-2020-8193.yaml b/cves/2020/CVE-2020-8193.yaml index 90bf832497..0ed21e4b5d 100644 --- a/cves/2020/CVE-2020-8193.yaml +++ b/cves/2020/CVE-2020-8193.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8193 cwe-id: CWE-862 + epss-score: 0.97456 tags: cve,cve2020,citrix,lfi,kev,packetstorm requests: diff --git a/cves/2020/CVE-2020-8194.yaml b/cves/2020/CVE-2020-8194.yaml index a2146b54f0..472a5d9058 100644 --- a/cves/2020/CVE-2020-8194.yaml +++ b/cves/2020/CVE-2020-8194.yaml @@ -4,8 +4,7 @@ info: name: Citrix ADC & NetScaler Gateway Reflected Code Injection author: dwisiswant0 severity: medium - description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and - 10.2.7 allows the modification of a file download. + description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. reference: - https://support.citrix.com/article/CTX276688 classification: @@ -13,6 +12,7 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8194 cwe-id: CWE-94 + epss-score: 0.97231 tags: cve,cve2020,citrix requests: diff --git a/cves/2020/CVE-2020-8209.yaml b/cves/2020/CVE-2020-8209.yaml index 67cf5b5a72..f55a054f6e 100644 --- a/cves/2020/CVE-2020-8209.yaml +++ b/cves/2020/CVE-2020-8209.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8209 cwe-id: CWE-22 + cpe: cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:* + epss-score: 0.97245 tags: cve,cve2020,citrix,lfi,xenmobile requests: diff --git a/cves/2020/CVE-2020-8497.yaml b/cves/2020/CVE-2020-8497.yaml index ac9da84e0f..e772da0ea6 100644 --- a/cves/2020/CVE-2020-8497.yaml +++ b/cves/2020/CVE-2020-8497.yaml @@ -13,6 +13,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-8497 cwe-id: CWE-306 + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* + epss-score: 0.002 tags: cve,cve2020,fms,artica requests: diff --git a/cves/2020/CVE-2020-8512.yaml b/cves/2020/CVE-2020-8512.yaml index 5f20b27a10..1daacad07e 100644 --- a/cves/2020/CVE-2020-8512.yaml +++ b/cves/2020/CVE-2020-8512.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8512 cwe-id: CWE-79 + cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* + epss-score: 0.0046 metadata: shodan-query: title:"icewarp" tags: edb,packetstorm,cve,cve2020,xss,icewarp diff --git a/cves/2020/CVE-2020-8515.yaml b/cves/2020/CVE-2020-8515.yaml index c834e6279b..a87e6b8980 100644 --- a/cves/2020/CVE-2020-8515.yaml +++ b/cves/2020/CVE-2020-8515.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8515 cwe-id: CWE-78 + epss-score: 0.97183 tags: cve,cve2020,rce,kev requests: diff --git a/cves/2020/CVE-2020-8641.yaml b/cves/2020/CVE-2020-8641.yaml index b9c02e7605..3d7b2f3922 100644 --- a/cves/2020/CVE-2020-8641.yaml +++ b/cves/2020/CVE-2020-8641.yaml @@ -14,6 +14,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8641 cwe-id: CWE-22 + cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:*:*:*:*:*:*:*:* + epss-score: 0.00796 tags: cve2020,lfi,lotus,cms,edb,cve requests: diff --git a/cves/2020/CVE-2020-8644.yaml b/cves/2020/CVE-2020-8644.yaml index 6d66fa8fa8..da5495599a 100644 --- a/cves/2020/CVE-2020-8644.yaml +++ b/cves/2020/CVE-2020-8644.yaml @@ -9,12 +9,15 @@ info: - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 + - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8644 cwe-id: CWE-74 - tags: cve,cve2020,ssti,playsms,rce,unauth,kev + cpe: cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:* + epss-score: 0.94485 + tags: unauth,kev,packetstorm,cve,cve2020,ssti,playsms,rce requests: - raw: diff --git a/cves/2020/CVE-2020-8654.yaml b/cves/2020/CVE-2020-8654.yaml index 014f5cb558..26cbefe1f5 100644 --- a/cves/2020/CVE-2020-8654.yaml +++ b/cves/2020/CVE-2020-8654.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8654 cwe-id: CWE-78 + cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:* + epss-score: 0.05217 tags: cisa,eyesofnetwork,rce,authenticated,msf,cve,cve2020 requests: diff --git a/cves/2020/CVE-2020-8771.yaml b/cves/2020/CVE-2020-8771.yaml index 98b42b98a1..bd80cd2797 100644 --- a/cves/2020/CVE-2020-8771.yaml +++ b/cves/2020/CVE-2020-8771.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8771 cwe-id: CWE-287 + cpe: cpe:2.3:a:wptimecapsule:wp_time_capsule:*:*:*:*:*:*:*:* + epss-score: 0.0673 tags: cve,cve2020,wordpress,wp-plugin requests: diff --git a/cves/2020/CVE-2020-8772.yaml b/cves/2020/CVE-2020-8772.yaml index 5802361ec5..7df5fa0789 100644 --- a/cves/2020/CVE-2020-8772.yaml +++ b/cves/2020/CVE-2020-8772.yaml @@ -6,17 +6,19 @@ info: severity: critical description: | WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwp_mmb_set_request in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. - remediation: Upgrade to InfiniteWP 1.9.4.5 or higher. reference: - https://wpscan.com/vulnerability/10011 - https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/ - https://wpvulndb.com/vulnerabilities/10011 - https://nvd.nist.gov/vuln/detail/CVE-2020-8772 + remediation: Upgrade to InfiniteWP 1.9.4.5 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8772 cwe-id: CWE-862 + cpe: cpe:2.3:a:revmakx:infinitewp_client:*:*:*:*:*:*:*:* + epss-score: 0.96929 metadata: verified: "true" tags: wpscan,cve,cve2020,wordpress,wp-plugin,wp,infinitewp,auth-bypass diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index 2ca5f6ff4f..3d24a0716b 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8813 cwe-id: CWE-78 + epss-score: 0.96407 tags: cve,cve2020,cacti,rce,oast requests: diff --git a/cves/2020/CVE-2020-8982.yaml b/cves/2020/CVE-2020-8982.yaml index d80ddfab2a..ff7ce0deab 100644 --- a/cves/2020/CVE-2020-8982.yaml +++ b/cves/2020/CVE-2020-8982.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8982 cwe-id: CWE-22 + cpe: cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:* + epss-score: 0.72182 tags: cve,cve2020,citrix,lfi requests: diff --git a/cves/2020/CVE-2020-9036.yaml b/cves/2020/CVE-2020-9036.yaml index b7438ecc2d..93506cebc4 100644 --- a/cves/2020/CVE-2020-9036.yaml +++ b/cves/2020/CVE-2020-9036.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-9036 cwe-id: CWE-79 + cpe: cpe:2.3:a:jeedom:jeedom:*:*:*:*:*:*:*:* + epss-score: 0.00106 tags: cve,cve2020,xss,jeedom requests: diff --git a/cves/2020/CVE-2020-9043.yaml b/cves/2020/CVE-2020-9043.yaml index d5ce7f65b4..f7401981eb 100644 --- a/cves/2020/CVE-2020-9043.yaml +++ b/cves/2020/CVE-2020-9043.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-9043 cwe-id: CWE-200 + cpe: cpe:2.3:a:wpcentral:wpcentral:*:*:*:*:*:*:*:* + epss-score: 0.03474 metadata: verified: "true" tags: wordpress,wp-plugin,wpcentral,authenticated,wp,wpscan,cve,cve2020 diff --git a/cves/2020/CVE-2020-9047.yaml b/cves/2020/CVE-2020-9047.yaml index 861791c245..8f6a47075e 100644 --- a/cves/2020/CVE-2020-9047.yaml +++ b/cves/2020/CVE-2020-9047.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.2 cve-id: CVE-2020-9047 cwe-id: CWE-347 + epss-score: 0.01081 tags: cve,cve2020,rce,exacqvision requests: diff --git a/cves/2020/CVE-2020-9054.yaml b/cves/2020/CVE-2020-9054.yaml index 4c74eec890..0b64c2b10b 100644 --- a/cves/2020/CVE-2020-9054.yaml +++ b/cves/2020/CVE-2020-9054.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2020-9054 cwe-id: CWE-78 + epss-score: 0.97508 tags: cve,cve2020,rce,zyxel,injection,kev requests: diff --git a/cves/2020/CVE-2020-9315.yaml b/cves/2020/CVE-2020-9315.yaml index 5674973fa1..815023060d 100644 --- a/cves/2020/CVE-2020-9315.yaml +++ b/cves/2020/CVE-2020-9315.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9315 cwe-id: CWE-306 + cpe: cpe:2.3:a:oracle:iplanet_web_server:*:*:*:*:*:*:*:* + epss-score: 0.97417 tags: cve,cve2020,oracle,auth-bypass,iplanet requests: diff --git a/cves/2020/CVE-2020-9344.yaml b/cves/2020/CVE-2020-9344.yaml index 6144d77e1d..c7ba6b603a 100644 --- a/cves/2020/CVE-2020-9344.yaml +++ b/cves/2020/CVE-2020-9344.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-9344 cwe-id: CWE-79 + cpe: cpe:2.3:a:atlassian:subversion_application_lifecycle_management:*:*:*:*:*:*:*:* + epss-score: 0.00205 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,xss diff --git a/cves/2020/CVE-2020-9376.yaml b/cves/2020/CVE-2020-9376.yaml index 7f7c3feabd..7d32801676 100644 --- a/cves/2020/CVE-2020-9376.yaml +++ b/cves/2020/CVE-2020-9376.yaml @@ -17,6 +17,7 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9376 cwe-id: CWE-74 + epss-score: 0.97034 tags: cve,cve2020,dlink,disclosure,router requests: diff --git a/cves/2020/CVE-2020-9402.yaml b/cves/2020/CVE-2020-9402.yaml index 918eada5b4..e73640380a 100644 --- a/cves/2020/CVE-2020-9402.yaml +++ b/cves/2020/CVE-2020-9402.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2020-9402 cwe-id: CWE-89 + epss-score: 0.10843 tags: cve,cve2020,django,sqli,vulhub requests: diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index f610bf3b4c..27bc83fe15 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9425 cwe-id: CWE-670 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + epss-score: 0.01122 tags: cve,cve2020,rconfig.exposure requests: diff --git a/cves/2020/CVE-2020-9483.yaml b/cves/2020/CVE-2020-9483.yaml index d85bbf08ce..8f5985c462 100644 --- a/cves/2020/CVE-2020-9483.yaml +++ b/cves/2020/CVE-2020-9483.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9483 cwe-id: CWE-89 + cpe: cpe:2.3:a:apache:skywalking:*:*:*:*:*:*:*:* + epss-score: 0.21421 tags: cve,cve2020,sqli,skywalking requests: diff --git a/cves/2020/CVE-2020-9484.yaml b/cves/2020/CVE-2020-9484.yaml index 71700158db..be2279f0f6 100644 --- a/cves/2020/CVE-2020-9484.yaml +++ b/cves/2020/CVE-2020-9484.yaml @@ -21,6 +21,7 @@ info: cvss-score: 7 cve-id: CVE-2020-9484 cwe-id: CWE-502 + epss-score: 0.9701 metadata: shodan-query: title:"Apache Tomcat" tags: rce,packetstorm,cve,cve2020,apache,tomcat diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml index de8d04bca1..991652ccc7 100644 --- a/cves/2020/CVE-2020-9496.yaml +++ b/cves/2020/CVE-2020-9496.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-9496 cwe-id: CWE-79,CWE-502 + cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* + epss-score: 0.9749 tags: ofbiz,packetstorm,cve,cve2020,apache,java requests: diff --git a/cves/2020/CVE-2020-9757.yaml b/cves/2020/CVE-2020-9757.yaml index 8595f0a619..c4f9f8315b 100644 --- a/cves/2020/CVE-2020-9757.yaml +++ b/cves/2020/CVE-2020-9757.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-9757 cwe-id: CWE-74 + cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* + epss-score: 0.97362 tags: cve,cve2020,ssti requests: diff --git a/cves/2021/CVE-2021-1472.yaml b/cves/2021/CVE-2021-1472.yaml index 0ccc8974cd..e252d5c897 100644 --- a/cves/2021/CVE-2021-1472.yaml +++ b/cves/2021/CVE-2021-1472.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-1472 cwe-id: CWE-287 + epss-score: 0.9737 metadata: shodan-query: http.html:"Cisco rv340" verified: "true" diff --git a/cves/2021/CVE-2021-1497.yaml b/cves/2021/CVE-2021-1497.yaml index 3e42da4a28..9f73cdf9cc 100644 --- a/cves/2021/CVE-2021-1497.yaml +++ b/cves/2021/CVE-2021-1497.yaml @@ -18,6 +18,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-1497 cwe-id: CWE-78 + epss-score: 0.9751 tags: cisco,rce,oast,kev,packetstorm,cve,cve2021 variables: diff --git a/cves/2021/CVE-2021-1498.yaml b/cves/2021/CVE-2021-1498.yaml index 0d7fe3f4b4..fdbc3c2dd8 100644 --- a/cves/2021/CVE-2021-1498.yaml +++ b/cves/2021/CVE-2021-1498.yaml @@ -18,6 +18,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-1498 cwe-id: CWE-78 + epss-score: 0.97531 tags: kev,packetstorm,cve,cve2021,cisco,rce,oast,mirai requests: diff --git a/cves/2021/CVE-2021-1499.yaml b/cves/2021/CVE-2021-1499.yaml index c340a728f6..9bff03d011 100644 --- a/cves/2021/CVE-2021-1499.yaml +++ b/cves/2021/CVE-2021-1499.yaml @@ -15,6 +15,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-1499 cwe-id: CWE-306 + epss-score: 0.97246 tags: fileupload,intrusive,packetstorm,cve,cve2021,cisco requests: diff --git a/cves/2021/CVE-2021-20031.yaml b/cves/2021/CVE-2021-20031.yaml index 0f880cf873..1c052cb537 100644 --- a/cves/2021/CVE-2021-20031.yaml +++ b/cves/2021/CVE-2021-20031.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-20031 cwe-id: CWE-601 + epss-score: 0.0135 metadata: google-query: inurl:"auth.html" intitle:"SonicWall" tags: sonicwall,redirect,edb,packetstorm,cve,cve2021 diff --git a/cves/2021/CVE-2021-20038.yaml b/cves/2021/CVE-2021-20038.yaml index f55379ac20..341c9021b4 100644 --- a/cves/2021/CVE-2021-20038.yaml +++ b/cves/2021/CVE-2021-20038.yaml @@ -9,11 +9,13 @@ info: - https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 - https://nvd.nist.gov/vuln/detail/CVE-2021-20038 + - https://github.com/jbaines-r7/badblood classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-20038 cwe-id: CWE-787 + epss-score: 0.95323 tags: cve,cve2021,overflow,rce,sonicwall,kev variables: diff --git a/cves/2021/CVE-2021-20090.yaml b/cves/2021/CVE-2021-20090.yaml index ce45ec6f10..4a698629ec 100644 --- a/cves/2021/CVE-2021-20090.yaml +++ b/cves/2021/CVE-2021-20090.yaml @@ -10,11 +10,13 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 - https://nvd.nist.gov/vuln/detail/CVE-2021-20090 + - https://www.kb.cert.org/vuls/id/914124 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-20090 cwe-id: CWE-22 + epss-score: 0.97461 tags: cve,cve2021,lfi,buffalo,firmware,iot,kev,tenable requests: diff --git a/cves/2021/CVE-2021-20091.yaml b/cves/2021/CVE-2021-20091.yaml index c625f4b2fd..f9f37aea21 100644 --- a/cves/2021/CVE-2021-20091.yaml +++ b/cves/2021/CVE-2021-20091.yaml @@ -15,6 +15,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-20091 + epss-score: 0.00836 tags: cve,cve2021,buffalo,firmware,iot,tenable requests: diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml index cf0a112c25..1dfeb39dd0 100644 --- a/cves/2021/CVE-2021-20092.yaml +++ b/cves/2021/CVE-2021-20092.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20092 cwe-id: CWE-200 + epss-score: 0.01295 tags: cve,cve2021,buffalo,firmware,iot,tenable requests: diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml index 5e4234dbd4..19cb638668 100644 --- a/cves/2021/CVE-2021-20114.yaml +++ b/cves/2021/CVE-2021-20114.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20114 cwe-id: CWE-200 + cpe: cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:* + epss-score: 0.0185 tags: tcexam,disclosure,exposure,tenable,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-20123.yaml b/cves/2021/CVE-2021-20123.yaml index 7eb2c417ba..debba780e8 100644 --- a/cves/2021/CVE-2021-20123.yaml +++ b/cves/2021/CVE-2021-20123.yaml @@ -14,9 +14,11 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20123 cwe-id: CWE-668 + cpe: cpe:2.3:a:draytek:vigorconnect:*:*:*:*:*:*:*:* + epss-score: 0.00868 metadata: - verified: true shodan-query: http.html:"VigorConnect" + verified: "true" tags: cve,cve2021,draytek,lfi,vigorconnect,tenable requests: diff --git a/cves/2021/CVE-2021-20124.yaml b/cves/2021/CVE-2021-20124.yaml index 2d7f258b19..78a28fcfac 100644 --- a/cves/2021/CVE-2021-20124.yaml +++ b/cves/2021/CVE-2021-20124.yaml @@ -14,9 +14,11 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20124 cwe-id: CWE-668 + cpe: cpe:2.3:a:draytek:vigorconnect:*:*:*:*:*:*:*:* + epss-score: 0.00388 metadata: - verified: true shodan-query: http.html:"VigorConnect" + verified: "true" tags: cve,cve2021,draytek,lfi,vigorconnect,tenable requests: diff --git a/cves/2021/CVE-2021-20137.yaml b/cves/2021/CVE-2021-20137.yaml index a800f9e0f8..cbd09b3ae8 100644 --- a/cves/2021/CVE-2021-20137.yaml +++ b/cves/2021/CVE-2021-20137.yaml @@ -5,15 +5,16 @@ info: author: edoardottt severity: medium description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137 + - https://www.tenable.com/security/research/tra-2021-51 + - https://nvd.nist.gov/vuln/detail/CVE-2021-20137 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-20137 cwe-id: CWE-79 - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137 - - https://www.tenable.com/security/research/tra-2021-51 - - https://nvd.nist.gov/vuln/detail/CVE-2021-20137 + epss-score: 0.14853 tags: xss,tenable,cve,cve2021,gryphon requests: diff --git a/cves/2021/CVE-2021-20150.yaml b/cves/2021/CVE-2021-20150.yaml index 07d01288a7..16b87aab3a 100644 --- a/cves/2021/CVE-2021-20150.yaml +++ b/cves/2021/CVE-2021-20150.yaml @@ -13,6 +13,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-20150 cwe-id: CWE-287 + epss-score: 0.25775 metadata: shodan-query: http.html:"TEW-827DRU" tags: disclosure,router,tenable,cve,cve2021,trendnet diff --git a/cves/2021/CVE-2021-20158.yaml b/cves/2021/CVE-2021-20158.yaml index 1b984a31bb..71394f46c2 100644 --- a/cves/2021/CVE-2021-20158.yaml +++ b/cves/2021/CVE-2021-20158.yaml @@ -13,6 +13,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-20158 cwe-id: CWE-287 + epss-score: 0.00806 metadata: shodan-query: http.html:"TEW-827DRU" tags: disclosure,router,intrusive,tenable,cve,cve2021,trendnet diff --git a/cves/2021/CVE-2021-20167.yaml b/cves/2021/CVE-2021-20167.yaml index 9f89779fd7..f6a9f33a7e 100644 --- a/cves/2021/CVE-2021-20167.yaml +++ b/cves/2021/CVE-2021-20167.yaml @@ -15,6 +15,7 @@ info: cvss-score: 8 cve-id: CVE-2021-20167 cwe-id: CWE-77 + epss-score: 0.95998 tags: tenable,cve,cve2021,netgear,rce,router requests: diff --git a/cves/2021/CVE-2021-20323.yaml b/cves/2021/CVE-2021-20323.yaml index b83a77f07d..3766b898c4 100644 --- a/cves/2021/CVE-2021-20323.yaml +++ b/cves/2021/CVE-2021-20323.yaml @@ -18,6 +18,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-20323 cwe-id: CWE-79 + cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* + epss-score: 0.00228 metadata: shodan-query: html:"Keycloak" verified: "true" diff --git a/cves/2021/CVE-2021-20792.yaml b/cves/2021/CVE-2021-20792.yaml index 34ed24fd00..c84dc0eede 100644 --- a/cves/2021/CVE-2021-20792.yaml +++ b/cves/2021/CVE-2021-20792.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-20792 cwe-id: CWE-79 + cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:*:*:* + epss-score: 0.002 tags: wordpress,cve,cve2021,wp-plugin,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-20837.yaml b/cves/2021/CVE-2021-20837.yaml index 8433e63c9d..c9395fc11c 100644 --- a/cves/2021/CVE-2021-20837.yaml +++ b/cves/2021/CVE-2021-20837.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-20837 cwe-id: CWE-78 + cpe: cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:* + epss-score: 0.97239 tags: cve,cve2021,rce,movable requests: diff --git a/cves/2021/CVE-2021-21087.yaml b/cves/2021/CVE-2021-21087.yaml index e93ec309db..a1b0f67148 100644 --- a/cves/2021/CVE-2021-21087.yaml +++ b/cves/2021/CVE-2021-21087.yaml @@ -13,6 +13,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-21087 cwe-id: CWE-79 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* + epss-score: 0.00145 metadata: shodan-query: http.component:"Adobe ColdFusion" tags: rce,adobe,misc,coldfusion diff --git a/cves/2021/CVE-2021-21234.yaml b/cves/2021/CVE-2021-21234.yaml index 11d9096dec..6a8663626c 100644 --- a/cves/2021/CVE-2021-21234.yaml +++ b/cves/2021/CVE-2021-21234.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.7 cve-id: CVE-2021-21234 cwe-id: CWE-22 + cpe: cpe:2.3:a:spring-boot-actuator-logview_project:spring-boot-actuator-logview:*:*:*:*:*:*:*:* + epss-score: 0.97182 tags: cve,cve2021,springboot,lfi,actuator requests: diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 04da03b687..a602cd0f5f 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.7 cve-id: CVE-2021-21287 cwe-id: CWE-918 + cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:* + epss-score: 0.9729 tags: cve,cve2021,minio,ssrf,oast requests: diff --git a/cves/2021/CVE-2021-21307.yaml b/cves/2021/CVE-2021-21307.yaml index 209c9396d3..943c459417 100644 --- a/cves/2021/CVE-2021-21307.yaml +++ b/cves/2021/CVE-2021-21307.yaml @@ -9,12 +9,15 @@ info: - https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md - https://nvd.nist.gov/vuln/detail/CVE-2021-21307 + - http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response remediation: This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, block access to the Lucee Administrator. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-21307 cwe-id: CWE-862 + cpe: cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:* + epss-score: 0.97392 tags: cve,cve2021,rce,lucee,adobe requests: diff --git a/cves/2021/CVE-2021-21311.yaml b/cves/2021/CVE-2021-21311.yaml index 64c3b20ed1..cbf23526d0 100644 --- a/cves/2021/CVE-2021-21311.yaml +++ b/cves/2021/CVE-2021-21311.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.2 cve-id: CVE-2021-21311 cwe-id: CWE-918 + epss-score: 0.00278 metadata: fofa-query: app="Adminer" && body="4.7.8" hunter-query: app.name="Adminer"&&web.body="4.7.8" diff --git a/cves/2021/CVE-2021-21315.yaml b/cves/2021/CVE-2021-21315.yaml index cbdf424acd..409228be21 100644 --- a/cves/2021/CVE-2021-21315.yaml +++ b/cves/2021/CVE-2021-21315.yaml @@ -17,6 +17,7 @@ info: cvss-score: 7.8 cve-id: CVE-2021-21315 cwe-id: CWE-78 + epss-score: 0.96464 tags: nodejs,cve,cve2021,kev requests: diff --git a/cves/2021/CVE-2021-21345.yaml b/cves/2021/CVE-2021-21345.yaml index 59516ccc94..7d000d7d1f 100644 --- a/cves/2021/CVE-2021-21345.yaml +++ b/cves/2021/CVE-2021-21345.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.9 cve-id: CVE-2021-21345 cwe-id: CWE-78 + epss-score: 0.46618 tags: cve,cve2021,xstream,deserialization,rce,oast requests: diff --git a/cves/2021/CVE-2021-21351.yaml b/cves/2021/CVE-2021-21351.yaml index e24b537a61..b7d69fb347 100644 --- a/cves/2021/CVE-2021-21351.yaml +++ b/cves/2021/CVE-2021-21351.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.1 cve-id: CVE-2021-21351 cwe-id: CWE-502,CWE-434 + epss-score: 0.95547 tags: cve,cve2021,xstream,deserialization,rce,oast,vulhub requests: diff --git a/cves/2021/CVE-2021-21389.yaml b/cves/2021/CVE-2021-21389.yaml index 2b93b34b34..90573c52cc 100644 --- a/cves/2021/CVE-2021-21389.yaml +++ b/cves/2021/CVE-2021-21389.yaml @@ -5,18 +5,20 @@ info: author: lotusdll severity: high description: WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. - remediation: This issue has been remediated in WordPress BuddyPress 7.2.1. reference: - https://github.com/HoangKien1020/CVE-2021-21389 - https://buddypress.org/2021/03/buddypress-7-2-1-security-release/ - https://codex.buddypress.org/releases/version-7-2-1/ - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 - https://nvd.nist.gov/vuln/detail/CVE-2021-21389 + remediation: This issue has been remediated in WordPress BuddyPress 7.2.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-21389 cwe-id: CWE-863 + cpe: cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:*:*:* + epss-score: 0.80629 tags: cve,cve2021,wordpress,wp-plugin,rce,wp,buddypress requests: diff --git a/cves/2021/CVE-2021-21402.yaml b/cves/2021/CVE-2021-21402.yaml index d28cbde27b..075d7f4ea2 100644 --- a/cves/2021/CVE-2021-21402.yaml +++ b/cves/2021/CVE-2021-21402.yaml @@ -6,22 +6,24 @@ info: severity: medium description: | Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. - remediation: This is fixed in version 10.7.1. reference: - https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/ - https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wg4c-c9g9-rxhx - https://github.com/jellyfin/jellyfin/releases/tag/v10.7.1 - https://github.com/jellyfin/jellyfin/commit/0183ef8e89195f420c48d2600bc0b72f6d3a7fd7 - https://nvd.nist.gov/vuln/detail/CVE-2021-21402 + remediation: This is fixed in version 10.7.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-21402 cwe-id: CWE-22 + cpe: cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:* + epss-score: 0.30694 metadata: fofa-query: title="Jellyfin" || body="http://jellyfin.media" shodan-query: http.html:"Jellyfin" - verified: true + verified: "true" tags: cve,cve2021,jellyfin,lfi requests: diff --git a/cves/2021/CVE-2021-21479.yaml b/cves/2021/CVE-2021-21479.yaml index e0c891203d..66a53318b3 100644 --- a/cves/2021/CVE-2021-21479.yaml +++ b/cves/2021/CVE-2021-21479.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-21479 cwe-id: CWE-74 + cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:* + epss-score: 0.00327 tags: cve,cve2021,scimono,rce requests: diff --git a/cves/2021/CVE-2021-21745.yaml b/cves/2021/CVE-2021-21745.yaml index 867df640ad..24cb4b7b24 100644 --- a/cves/2021/CVE-2021-21745.yaml +++ b/cves/2021/CVE-2021-21745.yaml @@ -16,6 +16,7 @@ info: cvss-score: 4.3 cve-id: CVE-2021-21745 cwe-id: CWE-287 + epss-score: 0.46753 tags: zte,auth-bypass,cve,cve2021,router requests: diff --git a/cves/2021/CVE-2021-21799.yaml b/cves/2021/CVE-2021-21799.yaml index 3c93d2ef05..7f39b22285 100644 --- a/cves/2021/CVE-2021-21799.yaml +++ b/cves/2021/CVE-2021-21799.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21799 cwe-id: CWE-79 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.89019 metadata: shodan-query: http.html:"R-SeeNet" verified: "true" diff --git a/cves/2021/CVE-2021-21800.yaml b/cves/2021/CVE-2021-21800.yaml index ad5eb3b23d..98c86542f2 100644 --- a/cves/2021/CVE-2021-21800.yaml +++ b/cves/2021/CVE-2021-21800.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21800 cwe-id: CWE-79 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.89019 metadata: shodan-query: http.html:"R-SeeNet" verified: "true" diff --git a/cves/2021/CVE-2021-21801.yaml b/cves/2021/CVE-2021-21801.yaml index 17e63785ed..47721ee1ed 100644 --- a/cves/2021/CVE-2021-21801.yaml +++ b/cves/2021/CVE-2021-21801.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21801 cwe-id: CWE-79 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.89019 tags: cve,cve2021,rseenet,xss,graph requests: diff --git a/cves/2021/CVE-2021-21802.yaml b/cves/2021/CVE-2021-21802.yaml index e7747ced21..53d1d5b743 100644 --- a/cves/2021/CVE-2021-21802.yaml +++ b/cves/2021/CVE-2021-21802.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21802 cwe-id: CWE-79 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.89019 tags: cve,cve2021,rseenet,xss requests: diff --git a/cves/2021/CVE-2021-21803.yaml b/cves/2021/CVE-2021-21803.yaml index 9b4a033bb7..209679872c 100644 --- a/cves/2021/CVE-2021-21803.yaml +++ b/cves/2021/CVE-2021-21803.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21803 cwe-id: CWE-79 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.89019 tags: cve,cve2021,rseenet,xss requests: diff --git a/cves/2021/CVE-2021-21805.yaml b/cves/2021/CVE-2021-21805.yaml index 7c6b7bea06..f78f4d3793 100644 --- a/cves/2021/CVE-2021-21805.yaml +++ b/cves/2021/CVE-2021-21805.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21805 cwe-id: CWE-78 + cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* + epss-score: 0.97394 metadata: shodan-query: http.html:"R-SeeNet" verified: "true" diff --git a/cves/2021/CVE-2021-21816.yaml b/cves/2021/CVE-2021-21816.yaml index 9c39f3546b..97141cb4e4 100644 --- a/cves/2021/CVE-2021-21816.yaml +++ b/cves/2021/CVE-2021-21816.yaml @@ -13,6 +13,7 @@ info: cvss-score: 4.3 cve-id: CVE-2021-21816 cwe-id: CWE-922 + epss-score: 0.00237 tags: cve,cve2021,dlink,exposure,router,syslog requests: diff --git a/cves/2021/CVE-2021-21881.yaml b/cves/2021/CVE-2021-21881.yaml index f155201ccb..564c0de03a 100644 --- a/cves/2021/CVE-2021-21881.yaml +++ b/cves/2021/CVE-2021-21881.yaml @@ -13,6 +13,7 @@ info: cvss-score: 9.9 cve-id: CVE-2021-21881 cwe-id: CWE-78 + epss-score: 0.97326 tags: cve,cve2021,lantronix,rce,oast,cisco variables: diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml index 4d2aa8a5d3..a4d372cc62 100644 --- a/cves/2021/CVE-2021-21972.yaml +++ b/cves/2021/CVE-2021-21972.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21972 cwe-id: CWE-269 + epss-score: 0.97394 tags: cve2021,vmware,rce,vcenter,kev,packetstorm,cve requests: diff --git a/cves/2021/CVE-2021-21973.yaml b/cves/2021/CVE-2021-21973.yaml index 7c5330634b..5819417da1 100644 --- a/cves/2021/CVE-2021-21973.yaml +++ b/cves/2021/CVE-2021-21973.yaml @@ -15,6 +15,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-21973 cwe-id: CWE-918 + epss-score: 0.58402 tags: cve,cve2021,vmware,ssrf,vcenter,oast,kev requests: diff --git a/cves/2021/CVE-2021-21975.yaml b/cves/2021/CVE-2021-21975.yaml index f6c9016b48..355b5cd2a2 100644 --- a/cves/2021/CVE-2021-21975.yaml +++ b/cves/2021/CVE-2021-21975.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-21975 cwe-id: CWE-918 + epss-score: 0.97491 tags: kev,packetstorm,cve,cve2021,ssrf,vmware,vrealize requests: diff --git a/cves/2021/CVE-2021-21978.yaml b/cves/2021/CVE-2021-21978.yaml index bb2f27187e..f51cb1e1da 100644 --- a/cves/2021/CVE-2021-21978.yaml +++ b/cves/2021/CVE-2021-21978.yaml @@ -18,6 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21978 cwe-id: CWE-434 + cpe: cpe:2.3:a:vmware:view_planner:*:*:*:*:*:*:*:* + epss-score: 0.97457 tags: cve,cve2021,vmware,rce,packetstorm,fileupload,intrusive requests: diff --git a/cves/2021/CVE-2021-21985.yaml b/cves/2021/CVE-2021-21985.yaml index 692bb84f7e..36df67a40d 100644 --- a/cves/2021/CVE-2021-21985.yaml +++ b/cves/2021/CVE-2021-21985.yaml @@ -10,12 +10,14 @@ info: - https://www.vmware.com/security/advisories/VMSA-2021-0010.html - https://github.com/alt3kx/CVE-2021-21985_PoC - https://nvd.nist.gov/vuln/detail/CVE-2021-21985 + - http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-21985 cwe-id: CWE-20 - tags: cve,cve2021,rce,vsphere,vmware,kev + epss-score: 0.97409 + tags: packetstorm,cve,cve2021,rce,vsphere,vmware,kev requests: - raw: diff --git a/cves/2021/CVE-2021-22005.yaml b/cves/2021/CVE-2021-22005.yaml index 37b24699b5..150a4c2198 100644 --- a/cves/2021/CVE-2021-22005.yaml +++ b/cves/2021/CVE-2021-22005.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22005 cwe-id: CWE-434 + epss-score: 0.97434 tags: cve,cve2021,vmware,vcenter,fileupload,kev,intrusive requests: diff --git a/cves/2021/CVE-2021-22053.yaml b/cves/2021/CVE-2021-22053.yaml index d30f885398..6e28914e99 100644 --- a/cves/2021/CVE-2021-22053.yaml +++ b/cves/2021/CVE-2021-22053.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-22053 cwe-id: CWE-94 + cpe: cpe:2.3:a:vmware:spring_cloud_netflix:*:*:*:*:*:*:*:* + epss-score: 0.80689 tags: rce,spring,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-22054.yaml b/cves/2021/CVE-2021-22054.yaml index 4b06bbfe67..5be996818f 100644 --- a/cves/2021/CVE-2021-22054.yaml +++ b/cves/2021/CVE-2021-22054.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-22054 cwe-id: CWE-918 + cpe: cpe:2.3:a:vmware:workspace_one_uem_console:*:*:*:*:*:*:*:* + epss-score: 0.89196 metadata: fofa-query: banner="/AirWatch/default.aspx" || header="/AirWatch/default.aspx" tags: cve,cve2021,vmware,workspace,ssrf diff --git a/cves/2021/CVE-2021-22122.yaml b/cves/2021/CVE-2021-22122.yaml index 77cad3e29d..a0e49e3a05 100644 --- a/cves/2021/CVE-2021-22122.yaml +++ b/cves/2021/CVE-2021-22122.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-22122 cwe-id: CWE-79 + cpe: cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* + epss-score: 0.11206 tags: cve,cve2021,fortiweb,xss requests: diff --git a/cves/2021/CVE-2021-22145.yaml b/cves/2021/CVE-2021-22145.yaml index f569f928dc..df7e5b5ffd 100644 --- a/cves/2021/CVE-2021-22145.yaml +++ b/cves/2021/CVE-2021-22145.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.5 cve-id: CVE-2021-22145 cwe-id: CWE-209 + epss-score: 0.26644 tags: cve,cve2021,elasticsearch,packetstorm requests: diff --git a/cves/2021/CVE-2021-22205.yaml b/cves/2021/CVE-2021-22205.yaml index fe38d8f1a4..d062907733 100644 --- a/cves/2021/CVE-2021-22205.yaml +++ b/cves/2021/CVE-2021-22205.yaml @@ -18,6 +18,8 @@ info: cvss-score: 10 cve-id: CVE-2021-22205 cwe-id: CWE-20 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.97393 metadata: shodan-query: http.title:"GitLab" tags: kev,hackerone,cve,cve2021,gitlab,rce diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml index afc797ad29..7ebdddf8f3 100644 --- a/cves/2021/CVE-2021-22214.yaml +++ b/cves/2021/CVE-2021-22214.yaml @@ -20,6 +20,8 @@ info: cvss-score: 8.6 cve-id: CVE-2021-22214,CVE-2021-39935,CVE-2021-22175 cwe-id: CWE-918 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.26711 metadata: shodan-query: http.title:"GitLab" tags: cve,cve2021,gitlab,ssrf diff --git a/cves/2021/CVE-2021-22502.yaml b/cves/2021/CVE-2021-22502.yaml index d754a11dd4..9b766685b2 100644 --- a/cves/2021/CVE-2021-22502.yaml +++ b/cves/2021/CVE-2021-22502.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22502 cwe-id: CWE-78 + cpe: cpe:2.3:a:microfocus:operation_bridge_reporter:*:*:*:*:*:*:*:* + epss-score: 0.97358 tags: cve,cve2021,microfocus,obr,rce,kev requests: diff --git a/cves/2021/CVE-2021-22873.yaml b/cves/2021/CVE-2021-22873.yaml index c8356a2e31..0178febe28 100644 --- a/cves/2021/CVE-2021-22873.yaml +++ b/cves/2021/CVE-2021-22873.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-22873 cwe-id: CWE-601 + cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* + epss-score: 0.00621 metadata: shodan-query: http.favicon.hash:106844876 verified: "true" diff --git a/cves/2021/CVE-2021-22911.yaml b/cves/2021/CVE-2021-22911.yaml index fa55be1229..18c748293e 100644 --- a/cves/2021/CVE-2021-22911.yaml +++ b/cves/2021/CVE-2021-22911.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22911 cwe-id: CWE-89 + cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* + epss-score: 0.95361 metadata: shodan-query: http.title:"Rocket.Chat" verified: "true" diff --git a/cves/2021/CVE-2021-22986.yaml b/cves/2021/CVE-2021-22986.yaml index 60c656f130..128bcaa3ab 100644 --- a/cves/2021/CVE-2021-22986.yaml +++ b/cves/2021/CVE-2021-22986.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-22986 + epss-score: 0.97511 tags: bigip,cve,cve2021,rce,kev,packetstorm requests: diff --git a/cves/2021/CVE-2021-23241.yaml b/cves/2021/CVE-2021-23241.yaml index e5a8cb4784..e4975daedd 100644 --- a/cves/2021/CVE-2021-23241.yaml +++ b/cves/2021/CVE-2021-23241.yaml @@ -15,6 +15,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-23241 cwe-id: CWE-22 + epss-score: 0.00265 tags: cve,cve2021,iot,lfi,router requests: diff --git a/cves/2021/CVE-2021-24145.yaml b/cves/2021/CVE-2021-24145.yaml index 80355c5c94..cbc0f249b2 100644 --- a/cves/2021/CVE-2021-24145.yaml +++ b/cves/2021/CVE-2021-24145.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.2 cve-id: CVE-2021-24145 cwe-id: CWE-434 + cpe: cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:*:*:* + epss-score: 0.93641 metadata: verified: "true" tags: auth,wpscan,cve,wordpress,wp-plugin,wp,modern-events-calendar-lite,cve2021,rce diff --git a/cves/2021/CVE-2021-24146.yaml b/cves/2021/CVE-2021-24146.yaml index 806a8e57eb..b258abce30 100644 --- a/cves/2021/CVE-2021-24146.yaml +++ b/cves/2021/CVE-2021-24146.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24146 cwe-id: CWE-284 + cpe: cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:*:*:* + epss-score: 0.01848 tags: cve2021,wpscan,packetstorm,wordpress,wp-plugin,cve requests: diff --git a/cves/2021/CVE-2021-24150.yaml b/cves/2021/CVE-2021-24150.yaml index b4aeeb2db1..45ec6bb48e 100644 --- a/cves/2021/CVE-2021-24150.yaml +++ b/cves/2021/CVE-2021-24150.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24150 cwe-id: CWE-918 + cpe: cpe:2.3:a:likebtn-like-button_project:likebtn-like-button:*:*:*:*:*:*:*:* + epss-score: 0.02348 metadata: verified: "true" tags: cve,cve2021,wordpress,wp-plugin,wp,ssrf,wpscan,unauth,likebtn-like-button diff --git a/cves/2021/CVE-2021-24155.yaml b/cves/2021/CVE-2021-24155.yaml index 44ea4c8696..a58bd8c81d 100644 --- a/cves/2021/CVE-2021-24155.yaml +++ b/cves/2021/CVE-2021-24155.yaml @@ -10,15 +10,18 @@ info: - https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb - https://wordpress.org/plugins/backup/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24155 + - http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html remediation: Fixed in version 1.6.0. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-24155 cwe-id: CWE-434 + cpe: cpe:2.3:a:backup-guard:backup_guard:*:*:*:*:*:*:*:* + epss-score: 0.96024 metadata: verified: "true" - tags: wp-plugin,authenticated,wpscan,cve2021,rce,wordpress,cve,wp,backup + tags: authenticated,wp,packetstorm,wp-plugin,cve2021,rce,wordpress,cve,backup,wpscan requests: - raw: diff --git a/cves/2021/CVE-2021-24165.yaml b/cves/2021/CVE-2021-24165.yaml index b80bf03591..b69d81cc8b 100644 --- a/cves/2021/CVE-2021-24165.yaml +++ b/cves/2021/CVE-2021-24165.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24165 cwe-id: CWE-601 + cpe: cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve,cve2021,wordpress,redirect,wp-plugin,authenticated,wp,wpscan requests: diff --git a/cves/2021/CVE-2021-24169.yaml b/cves/2021/CVE-2021-24169.yaml index d34230fafa..9ee766eb8c 100644 --- a/cves/2021/CVE-2021-24169.yaml +++ b/cves/2021/CVE-2021-24169.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24169 cwe-id: CWE-79 + cpe: cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:*:*:* + epss-score: 0.00183 metadata: verified: "true" tags: wordpress,authenticated,wpscan,cve,cve2021,xss,wp-plugin,wp,woo-order-export-lite,edb diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml index c9dd9cfad4..4f2a7860a2 100644 --- a/cves/2021/CVE-2021-24176.yaml +++ b/cves/2021/CVE-2021-24176.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-24176 cwe-id: CWE-79 + cpe: cpe:2.3:a:jh_404_logger_project:jh_404_logger:*:*:*:*:*:*:*:* + epss-score: 0.00136 tags: cve,cve2021,wordpress,wp-plugin,xss,wpscan requests: diff --git a/cves/2021/CVE-2021-24210.yaml b/cves/2021/CVE-2021-24210.yaml index 5fcb07b1ff..a1cd862b7f 100644 --- a/cves/2021/CVE-2021-24210.yaml +++ b/cves/2021/CVE-2021-24210.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24210 cwe-id: CWE-601 + cpe: cpe:2.3:a:kiboit:phastpress:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve2021,redirect,wpscan,wordpress,cve requests: diff --git a/cves/2021/CVE-2021-24214.yaml b/cves/2021/CVE-2021-24214.yaml index cf5a0ecabd..7e3fc8a492 100644 --- a/cves/2021/CVE-2021-24214.yaml +++ b/cves/2021/CVE-2021-24214.yaml @@ -13,8 +13,10 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24214 cwe-id: CWE-79 + cpe: cpe:2.3:a:daggerhartlab:openid_connect_generic_client:*:*:*:*:*:*:*:* + epss-score: 0.00369 metadata: - verified: true + verified: "true" tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,wp,openid requests: diff --git a/cves/2021/CVE-2021-24226.yaml b/cves/2021/CVE-2021-24226.yaml index 3c60928cca..7a80e5dced 100644 --- a/cves/2021/CVE-2021-24226.yaml +++ b/cves/2021/CVE-2021-24226.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24226 cwe-id: CWE-200 + cpe: cpe:2.3:a:accessally:accessally:*:*:*:*:*:*:*:* + epss-score: 0.03501 tags: wordpress,cve,cve2021,wp-plugin,wpscan requests: diff --git a/cves/2021/CVE-2021-24227.yaml b/cves/2021/CVE-2021-24227.yaml index aab9264d04..2ec69aada0 100644 --- a/cves/2021/CVE-2021-24227.yaml +++ b/cves/2021/CVE-2021-24227.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24227 cwe-id: CWE-200 + cpe: cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:*:*:* + epss-score: 0.07007 tags: wordpress,patreon-connect,unauth,cve2021,lfi,patreon,wp,wpscan,cve requests: diff --git a/cves/2021/CVE-2021-24235.yaml b/cves/2021/CVE-2021-24235.yaml index 7f3c226224..244a129ead 100644 --- a/cves/2021/CVE-2021-24235.yaml +++ b/cves/2021/CVE-2021-24235.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24235 cwe-id: CWE-79 + cpe: cpe:2.3:a:boostifythemes:goto:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: xss,wp-theme,wpscan,cve,cve2021,wordpress requests: diff --git a/cves/2021/CVE-2021-24236.yaml b/cves/2021/CVE-2021-24236.yaml index a58e6dad7e..e8b51cc201 100644 --- a/cves/2021/CVE-2021-24236.yaml +++ b/cves/2021/CVE-2021-24236.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24236 cwe-id: CWE-434 + cpe: cpe:2.3:a:imagements_project:imagements:*:*:*:*:*:*:*:* + epss-score: 0.13683 tags: cve,wp,unauth,imagements,wpscan,cve2021,fileupload,wordpress,wp-plugin,intrusive variables: diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml index 14132c94b6..95e6e125b1 100644 --- a/cves/2021/CVE-2021-24237.yaml +++ b/cves/2021/CVE-2021-24237.yaml @@ -9,11 +9,13 @@ info: - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt - https://nvd.nist.gov/vuln/detail/CVE-2021-24237 + - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24237 cwe-id: CWE-79 + epss-score: 0.00284 tags: cve,cve2021,realteo,xss,wordpress,plugin,wpscan requests: diff --git a/cves/2021/CVE-2021-24239.yaml b/cves/2021/CVE-2021-24239.yaml index bae237196d..2b7612f840 100644 --- a/cves/2021/CVE-2021-24239.yaml +++ b/cves/2021/CVE-2021-24239.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24239 cwe-id: CWE-79 + cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:*:*:* + epss-score: 0.00116 metadata: verified: "true" tags: cve,cve2021,xss,pie-register,wp,wpscan diff --git a/cves/2021/CVE-2021-24245.yaml b/cves/2021/CVE-2021-24245.yaml index 9e7991f39e..1881341468 100644 --- a/cves/2021/CVE-2021-24245.yaml +++ b/cves/2021/CVE-2021-24245.yaml @@ -9,11 +9,14 @@ info: - https://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html - https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735 - https://nvd.nist.gov/vuln/detail/CVE-2021-24245 + - http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24245 cwe-id: CWE-79 + cpe: cpe:2.3:a:trumani:stop_spammers:*:*:*:*:*:*:*:* + epss-score: 0.00177 tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,packetstorm requests: diff --git a/cves/2021/CVE-2021-24274.yaml b/cves/2021/CVE-2021-24274.yaml index 3e73bf1e7a..b5c029982c 100644 --- a/cves/2021/CVE-2021-24274.yaml +++ b/cves/2021/CVE-2021-24274.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24274 cwe-id: CWE-79 + cpe: cpe:2.3:a:supsystic:ultimate_maps:*:*:*:*:*:*:*:* + epss-score: 0.00147 tags: wpscan,packetstorm,wordpress,cve,cve2021,wp-plugin,maps requests: diff --git a/cves/2021/CVE-2021-24275.yaml b/cves/2021/CVE-2021-24275.yaml index c6dabd986f..79df4e8aad 100644 --- a/cves/2021/CVE-2021-24275.yaml +++ b/cves/2021/CVE-2021-24275.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24275 cwe-id: CWE-79 + cpe: cpe:2.3:a:supsystic:popup:*:*:*:*:*:*:*:* + epss-score: 0.00177 tags: wpscan,packetstorm,wordpress,cve,cve2021,wp-plugin requests: diff --git a/cves/2021/CVE-2021-24276.yaml b/cves/2021/CVE-2021-24276.yaml index 7b96d87763..989940a293 100644 --- a/cves/2021/CVE-2021-24276.yaml +++ b/cves/2021/CVE-2021-24276.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24276 cwe-id: CWE-79 + cpe: cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:*:*:* + epss-score: 0.00177 tags: wordpress,cve,cve2021,wp-plugin,wpscan,packetstorm requests: diff --git a/cves/2021/CVE-2021-24278.yaml b/cves/2021/CVE-2021-24278.yaml index e1fa9ff14d..30d21594d1 100644 --- a/cves/2021/CVE-2021-24278.yaml +++ b/cves/2021/CVE-2021-24278.yaml @@ -13,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-24278 + cpe: cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:*:*:* + epss-score: 0.06962 tags: wordpress,wp-plugin,wpscan,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-24284.yaml b/cves/2021/CVE-2021-24284.yaml index 3f6dad51b2..d334588fda 100644 --- a/cves/2021/CVE-2021-24284.yaml +++ b/cves/2021/CVE-2021-24284.yaml @@ -18,6 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24284 cwe-id: CWE-434 + cpe: cpe:2.3:a:kaswara_project:kaswara:*:*:*:*:*:*:*:* + epss-score: 0.97272 tags: intrusive,unauth,fileupload,wpscan,cve,wordpress,wp-plugin,rce,cve2021,wp variables: diff --git a/cves/2021/CVE-2021-24285.yaml b/cves/2021/CVE-2021-24285.yaml index 3e9e5e7902..05bfb40e04 100644 --- a/cves/2021/CVE-2021-24285.yaml +++ b/cves/2021/CVE-2021-24285.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24285 cwe-id: CWE-89 + cpe: cpe:2.3:a:cars-seller-auto-classifieds-script_project:cars-seller-auto-classifieds-script:*:*:*:*:*:*:*:* + epss-score: 0.0813 tags: cve2021,wordpress,wp-plugin,sqli,wpscan,cve requests: diff --git a/cves/2021/CVE-2021-24287.yaml b/cves/2021/CVE-2021-24287.yaml index 76a04d1027..6a3621a8f4 100644 --- a/cves/2021/CVE-2021-24287.yaml +++ b/cves/2021/CVE-2021-24287.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24287 cwe-id: CWE-79 + cpe: cpe:2.3:a:mooveagency:select_all_categories_and_taxonomies\,_change_checkbox_to_radio_buttons:*:*:*:*:*:*:*:* + epss-score: 0.00177 metadata: verified: "true" tags: wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated,wpscan,cve2021,xss,wp-plugin,cve,wordpress,edb diff --git a/cves/2021/CVE-2021-24288.yaml b/cves/2021/CVE-2021-24288.yaml index 2ba63c208f..6c0c972f81 100644 --- a/cves/2021/CVE-2021-24288.yaml +++ b/cves/2021/CVE-2021-24288.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24288 cwe-id: CWE-601 + cpe: cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:*:*:* + epss-score: 0.0015 tags: wpscan,wordpress,cve,cve2021,redirect,wp-plugin requests: diff --git a/cves/2021/CVE-2021-24291.yaml b/cves/2021/CVE-2021-24291.yaml index 8f1b8baa62..7b4c82a6dc 100644 --- a/cves/2021/CVE-2021-24291.yaml +++ b/cves/2021/CVE-2021-24291.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24291 cwe-id: CWE-79 + cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:*:*:* + epss-score: 0.00124 tags: photo,wpscan,packetstorm,cve,cve2021,xss,wordpress,wp-plugin requests: diff --git a/cves/2021/CVE-2021-24298.yaml b/cves/2021/CVE-2021-24298.yaml index c0b67c0995..0be0c3c815 100644 --- a/cves/2021/CVE-2021-24298.yaml +++ b/cves/2021/CVE-2021-24298.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24298 cwe-id: CWE-79 + cpe: cpe:2.3:a:ibenic:simple_giveaways:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin requests: diff --git a/cves/2021/CVE-2021-24300.yaml b/cves/2021/CVE-2021-24300.yaml index 109f93ea66..1fa612a223 100644 --- a/cves/2021/CVE-2021-24300.yaml +++ b/cves/2021/CVE-2021-24300.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24300 cwe-id: CWE-79 + cpe: cpe:2.3:a:pickplugins:product_slider_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00302 tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-24316.yaml b/cves/2021/CVE-2021-24316.yaml index a08a2f007e..be51373b27 100644 --- a/cves/2021/CVE-2021-24316.yaml +++ b/cves/2021/CVE-2021-24316.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24316 cwe-id: CWE-79 + cpe: cpe:2.3:a:wowthemes:mediumish:*:*:*:*:*:*:*:* + epss-score: 0.00246 tags: cve,cve2021,mediumish,xss,wordpress,wpscan requests: diff --git a/cves/2021/CVE-2021-24320.yaml b/cves/2021/CVE-2021-24320.yaml index 97f0a00ae9..a3123fc1e0 100644 --- a/cves/2021/CVE-2021-24320.yaml +++ b/cves/2021/CVE-2021-24320.yaml @@ -4,9 +4,7 @@ info: name: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting author: daffainfo severity: medium - description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, - bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing - page. + description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing page. reference: - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb @@ -16,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24320 cwe-id: CWE-79 + cpe: cpe:2.3:a:bold-themes:bello:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve2021,wordpress,xss,wp-plugin,wpscan,cve requests: diff --git a/cves/2021/CVE-2021-24335.yaml b/cves/2021/CVE-2021-24335.yaml index 60e83be043..758544783b 100644 --- a/cves/2021/CVE-2021-24335.yaml +++ b/cves/2021/CVE-2021-24335.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24335 cwe-id: CWE-79 + cpe: cpe:2.3:a:smartdatasoft:car_repair_services_\&_auto_mechanic:*:*:*:*:*:*:*:* + epss-score: 0.00163 tags: cve,cve2021,wordpress,xss,wp-plugin,wpscan requests: diff --git a/cves/2021/CVE-2021-24340.yaml b/cves/2021/CVE-2021-24340.yaml index f7848f82d0..46cbb4466a 100644 --- a/cves/2021/CVE-2021-24340.yaml +++ b/cves/2021/CVE-2021-24340.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24340 cwe-id: CWE-89 + cpe: cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:*:*:* + epss-score: 0.03512 tags: cve,wp-plugin,unauth,wpscan,cve2021,wordpress,sqli,blind,edb requests: diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml index 08481d2f5f..81c36e0f40 100644 --- a/cves/2021/CVE-2021-24342.yaml +++ b/cves/2021/CVE-2021-24342.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24342 cwe-id: CWE-79 + cpe: cpe:2.3:a:jnews:jnews:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve2021,wordpress,xss,wp-plugin,wpscan,cve requests: diff --git a/cves/2021/CVE-2021-24347.yaml b/cves/2021/CVE-2021-24347.yaml index 007295d474..ec1ffe0fe8 100644 --- a/cves/2021/CVE-2021-24347.yaml +++ b/cves/2021/CVE-2021-24347.yaml @@ -10,15 +10,18 @@ info: - https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a - https://wordpress.org/plugins/sp-client-document-manager/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24347 + - http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html remediation: Fixed in version 4.22. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-24347 cwe-id: CWE-178 + cpe: cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:*:*:* + epss-score: 0.94776 metadata: verified: "true" - tags: wp-plugin,wp,sp-client-document-manager,authenticated,wordpress,cve2021,rce,wpscan,cve + tags: sp-client-document-manager,wpscan,cve,wp-plugin,wp,authenticated,wordpress,cve2021,rce,packetstorm requests: - raw: diff --git a/cves/2021/CVE-2021-24351.yaml b/cves/2021/CVE-2021-24351.yaml index 18d24abab2..c2a1204e89 100644 --- a/cves/2021/CVE-2021-24351.yaml +++ b/cves/2021/CVE-2021-24351.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24351 cwe-id: CWE-79 + cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:*:*:* + epss-score: 0.00145 tags: cve2021,wordpress,wp-plugin,wp,xss,the-plus-addons-for-elementor,wpscan,cve requests: diff --git a/cves/2021/CVE-2021-24358.yaml b/cves/2021/CVE-2021-24358.yaml index 281f8c6b2c..4ec9c86ecc 100644 --- a/cves/2021/CVE-2021-24358.yaml +++ b/cves/2021/CVE-2021-24358.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24358 cwe-id: CWE-601 + cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:*:*:* + epss-score: 0.00255 tags: wp,wpscan,cve,cve2021,wordpress,redirect,wp-plugin,elementor requests: diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml index a361b30189..76abc4b5d7 100644 --- a/cves/2021/CVE-2021-24364.yaml +++ b/cves/2021/CVE-2021-24364.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24364 cwe-id: CWE-79 + cpe: cpe:2.3:a:tielabs:jannah:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve,cve2021,wordpress,xss,wp-theme,wpscan requests: diff --git a/cves/2021/CVE-2021-24370.yaml b/cves/2021/CVE-2021-24370.yaml index 5f082299e1..bfd4d54320 100644 --- a/cves/2021/CVE-2021-24370.yaml +++ b/cves/2021/CVE-2021-24370.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24370 cwe-id: CWE-434,CWE-434 + cpe: cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:*:*:* + epss-score: 0.06171 metadata: google-query: inurl:“/wp-content/plugins/fancy-product-designer” tags: wordpress,wp,seclists,cve,wpscan,cve2021,rce,wp-plugin,fancyproduct diff --git a/cves/2021/CVE-2021-24387.yaml b/cves/2021/CVE-2021-24387.yaml index 53743717b6..7864ca2a5e 100644 --- a/cves/2021/CVE-2021-24387.yaml +++ b/cves/2021/CVE-2021-24387.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24387 cwe-id: CWE-79 + cpe: cpe:2.3:a:contempothemes:real_estate_7:*:*:*:*:*:*:*:* + epss-score: 0.00145 tags: cve,cve2021,xss,wordpress,wpscan requests: diff --git a/cves/2021/CVE-2021-24389.yaml b/cves/2021/CVE-2021-24389.yaml index ec9ed88d0d..3a85031db2 100644 --- a/cves/2021/CVE-2021-24389.yaml +++ b/cves/2021/CVE-2021-24389.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24389 cwe-id: CWE-79 + cpe: cpe:2.3:a:chimpgroup:foodbakery:*:*:*:*:*:*:*:* + epss-score: 0.00158 tags: cve,cve2021,wordpress,xss,wp-plugin,wpscan requests: diff --git a/cves/2021/CVE-2021-24406.yaml b/cves/2021/CVE-2021-24406.yaml index 3b3096a52c..6e4d4bee50 100644 --- a/cves/2021/CVE-2021-24406.yaml +++ b/cves/2021/CVE-2021-24406.yaml @@ -4,8 +4,7 @@ info: name: WordPress wpForo Forum < 1.9.7 - Open Redirect author: 0x_Akoko severity: medium - description: WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect - issue after a successful login. + description: WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. reference: - https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388 - https://nvd.nist.gov/vuln/detail/CVE-2021-24406 @@ -14,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24406 cwe-id: CWE-601 + cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:*:*:* + epss-score: 0.0015 tags: wpscan,wordpress,redirect,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index 35366bfbc6..c8aefe7aa2 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24407 cwe-id: CWE-79 + cpe: cpe:2.3:a:tielabs:jannah:*:*:*:*:*:*:*:* + epss-score: 0.00161 tags: cve,cve2021,wordpress,xss,wp-theme,wpscan requests: diff --git a/cves/2021/CVE-2021-24436.yaml b/cves/2021/CVE-2021-24436.yaml index 5477bf7484..e9818b8479 100644 --- a/cves/2021/CVE-2021-24436.yaml +++ b/cves/2021/CVE-2021-24436.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24436 cwe-id: CWE-79 + cpe: cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:*:*:* + epss-score: 0.001 metadata: verified: "true" tags: cve,cve2021,xss,wpscan,wordpress,wp-plugin,wp,w3-total-cache,authenticated diff --git a/cves/2021/CVE-2021-24452.yaml b/cves/2021/CVE-2021-24452.yaml index d688338525..4cb0b80e8f 100644 --- a/cves/2021/CVE-2021-24452.yaml +++ b/cves/2021/CVE-2021-24452.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise. - remediation: Fixed in version 2.1.5. reference: - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0 - https://wordpress.org/plugins/w3-total-cache/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24452 + remediation: Fixed in version 2.1.5. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24452 cwe-id: CWE-79 + cpe: cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:*:*:* + epss-score: 0.00089 metadata: verified: "true" tags: cve,cve2021,xss,wpscan,wordpress,wp-plugin,wp,w3-total-cache,auth diff --git a/cves/2021/CVE-2021-24472.yaml b/cves/2021/CVE-2021-24472.yaml index 935ae6bb31..d07e273c6e 100644 --- a/cves/2021/CVE-2021-24472.yaml +++ b/cves/2021/CVE-2021-24472.yaml @@ -13,6 +13,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24472 cwe-id: CWE-918 + epss-score: 0.01878 tags: wordpress,lfi,ssrf,oast,wpscan,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-24488.yaml b/cves/2021/CVE-2021-24488.yaml index 6ab0297b25..37586200ac 100644 --- a/cves/2021/CVE-2021-24488.yaml +++ b/cves/2021/CVE-2021-24488.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24488 cwe-id: CWE-79 + cpe: cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:*:*:* + epss-score: 0.00302 tags: authenticated,wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin requests: diff --git a/cves/2021/CVE-2021-24495.yaml b/cves/2021/CVE-2021-24495.yaml index 5205d9265c..c7bcc21c50 100644 --- a/cves/2021/CVE-2021-24495.yaml +++ b/cves/2021/CVE-2021-24495.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24495 cwe-id: CWE-79 + cpe: cpe:2.3:a:marmoset:marmoset_viewer:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: xss,wpscan,cve,cve2021,wp-plugin,wordpress requests: diff --git a/cves/2021/CVE-2021-24498.yaml b/cves/2021/CVE-2021-24498.yaml index 3d2b787f2b..dc57d22443 100644 --- a/cves/2021/CVE-2021-24498.yaml +++ b/cves/2021/CVE-2021-24498.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24498 cwe-id: CWE-79 + cpe: cpe:2.3:a:dwbooster:calendar_event_multi_view:*:*:*:*:*:*:*:* + epss-score: 0.00188 tags: cve,cve2021,xss,wordpress,wp-plugin,wpscan requests: diff --git a/cves/2021/CVE-2021-24499.yaml b/cves/2021/CVE-2021-24499.yaml index 40e23891e0..246b2ef9cb 100644 --- a/cves/2021/CVE-2021-24499.yaml +++ b/cves/2021/CVE-2021-24499.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24499 cwe-id: CWE-434 + cpe: cpe:2.3:a:amentotech:workreap:*:*:*:*:*:*:*:* + epss-score: 0.21083 tags: cve,cve2021,rce,workreap,wpscan,wordpress,wp-plugin,intrusive,wp requests: diff --git a/cves/2021/CVE-2021-24510.yaml b/cves/2021/CVE-2021-24510.yaml index 892c3a4d7f..2c60e72ec0 100644 --- a/cves/2021/CVE-2021-24510.yaml +++ b/cves/2021/CVE-2021-24510.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24510 cwe-id: CWE-79 + cpe: cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:*:*:* + epss-score: 0.00143 tags: wp-plugin,authenticated,wpscan,wordpress,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-24554.yaml b/cves/2021/CVE-2021-24554.yaml index 7eb0765e01..f10b8ddf7a 100644 --- a/cves/2021/CVE-2021-24554.yaml +++ b/cves/2021/CVE-2021-24554.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.2 cve-id: CVE-2021-24554 cwe-id: CWE-89 + cpe: cpe:2.3:a:freelancetoindia:paytm-pay:*:*:*:*:*:*:*:* + epss-score: 0.05404 metadata: verified: "true" tags: cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,cve diff --git a/cves/2021/CVE-2021-24666.yaml b/cves/2021/CVE-2021-24666.yaml index bceb20f0b9..eca58472e1 100644 --- a/cves/2021/CVE-2021-24666.yaml +++ b/cves/2021/CVE-2021-24666.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24666 cwe-id: CWE-89 + cpe: cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:*:*:* + epss-score: 0.18585 metadata: verified: "true" tags: cve2021,sqli,wordpress,wp-plugin,wp,podlove-podcasting-plugin-for-wordpress,wpscan,cve diff --git a/cves/2021/CVE-2021-24746.yaml b/cves/2021/CVE-2021-24746.yaml index 233ab09c3b..39935fc51c 100644 --- a/cves/2021/CVE-2021-24746.yaml +++ b/cves/2021/CVE-2021-24746.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24746 cwe-id: CWE-79 + cpe: cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:*:*:* + epss-score: 0.00097 metadata: google-query: inurl:"/wp-content/plugins/sassy-social-share" tags: cve,cve2021,wordpress,wp-plugin,xss,wp,wpscan diff --git a/cves/2021/CVE-2021-24750.yaml b/cves/2021/CVE-2021-24750.yaml index cd8eabe133..136a8e69eb 100644 --- a/cves/2021/CVE-2021-24750.yaml +++ b/cves/2021/CVE-2021-24750.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-24750 cwe-id: CWE-89 + cpe: cpe:2.3:a:wp_visitor_statistics_\(real_time_traffic\)_project:wp_visitor_statistics_\(real_time_traffic\):*:*:*:*:*:*:*:* + epss-score: 0.00562 tags: authenticated,wpscan,cve,cve2021,sqli,wp,wordpress,wp-plugin variables: diff --git a/cves/2021/CVE-2021-24762.yaml b/cves/2021/CVE-2021-24762.yaml index bd44c3b812..9feada7953 100644 --- a/cves/2021/CVE-2021-24762.yaml +++ b/cves/2021/CVE-2021-24762.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24762 cwe-id: CWE-89 + cpe: cpe:2.3:a:getperfectsurvey:perfect_survey:*:*:*:*:*:*:*:* + epss-score: 0.00806 tags: cve,wpscan,cve2021,sqli,wp,wordpress,wp-plugin,unauth,edb requests: diff --git a/cves/2021/CVE-2021-24827.yaml b/cves/2021/CVE-2021-24827.yaml index e2582bf98a..382aac6121 100644 --- a/cves/2021/CVE-2021-24827.yaml +++ b/cves/2021/CVE-2021-24827.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24827 cwe-id: CWE-89 + cpe: cpe:2.3:a:asgaros:asgaros_forum:*:*:*:*:*:*:*:* + epss-score: 0.01312 metadata: verified: "true" tags: cve2022,wp-plugin,asgaros-forum,unauth,wpscan,cve,wordpress,wp,sqli diff --git a/cves/2021/CVE-2021-24838.yaml b/cves/2021/CVE-2021-24838.yaml index 966af3c75b..a58eedfc98 100644 --- a/cves/2021/CVE-2021-24838.yaml +++ b/cves/2021/CVE-2021-24838.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24838 cwe-id: CWE-601 + cpe: cpe:2.3:a:bologer:anycomment:*:*:*:*:*:*:*:* + epss-score: 0.00119 metadata: verified: "true" tags: redirect,anycomment,wpscan,cve,cve2021,wordpress,wp-plugin diff --git a/cves/2021/CVE-2021-24862.yaml b/cves/2021/CVE-2021-24862.yaml index 9653ba76cf..b8b6235a67 100644 --- a/cves/2021/CVE-2021-24862.yaml +++ b/cves/2021/CVE-2021-24862.yaml @@ -10,15 +10,18 @@ info: - https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615 - https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24862 + - http://packetstormsecurity.com/files/165746/WordPress-RegistrationMagic-V-5.0.1.5-SQL-Injection.html remediation: Fixed in version 5.0.1.6. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-24862 cwe-id: CWE-89 + cpe: cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:*:*:* + epss-score: 0.54169 metadata: verified: "true" - tags: wp-plugin,cve2021,sqli,wordpress,wp,registrationmagic,authenticated,wpscan,cve + tags: wpscan,cve,wp-plugin,cve2021,wordpress,wp,registrationmagic,sqli,authenticated,packetstorm requests: - raw: diff --git a/cves/2021/CVE-2021-24875.yaml b/cves/2021/CVE-2021-24875.yaml index dfcad339d8..bc65581111 100644 --- a/cves/2021/CVE-2021-24875.yaml +++ b/cves/2021/CVE-2021-24875.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 3.0.39. reference: - https://wpscan.com/vulnerability/652efc4a-f931-4668-ae74-a58b288a5715 - https://nvd.nist.gov/vuln/detail/CVE-2021-24875 + remediation: Fixed in version 3.0.39. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24875 cwe-id: CWE-79 + cpe: cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:*:*:* + epss-score: 0.00193 metadata: verified: "true" tags: wp,authenticated,wpscan,ecommerce-product-catalog,cve,cve2022,xss,wordpress,wp-plugin diff --git a/cves/2021/CVE-2021-24891.yaml b/cves/2021/CVE-2021-24891.yaml index c312429522..da2dbc52ef 100644 --- a/cves/2021/CVE-2021-24891.yaml +++ b/cves/2021/CVE-2021-24891.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24891 cwe-id: CWE-79 + cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:*:*:* + epss-score: 0.00108 tags: wordpress,wp-plugin,elementor,wpscan,cve,cve2021,dom,xss requests: diff --git a/cves/2021/CVE-2021-24910.yaml b/cves/2021/CVE-2021-24910.yaml index 4c73531631..68b46659b6 100644 --- a/cves/2021/CVE-2021-24910.yaml +++ b/cves/2021/CVE-2021-24910.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24910 cwe-id: CWE-79 + cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: verified: "true" tags: cve2021,wordpress,wp-plugin,xss,wp,wpscan,cve diff --git a/cves/2021/CVE-2021-24917.yaml b/cves/2021/CVE-2021-24917.yaml index 8b1db86298..2f2ee5fc12 100644 --- a/cves/2021/CVE-2021-24917.yaml +++ b/cves/2021/CVE-2021-24917.yaml @@ -9,12 +9,15 @@ info: - https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24917 - https://nvd.nist.gov/vuln/detail/CVE-2021-24917 + - https://wordpress.org/support/topic/bypass-security-issue/ remediation: Fixed in version 1.9.1 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-24917 cwe-id: CWE-863 + cpe: cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:*:*:* + epss-score: 0.01446 metadata: verified: "true" tags: cve2021,wp,wordpress,wp-plugin,unauth,wpscan,cve diff --git a/cves/2021/CVE-2021-24926.yaml b/cves/2021/CVE-2021-24926.yaml index 5b5dcc743e..f18e0ac671 100644 --- a/cves/2021/CVE-2021-24926.yaml +++ b/cves/2021/CVE-2021-24926.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24926 cwe-id: CWE-79 + cpe: cpe:2.3:a:domaincheckplugin:domain_check:*:*:*:*:*:*:*:* + epss-score: 0.0017 tags: wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated requests: diff --git a/cves/2021/CVE-2021-24931.yaml b/cves/2021/CVE-2021-24931.yaml index f2eceba929..803deec15d 100644 --- a/cves/2021/CVE-2021-24931.yaml +++ b/cves/2021/CVE-2021-24931.yaml @@ -10,15 +10,18 @@ info: - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 - https://wordpress.org/plugins/secure-copy-content-protection/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24931 + - http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.html remediation: Fixed in version 2.8.2. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24931 cwe-id: CWE-89 + cpe: cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:*:*:* + epss-score: 0.02846 metadata: verified: "true" - tags: wp-plugin,unauth,wpscan,cve2021,sqli,wordpress,cve,wp,secure-copy-content-protection + tags: wp-plugin,cve,wp,packetstorm,unauth,wpscan,cve2021,sqli,wordpress,secure-copy-content-protection requests: - raw: diff --git a/cves/2021/CVE-2021-24940.yaml b/cves/2021/CVE-2021-24940.yaml index 6b0c52a02f..9584658bfa 100644 --- a/cves/2021/CVE-2021-24940.yaml +++ b/cves/2021/CVE-2021-24940.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in 5.9.8. reference: - https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f - https://nvd.nist.gov/vuln/detail/CVE-2021-24940 + remediation: Fixed in 5.9.8. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24940 cwe-id: CWE-79 + cpe: cpe:2.3:a:woocommerce:persian-woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.001 metadata: verified: "true" tags: wp,xss,authenticated,wpscan,cve,cve2021,wordpress,wp-plugin diff --git a/cves/2021/CVE-2021-24946.yaml b/cves/2021/CVE-2021-24946.yaml index f02a7cddfe..02d8d30781 100644 --- a/cves/2021/CVE-2021-24946.yaml +++ b/cves/2021/CVE-2021-24946.yaml @@ -10,14 +10,17 @@ info: - https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 - https://wordpress.org/plugins/modern-events-calendar-lite/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24946 + - http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24946 cwe-id: CWE-89 + cpe: cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:*:*:* + epss-score: 0.02157 metadata: verified: "true" - tags: wordpress,wp-plugin,wp,unauth,wpscan,cve,cve2021,sqli,modern-events-calendar-lite + tags: cve2021,sqli,packetstorm,wp,wp-plugin,unauth,wpscan,cve,modern-events-calendar-lite,wordpress requests: - raw: diff --git a/cves/2021/CVE-2021-24947.yaml b/cves/2021/CVE-2021-24947.yaml index 083865bf20..1bd4aad12f 100644 --- a/cves/2021/CVE-2021-24947.yaml +++ b/cves/2021/CVE-2021-24947.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.5 cve-id: CVE-2021-24947 cwe-id: CWE-863 + cpe: cpe:2.3:a:thinkupthemes:responsive_vector_maps:*:*:*:*:*:*:*:* + epss-score: 0.00183 tags: cve,authenticated,wpscan,cve2021,lfi,wp,wordpress,wp-plugin,lfr requests: diff --git a/cves/2021/CVE-2021-24970.yaml b/cves/2021/CVE-2021-24970.yaml index 0d741458cd..7313d1ce69 100644 --- a/cves/2021/CVE-2021-24970.yaml +++ b/cves/2021/CVE-2021-24970.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.2 cve-id: CVE-2021-24970 cwe-id: CWE-22 + cpe: cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:*:*:* + epss-score: 0.00621 metadata: verified: "true" tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,lfi,authenticated diff --git a/cves/2021/CVE-2021-24987.yaml b/cves/2021/CVE-2021-24987.yaml index 1213f8e753..4ac2b4138e 100644 --- a/cves/2021/CVE-2021-24987.yaml +++ b/cves/2021/CVE-2021-24987.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24987 cwe-id: CWE-79 + cpe: cpe:2.3:a:heateor:super_socializer:*:*:*:*:*:*:*:* + epss-score: 0.00092 tags: cve,cve2021,wpscan,xss,wp,wp-plugin,wordpress requests: diff --git a/cves/2021/CVE-2021-24991.yaml b/cves/2021/CVE-2021-24991.yaml index a8de905167..621bc4f72f 100644 --- a/cves/2021/CVE-2021-24991.yaml +++ b/cves/2021/CVE-2021-24991.yaml @@ -13,6 +13,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-24991 cwe-id: CWE-79 + cpe: cpe:2.3:a:wpovernight:woocommerce_pdf_invoices\&_packing_slips:*:*:*:*:*:*:*:* + epss-score: 0.00092 tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-24997.yaml b/cves/2021/CVE-2021-24997.yaml index 612280290b..dfc0cb8869 100644 --- a/cves/2021/CVE-2021-24997.yaml +++ b/cves/2021/CVE-2021-24997.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.5 cve-id: CVE-2021-24997 cwe-id: CWE-862 + cpe: cpe:2.3:a:wp-guppy:wp_guppy:*:*:*:*:*:*:*:* + epss-score: 0.00178 tags: wordpress,guppy,api,cve2021,cve,wp-plugin,edb,wpscan requests: diff --git a/cves/2021/CVE-2021-25003.yaml b/cves/2021/CVE-2021-25003.yaml index a1799712ef..119aea3635 100644 --- a/cves/2021/CVE-2021-25003.yaml +++ b/cves/2021/CVE-2021-25003.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-25003 cwe-id: CWE-434 + cpe: cpe:2.3:a:wptaskforce:wpcargo_track_\&_trace:*:*:*:*:*:*:*:* + epss-score: 0.65102 metadata: verified: "true" tags: rce,wpcargo,unauth,cve,cve2021,wordpress,wp,wp-plugin,wpscan diff --git a/cves/2021/CVE-2021-25008.yaml b/cves/2021/CVE-2021-25008.yaml index a3ce415928..9845b43c71 100644 --- a/cves/2021/CVE-2021-25008.yaml +++ b/cves/2021/CVE-2021-25008.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25008 cwe-id: CWE-79 + cpe: cpe:2.3:a:codesnippets:code_snippets:*:*:*:*:*:*:*:* + epss-score: 0.00119 tags: authenticated,wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin requests: diff --git a/cves/2021/CVE-2021-25028.yaml b/cves/2021/CVE-2021-25028.yaml index 6215be74a1..7dc367cef2 100644 --- a/cves/2021/CVE-2021-25028.yaml +++ b/cves/2021/CVE-2021-25028.yaml @@ -4,8 +4,7 @@ info: name: WordPress Event Tickets < 5.2.2 - Open Redirect author: dhiyaneshDk severity: medium - description: WordPress Event Tickets < 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, - leading to an arbitrary redirect issue. + description: WordPress Event Tickets < 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. reference: - https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7 - https://nvd.nist.gov/vuln/detail/CVE-2021-25028 @@ -14,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25028 cwe-id: CWE-601 + cpe: cpe:2.3:a:tri:event_tickets:*:*:*:*:*:*:*:* + epss-score: 0.00119 tags: wordpress,redirect,wp-plugin,eventtickets,wpscan,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-25033.yaml b/cves/2021/CVE-2021-25033.yaml index 5f071273dc..809b0ec366 100644 --- a/cves/2021/CVE-2021-25033.yaml +++ b/cves/2021/CVE-2021-25033.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25033 cwe-id: CWE-601 + cpe: cpe:2.3:a:noptin:noptin:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: wp,wpscan,cve,cve2021,wordpress,redirect,wp-plugin,noptin requests: diff --git a/cves/2021/CVE-2021-25052.yaml b/cves/2021/CVE-2021-25052.yaml index c836d8b9a5..4832bf440a 100644 --- a/cves/2021/CVE-2021-25052.yaml +++ b/cves/2021/CVE-2021-25052.yaml @@ -14,6 +14,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25052 cwe-id: CWE-352 + cpe: cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:*:*:* + epss-score: 0.00716 tags: wp-plugin,authenticated,wpscan,cve,cve2021,rfi,wp,wordpress requests: diff --git a/cves/2021/CVE-2021-25055.yaml b/cves/2021/CVE-2021-25055.yaml index 981b00395a..92717d430f 100644 --- a/cves/2021/CVE-2021-25055.yaml +++ b/cves/2021/CVE-2021-25055.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25055 cwe-id: CWE-79 + cpe: cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-25063.yaml b/cves/2021/CVE-2021-25063.yaml index bb9cde7acd..cf7b5dcb13 100644 --- a/cves/2021/CVE-2021-25063.yaml +++ b/cves/2021/CVE-2021-25063.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25063 cwe-id: CWE-79 + cpe: cpe:2.3:a:cf7skins:contact_form_7_skins:*:*:*:*:*:*:*:* + epss-score: 0.00119 tags: wpscan,cve,cve2021,wordpress,wp-plugin,xss,contactform,authenticated requests: diff --git a/cves/2021/CVE-2021-25067.yaml b/cves/2021/CVE-2021-25067.yaml index fbbf11d168..e079d74f7a 100644 --- a/cves/2021/CVE-2021-25067.yaml +++ b/cves/2021/CVE-2021-25067.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page. - remediation: Fixed in version 1.4.9.6. reference: - https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc - https://wordpress.org/plugins/page-builder-add/ - https://nvd.nist.gov/vuln/detail/CVE-2021-25067 + remediation: Fixed in version 1.4.9.6. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2021-25067 cwe-id: CWE-79 + cpe: cpe:2.3:a:pluginops:landing_page:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: xss,wordpress,authenticated,wpscan,cve,cve2021,wp-plugin,wp,page-builder-add diff --git a/cves/2021/CVE-2021-25074.yaml b/cves/2021/CVE-2021-25074.yaml index 30bb449f26..d79e56d52a 100644 --- a/cves/2021/CVE-2021-25074.yaml +++ b/cves/2021/CVE-2021-25074.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25074 cwe-id: CWE-601 + cpe: cpe:2.3:a:webp_converter_for_media_project:webp_converter_for_media:*:*:*:*:*:*:*:* + epss-score: 0.00119 tags: redirect,wp-plugin,webpconverter,wpscan,cve,cve2021,wordpress requests: diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 4871b7b607..08886a1caa 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -16,6 +16,8 @@ info: cvss-score: 3.5 cve-id: CVE-2021-25075 cwe-id: CWE-862 + cpe: cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:*:*:* + epss-score: 0.00094 tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,authenticated requests: diff --git a/cves/2021/CVE-2021-25085.yaml b/cves/2021/CVE-2021-25085.yaml index 250ce81d36..ece6d15eda 100644 --- a/cves/2021/CVE-2021-25085.yaml +++ b/cves/2021/CVE-2021-25085.yaml @@ -14,8 +14,10 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25085 + cpe: cpe:2.3:a:pluginus:woocommerce_products_filter:*:*:*:*:*:*:*:* + epss-score: 0.00112 metadata: - verified: true + verified: "true" tags: cve,cve2021,wordpress,wp-plugin,wp,xss,wpscan requests: diff --git a/cves/2021/CVE-2021-25099.yaml b/cves/2021/CVE-2021-25099.yaml index 54c22f9100..812417ea0e 100644 --- a/cves/2021/CVE-2021-25099.yaml +++ b/cves/2021/CVE-2021-25099.yaml @@ -10,11 +10,14 @@ info: - https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f - https://wordpress.org/plugins/give/ - https://nvd.nist.gov/vuln/detail/CVE-2021-25099 + - https://plugins.trac.wordpress.org/changeset/2659032 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25099 cwe-id: CWE-79 + cpe: cpe:2.3:a:givewp:givewp:*:*:*:*:*:*:*:* + epss-score: 0.00112 metadata: verified: "true" tags: xss,cve2021,wp,give,wordpress,cve,wp-plugin,unauth,wpscan diff --git a/cves/2021/CVE-2021-25104.yaml b/cves/2021/CVE-2021-25104.yaml index 9b75cc8d44..41e1efc3b9 100644 --- a/cves/2021/CVE-2021-25104.yaml +++ b/cves/2021/CVE-2021-25104.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25104 cwe-id: CWE-79 + cpe: cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated,wpscan,wp,ocean-extra diff --git a/cves/2021/CVE-2021-25111.yaml b/cves/2021/CVE-2021-25111.yaml index 8eb4830852..a05894ccd9 100644 --- a/cves/2021/CVE-2021-25111.yaml +++ b/cves/2021/CVE-2021-25111.yaml @@ -8,12 +8,14 @@ info: reference: - https://wpscan.com/vulnerability/af548fab-96c2-4129-b609-e24aad0b1fc4 - https://nvd.nist.gov/vuln/detail/CVE-2021-25111 - tags: cve2021,unauth,wpscan,wp-plugin,redirect,wordpress,wp,cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 + cvss-score: 6.1 cve-id: CVE-2021-25111 cwe-id: CWE-601 + cpe: cpe:2.3:a:english_wordpress_admin_project:english_wordpress_admin:*:*:*:*:*:*:*:* + epss-score: 0.00078 + tags: cve2021,unauth,wpscan,wp-plugin,redirect,wordpress,wp,cve requests: - method: GET diff --git a/cves/2021/CVE-2021-25112.yaml b/cves/2021/CVE-2021-25112.yaml index cbc99f4b6b..f696e18ee0 100644 --- a/cves/2021/CVE-2021-25112.yaml +++ b/cves/2021/CVE-2021-25112.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25112 cwe-id: CWE-79 + cpe: cpe:2.3:a:i-plugins:whmcs_bridge:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: whmcs,xss,wpscan,wordpress,wp-plugin,wp,authenticated requests: diff --git a/cves/2021/CVE-2021-25114.yaml b/cves/2021/CVE-2021-25114.yaml index cb60dac398..bac03dc8e8 100644 --- a/cves/2021/CVE-2021-25114.yaml +++ b/cves/2021/CVE-2021-25114.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-25114 cwe-id: CWE-89 + cpe: cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:*:*:* + epss-score: 0.04066 metadata: google-query: inurl:"/wp-content/plugins/paid-memberships-pro" verified: "true" diff --git a/cves/2021/CVE-2021-25118.yaml b/cves/2021/CVE-2021-25118.yaml index b82074a3bf..7bfb43d70e 100644 --- a/cves/2021/CVE-2021-25118.yaml +++ b/cves/2021/CVE-2021-25118.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-25118 cwe-id: CWE-200 + cpe: cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:*:*:* + epss-score: 0.00174 tags: wpscan,wordpress,cve2021,wp-plugin,fpd,cve,wp requests: diff --git a/cves/2021/CVE-2021-25120.yaml b/cves/2021/CVE-2021-25120.yaml index 28aa3f7856..54e01ffa11 100644 --- a/cves/2021/CVE-2021-25120.yaml +++ b/cves/2021/CVE-2021-25120.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25120 cwe-id: CWE-79 + cpe: cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:*:*:*:* + epss-score: 0.00078 tags: cve,cve2021,wordpress,wp-plugin,xss,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml index 8a2c51684d..7a2c5e4cb0 100644 --- a/cves/2021/CVE-2021-25281.yaml +++ b/cves/2021/CVE-2021-25281.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-25281 cwe-id: CWE-287 + epss-score: 0.71809 tags: cve,cve2021,saltapi,rce,saltstack,unauth requests: diff --git a/cves/2021/CVE-2021-25296.yaml b/cves/2021/CVE-2021-25296.yaml index 719be1c4f4..2807196a71 100644 --- a/cves/2021/CVE-2021-25296.yaml +++ b/cves/2021/CVE-2021-25296.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25296 cwe-id: CWE-78 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.8921 metadata: shodan-query: title:"Nagios XI" verified: "true" diff --git a/cves/2021/CVE-2021-25297.yaml b/cves/2021/CVE-2021-25297.yaml index 22ea9bc201..7d3fb7219f 100644 --- a/cves/2021/CVE-2021-25297.yaml +++ b/cves/2021/CVE-2021-25297.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25297 cwe-id: CWE-78 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.8921 metadata: shodan-query: title:"Nagios XI" verified: "true" diff --git a/cves/2021/CVE-2021-25298.yaml b/cves/2021/CVE-2021-25298.yaml index 2f94f5d5ac..4312310976 100644 --- a/cves/2021/CVE-2021-25298.yaml +++ b/cves/2021/CVE-2021-25298.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25298 cwe-id: CWE-78 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.97373 metadata: shodan-query: title:"Nagios XI" verified: "true" diff --git a/cves/2021/CVE-2021-25299.yaml b/cves/2021/CVE-2021-25299.yaml index bd86582ac7..64c63694ab 100644 --- a/cves/2021/CVE-2021-25299.yaml +++ b/cves/2021/CVE-2021-25299.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25299 cwe-id: CWE-79 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.96825 metadata: shodan-query: title:"Nagios XI" verified: "true" diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml index 0088d91273..cc2042d088 100644 --- a/cves/2021/CVE-2021-25646.yaml +++ b/cves/2021/CVE-2021-25646.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25646 cwe-id: CWE-732 + cpe: cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:* + epss-score: 0.97452 tags: cve,cve2021,apache,rce,druid requests: diff --git a/cves/2021/CVE-2021-25864.yaml b/cves/2021/CVE-2021-25864.yaml index 3784e9881b..17cfdc4f82 100644 --- a/cves/2021/CVE-2021-25864.yaml +++ b/cves/2021/CVE-2021-25864.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-25864 cwe-id: CWE-22 + cpe: cpe:2.3:a:node-red-contrib-huemagic_project:node-red-contrib-huemagic:*:*:*:*:*:*:*:* + epss-score: 0.55044 metadata: shodan-query: title:"NODE-RED" tags: cve,cve2021,huemagic,lfi diff --git a/cves/2021/CVE-2021-25899.yaml b/cves/2021/CVE-2021-25899.yaml index 320a1242c9..10cf064bb2 100644 --- a/cves/2021/CVE-2021-25899.yaml +++ b/cves/2021/CVE-2021-25899.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-25899 cwe-id: CWE-89 + cpe: cpe:2.3:a:void:aurall_rec_monitor:*:*:*:*:*:*:*:* + epss-score: 0.49532 metadata: shodan-query: html:"AURALL" tags: cve,cve2021,sqli,void,aurall diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml index 35956daca0..b5751e6b0c 100644 --- a/cves/2021/CVE-2021-26084.yaml +++ b/cves/2021/CVE-2021-26084.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-26084 cwe-id: CWE-74 + epss-score: 0.97475 metadata: shodan-query: http.component:"Atlassian Confluence" tags: cve,cve2021,rce,confluence,injection,ognl,kev diff --git a/cves/2021/CVE-2021-26085.yaml b/cves/2021/CVE-2021-26085.yaml index d0c5c959ec..c3633189ff 100644 --- a/cves/2021/CVE-2021-26085.yaml +++ b/cves/2021/CVE-2021-26085.yaml @@ -9,11 +9,13 @@ info: - https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html - https://jira.atlassian.com/browse/CONFSERVER-67893 - https://nvd.nist.gov/vuln/detail/CVE-2021-26085 + - http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-26085 cwe-id: CWE-862 + epss-score: 0.9671 metadata: shodan-query: http.component:"Atlassian Confluence" tags: kev,packetstorm,cve,cve2021,confluence,atlassian,lfi diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml index 3eba4131e7..5821ab4154 100644 --- a/cves/2021/CVE-2021-26086.yaml +++ b/cves/2021/CVE-2021-26086.yaml @@ -14,6 +14,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-26086 cwe-id: CWE-22 + epss-score: 0.94427 metadata: shodan-query: http.component:"Atlassian Jira" tags: lfi,packetstorm,cve,cve2021,jira diff --git a/cves/2021/CVE-2021-26247.yaml b/cves/2021/CVE-2021-26247.yaml index 90ad608a46..743844d97e 100644 --- a/cves/2021/CVE-2021-26247.yaml +++ b/cves/2021/CVE-2021-26247.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26247 cwe-id: CWE-79 + cpe: cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* + epss-score: 0.00218 tags: cve,cve2021,cacti,xss requests: diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index 5fb08129dd..4312ee6836 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -18,6 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-26295 cwe-id: CWE-502 + cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* + epss-score: 0.97503 metadata: shodan-query: OFBiz.Visitor= verified: "true" diff --git a/cves/2021/CVE-2021-26475.yaml b/cves/2021/CVE-2021-26475.yaml index 9a3b05f436..ea48106058 100644 --- a/cves/2021/CVE-2021-26475.yaml +++ b/cves/2021/CVE-2021-26475.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26475 cwe-id: CWE-79 + cpe: cpe:2.3:a:eprints:eprints:*:*:*:*:*:*:*:* + epss-score: 0.00145 tags: cve,cve2021,xss,eprints requests: diff --git a/cves/2021/CVE-2021-26598.yaml b/cves/2021/CVE-2021-26598.yaml index 53e5abe4a3..9520cb9afb 100644 --- a/cves/2021/CVE-2021-26598.yaml +++ b/cves/2021/CVE-2021-26598.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-26598 cwe-id: CWE-287 + cpe: cpe:2.3:a:impresscms:impresscms:*:*:*:*:*:*:*:* + epss-score: 0.00311 metadata: shodan-query: http.html:"ImpressCMS" tags: hackerone,cve,cve2021,impresscms,unauth,cms diff --git a/cves/2021/CVE-2021-26702.yaml b/cves/2021/CVE-2021-26702.yaml index a543bb5aa1..1ebe0b8f80 100644 --- a/cves/2021/CVE-2021-26702.yaml +++ b/cves/2021/CVE-2021-26702.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26702 cwe-id: CWE-79 + cpe: cpe:2.3:a:eprints:eprints:*:*:*:*:*:*:*:* + epss-score: 0.00145 tags: cve,cve2021,xss,eprints requests: diff --git a/cves/2021/CVE-2021-26710.yaml b/cves/2021/CVE-2021-26710.yaml index e1c9346116..ed0ac1e55e 100644 --- a/cves/2021/CVE-2021-26710.yaml +++ b/cves/2021/CVE-2021-26710.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26710 cwe-id: CWE-79 + cpe: cpe:2.3:a:redwood:report2web:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve,cve2021,redwood,xss requests: diff --git a/cves/2021/CVE-2021-26723.yaml b/cves/2021/CVE-2021-26723.yaml index 33fa476b73..4f10948079 100644 --- a/cves/2021/CVE-2021-26723.yaml +++ b/cves/2021/CVE-2021-26723.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26723 cwe-id: CWE-79 + cpe: cpe:2.3:a:jenzabar:jenzabar:*:*:*:*:*:*:*:* + epss-score: 0.02951 tags: packetstorm,cve,cve2021,jenzabar,xss requests: diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml index ddf8e9f797..a9c5b468ce 100644 --- a/cves/2021/CVE-2021-26812.yaml +++ b/cves/2021/CVE-2021-26812.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26812 cwe-id: CWE-79 + cpe: cpe:2.3:a:jitsi:meet:*:*:*:*:*:*:*:* + epss-score: 0.00837 tags: cve,cve2021,moodle,jitsi,xss,plugin requests: diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index a6bcde236c..56ee312adb 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-26855 + cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:* + epss-score: 0.97543 metadata: shodan-query: vuln:CVE-2021-26855 tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft,kev diff --git a/cves/2021/CVE-2021-27132.yaml b/cves/2021/CVE-2021-27132.yaml index 639239fcce..4e67666f2a 100644 --- a/cves/2021/CVE-2021-27132.yaml +++ b/cves/2021/CVE-2021-27132.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27132 cwe-id: CWE-74 + epss-score: 0.03379 tags: cve,cve2021,crlf,injection requests: diff --git a/cves/2021/CVE-2021-27309.yaml b/cves/2021/CVE-2021-27309.yaml index ddfc1caa7d..fa999cea2f 100644 --- a/cves/2021/CVE-2021-27309.yaml +++ b/cves/2021/CVE-2021-27309.yaml @@ -15,8 +15,10 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27309 cwe-id: CWE-79 + cpe: cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:* + epss-score: 0.001 metadata: - verified: true + verified: "true" tags: cve,cve2021,clansphere,xss,cms,unauth requests: diff --git a/cves/2021/CVE-2021-27310.yaml b/cves/2021/CVE-2021-27310.yaml index c393e5c50f..a9237ecc76 100644 --- a/cves/2021/CVE-2021-27310.yaml +++ b/cves/2021/CVE-2021-27310.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27310 cwe-id: CWE-79 + cpe: cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:* + epss-score: 0.001 tags: xss,cve,cve2021,clansphere requests: diff --git a/cves/2021/CVE-2021-27330.yaml b/cves/2021/CVE-2021-27330.yaml index 6c3e5a6c0f..c4ddf2fb9f 100644 --- a/cves/2021/CVE-2021-27330.yaml +++ b/cves/2021/CVE-2021-27330.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27330 cwe-id: CWE-79 + cpe: cpe:2.3:a:triconsole:datepicker_calendar:*:*:*:*:*:*:*:* + epss-score: 0.00153 metadata: google-query: intitle:TriConsole.com - PHP Calendar Date Picker verified: "true" diff --git a/cves/2021/CVE-2021-27358.yaml b/cves/2021/CVE-2021-27358.yaml index e9e3375f5f..352c1b5294 100644 --- a/cves/2021/CVE-2021-27358.yaml +++ b/cves/2021/CVE-2021-27358.yaml @@ -9,11 +9,13 @@ info: - https://phabricator.wikimedia.org/T274736 - https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ - https://nvd.nist.gov/vuln/detail/CVE-2021-27358 + - https://github.com/grafana/grafana/blob/master/CHANGELOG.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2021-27358 cwe-id: CWE-306 + epss-score: 0.02156 metadata: shodan-query: title:"Grafana" tags: cve,cve2021,grafana,unauth diff --git a/cves/2021/CVE-2021-27519.yaml b/cves/2021/CVE-2021-27519.yaml index 93e44aea56..8b2fc8167a 100644 --- a/cves/2021/CVE-2021-27519.yaml +++ b/cves/2021/CVE-2021-27519.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27519 cwe-id: CWE-79 + cpe: cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:* + epss-score: 0.00189 metadata: shodan-query: 'http.html:"Powered by: FUDforum"' verified: "true" diff --git a/cves/2021/CVE-2021-27520.yaml b/cves/2021/CVE-2021-27520.yaml index eff00e3ad0..62cd721391 100644 --- a/cves/2021/CVE-2021-27520.yaml +++ b/cves/2021/CVE-2021-27520.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27520 cwe-id: CWE-79 + cpe: cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:* + epss-score: 0.00189 metadata: shodan-query: html:"FUDforum" verified: "true" diff --git a/cves/2021/CVE-2021-27561.yaml b/cves/2021/CVE-2021-27561.yaml index 80ea67d3c3..02d843030a 100644 --- a/cves/2021/CVE-2021-27561.yaml +++ b/cves/2021/CVE-2021-27561.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27561 cwe-id: CWE-77 + cpe: cpe:2.3:a:yealink:device_management:*:*:*:*:*:*:*:* + epss-score: 0.97497 tags: cve,cve2021,rce,yealink,mirai,kev requests: diff --git a/cves/2021/CVE-2021-27651.yaml b/cves/2021/CVE-2021-27651.yaml index c8aa5ba75f..19a374e98e 100644 --- a/cves/2021/CVE-2021-27651.yaml +++ b/cves/2021/CVE-2021-27651.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27651 cwe-id: CWE-287,CWE-640 + cpe: cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:* + epss-score: 0.02303 tags: cve,cve2021,pega,auth-bypass requests: diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml index 913394f5e4..74008035f4 100644 --- a/cves/2021/CVE-2021-27850.yaml +++ b/cves/2021/CVE-2021-27850.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27850 cwe-id: CWE-502 + cpe: cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:* + epss-score: 0.97409 tags: cve,cve2021,apache,tapestry requests: diff --git a/cves/2021/CVE-2021-27905.yaml b/cves/2021/CVE-2021-27905.yaml index f854a1c72a..3772eb07f2 100644 --- a/cves/2021/CVE-2021-27905.yaml +++ b/cves/2021/CVE-2021-27905.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27905 cwe-id: CWE-918 + cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* + epss-score: 0.97371 tags: cve,cve2021,apache,solr,ssrf requests: diff --git a/cves/2021/CVE-2021-27909.yaml b/cves/2021/CVE-2021-27909.yaml index 3472fde686..172a61cf44 100644 --- a/cves/2021/CVE-2021-27909.yaml +++ b/cves/2021/CVE-2021-27909.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27909 cwe-id: CWE-79 + cpe: cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* + epss-score: 0.00094 metadata: shodan-query: title:"Mautic" verified: "true" diff --git a/cves/2021/CVE-2021-27931.yaml b/cves/2021/CVE-2021-27931.yaml index a426c5d084..b42f20467b 100644 --- a/cves/2021/CVE-2021-27931.yaml +++ b/cves/2021/CVE-2021-27931.yaml @@ -13,6 +13,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-27931 cwe-id: CWE-611 + cpe: cpe:2.3:a:lumis:lumis_experience_platform:*:*:*:*:*:*:*:* + epss-score: 0.7051 tags: cve,cve2021,lumis,xxe,oast,blind requests: diff --git a/cves/2021/CVE-2021-28149.yaml b/cves/2021/CVE-2021-28149.yaml index 7cd62c1bd9..2c18294733 100644 --- a/cves/2021/CVE-2021-28149.yaml +++ b/cves/2021/CVE-2021-28149.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.5 cve-id: CVE-2021-28149 cwe-id: CWE-22 + epss-score: 0.0527 tags: cve,cve2021,hongdian,traversal requests: diff --git a/cves/2021/CVE-2021-28150.yaml b/cves/2021/CVE-2021-28150.yaml index 8492d99929..1e4740df66 100644 --- a/cves/2021/CVE-2021-28150.yaml +++ b/cves/2021/CVE-2021-28150.yaml @@ -14,6 +14,7 @@ info: cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-20 + epss-score: 0.00339 tags: cve,cve2021,hongdian,exposure requests: diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml index 9f85a04c35..ae1435759c 100644 --- a/cves/2021/CVE-2021-28151.yaml +++ b/cves/2021/CVE-2021-28151.yaml @@ -15,6 +15,7 @@ info: cvss-score: 8.8 cve-id: CVE-2021-28151 cwe-id: CWE-78 + epss-score: 0.96982 tags: cve,cve2021,hongdian,rce,injection requests: diff --git a/cves/2021/CVE-2021-28164.yaml b/cves/2021/CVE-2021-28164.yaml index 609e6d04ce..53c3d4dd26 100644 --- a/cves/2021/CVE-2021-28164.yaml +++ b/cves/2021/CVE-2021-28164.yaml @@ -10,12 +10,14 @@ info: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 - https://github.com/vulhub/vulhub/tree/1239bca12c75630bb2033b728140ed5224dcc6d8/jetty - https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E + - http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-28164 cwe-id: CWE-200 - tags: vulhub,cve,cve2021,jetty + epss-score: 0.00869 + tags: vulhub,cve,cve2021,jetty,packetstorm requests: - method: GET diff --git a/cves/2021/CVE-2021-28169.yaml b/cves/2021/CVE-2021-28169.yaml index e5cb2e4d5f..bcccc0f45a 100644 --- a/cves/2021/CVE-2021-28169.yaml +++ b/cves/2021/CVE-2021-28169.yaml @@ -16,6 +16,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-28169 cwe-id: CWE-200 + epss-score: 0.00164 tags: cve,cve2021,jetty requests: diff --git a/cves/2021/CVE-2021-28377.yaml b/cves/2021/CVE-2021-28377.yaml index 03cc1bbced..2544cf07ab 100644 --- a/cves/2021/CVE-2021-28377.yaml +++ b/cves/2021/CVE-2021-28377.yaml @@ -13,6 +13,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-28377 cwe-id: CWE-22 + cpe: cpe:2.3:a:chronoengine:chronoforums:*:*:*:*:*:*:*:* + epss-score: 0.00099 tags: cve,cve2021,chronoforums,lfi,joomla requests: diff --git a/cves/2021/CVE-2021-28419.yaml b/cves/2021/CVE-2021-28419.yaml index 8198953bd3..f05b738069 100644 --- a/cves/2021/CVE-2021-28419.yaml +++ b/cves/2021/CVE-2021-28419.yaml @@ -10,14 +10,17 @@ info: - https://github.com/seopanel/Seo-Panel/issues/209 - https://www.seopanel.org/spdownload/4.8.0 - https://nvd.nist.gov/vuln/detail/CVE-2021-28419 + - http://packetstormsecurity.com/files/162322/SEO-Panel-4.8.0-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-28419 cwe-id: CWE-89 + cpe: cpe:2.3:a:seopanel:seo_panel:*:*:*:*:*:*:*:* + epss-score: 0.10967 metadata: verified: "true" - tags: cve,cve2021,sqli,seopanel,auth + tags: cve,cve2021,sqli,seopanel,auth,packetstorm requests: - raw: diff --git a/cves/2021/CVE-2021-28918.yaml b/cves/2021/CVE-2021-28918.yaml index 556bc8721f..f2ea71a7f1 100644 --- a/cves/2021/CVE-2021-28918.yaml +++ b/cves/2021/CVE-2021-28918.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-28918 cwe-id: CWE-20 + cpe: cpe:2.3:a:netmask_project:netmask:*:*:*:*:*:*:*:* + epss-score: 0.02374 tags: cve,cve2021,npm,netmask,ssrf,lfi requests: diff --git a/cves/2021/CVE-2021-28937.yaml b/cves/2021/CVE-2021-28937.yaml index bdf8fa2c1a..17351f71ef 100644 --- a/cves/2021/CVE-2021-28937.yaml +++ b/cves/2021/CVE-2021-28937.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-28937 cwe-id: CWE-312 + epss-score: 0.02258 tags: cve,cve2021,acexy,disclosure,iot requests: diff --git a/cves/2021/CVE-2021-29156.yaml b/cves/2021/CVE-2021-29156.yaml index 34068f721b..7d4e51d382 100644 --- a/cves/2021/CVE-2021-29156.yaml +++ b/cves/2021/CVE-2021-29156.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-29156 cwe-id: CWE-74 + cpe: cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:* + epss-score: 0.32212 metadata: shodan-query: http.title:"OpenAM" tags: cve,cve2021,openam,ldap,injection diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml index 0189e4eafb..ab072618da 100644 --- a/cves/2021/CVE-2021-29203.yaml +++ b/cves/2021/CVE-2021-29203.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-29203 cwe-id: CWE-287 + cpe: cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:* + epss-score: 0.96967 tags: hpe,cve,cve2021,bypass,tenable requests: diff --git a/cves/2021/CVE-2021-29441.yaml b/cves/2021/CVE-2021-29441.yaml index 7ff1c835a5..bfba451f3a 100644 --- a/cves/2021/CVE-2021-29441.yaml +++ b/cves/2021/CVE-2021-29441.yaml @@ -22,6 +22,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-29441 cwe-id: CWE-290 + cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:* + epss-score: 0.96926 tags: nacos,auth-bypass,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-29442.yaml b/cves/2021/CVE-2021-29442.yaml index 18472b1e65..47d80d2f21 100644 --- a/cves/2021/CVE-2021-29442.yaml +++ b/cves/2021/CVE-2021-29442.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-29442 cwe-id: CWE-306 + cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:* + epss-score: 0.97158 tags: nacos,auth-bypass,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-29484.yaml b/cves/2021/CVE-2021-29484.yaml index 78b0a64cca..2437d96367 100644 --- a/cves/2021/CVE-2021-29484.yaml +++ b/cves/2021/CVE-2021-29484.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.8 cve-id: CVE-2021-29484 cwe-id: CWE-79,CWE-79 + cpe: cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:* + epss-score: 0.01184 tags: cve,cve2021,xss,ghost requests: diff --git a/cves/2021/CVE-2021-29490.yaml b/cves/2021/CVE-2021-29490.yaml index 4dc4807161..23e5762724 100644 --- a/cves/2021/CVE-2021-29490.yaml +++ b/cves/2021/CVE-2021-29490.yaml @@ -9,15 +9,17 @@ info: reference: - https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96 - https://nvd.nist.gov/vuln/detail/CVE-2021-29490 + remediation: Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints "/Items/*/RemoteImages/Download", "/Items/RemoteSearch/Image" and "/Images/Remote". classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N cvss-score: 5.8 cve-id: CVE-2021-29490 cwe-id: CWE-918 - remediation: Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints "/Items/*/RemoteImages/Download", "/Items/RemoteSearch/Image" and "/Images/Remote". + cpe: cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:* + epss-score: 0.00137 metadata: - verified: true shodan-query: http.title:"Jellyfin" + verified: "true" tags: cve,cve2021,ssrf,jellyfin,oast requests: diff --git a/cves/2021/CVE-2021-29505.yaml b/cves/2021/CVE-2021-29505.yaml index 79c3feb217..8a5db7acfb 100644 --- a/cves/2021/CVE-2021-29505.yaml +++ b/cves/2021/CVE-2021-29505.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2021-29505 cwe-id: CWE-94,CWE-502 + epss-score: 0.02373 tags: oast,vulhub,cve,cve2021,xstream,deserialization,rce requests: - raw: diff --git a/cves/2021/CVE-2021-29622.yaml b/cves/2021/CVE-2021-29622.yaml index 1f71394bd7..c658169a1f 100644 --- a/cves/2021/CVE-2021-29622.yaml +++ b/cves/2021/CVE-2021-29622.yaml @@ -5,17 +5,19 @@ info: author: geeknik severity: medium description: Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. - remediation: The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. reference: - https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 - https://github.com/prometheus/prometheus/releases/tag/v2.26.1 - https://github.com/prometheus/prometheus/releases/tag/v2.27.1 - https://nvd.nist.gov/vuln/detail/CVE-2021-29622 + remediation: The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-29622 cwe-id: CWE-601 + cpe: cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:* + epss-score: 0.00225 tags: cve,cve2021,prometheus,redirect requests: diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml index e95886aacf..8af209b0a9 100644 --- a/cves/2021/CVE-2021-29625.yaml +++ b/cves/2021/CVE-2021-29625.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-29625 cwe-id: CWE-79 + cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* + epss-score: 0.00212 tags: cve,cve2021,adminer,xss requests: diff --git a/cves/2021/CVE-2021-3002.yaml b/cves/2021/CVE-2021-3002.yaml index 13f4e8607d..06d62b86ac 100644 --- a/cves/2021/CVE-2021-3002.yaml +++ b/cves/2021/CVE-2021-3002.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-3002 cwe-id: CWE-79 + cpe: cpe:2.3:a:seopanel:seo_panel:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: cve,cve2021,seopanel,xss requests: diff --git a/cves/2021/CVE-2021-30049.yaml b/cves/2021/CVE-2021-30049.yaml index 356dc34913..13150cd42c 100644 --- a/cves/2021/CVE-2021-30049.yaml +++ b/cves/2021/CVE-2021-30049.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30049 cwe-id: CWE-79 + cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:* + epss-score: 0.00102 tags: cve,cve2021,xss requests: diff --git a/cves/2021/CVE-2021-30128.yaml b/cves/2021/CVE-2021-30128.yaml index ee3d549580..1a8e751d16 100644 --- a/cves/2021/CVE-2021-30128.yaml +++ b/cves/2021/CVE-2021-30128.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-30128 cwe-id: CWE-502 + cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* + epss-score: 0.19251 metadata: fofa-query: app="Apache_OFBiz" verified: "true" diff --git a/cves/2021/CVE-2021-30134.yaml b/cves/2021/CVE-2021-30134.yaml index 944af48b91..448c6d5bc5 100644 --- a/cves/2021/CVE-2021-30134.yaml +++ b/cves/2021/CVE-2021-30134.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30134 cwe-id: CWE-79 + epss-score: 0.00164 metadata: google-query: inurl:"/php-curl-test/post_file_path_upload.php" verified: "true" diff --git a/cves/2021/CVE-2021-30151.yaml b/cves/2021/CVE-2021-30151.yaml index ff25ad6b7f..ad4d292cc8 100644 --- a/cves/2021/CVE-2021-30151.yaml +++ b/cves/2021/CVE-2021-30151.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30151 cwe-id: CWE-79 + epss-score: 0.00451 tags: cve,cve2021,xss,sidekiq requests: diff --git a/cves/2021/CVE-2021-3017.yaml b/cves/2021/CVE-2021-3017.yaml index 9e6f74a51a..2c7a554166 100644 --- a/cves/2021/CVE-2021-3017.yaml +++ b/cves/2021/CVE-2021-3017.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-3017 + epss-score: 0.01215 tags: cve,cve2021,exposure,router requests: diff --git a/cves/2021/CVE-2021-3019.yaml b/cves/2021/CVE-2021-3019.yaml index 68902d8672..690bc8d1d7 100644 --- a/cves/2021/CVE-2021-3019.yaml +++ b/cves/2021/CVE-2021-3019.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-3019 cwe-id: CWE-22 + cpe: cpe:2.3:a:lanproxy_project:lanproxy:*:*:*:*:*:*:*:* + epss-score: 0.01187 tags: cve,cve2021,lanproxy,lfi requests: diff --git a/cves/2021/CVE-2021-30213.yaml b/cves/2021/CVE-2021-30213.yaml index 136e5b6b3b..833c5f1acc 100644 --- a/cves/2021/CVE-2021-30213.yaml +++ b/cves/2021/CVE-2021-30213.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30213 cwe-id: CWE-79 + cpe: cpe:2.3:a:eng:knowage:*:*:*:*:*:*:*:* + epss-score: 0.001 tags: cve,cve2021,xss,knowage requests: diff --git a/cves/2021/CVE-2021-30461.yaml b/cves/2021/CVE-2021-30461.yaml index c82930105f..8b676494d6 100644 --- a/cves/2021/CVE-2021-30461.yaml +++ b/cves/2021/CVE-2021-30461.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-30461 cwe-id: CWE-94 + cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* + epss-score: 0.97099 metadata: shodan-query: http.title:"VoIPmonitor" tags: cve,cve2021,rce,voipmonitor diff --git a/cves/2021/CVE-2021-30497.yaml b/cves/2021/CVE-2021-30497.yaml index 1a53836672..17eded06ef 100644 --- a/cves/2021/CVE-2021-30497.yaml +++ b/cves/2021/CVE-2021-30497.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-30497 cwe-id: CWE-36 + cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:* + epss-score: 0.96975 tags: cve,cve2021,avalanche,traversal,lfi requests: diff --git a/cves/2021/CVE-2021-3110.yaml b/cves/2021/CVE-2021-3110.yaml index 62e21ef882..a36ac5e69e 100644 --- a/cves/2021/CVE-2021-3110.yaml +++ b/cves/2021/CVE-2021-3110.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-3110 cwe-id: CWE-89 + cpe: cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:* + epss-score: 0.95326 metadata: verified: "true" tags: cve,cve2021,sqli,prestshop,edb diff --git a/cves/2021/CVE-2021-31195.yaml b/cves/2021/CVE-2021-31195.yaml index e5d445da7f..cf83ad95b2 100644 --- a/cves/2021/CVE-2021-31195.yaml +++ b/cves/2021/CVE-2021-31195.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-31195 cwe-id: CWE-79 + cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:* + epss-score: 0.96356 metadata: shodan-query: http.title:"Outlook" tags: microsoft,exchange,owa,xss diff --git a/cves/2021/CVE-2021-31249.yaml b/cves/2021/CVE-2021-31249.yaml index 691a739a17..b05c75d5cc 100644 --- a/cves/2021/CVE-2021-31249.yaml +++ b/cves/2021/CVE-2021-31249.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2021-31249 + epss-score: 0.0042 tags: cve,cve2021,chiyu,crlf,iot requests: diff --git a/cves/2021/CVE-2021-31250.yaml b/cves/2021/CVE-2021-31250.yaml index da73dfdf6c..43ac00ecae 100644 --- a/cves/2021/CVE-2021-31250.yaml +++ b/cves/2021/CVE-2021-31250.yaml @@ -15,6 +15,7 @@ info: cvss-score: 5.4 cve-id: CVE-2021-31250 cwe-id: CWE-79 + epss-score: 0.97079 tags: cve,cve2021,chiyu,xss,iot requests: diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml index fe9b4f1397..27c12157e8 100644 --- a/cves/2021/CVE-2021-3129.yaml +++ b/cves/2021/CVE-2021-3129.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-3129 + epss-score: 0.97446 tags: cve,cve2021,laravel,rce,vulhub requests: diff --git a/cves/2021/CVE-2021-31537.yaml b/cves/2021/CVE-2021-31537.yaml index 26717b3613..fae0f879f7 100644 --- a/cves/2021/CVE-2021-31537.yaml +++ b/cves/2021/CVE-2021-31537.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31537 cwe-id: CWE-79 + cpe: cpe:2.3:a:sisinformatik:sis-rewe_go:*:*:*:*:*:*:*:* + epss-score: 0.00271 tags: cve,cve2021,xss,seclists requests: diff --git a/cves/2021/CVE-2021-31581.yaml b/cves/2021/CVE-2021-31581.yaml index 5f9af3e1f0..00007d6950 100644 --- a/cves/2021/CVE-2021-31581.yaml +++ b/cves/2021/CVE-2021-31581.yaml @@ -15,6 +15,7 @@ info: cvss-score: 4.4 cve-id: CVE-2021-31581 cwe-id: CWE-312 + epss-score: 0.00296 tags: cve,cve2021,akkadian,mariadb,disclosure requests: diff --git a/cves/2021/CVE-2021-31589.yaml b/cves/2021/CVE-2021-31589.yaml index 6d465e9212..a288518dfb 100644 --- a/cves/2021/CVE-2021-31589.yaml +++ b/cves/2021/CVE-2021-31589.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31589 cwe-id: CWE-79 + cpe: cpe:2.3:o:beyondtrust:appliance_base_software:*:*:*:*:*:*:*:* + epss-score: 0.00159 metadata: google-query: '"BeyondTrust" "Redistribution Prohibited"' shodan-query: 'set-cookie: nsbase_session' diff --git a/cves/2021/CVE-2021-31602.yaml b/cves/2021/CVE-2021-31602.yaml index d27a41531d..f90ab2c58f 100644 --- a/cves/2021/CVE-2021-31602.yaml +++ b/cves/2021/CVE-2021-31602.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-31602 cwe-id: CWE-863 + epss-score: 0.4123 metadata: shodan-query: Pentaho tags: spring,seclists,cve,cve2021,pentaho,auth-bypass diff --git a/cves/2021/CVE-2021-31682.yaml b/cves/2021/CVE-2021-31682.yaml index 8b4fb76130..5cd70f03f9 100644 --- a/cves/2021/CVE-2021-31682.yaml +++ b/cves/2021/CVE-2021-31682.yaml @@ -9,14 +9,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-31682 - https://github.com/3ndG4me/WebCTRL-OperatorLocale-Parameter-Reflected-XSS - https://www.automatedlogic.com/en/products-services/webctrl-building-automation-system/ + - http://packetstormsecurity.com/files/164707/WebCTRL-OEM-6.5-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-31682 cwe-id: CWE-79 + cpe: cpe:2.3:a:automatedlogic:webctrl:*:*:*:*:*:*:*:* + epss-score: 0.00201 metadata: shodan-query: html:"/_common/lvl5/dologin.jsp" - tags: cve,cve2021,webctrl,xss + tags: cve,cve2021,webctrl,xss,packetstorm requests: - method: GET diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml index 62c5ce19ca..c72d1efb81 100644 --- a/cves/2021/CVE-2021-31755.yaml +++ b/cves/2021/CVE-2021-31755.yaml @@ -4,8 +4,7 @@ info: name: Tenda Router AC11 - Remote Command Injection author: gy741 severity: critical - description: Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection - attacks against an affected device. + description: Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. reference: - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai @@ -15,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-31755 cwe-id: CWE-787 + epss-score: 0.96813 tags: cve,cve2021,tenda,rce,oast,router,mirai,kev requests: diff --git a/cves/2021/CVE-2021-31805.yaml b/cves/2021/CVE-2021-31805.yaml index 2394432a9e..6af716c260 100644 --- a/cves/2021/CVE-2021-31805.yaml +++ b/cves/2021/CVE-2021-31805.yaml @@ -9,12 +9,15 @@ info: - https://cwiki.apache.org/confluence/display/WW/S2-062 - https://github.com/Axx8/Struts2_S2-062_CVE-2021-31805 - https://nvd.nist.gov/vuln/detail/CVE-2021-31805 + - http://www.openwall.com/lists/oss-security/2022/04/12/6 remediation: Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade to Struts 2.5.30 or greater which checks if expression evaluation won't lead to the double evaluation. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-31805 cwe-id: CWE-917 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* + epss-score: 0.0171 tags: cve,cve2021,apache,rce,struts,struts2 requests: diff --git a/cves/2021/CVE-2021-31856.yaml b/cves/2021/CVE-2021-31856.yaml index cd02013873..bee4f0e835 100644 --- a/cves/2021/CVE-2021-31856.yaml +++ b/cves/2021/CVE-2021-31856.yaml @@ -4,8 +4,7 @@ info: name: Layer5 Meshery 0.5.2 - SQL Injection author: princechaddha severity: critical - description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns - in models/meshery_pattern_persister.go). + description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). reference: - https://github.com/ssst0n3/CVE-2021-31856 - https://nvd.nist.gov/vuln/detail/CVE-2021-31856 @@ -16,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-31856 cwe-id: CWE-89 + cpe: cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:* + epss-score: 0.07416 tags: sqli,cve,cve2021 variables: diff --git a/cves/2021/CVE-2021-31862.yaml b/cves/2021/CVE-2021-31862.yaml index 5e6170d84a..229590545a 100644 --- a/cves/2021/CVE-2021-31862.yaml +++ b/cves/2021/CVE-2021-31862.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31862 cwe-id: CWE-79 + cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:* + epss-score: 0.00166 tags: cve,cve2021,xss,sysaid requests: diff --git a/cves/2021/CVE-2021-32030.yaml b/cves/2021/CVE-2021-32030.yaml index 6dc97ac75f..881a9c8619 100644 --- a/cves/2021/CVE-2021-32030.yaml +++ b/cves/2021/CVE-2021-32030.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32030 cwe-id: CWE-287 + epss-score: 0.64459 tags: cve,cve2021,asus,auth-bypass,router requests: diff --git a/cves/2021/CVE-2021-32172.yaml b/cves/2021/CVE-2021-32172.yaml index e5bbb54bfc..6445be4f75 100644 --- a/cves/2021/CVE-2021-32172.yaml +++ b/cves/2021/CVE-2021-32172.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32172 cwe-id: CWE-862 + cpe: cpe:2.3:a:maianscriptworld:maian_cart:*:*:*:*:*:*:*:* + epss-score: 0.02314 tags: cve,cve2021,rce,unauth,maian requests: diff --git a/cves/2021/CVE-2021-3223.yaml b/cves/2021/CVE-2021-3223.yaml index 1c503afb8d..77c138691d 100644 --- a/cves/2021/CVE-2021-3223.yaml +++ b/cves/2021/CVE-2021-3223.yaml @@ -15,10 +15,12 @@ info: cvss-score: 7.5 cve-id: CVE-2021-3223 cwe-id: CWE-22 + cpe: cpe:2.3:a:nodered:node-red-dashboard:*:*:*:*:*:*:*:* + epss-score: 0.15641 metadata: - verified: true - shodan-query: title:"Node-RED" fofa-query: title="Node-RED" + shodan-query: title:"Node-RED" + verified: "true" tags: cve,cve2021,node-red-dashboard,lfi requests: diff --git a/cves/2021/CVE-2021-32305.yaml b/cves/2021/CVE-2021-32305.yaml index 6f581369b1..568489ebd3 100644 --- a/cves/2021/CVE-2021-32305.yaml +++ b/cves/2021/CVE-2021-32305.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32305 cwe-id: CWE-78 + cpe: cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:* + epss-score: 0.97279 tags: cve,cve2021,websvn,rce,oast,packetstorm requests: diff --git a/cves/2021/CVE-2021-32618.yaml b/cves/2021/CVE-2021-32618.yaml index c3f4ccb55b..b057e00855 100644 --- a/cves/2021/CVE-2021-32618.yaml +++ b/cves/2021/CVE-2021-32618.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-32618 cwe-id: CWE-601 + cpe: cpe:2.3:a:flask-security_project:flask-security:*:*:*:*:*:*:*:* + epss-score: 0.00104 tags: cve,cve2021,redirect,flask requests: diff --git a/cves/2021/CVE-2021-32682.yaml b/cves/2021/CVE-2021-32682.yaml index d5903bdecb..6fe3c85aa6 100644 --- a/cves/2021/CVE-2021-32682.yaml +++ b/cves/2021/CVE-2021-32682.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32682 cwe-id: CWE-22,CWE-78,CWE-918 + cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* + epss-score: 0.97239 metadata: github: https://github.com/Studio-42/elFinder tags: cve,cve2021,elfinder,misconfig,rce,oss diff --git a/cves/2021/CVE-2021-32789.yaml b/cves/2021/CVE-2021-32789.yaml index 0ca835d4dd..50ea2116ba 100644 --- a/cves/2021/CVE-2021-32789.yaml +++ b/cves/2021/CVE-2021-32789.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-32789 cwe-id: CWE-89 + cpe: cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:*:*:* + epss-score: 0.00935 tags: cve,cve2021,wordpress,woocommerce,sqli,wp-plugin,wp,wpscan requests: diff --git a/cves/2021/CVE-2021-32819.yaml b/cves/2021/CVE-2021-32819.yaml index 8ff5e004ad..7db373caf3 100644 --- a/cves/2021/CVE-2021-32819.yaml +++ b/cves/2021/CVE-2021-32819.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-32819 + cpe: cpe:2.3:a:squirrelly:squirrelly:*:*:*:*:*:*:*:* + epss-score: 0.95493 tags: cve,cve2021,nodejs,rce,oast requests: diff --git a/cves/2021/CVE-2021-32820.yaml b/cves/2021/CVE-2021-32820.yaml index 2fd83b092c..3f584cb972 100644 --- a/cves/2021/CVE-2021-32820.yaml +++ b/cves/2021/CVE-2021-32820.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.6 cve-id: CVE-2021-32820 cwe-id: CWE-200 + cpe: cpe:2.3:a:express_handlebars_project:express_handlebars:*:*:*:*:*:*:*:* + epss-score: 0.01001 tags: cve,cve2021,expressjs,lfi,xxe requests: diff --git a/cves/2021/CVE-2021-32853.yaml b/cves/2021/CVE-2021-32853.yaml index b30a3de2b7..aec085deff 100644 --- a/cves/2021/CVE-2021-32853.yaml +++ b/cves/2021/CVE-2021-32853.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.6 cve-id: CVE-2021-32853 cwe-id: CWE-79 + cpe: cpe:2.3:a:erxes:erxes:*:*:*:*:*:*:*:* + epss-score: 0.0103 metadata: shodan-query: http.title:"erxes" tags: cve,cve2021,xss,erxes,oss diff --git a/cves/2021/CVE-2021-3293.yaml b/cves/2021/CVE-2021-3293.yaml index e964b55ce0..85d38bf1d2 100644 --- a/cves/2021/CVE-2021-3293.yaml +++ b/cves/2021/CVE-2021-3293.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-3293 cwe-id: CWE-22 + cpe: cpe:2.3:a:emlog:emlog:*:*:*:*:*:*:*:* + epss-score: 0.00226 tags: cve,cve2021,emlog,fpd requests: diff --git a/cves/2021/CVE-2021-3297.yaml b/cves/2021/CVE-2021-3297.yaml index 499d6cf62b..bc02dbbc94 100644 --- a/cves/2021/CVE-2021-3297.yaml +++ b/cves/2021/CVE-2021-3297.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.8 cve-id: CVE-2021-3297 cwe-id: CWE-287 + epss-score: 0.19959 tags: cve,cve2021,zyxel,auth-bypass,router requests: diff --git a/cves/2021/CVE-2021-33044.yaml b/cves/2021/CVE-2021-33044.yaml index 6732351f62..1011ad825b 100644 --- a/cves/2021/CVE-2021-33044.yaml +++ b/cves/2021/CVE-2021-33044.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-33044 cwe-id: CWE-287 + epss-score: 0.0336 tags: dahua,cve,cve2021,auth-bypass,seclists requests: diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml index ea34de76d2..b2edf6c169 100644 --- a/cves/2021/CVE-2021-33221.yaml +++ b/cves/2021/CVE-2021-33221.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-33221 cwe-id: CWE-306 + cpe: cpe:2.3:a:commscope:ruckus_iot_controller:*:*:*:*:*:*:*:* + epss-score: 0.24628 tags: cve2021,commscope,ruckus,debug,service,leak,seclists,cve requests: diff --git a/cves/2021/CVE-2021-33357.yaml b/cves/2021/CVE-2021-33357.yaml index 352972c349..dd5686cf2f 100644 --- a/cves/2021/CVE-2021-33357.yaml +++ b/cves/2021/CVE-2021-33357.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-33357 cwe-id: CWE-78 + cpe: cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:* + epss-score: 0.96752 tags: cve,cve2021,rce,raspap,oast requests: diff --git a/cves/2021/CVE-2021-33544.yaml b/cves/2021/CVE-2021-33544.yaml index 46a87855dc..2044e16cfd 100644 --- a/cves/2021/CVE-2021-33544.yaml +++ b/cves/2021/CVE-2021-33544.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.2 cve-id: CVE-2021-33544 cwe-id: CWE-77 + epss-score: 0.97513 tags: cve,cve2021,geutebruck,rce,oast requests: diff --git a/cves/2021/CVE-2021-33564.yaml b/cves/2021/CVE-2021-33564.yaml index f8c09008f5..795c05f2e2 100644 --- a/cves/2021/CVE-2021-33564.yaml +++ b/cves/2021/CVE-2021-33564.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-33564 cwe-id: CWE-88 + cpe: cpe:2.3:a:dragonfly_project:dragonfly:*:*:*:*:*:*:*:* + epss-score: 0.06121 tags: cve,cve2021,rce,ruby,injection requests: diff --git a/cves/2021/CVE-2021-3374.yaml b/cves/2021/CVE-2021-3374.yaml index 21d6a8d0cb..a443847f53 100644 --- a/cves/2021/CVE-2021-3374.yaml +++ b/cves/2021/CVE-2021-3374.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-3374 cwe-id: CWE-22 + cpe: cpe:2.3:a:rstudio:shiny_server:*:*:*:*:*:*:*:* + epss-score: 0.00194 tags: cve,cve2021,rstudio,traversal requests: diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml index 5f9932809c..93c309f235 100644 --- a/cves/2021/CVE-2021-3377.yaml +++ b/cves/2021/CVE-2021-3377.yaml @@ -9,12 +9,14 @@ info: - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 - https://nvd.nist.gov/vuln/detail/CVE-2021-3377 + remediation: Upgrade to v5.0.0 or later. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-3377 cwe-id: CWE-79 - remediation: Upgrade to v5.0.0 or later. + cpe: cpe:2.3:a:ansi_up_project:ansi_up:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve,cve2021,xss,npm requests: diff --git a/cves/2021/CVE-2021-3378.yaml b/cves/2021/CVE-2021-3378.yaml index c9041b5d63..6698b3088b 100644 --- a/cves/2021/CVE-2021-3378.yaml +++ b/cves/2021/CVE-2021-3378.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-3378 cwe-id: CWE-434 + cpe: cpe:2.3:a:fortilogger:fortilogger:*:*:*:*:*:*:*:* + epss-score: 0.19666 tags: fortilogger,fortigate,fortinet,packetstorm,cve,cve2021,fileupload,intrusive requests: diff --git a/cves/2021/CVE-2021-33807.yaml b/cves/2021/CVE-2021-33807.yaml index 81205640f3..660b21da8f 100644 --- a/cves/2021/CVE-2021-33807.yaml +++ b/cves/2021/CVE-2021-33807.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-33807 cwe-id: CWE-22 + cpe: cpe:2.3:a:gespage:gespage:*:*:*:*:*:*:*:* + epss-score: 0.02214 tags: cve,cve2021,lfi,gespage requests: diff --git a/cves/2021/CVE-2021-33851.yaml b/cves/2021/CVE-2021-33851.yaml index 8022781c06..885f464dc1 100644 --- a/cves/2021/CVE-2021-33851.yaml +++ b/cves/2021/CVE-2021-33851.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-33851 cwe-id: CWE-79 + cpe: cpe:2.3:a:apasionados:customize_login_image:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: wpscan,cve2021,wordpress,customize-login-image,wp,authenticated,cve,wp-plugin,xss diff --git a/cves/2021/CVE-2021-33904.yaml b/cves/2021/CVE-2021-33904.yaml index 1f6531393d..4a3955af1e 100644 --- a/cves/2021/CVE-2021-33904.yaml +++ b/cves/2021/CVE-2021-33904.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-33904 cwe-id: CWE-79 + cpe: cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:* + epss-score: 0.00152 tags: cve2021,accela,xss,edb,packetstorm,cve requests: diff --git a/cves/2021/CVE-2021-34370.yaml b/cves/2021/CVE-2021-34370.yaml index ce3d29a587..b33d136573 100644 --- a/cves/2021/CVE-2021-34370.yaml +++ b/cves/2021/CVE-2021-34370.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-34370 cwe-id: CWE-79 + cpe: cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:* + epss-score: 0.00183 tags: xss,redirect,cve,cve2021,accela,edb requests: diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml index 50935fbd47..2304bf8c3c 100644 --- a/cves/2021/CVE-2021-34429.yaml +++ b/cves/2021/CVE-2021-34429.yaml @@ -15,6 +15,7 @@ info: cvss-score: 5.3 cve-id: CVE-2021-34429 cwe-id: CWE-200 + epss-score: 0.88034 tags: cve,cve2021,jetty requests: diff --git a/cves/2021/CVE-2021-34473.yaml b/cves/2021/CVE-2021-34473.yaml index 0790f9001c..f85a824de1 100644 --- a/cves/2021/CVE-2021-34473.yaml +++ b/cves/2021/CVE-2021-34473.yaml @@ -16,6 +16,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-34473 + cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:* + epss-score: 0.97375 tags: cve,cve2021,ssrf,rce,exchange,kev requests: diff --git a/cves/2021/CVE-2021-34621.yaml b/cves/2021/CVE-2021-34621.yaml index 60594dba07..f0f59be9e8 100644 --- a/cves/2021/CVE-2021-34621.yaml +++ b/cves/2021/CVE-2021-34621.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-34621 cwe-id: CWE-269 + cpe: cpe:2.3:a:profilepress:profilepress:*:*:*:*:*:*:*:* + epss-score: 0.79769 tags: wordpress,wp-plugin,packetstorm,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-34640.yaml b/cves/2021/CVE-2021-34640.yaml index 671821477a..3b61d9e7ae 100644 --- a/cves/2021/CVE-2021-34640.yaml +++ b/cves/2021/CVE-2021-34640.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-34640 cwe-id: CWE-79 + cpe: cpe:2.3:a:securimage-wp-fixed_project:securimage-wp-fixed:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: wpscan,wordpress,cve,cve2021,wp-plugin,authenticated requests: diff --git a/cves/2021/CVE-2021-34643.yaml b/cves/2021/CVE-2021-34643.yaml index 6210fa2c8d..5148dbff92 100644 --- a/cves/2021/CVE-2021-34643.yaml +++ b/cves/2021/CVE-2021-34643.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-34643 cwe-id: CWE-79 + cpe: cpe:2.3:a:skaut-bazar_project:skaut-bazar:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: wpscan,wordpress,cve,cve2021,wp-plugin,authenticated requests: diff --git a/cves/2021/CVE-2021-34805.yaml b/cves/2021/CVE-2021-34805.yaml index 255b5c9aaa..db121a77c1 100644 --- a/cves/2021/CVE-2021-34805.yaml +++ b/cves/2021/CVE-2021-34805.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-34805 cwe-id: CWE-22 + cpe: cpe:2.3:a:land-software:faust_iserver:*:*:*:*:*:*:*:* + epss-score: 0.01163 tags: lfi,packetstorm,cve,cve2021,faust,iserver requests: diff --git a/cves/2021/CVE-2021-35265.yaml b/cves/2021/CVE-2021-35265.yaml index b60202d0af..a7c135ff1a 100644 --- a/cves/2021/CVE-2021-35265.yaml +++ b/cves/2021/CVE-2021-35265.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-35265 cwe-id: CWE-79 + cpe: cpe:2.3:a:maxsite:maxsite_cms:*:*:*:*:*:*:*:* + epss-score: 0.00127 tags: cve,cve2021,maxsite,xss requests: diff --git a/cves/2021/CVE-2021-35336.yaml b/cves/2021/CVE-2021-35336.yaml index 5343cd943a..5708677c2b 100644 --- a/cves/2021/CVE-2021-35336.yaml +++ b/cves/2021/CVE-2021-35336.yaml @@ -13,6 +13,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-35336 cwe-id: CWE-863 + epss-score: 0.05836 tags: cve,cve2021,tieline,default-login requests: diff --git a/cves/2021/CVE-2021-35380.yaml b/cves/2021/CVE-2021-35380.yaml index f417f382fc..2c9a09f5ac 100644 --- a/cves/2021/CVE-2021-35380.yaml +++ b/cves/2021/CVE-2021-35380.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-35380 cwe-id: CWE-22 + cpe: cpe:2.3:a:solari:termtalk_server:*:*:*:*:*:*:*:* + epss-score: 0.05301 tags: cve,cve2021,termtalk,lfi,unauth,lfr,edb requests: diff --git a/cves/2021/CVE-2021-35464.yaml b/cves/2021/CVE-2021-35464.yaml index 157369db7b..a5b00a89cd 100644 --- a/cves/2021/CVE-2021-35464.yaml +++ b/cves/2021/CVE-2021-35464.yaml @@ -19,6 +19,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-35464 cwe-id: CWE-502 + epss-score: 0.97391 metadata: shodan-query: http.title:"OpenAM" tags: cve,cve2021,openam,rce,java,kev,cisa,packetstorm diff --git a/cves/2021/CVE-2021-35488.yaml b/cves/2021/CVE-2021-35488.yaml index 7f2146bdea..2f1b335049 100644 --- a/cves/2021/CVE-2021-35488.yaml +++ b/cves/2021/CVE-2021-35488.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-35488 cwe-id: CWE-79 + cpe: cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:* + epss-score: 0.00128 metadata: shodan-query: http.html:"Thruk" verified: "true" diff --git a/cves/2021/CVE-2021-35587.yaml b/cves/2021/CVE-2021-35587.yaml index 1ca9fa3b33..785eb3b611 100644 --- a/cves/2021/CVE-2021-35587.yaml +++ b/cves/2021/CVE-2021-35587.yaml @@ -15,10 +15,12 @@ info: cvss-score: 9.8 cve-id: CVE-2021-35587 cwe-id: CWE-502 + cpe: cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:* + epss-score: 0.97166 metadata: - verified: true fofa-query: body="/oam/pages/css/login_page.css" shodan-query: http.title:"Oracle Access Management" + verified: "true" tags: cve,cve2021,oam,rce,java,unauth,oracle,kev requests: diff --git a/cves/2021/CVE-2021-3577.yaml b/cves/2021/CVE-2021-3577.yaml index 847fcdb13b..28d7e882b4 100644 --- a/cves/2021/CVE-2021-3577.yaml +++ b/cves/2021/CVE-2021-3577.yaml @@ -14,6 +14,7 @@ info: cvss-score: 8.8 cve-id: CVE-2021-3577 cwe-id: CWE-863 + epss-score: 0.97261 tags: cve,cve2021,rce,oast,motorola,iot requests: diff --git a/cves/2021/CVE-2021-36260.yaml b/cves/2021/CVE-2021-36260.yaml index 3d613c09a1..fd2063730d 100644 --- a/cves/2021/CVE-2021-36260.yaml +++ b/cves/2021/CVE-2021-36260.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36260 cwe-id: CWE-77,CWE-20 + epss-score: 0.97495 metadata: shodan-query: http.favicon.hash:999357577 tags: cve,cve2021,hikvision,rce,iot,intrusive,kev diff --git a/cves/2021/CVE-2021-36356.yaml b/cves/2021/CVE-2021-36356.yaml index d883e92563..918c1a0b11 100644 --- a/cves/2021/CVE-2021-36356.yaml +++ b/cves/2021/CVE-2021-36356.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36356 cwe-id: CWE-434 + cpe: cpe:2.3:a:kramerav:viaware:*:*:*:*:*:*:*:* + epss-score: 0.94172 tags: viaware,cve,cve2021,kramer,edb,rce variables: diff --git a/cves/2021/CVE-2021-36380.yaml b/cves/2021/CVE-2021-36380.yaml index b1d6a7938b..ffff6c7fb6 100644 --- a/cves/2021/CVE-2021-36380.yaml +++ b/cves/2021/CVE-2021-36380.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36380 cwe-id: CWE-78 + cpe: cpe:2.3:a:sunhillo:sureline:*:*:*:*:*:*:*:* + epss-score: 0.97044 tags: cve,cve2021,sureline,rce,oast requests: diff --git a/cves/2021/CVE-2021-36450.yaml b/cves/2021/CVE-2021-36450.yaml index 5b869877e6..478c93aeda 100644 --- a/cves/2021/CVE-2021-36450.yaml +++ b/cves/2021/CVE-2021-36450.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-36450 cwe-id: CWE-79 + cpe: cpe:2.3:a:verint:workforce_optimization:*:*:*:*:*:*:*:* + epss-score: 0.00284 metadata: shodan-query: title:"Verint Sign-in" verified: "true" diff --git a/cves/2021/CVE-2021-3654.yaml b/cves/2021/CVE-2021-3654.yaml index 4d2abfe3aa..da5791e332 100644 --- a/cves/2021/CVE-2021-3654.yaml +++ b/cves/2021/CVE-2021-3654.yaml @@ -16,6 +16,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-3654 cwe-id: CWE-601 + epss-score: 0.9603 tags: redirect,novnc,cve,cve2021,seclists requests: diff --git a/cves/2021/CVE-2021-36748.yaml b/cves/2021/CVE-2021-36748.yaml index f8776c3c8a..7639c381b5 100644 --- a/cves/2021/CVE-2021-36748.yaml +++ b/cves/2021/CVE-2021-36748.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-36748 cwe-id: CWE-89 + cpe: cpe:2.3:a:prestahome:blog:*:*:*:*:*:*:*:* + epss-score: 0.00764 tags: cve,cve2021,prestashop,prestahome,sqli,cms requests: diff --git a/cves/2021/CVE-2021-36749.yaml b/cves/2021/CVE-2021-36749.yaml index 28545da8bb..12fa37f559 100644 --- a/cves/2021/CVE-2021-36749.yaml +++ b/cves/2021/CVE-2021-36749.yaml @@ -9,11 +9,14 @@ info: - https://github.com/BrucessKING/CVE-2021-36749 - https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2021-36749 + - https://lists.apache.org/thread.html/r304dfe56a5dfe1b2d9166b24d2c74ad1c6730338b20aef77a00ed2be@%3Cannounce.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-36749 cwe-id: CWE-668 + cpe: cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:* + epss-score: 0.96979 tags: cve,cve2021,apache,lfi,auth-bypass,druid requests: diff --git a/cves/2021/CVE-2021-36873.yaml b/cves/2021/CVE-2021-36873.yaml index 447b33a1a0..f563299d34 100644 --- a/cves/2021/CVE-2021-36873.yaml +++ b/cves/2021/CVE-2021-36873.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-36873 cwe-id: CWE-79 + cpe: cpe:2.3:a:webence:iq_block_country:*:*:*:*:*:*:*:* + epss-score: 0.00151 metadata: verified: "true" tags: cve,wp-plugin,iq-block-country,cve2021,wordpress,wp,xss,authenticated,wpscan diff --git a/cves/2021/CVE-2021-37216.yaml b/cves/2021/CVE-2021-37216.yaml index 28221d2bdd..6a698ae3c1 100644 --- a/cves/2021/CVE-2021-37216.yaml +++ b/cves/2021/CVE-2021-37216.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-37216 cwe-id: CWE-79 + epss-score: 0.00106 tags: cve,cve2021,xss,qsan,storage requests: diff --git a/cves/2021/CVE-2021-37416.yaml b/cves/2021/CVE-2021-37416.yaml index 16c783a632..eda0731f62 100644 --- a/cves/2021/CVE-2021-37416.yaml +++ b/cves/2021/CVE-2021-37416.yaml @@ -9,15 +9,17 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416 - https://blog.stmcyber.com/vulns/cve-2021-37416/ - https://nvd.nist.gov/vuln/detail/CVE-2021-37416 - tags: cve,cve2021,zoho,xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-37416 cwe-id: CWE-79 + cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* + epss-score: 0.00118 metadata: shodan-query: http.title:"ManageEngine" - verified: true + verified: "true" + tags: cve,cve2021,zoho,xss requests: - method: GET diff --git a/cves/2021/CVE-2021-37538.yaml b/cves/2021/CVE-2021-37538.yaml index 39ca5a1721..1333894e4a 100644 --- a/cves/2021/CVE-2021-37538.yaml +++ b/cves/2021/CVE-2021-37538.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-37538 cwe-id: CWE-89 + cpe: cpe:2.3:a:smartdatasoft:smartblog:*:*:*:*:*:*:*:* + epss-score: 0.0156 tags: cve,cve2021,prestashop,smartblog,sqli requests: diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml index a94a5f346a..62436ab29d 100644 --- a/cves/2021/CVE-2021-37573.yaml +++ b/cves/2021/CVE-2021-37573.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-37573 cwe-id: CWE-79 + cpe: cpe:2.3:a:tiny_java_web_server_project:tiny_java_web_server:*:*:*:*:*:*:*:* + epss-score: 0.0043 tags: cve,cve2021,xss,tjws,java,seclists requests: diff --git a/cves/2021/CVE-2021-37580.yaml b/cves/2021/CVE-2021-37580.yaml index 93830671c7..14e1bb75e6 100644 --- a/cves/2021/CVE-2021-37580.yaml +++ b/cves/2021/CVE-2021-37580.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-37580 cwe-id: CWE-287 + cpe: cpe:2.3:a:apache:shenyu:*:*:*:*:*:*:*:* + epss-score: 0.93 tags: cve,cve2021,apache,jwt,shenyu requests: diff --git a/cves/2021/CVE-2021-37589.yaml b/cves/2021/CVE-2021-37589.yaml index b735f46aaf..442413f4a6 100644 --- a/cves/2021/CVE-2021-37589.yaml +++ b/cves/2021/CVE-2021-37589.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-37589 cwe-id: CWE-89 + cpe: cpe:2.3:a:virtuasoftware:cobranca:*:*:*:*:*:*:*:* + epss-score: 0.00358 metadata: shodan-query: http.favicon.hash:876876147 verified: "true" diff --git a/cves/2021/CVE-2021-37704.yaml b/cves/2021/CVE-2021-37704.yaml index c5f5f6eb0f..6cc0292e06 100644 --- a/cves/2021/CVE-2021-37704.yaml +++ b/cves/2021/CVE-2021-37704.yaml @@ -15,6 +15,8 @@ info: cvss-score: 4.3 cve-id: CVE-2021-37704 cwe-id: CWE-668 + cpe: cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:* + epss-score: 0.00282 tags: cve,cve2021,exposure,phpfastcache,phpinfo,phpsocialnetwork requests: diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml index d4af2272cc..6f7793341a 100644 --- a/cves/2021/CVE-2021-37833.yaml +++ b/cves/2021/CVE-2021-37833.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-37833 cwe-id: CWE-79 + cpe: cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:* + epss-score: 0.0009 tags: cve,cve2021,hoteldruid,xss requests: diff --git a/cves/2021/CVE-2021-38314.yaml b/cves/2021/CVE-2021-38314.yaml index 9f1a2d8b75..6516693191 100644 --- a/cves/2021/CVE-2021-38314.yaml +++ b/cves/2021/CVE-2021-38314.yaml @@ -4,10 +4,7 @@ info: name: Redux Framework - Unauthenticated Sensitive Information Disclosure author: meme-lord severity: medium - description: The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` - that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known - salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site's `AUTH_KEY` concatenated with the - `SECURE_AUTH_KEY`. + description: The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site's `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. reference: - https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/ - https://wahaz.medium.com/unauthenticated-sensitive-information-disclosure-at-redacted-2702224098c @@ -16,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-38314 + cpe: cpe:2.3:a:redux:gutenberg_template_library_\&_redux_framework:*:*:*:*:*:*:*:* + epss-score: 0.00162 tags: cve,cve2021,wordpress,wp-plugin requests: diff --git a/cves/2021/CVE-2021-38540.yaml b/cves/2021/CVE-2021-38540.yaml index fdfcf67e22..60c5a3d113 100644 --- a/cves/2021/CVE-2021-38540.yaml +++ b/cves/2021/CVE-2021-38540.yaml @@ -15,9 +15,11 @@ info: cvss-score: 9.8 cve-id: CVE-2021-38540 cwe-id: CWE-306 + cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* + epss-score: 0.00928 metadata: - verified: true shodan-query: title:"Sign In - Airflow" + verified: "true" tags: cve,cve2021,apache,airflow,rce requests: diff --git a/cves/2021/CVE-2021-38647.yaml b/cves/2021/CVE-2021-38647.yaml index 1e06ae5615..36192162fc 100644 --- a/cves/2021/CVE-2021-38647.yaml +++ b/cves/2021/CVE-2021-38647.yaml @@ -16,6 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-38647 + epss-score: 0.97486 tags: cve,cve2021,rce,omi,microsoft,kev requests: diff --git a/cves/2021/CVE-2021-38702.yaml b/cves/2021/CVE-2021-38702.yaml index 963ec25c42..7d42d37b2a 100644 --- a/cves/2021/CVE-2021-38702.yaml +++ b/cves/2021/CVE-2021-38702.yaml @@ -9,12 +9,14 @@ info: - https://seclists.org/fulldisclosure/2021/Aug/20 - https://nvd.nist.gov/vuln/detail/CVE-2021-38702 - http://www.cyberoamworks.com/NetGenie-Home.asp + - http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-38702 cwe-id: CWE-79 - tags: cve2021,cyberoam,netgenie,xss,router,seclists,cve + epss-score: 0.0057 + tags: cyberoam,netgenie,xss,router,seclists,cve,packetstorm,cve2021 requests: - method: GET diff --git a/cves/2021/CVE-2021-38704.yaml b/cves/2021/CVE-2021-38704.yaml index 2604758623..f3c866259a 100644 --- a/cves/2021/CVE-2021-38704.yaml +++ b/cves/2021/CVE-2021-38704.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-38704 cwe-id: CWE-79 + cpe: cpe:2.3:a:cliniccases:cliniccases:*:*:*:*:*:*:*:* + epss-score: 0.00141 metadata: shodan-query: http.title:"ClinicCases",html:"/cliniccases/" tags: xss,cve,cve2021,cliniccases diff --git a/cves/2021/CVE-2021-38751.yaml b/cves/2021/CVE-2021-38751.yaml index 6eeae88d11..43d3382ad3 100644 --- a/cves/2021/CVE-2021-38751.yaml +++ b/cves/2021/CVE-2021-38751.yaml @@ -4,8 +4,7 @@ info: name: ExponentCMS <= 2.6 - Host Header Injection author: dwisiswant0 severity: medium - description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack - vector for MITM. + description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-38751 - https://github.com/exponentcms/exponent-cms/issues/1544 @@ -15,6 +14,8 @@ info: cvss-score: 4.3 cve-id: CVE-2021-38751 cwe-id: CWE-116 + cpe: cpe:2.3:a:exponentcms:exponentcms:*:*:*:*:*:*:*:* + epss-score: 0.00215 tags: cve,cve2021,exponentcms requests: diff --git a/cves/2021/CVE-2021-39141.yaml b/cves/2021/CVE-2021-39141.yaml index ba78c55ee7..59a90f572d 100644 --- a/cves/2021/CVE-2021-39141.yaml +++ b/cves/2021/CVE-2021-39141.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39141 cwe-id: CWE-502,CWE-434 + epss-score: 0.11231 tags: cve,cve2021,xstream,deserialization,rce requests: diff --git a/cves/2021/CVE-2021-39144.yaml b/cves/2021/CVE-2021-39144.yaml index 78596fab1b..5cd9b4a0a2 100644 --- a/cves/2021/CVE-2021-39144.yaml +++ b/cves/2021/CVE-2021-39144.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39144 cwe-id: CWE-94,CWE-502 + epss-score: 0.97284 tags: cve,cve2021,xstream,deserialization,rce,kev requests: diff --git a/cves/2021/CVE-2021-39146.yaml b/cves/2021/CVE-2021-39146.yaml index d0dfd1e047..2b929feca0 100644 --- a/cves/2021/CVE-2021-39146.yaml +++ b/cves/2021/CVE-2021-39146.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39146 cwe-id: CWE-502,CWE-434 + epss-score: 0.12475 tags: cve,cve2021,xstream,deserialization,rce requests: diff --git a/cves/2021/CVE-2021-39152.yaml b/cves/2021/CVE-2021-39152.yaml index 46b7db9d15..e46ee10e55 100644 --- a/cves/2021/CVE-2021-39152.yaml +++ b/cves/2021/CVE-2021-39152.yaml @@ -15,6 +15,7 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39152 cwe-id: CWE-918,CWE-502 + epss-score: 0.00612 tags: cve,cve2021,xstream,ssrf,oast requests: diff --git a/cves/2021/CVE-2021-39211.yaml b/cves/2021/CVE-2021-39211.yaml index 482d40423b..2020adfa9f 100644 --- a/cves/2021/CVE-2021-39211.yaml +++ b/cves/2021/CVE-2021-39211.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-39211 cwe-id: CWE-668,CWE-200 + cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* + epss-score: 0.00253 tags: cve,cve2021,glpi,exposure requests: diff --git a/cves/2021/CVE-2021-39226.yaml b/cves/2021/CVE-2021-39226.yaml index 771dc8be3c..d91a9777ef 100644 --- a/cves/2021/CVE-2021-39226.yaml +++ b/cves/2021/CVE-2021-39226.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.3 cve-id: CVE-2021-39226 cwe-id: CWE-287 + epss-score: 0.97325 metadata: shodan-query: title:"Grafana" tags: cve,cve2021,grafana,kev diff --git a/cves/2021/CVE-2021-39312.yaml b/cves/2021/CVE-2021-39312.yaml index 15ebd64523..59ced24467 100644 --- a/cves/2021/CVE-2021-39312.yaml +++ b/cves/2021/CVE-2021-39312.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-39312 cwe-id: CWE-22,CWE-22 + cpe: cpe:2.3:a:trueranker:true_ranker:*:*:*:*:*:*:*:* + epss-score: 0.02591 tags: unauth,lfr,wpscan,cve,cve2021,wp-plugin,lfi,wp,wordpress requests: diff --git a/cves/2021/CVE-2021-39316.yaml b/cves/2021/CVE-2021-39316.yaml index 661f565538..656ff70b42 100644 --- a/cves/2021/CVE-2021-39316.yaml +++ b/cves/2021/CVE-2021-39316.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-39316 cwe-id: CWE-22 + cpe: cpe:2.3:a:digitalzoomstudio:zoomsounds:*:*:*:*:*:*:*:* + epss-score: 0.42316 tags: wordpress,wp-plugin,zoomsounds,wpscan,packetstorm,cve,wp,cve2021,lfi requests: diff --git a/cves/2021/CVE-2021-39320.yaml b/cves/2021/CVE-2021-39320.yaml index 6d36f1e429..4d46227647 100644 --- a/cves/2021/CVE-2021-39320.yaml +++ b/cves/2021/CVE-2021-39320.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39320 cwe-id: CWE-79 + cpe: cpe:2.3:a:underconstruction_project:underconstruction:*:*:*:*:*:*:*:* + epss-score: 0.0021 metadata: verified: "true" tags: cve,cve2021,wp-plugin,wpscan,wordpress,wp,xss,authenticated diff --git a/cves/2021/CVE-2021-39322.yaml b/cves/2021/CVE-2021-39322.yaml index cfa84f8dad..cc05812816 100644 --- a/cves/2021/CVE-2021-39322.yaml +++ b/cves/2021/CVE-2021-39322.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39322 cwe-id: CWE-79 + cpe: cpe:2.3:a:cybernetikz:easy_social_icons:*:*:*:*:*:*:*:* + epss-score: 0.00234 tags: wordpress,cve,cve2021,wp-plugin,authenticated,wpscan requests: diff --git a/cves/2021/CVE-2021-39327.yaml b/cves/2021/CVE-2021-39327.yaml index 4f63002f43..bacc8d0f96 100644 --- a/cves/2021/CVE-2021-39327.yaml +++ b/cves/2021/CVE-2021-39327.yaml @@ -9,11 +9,14 @@ info: - https://packetstormsecurity.com/files/164420/wpbulletproofsecurity51-disclose.txt - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327 - https://nvd.nist.gov/vuln/detail/CVE-2021-39327 + - http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-39327 cwe-id: CWE-200 + cpe: cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:*:*:* + epss-score: 0.09024 tags: exposure,packetstorm,cve,cve2021,wordpress requests: diff --git a/cves/2021/CVE-2021-39350.yaml b/cves/2021/CVE-2021-39350.yaml index 59733c6f05..073e1c9eb2 100644 --- a/cves/2021/CVE-2021-39350.yaml +++ b/cves/2021/CVE-2021-39350.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39350 cwe-id: CWE-79 + cpe: cpe:2.3:a:foliovision:fv_flowplayer_video_player:*:*:*:*:*:*:*:* + epss-score: 0.00139 tags: wpscan,cve,cve2021,wordpress,xss,wp,wp-plugin,authenticated requests: diff --git a/cves/2021/CVE-2021-39433.yaml b/cves/2021/CVE-2021-39433.yaml index bbc07f241b..7f414c98a8 100644 --- a/cves/2021/CVE-2021-39433.yaml +++ b/cves/2021/CVE-2021-39433.yaml @@ -13,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-39433 + cpe: cpe:2.3:a:biqs:biqsdrive:*:*:*:*:*:*:*:* + epss-score: 0.00482 tags: lfi,biqsdrive,cve,cve2021 requests: diff --git a/cves/2021/CVE-2021-39501.yaml b/cves/2021/CVE-2021-39501.yaml index 2730857af7..fcb0cad0ed 100644 --- a/cves/2021/CVE-2021-39501.yaml +++ b/cves/2021/CVE-2021-39501.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39501 cwe-id: CWE-601 + cpe: cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:* + epss-score: 0.00116 tags: cve,cve2021,redirect,eyoucms,cms requests: diff --git a/cves/2021/CVE-2021-40149.yaml b/cves/2021/CVE-2021-40149.yaml index 9d9700aaaf..ef22a1f31b 100644 --- a/cves/2021/CVE-2021-40149.yaml +++ b/cves/2021/CVE-2021-40149.yaml @@ -10,15 +10,17 @@ info: - https://dl.packetstormsecurity.net/2206-exploits/reolinke1key-disclose.txt - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40149 + - http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.9 cve-id: CVE-2021-40149 cwe-id: CWE-552 + epss-score: 0.00268 metadata: shodan-query: http.title:"Reolink" verified: "true" - tags: cve,cve2021,reolink,camera,iot,exposure,unauth + tags: exposure,unauth,packetstorm,cve,cve2021,reolink,camera,iot requests: - method: GET diff --git a/cves/2021/CVE-2021-40150.yaml b/cves/2021/CVE-2021-40150.yaml index 1332104f17..320eadce34 100644 --- a/cves/2021/CVE-2021-40150.yaml +++ b/cves/2021/CVE-2021-40150.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40150 cwe-id: CWE-552 + epss-score: 0.00334 metadata: shodan-query: http.title:"Reolink" verified: "true" diff --git a/cves/2021/CVE-2021-40323.yaml b/cves/2021/CVE-2021-40323.yaml index c4753930ea..e4b28d7d99 100644 --- a/cves/2021/CVE-2021-40323.yaml +++ b/cves/2021/CVE-2021-40323.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-40323 cwe-id: CWE-94 + cpe: cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:* + epss-score: 0.01507 tags: cve,cve2021,cobbler,rce requests: diff --git a/cves/2021/CVE-2021-40438.yaml b/cves/2021/CVE-2021-40438.yaml index 3ba9d70e7f..f08f88412e 100644 --- a/cves/2021/CVE-2021-40438.yaml +++ b/cves/2021/CVE-2021-40438.yaml @@ -9,12 +9,14 @@ info: - https://firzen.de/building-a-poc-for-cve-2021-40438 - https://httpd.apache.org/security/vulnerabilities_24.html - https://nvd.nist.gov/vuln/detail/CVE-2021-40438 + - https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf remediation: Upgrade to Apache version 2.4.49 or later. classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 9 cve-id: CVE-2021-40438 cwe-id: CWE-918 + epss-score: 0.97517 tags: cve,cve2021,ssrf,apache,mod-proxy,kev requests: diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml index 5315ae83ea..aa3b4b11a4 100644 --- a/cves/2021/CVE-2021-40539.yaml +++ b/cves/2021/CVE-2021-40539.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-40539 cwe-id: CWE-287 + cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* + epss-score: 0.97523 tags: cve,cve2021,rce,ad,intrusive,manageengine,kev requests: diff --git a/cves/2021/CVE-2021-40542.yaml b/cves/2021/CVE-2021-40542.yaml index 2afe42ecd1..d7b350a03c 100644 --- a/cves/2021/CVE-2021-40542.yaml +++ b/cves/2021/CVE-2021-40542.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40542 cwe-id: CWE-79 + cpe: cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:* + epss-score: 0.02456 metadata: shodan-query: http.title:"openSIS" tags: xss,cve,cve2021,opensis diff --git a/cves/2021/CVE-2021-40661.yaml b/cves/2021/CVE-2021-40661.yaml index bf86ea439c..20281fffe5 100644 --- a/cves/2021/CVE-2021-40661.yaml +++ b/cves/2021/CVE-2021-40661.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40661 cwe-id: CWE-22 + epss-score: 0.00771 metadata: google-query: inurl:excalweb.dll shodan-query: IND780 diff --git a/cves/2021/CVE-2021-40822.yaml b/cves/2021/CVE-2021-40822.yaml index a5f8bde585..af250fd147 100644 --- a/cves/2021/CVE-2021-40822.yaml +++ b/cves/2021/CVE-2021-40822.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40822 cwe-id: CWE-918 + cpe: cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:* + epss-score: 0.65495 metadata: fofa-query: app="GeoServer" verified: "true" diff --git a/cves/2021/CVE-2021-40856.yaml b/cves/2021/CVE-2021-40856.yaml index f129476cea..75e4bb4213 100644 --- a/cves/2021/CVE-2021-40856.yaml +++ b/cves/2021/CVE-2021-40856.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40856 cwe-id: CWE-287 + epss-score: 0.00838 tags: packetstorm,cve,cve2021,comfortel,auth-bypass,auerswald requests: diff --git a/cves/2021/CVE-2021-40859.yaml b/cves/2021/CVE-2021-40859.yaml index 68c1bc68a2..eeadd63434 100644 --- a/cves/2021/CVE-2021-40859.yaml +++ b/cves/2021/CVE-2021-40859.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-40859 + epss-score: 0.03294 metadata: fofa-query: '"auerswald"' tags: cve,cve2021,iot,unauth,voip,auerswald diff --git a/cves/2021/CVE-2021-40868.yaml b/cves/2021/CVE-2021-40868.yaml index 91109ab586..d482bbb4e0 100644 --- a/cves/2021/CVE-2021-40868.yaml +++ b/cves/2021/CVE-2021-40868.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40868 cwe-id: CWE-79 + cpe: cpe:2.3:a:cloudron:cloudron:*:*:*:*:*:*:*:* + epss-score: 0.00193 tags: cve,cve2021,xss,cloudron,packetstorm requests: diff --git a/cves/2021/CVE-2021-40870.yaml b/cves/2021/CVE-2021-40870.yaml index 6c01472b2d..b7352b2646 100644 --- a/cves/2021/CVE-2021-40870.yaml +++ b/cves/2021/CVE-2021-40870.yaml @@ -9,12 +9,15 @@ info: - https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021 - https://wearetradecraft.com/advisories/tc-2021-0002/ - https://nvd.nist.gov/vuln/detail/CVE-2021-40870 + - http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-40870 cwe-id: CWE-434 - tags: cve,cve2021,rce,aviatrix,kev,fileupload,intrusive + cpe: cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:* + epss-score: 0.93601 + tags: intrusive,packetstorm,cve,cve2021,rce,aviatrix,kev,fileupload requests: - raw: diff --git a/cves/2021/CVE-2021-40875.yaml b/cves/2021/CVE-2021-40875.yaml index 8aaaca1107..96a4c3d41e 100644 --- a/cves/2021/CVE-2021-40875.yaml +++ b/cves/2021/CVE-2021-40875.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40875 cwe-id: CWE-863 + cpe: cpe:2.3:a:gurock:testrail:*:*:*:*:*:*:*:* + epss-score: 0.0186 metadata: shodan-query: http.html:"TestRail" tags: cve,cve2021,exposure,gurock,testrail diff --git a/cves/2021/CVE-2021-40960.yaml b/cves/2021/CVE-2021-40960.yaml index f33d6c71e4..d8215f8ee8 100644 --- a/cves/2021/CVE-2021-40960.yaml +++ b/cves/2021/CVE-2021-40960.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-40960 cwe-id: CWE-22 + cpe: cpe:2.3:a:galera:galera_webtemplate:*:*:*:*:*:*:*:* + epss-score: 0.00805 tags: cve,cve2021,lfi requests: diff --git a/cves/2021/CVE-2021-40978.yaml b/cves/2021/CVE-2021-40978.yaml index 34a4663e8d..1f8bfe0a61 100644 --- a/cves/2021/CVE-2021-40978.yaml +++ b/cves/2021/CVE-2021-40978.yaml @@ -9,11 +9,14 @@ info: - https://github.com/mkdocs/mkdocs/pull/2604 - https://github.com/nisdn/CVE-2021-40978 - https://nvd.nist.gov/vuln/detail/CVE-2021-40978 + - https://github.com/mkdocs/mkdocs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-40978 cwe-id: CWE-22 + cpe: cpe:2.3:a:mkdocs:mkdocs:*:*:*:*:*:*:*:* + epss-score: 0.03438 tags: cve,cve2021,mkdocs,lfi requests: diff --git a/cves/2021/CVE-2021-41174.yaml b/cves/2021/CVE-2021-41174.yaml index 795471ebdc..dcb120610b 100644 --- a/cves/2021/CVE-2021-41174.yaml +++ b/cves/2021/CVE-2021-41174.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-41174 cwe-id: CWE-79 + cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* + epss-score: 0.96854 metadata: shodan-query: title:"Grafana" tags: cve,cve2021,grafana,xss diff --git a/cves/2021/CVE-2021-41192.yaml b/cves/2021/CVE-2021-41192.yaml index b06e4b427f..d841f53594 100644 --- a/cves/2021/CVE-2021-41192.yaml +++ b/cves/2021/CVE-2021-41192.yaml @@ -9,11 +9,14 @@ info: - https://hackerone.com/reports/1380121 - https://github.com/getredash/redash/security/advisories/GHSA-g8xr-f424-h2rv - https://nvd.nist.gov/vuln/detail/CVE-2021-41192 + - https://github.com/getredash/redash/commit/ce60d20c4e3d1537581f2f70f1308fe77ab6a214 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N cvss-score: 6.5 cve-id: CVE-2021-41192 cwe-id: CWE-1188 + cpe: cpe:2.3:a:redash:redash:*:*:*:*:*:*:*:* + epss-score: 0.00628 metadata: shodan-query: http.favicon.hash:698624197 tags: hackerone,cve,cve2021,redash,auth-bypass diff --git a/cves/2021/CVE-2021-41266.yaml b/cves/2021/CVE-2021-41266.yaml index 5aed4ef4ea..73719e4283 100644 --- a/cves/2021/CVE-2021-41266.yaml +++ b/cves/2021/CVE-2021-41266.yaml @@ -10,14 +10,14 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-41266 - https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36 - https://github.com/minio/console/pull/1217 + remediation: 'Update to v.0.12.3 or higher. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.' classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-41266 cwe-id: CWE-306 - remediation: 'Update to v.0.12.3 or higher. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside - the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes - service account token.' + cpe: cpe:2.3:a:min:minio_console:*:*:*:*:*:*:*:* + epss-score: 0.01246 tags: cve,cve2021,minio requests: diff --git a/cves/2021/CVE-2021-41277.yaml b/cves/2021/CVE-2021-41277.yaml index b2dd58b649..2b6d8c7b92 100644 --- a/cves/2021/CVE-2021-41277.yaml +++ b/cves/2021/CVE-2021-41277.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41277 cwe-id: CWE-20 + cpe: cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:* + epss-score: 0.96523 metadata: fofa-query: app="Metabase" shodan-query: http.title:"Metabase" diff --git a/cves/2021/CVE-2021-41282.yaml b/cves/2021/CVE-2021-41282.yaml index dd47dc6888..a736c99e6a 100644 --- a/cves/2021/CVE-2021-41282.yaml +++ b/cves/2021/CVE-2021-41282.yaml @@ -18,6 +18,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-41282 cwe-id: CWE-94 + cpe: cpe:2.3:a:pfsense:pfsense:*:*:*:*:*:*:*:* + epss-score: 0.97413 tags: cve,cve2021,pfsense,rce,authenticated requests: diff --git a/cves/2021/CVE-2021-41291.yaml b/cves/2021/CVE-2021-41291.yaml index 10aefe5f92..8b4e7f4404 100644 --- a/cves/2021/CVE-2021-41291.yaml +++ b/cves/2021/CVE-2021-41291.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41291 cwe-id: CWE-22 + cpe: cpe:2.3:a:ecoa:riskterminator:*:*:*:*:*:*:*:* + epss-score: 0.09404 tags: cve,cve2021,ecoa,lfi,traversal requests: diff --git a/cves/2021/CVE-2021-41293.yaml b/cves/2021/CVE-2021-41293.yaml index ab9790a110..5af6bbdfa2 100644 --- a/cves/2021/CVE-2021-41293.yaml +++ b/cves/2021/CVE-2021-41293.yaml @@ -4,8 +4,7 @@ info: name: ECOA Building Automation System - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose - sensitive and system information. + description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-41293 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php @@ -15,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41293 cwe-id: CWE-22 + cpe: cpe:2.3:a:ecoa:riskterminator:*:*:*:*:*:*:*:* + epss-score: 0.09404 tags: cve,cve2021,ecoa,lfi,disclosure requests: diff --git a/cves/2021/CVE-2021-41349.yaml b/cves/2021/CVE-2021-41349.yaml index f64dfee974..395e87fac6 100644 --- a/cves/2021/CVE-2021-41349.yaml +++ b/cves/2021/CVE-2021-41349.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-41349 + cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:* + epss-score: 0.96855 tags: cve,cve2021,xss,microsoft,exchange requests: diff --git a/cves/2021/CVE-2021-41381.yaml b/cves/2021/CVE-2021-41381.yaml index 3967477b8a..9f7efea726 100644 --- a/cves/2021/CVE-2021-41381.yaml +++ b/cves/2021/CVE-2021-41381.yaml @@ -9,12 +9,15 @@ info: - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt - https://nvd.nist.gov/vuln/detail/CVE-2021-41381 - https://www.payara.fish + - http://packetstormsecurity.com/files/164365/Payara-Micro-Community-5.2021.6-Directory-Traversal.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-41381 cwe-id: CWE-22 - tags: cve,cve2021,payara,lfi + cpe: cpe:2.3:a:payara:micro_community:*:*:*:*:*:*:*:* + epss-score: 0.01387 + tags: packetstorm,cve,cve2021,payara,lfi requests: - method: GET diff --git a/cves/2021/CVE-2021-41432.yaml b/cves/2021/CVE-2021-41432.yaml index 3c8873a4e6..63e26fe394 100644 --- a/cves/2021/CVE-2021-41432.yaml +++ b/cves/2021/CVE-2021-41432.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-41432 cwe-id: CWE-79 + cpe: cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: shodan-query: http.html:"Flatpress" verified: "true" diff --git a/cves/2021/CVE-2021-41467.yaml b/cves/2021/CVE-2021-41467.yaml index 616ba257a0..b9b07668ff 100644 --- a/cves/2021/CVE-2021-41467.yaml +++ b/cves/2021/CVE-2021-41467.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-41467 cwe-id: CWE-79 + cpe: cpe:2.3:a:justwriting_project:justwriting:*:*:*:*:*:*:*:* + epss-score: 0.00125 tags: cve,cve2021,justwriting,xss requests: diff --git a/cves/2021/CVE-2021-41569.yaml b/cves/2021/CVE-2021-41569.yaml index e618bac41d..ac508644a1 100644 --- a/cves/2021/CVE-2021-41569.yaml +++ b/cves/2021/CVE-2021-41569.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41569 cwe-id: CWE-829 + cpe: cpe:2.3:a:sas:sas\/intrnet:*:*:*:*:*:*:*:* + epss-score: 0.00712 tags: cve,cve2021,sas,lfi requests: diff --git a/cves/2021/CVE-2021-41648.yaml b/cves/2021/CVE-2021-41648.yaml index 3df8e64753..f31414631c 100644 --- a/cves/2021/CVE-2021-41648.yaml +++ b/cves/2021/CVE-2021-41648.yaml @@ -9,12 +9,15 @@ info: - https://github.com/MobiusBinary/CVE-2021-41648 - https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system - https://nvd.nist.gov/vuln/detail/CVE-2021-41649 + - http://packetstormsecurity.com/files/165036/PuneethReddyHC-Online-Shopping-System-Advanced-1.0-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-41648 cwe-id: CWE-89 - tags: cve,cve2021,sqli,injection + cpe: cpe:2.3:a:online-shopping-system-advanced_project:online-shopping-system-advanced:*:*:*:*:*:*:*:* + epss-score: 0.02296 + tags: cve,cve2021,sqli,injection,packetstorm requests: - method: POST diff --git a/cves/2021/CVE-2021-41649.yaml b/cves/2021/CVE-2021-41649.yaml index 62b8d68451..32decbc7dd 100644 --- a/cves/2021/CVE-2021-41649.yaml +++ b/cves/2021/CVE-2021-41649.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-41649 cwe-id: CWE-89 + cpe: cpe:2.3:a:online-shopping-system-advanced_project:online-shopping-system-advanced:*:*:*:*:*:*:*:* + epss-score: 0.01418 tags: cve,cve2021,sqli,injection requests: diff --git a/cves/2021/CVE-2021-41653.yaml b/cves/2021/CVE-2021-41653.yaml index eace8f6211..4459892b9a 100644 --- a/cves/2021/CVE-2021-41653.yaml +++ b/cves/2021/CVE-2021-41653.yaml @@ -9,12 +9,14 @@ info: - https://k4m1ll0.com/cve-2021-41653.html - https://nvd.nist.gov/vuln/detail/CVE-2021-41653 - https://www.tp-link.com/us/press/security-advisory/ + - http://tp-link.com remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109". classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-41653 cwe-id: CWE-94 + epss-score: 0.95235 tags: cve,cve2021,tplink,rce,router variables: diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml index ad139dccdf..0a7524c101 100644 --- a/cves/2021/CVE-2021-41773.yaml +++ b/cves/2021/CVE-2021-41773.yaml @@ -18,6 +18,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41773 cwe-id: CWE-22 + epss-score: 0.97541 metadata: shodan-query: Apache 2.4.49 verified: "true" diff --git a/cves/2021/CVE-2021-41826.yaml b/cves/2021/CVE-2021-41826.yaml index 8003b0a16e..9235ef166d 100644 --- a/cves/2021/CVE-2021-41826.yaml +++ b/cves/2021/CVE-2021-41826.yaml @@ -9,12 +9,15 @@ info: - https://github.com/PlaceOS/auth/issues/36 - https://www.exploit-db.com/exploits/50359 - https://nvd.nist.gov/vuln/detail/CVE-2021-41826 + - http://packetstormsecurity.com/files/164345/PlaceOS-1.2109.1-Open-Redirection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-41826 cwe-id: CWE-601 - tags: cve2021,placeos,redirect,edb,cve + cpe: cpe:2.3:a:place:placeos_authentication:*:*:*:*:*:*:*:* + epss-score: 0.95073 + tags: cve,packetstorm,cve2021,placeos,redirect,edb requests: - method: GET diff --git a/cves/2021/CVE-2021-41878.yaml b/cves/2021/CVE-2021-41878.yaml index c760d659a5..d734cb87dd 100644 --- a/cves/2021/CVE-2021-41878.yaml +++ b/cves/2021/CVE-2021-41878.yaml @@ -10,14 +10,17 @@ info: - https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html - https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41878 - https://nvd.nist.gov/vuln/detail/CVE-2021-41878 + - http://packetstormsecurity.com/files/164519/i-Panel-Administration-System-2.0-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-41878 cwe-id: CWE-79 + cpe: cpe:2.3:a:hkurl:i-panel_administration_system:*:*:*:*:*:*:*:* + epss-score: 0.00476 metadata: verified: "true" - tags: cve,cve2021,ipanel,xss + tags: cve,cve2021,ipanel,xss,packetstorm requests: - method: GET diff --git a/cves/2021/CVE-2021-4191.yaml b/cves/2021/CVE-2021-4191.yaml index de5a09ee90..211c28cf0a 100644 --- a/cves/2021/CVE-2021-4191.yaml +++ b/cves/2021/CVE-2021-4191.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-4191 cwe-id: CWE-287 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.83652 tags: cve,cve2021,gitlab,api,graphql,enum,unauth requests: diff --git a/cves/2021/CVE-2021-41951.yaml b/cves/2021/CVE-2021-41951.yaml index 2e88f62361..76cc4c5811 100644 --- a/cves/2021/CVE-2021-41951.yaml +++ b/cves/2021/CVE-2021-41951.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-41951 cwe-id: CWE-79 + cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* + epss-score: 0.89584 tags: cve,cve2021,xss,resourcespace requests: diff --git a/cves/2021/CVE-2021-42013.yaml b/cves/2021/CVE-2021-42013.yaml index 57150aa0e8..89cc0ab79b 100644 --- a/cves/2021/CVE-2021-42013.yaml +++ b/cves/2021/CVE-2021-42013.yaml @@ -17,6 +17,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42013 cwe-id: CWE-22 + epss-score: 0.97546 metadata: verified: "true" tags: cve,cve2021,lfi,apache,rce,misconfig,traversal,kev diff --git a/cves/2021/CVE-2021-42063.yaml b/cves/2021/CVE-2021-42063.yaml index be4cdc8a05..7d5d9a37dd 100644 --- a/cves/2021/CVE-2021-42063.yaml +++ b/cves/2021/CVE-2021-42063.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42063 cwe-id: CWE-79 + cpe: cpe:2.3:a:sap:knowledge_warehouse:*:*:*:*:*:*:*:* + epss-score: 0.00257 metadata: shodan-query: http.favicon.hash:-266008933 zoomeye-query: +app:"SAP NetWeaver Application Server httpd diff --git a/cves/2021/CVE-2021-42071.yaml b/cves/2021/CVE-2021-42071.yaml index 1aa5e47885..d3637f385d 100644 --- a/cves/2021/CVE-2021-42071.yaml +++ b/cves/2021/CVE-2021-42071.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42071 cwe-id: CWE-78 + epss-score: 0.93419 tags: edb,cve,cve2021,visualtools,rce,oast,injection requests: diff --git a/cves/2021/CVE-2021-42192.yaml b/cves/2021/CVE-2021-42192.yaml index 486db32a13..09a34ea3c8 100644 --- a/cves/2021/CVE-2021-42192.yaml +++ b/cves/2021/CVE-2021-42192.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-42192 cwe-id: CWE-269 + cpe: cpe:2.3:a:konga_project:konga:*:*:*:*:*:*:*:* + epss-score: 0.01324 tags: authenticated,edb,cve,cve2021,konga requests: diff --git a/cves/2021/CVE-2021-42237.yaml b/cves/2021/CVE-2021-42237.yaml index 817cce7501..7b8cad7800 100644 --- a/cves/2021/CVE-2021-42237.yaml +++ b/cves/2021/CVE-2021-42237.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42237 cwe-id: CWE-502 + cpe: cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* + epss-score: 0.97546 metadata: shodan-query: http.title:"SiteCore" tags: cve,cve2021,rce,sitecore,deserialization,oast,kev diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index d2c44c406a..cb7e990867 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -4,8 +4,7 @@ info: name: BillQuick Web Suite SQL Injection author: dwisiswant0 severity: critical - description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as - MSSQLSERVER$ via xp_cmdshell. + description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. reference: - https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware - https://nvd.nist.gov/vuln/detail/CVE-2021-42258 @@ -14,6 +13,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42258 cwe-id: CWE-89 + cpe: cpe:2.3:a:bqe:billquick_web_suite:*:*:*:*:*:*:*:* + epss-score: 0.97383 tags: cve,cve2021,sqli,billquick,kev requests: diff --git a/cves/2021/CVE-2021-42551.yaml b/cves/2021/CVE-2021-42551.yaml index 4d836adbe4..adde3f07c7 100644 --- a/cves/2021/CVE-2021-42551.yaml +++ b/cves/2021/CVE-2021-42551.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42551 cwe-id: CWE-79 + cpe: cpe:2.3:a:alcoda:netbiblio:*:*:*:*:*:*:*:* + epss-score: 0.00143 tags: cve,cve2021,xss,netbiblio requests: diff --git a/cves/2021/CVE-2021-42565.yaml b/cves/2021/CVE-2021-42565.yaml index e2eb25ff0b..340904be61 100644 --- a/cves/2021/CVE-2021-42565.yaml +++ b/cves/2021/CVE-2021-42565.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42565 cwe-id: CWE-79 + cpe: cpe:2.3:a:myfactory:fms:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: cve,cve2021,myfactory,xss requests: diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml index cff2373649..c3ac9b07ac 100644 --- a/cves/2021/CVE-2021-42566.yaml +++ b/cves/2021/CVE-2021-42566.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42566 cwe-id: CWE-79 + cpe: cpe:2.3:a:myfactory:fms:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: cve,cve2021,myfactory,xss requests: diff --git a/cves/2021/CVE-2021-42567.yaml b/cves/2021/CVE-2021-42567.yaml index 2e849316d8..7f02316660 100644 --- a/cves/2021/CVE-2021-42567.yaml +++ b/cves/2021/CVE-2021-42567.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42567 cwe-id: CWE-79 + cpe: cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:* + epss-score: 0.32182 metadata: shodan-query: http.title:'CAS - Central Authentication Service' tags: cve,cve2021,apereo,xss,cas diff --git a/cves/2021/CVE-2021-42627.yaml b/cves/2021/CVE-2021-42627.yaml index 624c342ff8..2106f4290f 100644 --- a/cves/2021/CVE-2021-42627.yaml +++ b/cves/2021/CVE-2021-42627.yaml @@ -10,10 +10,12 @@ info: - https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42627 - https://www.dlink.com/en/security-bulletin/ + - http://d-link.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-42627 + epss-score: 0.00641 metadata: shodan-query: http.title:"Roteador Wireless" verified: "true" diff --git a/cves/2021/CVE-2021-42663.yaml b/cves/2021/CVE-2021-42663.yaml index 7ddb1848f6..07209d5365 100644 --- a/cves/2021/CVE-2021-42663.yaml +++ b/cves/2021/CVE-2021-42663.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.3 cve-id: CVE-2021-42663 cwe-id: CWE-79 + cpe: cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:*:*:*:*:*:*:*:* + epss-score: 0.0013 metadata: verified: "true" tags: cve,cve2021,xss diff --git a/cves/2021/CVE-2021-42667.yaml b/cves/2021/CVE-2021-42667.yaml index c031a9612a..6de20edc09 100644 --- a/cves/2021/CVE-2021-42667.yaml +++ b/cves/2021/CVE-2021-42667.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42667 cwe-id: CWE-89 + cpe: cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:*:*:*:*:*:*:*:* + epss-score: 0.01689 metadata: verified: "true" tags: cve,cve2021,sqli,authenticated diff --git a/cves/2021/CVE-2021-42887.yaml b/cves/2021/CVE-2021-42887.yaml index 295b7e5b6d..fecabd0057 100644 --- a/cves/2021/CVE-2021-42887.yaml +++ b/cves/2021/CVE-2021-42887.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42887 cwe-id: CWE-287 + epss-score: 0.0224 metadata: shodan-query: title:"TOTOLINK" tags: totolink,auth-bypass,cve,cve2021,router diff --git a/cves/2021/CVE-2021-43062.yaml b/cves/2021/CVE-2021-43062.yaml index e610c2d95c..3d2cedea1e 100644 --- a/cves/2021/CVE-2021-43062.yaml +++ b/cves/2021/CVE-2021-43062.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43062 cwe-id: CWE-79 + cpe: cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* + epss-score: 0.00221 tags: cve,cve2021,fortimail,xss,fortinet,edb requests: diff --git a/cves/2021/CVE-2021-43287.yaml b/cves/2021/CVE-2021-43287.yaml index 5c1f7a0a46..b672ac016b 100644 --- a/cves/2021/CVE-2021-43287.yaml +++ b/cves/2021/CVE-2021-43287.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43287 cwe-id: CWE-200 + cpe: cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:* + epss-score: 0.60876 metadata: shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version" tags: cve,cve2021,go,lfi,gocd diff --git a/cves/2021/CVE-2021-43421.yaml b/cves/2021/CVE-2021-43421.yaml index 14a978eb24..abb061df3a 100644 --- a/cves/2021/CVE-2021-43421.yaml +++ b/cves/2021/CVE-2021-43421.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-43421 cwe-id: CWE-434 + cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* + epss-score: 0.0079 metadata: verified: "true" tags: cve,cve2021,elfinder,upload,rce,intrusive diff --git a/cves/2021/CVE-2021-43495.yaml b/cves/2021/CVE-2021-43495.yaml index 94f1e94c2e..1f744050eb 100644 --- a/cves/2021/CVE-2021-43495.yaml +++ b/cves/2021/CVE-2021-43495.yaml @@ -4,8 +4,7 @@ info: name: AlquistManager Local File Inclusion author: pikpikcu severity: high - description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical - secrets stored anywhere on the system and can significantly aid in getting remote code access. + description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. reference: - https://github.com/AlquistManager/alquist/issues/43 - https://nvd.nist.gov/vuln/detail/CVE-2021-43495 @@ -14,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43495 cwe-id: CWE-22 + cpe: cpe:2.3:a:alquistai:alquist:*:*:*:*:*:*:*:* + epss-score: 0.01272 tags: cve,cve2021,lfi,alquist requests: diff --git a/cves/2021/CVE-2021-43496.yaml b/cves/2021/CVE-2021-43496.yaml index 4b96e8518c..c7f611b8f7 100644 --- a/cves/2021/CVE-2021-43496.yaml +++ b/cves/2021/CVE-2021-43496.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43496 cwe-id: CWE-22 + cpe: cpe:2.3:a:clustering_project:clustering:*:*:*:*:*:*:*:* + epss-score: 0.01272 tags: cve,cve2021,lfi,clustering requests: diff --git a/cves/2021/CVE-2021-43510.yaml b/cves/2021/CVE-2021-43510.yaml index 0cc5755db4..43e06e3fdd 100644 --- a/cves/2021/CVE-2021-43510.yaml +++ b/cves/2021/CVE-2021-43510.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-43510 cwe-id: CWE-89 + cpe: cpe:2.3:a:simple_client_management_system_project:simple_client_management_system:*:*:*:*:*:*:*:* + epss-score: 0.01295 metadata: verified: "true" tags: cve,cve2021,simpleclientmanagement,sqli,auth-bypass diff --git a/cves/2021/CVE-2021-43574.yaml b/cves/2021/CVE-2021-43574.yaml index d1bfc6aaba..6ca91d936f 100644 --- a/cves/2021/CVE-2021-43574.yaml +++ b/cves/2021/CVE-2021-43574.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43574 cwe-id: CWE-79 + cpe: cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:* + epss-score: 0.00128 metadata: shodan-query: http.html:"Powered by Atmail" verified: "true" diff --git a/cves/2021/CVE-2021-43734.yaml b/cves/2021/CVE-2021-43734.yaml index 3768381ed0..03f5e725ea 100644 --- a/cves/2021/CVE-2021-43734.yaml +++ b/cves/2021/CVE-2021-43734.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43734 cwe-id: CWE-22 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.0046 metadata: shodan-query: http.html:"kkFileView" verified: "true" diff --git a/cves/2021/CVE-2021-43778.yaml b/cves/2021/CVE-2021-43778.yaml index d526128109..c68a59d2a7 100644 --- a/cves/2021/CVE-2021-43778.yaml +++ b/cves/2021/CVE-2021-43778.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43778 cwe-id: CWE-22 + cpe: cpe:2.3:a:glpi-project:barcode:*:*:*:*:*:*:*:* + epss-score: 0.77314 tags: glpi,cve,cve2021,lfi,plugin,traversal requests: diff --git a/cves/2021/CVE-2021-43798.yaml b/cves/2021/CVE-2021-43798.yaml index 73f3f78b8f..98c621c745 100644 --- a/cves/2021/CVE-2021-43798.yaml +++ b/cves/2021/CVE-2021-43798.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43798 cwe-id: CWE-22 + cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* + epss-score: 0.97083 metadata: shodan-query: title:"Grafana" tags: cve,cve2021,grafana,lfi diff --git a/cves/2021/CVE-2021-43810.yaml b/cves/2021/CVE-2021-43810.yaml index 27ab5a6bbf..688f211a84 100644 --- a/cves/2021/CVE-2021-43810.yaml +++ b/cves/2021/CVE-2021-43810.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43810 cwe-id: CWE-79 + cpe: cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:* + epss-score: 0.0036 tags: cve,cve2021,admidio,xss requests: diff --git a/cves/2021/CVE-2021-44077.yaml b/cves/2021/CVE-2021-44077.yaml index e5f78a77ee..deadc8130b 100644 --- a/cves/2021/CVE-2021-44077.yaml +++ b/cves/2021/CVE-2021-44077.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-44077 cwe-id: CWE-287 + epss-score: 0.97 tags: rce,kev,msf,cve,cve2021,zoho,manageengine requests: diff --git a/cves/2021/CVE-2021-44152.yaml b/cves/2021/CVE-2021-44152.yaml index 175e3ffce6..79ea95bb59 100644 --- a/cves/2021/CVE-2021-44152.yaml +++ b/cves/2021/CVE-2021-44152.yaml @@ -15,10 +15,12 @@ info: cvss-score: 9.8 cve-id: CVE-2021-44152 cwe-id: CWE-287 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.0954 metadata: - verified: true - shodan-query: http.html:"Reprise License Manager" google-query: inurl:"/goforms/menu" + shodan-query: http.html:"Reprise License Manager" + verified: "true" tags: cve2021,rlm,auth-bypass,packetstorm,cve requests: diff --git a/cves/2021/CVE-2021-44228.yaml b/cves/2021/CVE-2021-44228.yaml index dd1200ac1a..d24cd9054c 100644 --- a/cves/2021/CVE-2021-44228.yaml +++ b/cves/2021/CVE-2021-44228.yaml @@ -18,6 +18,7 @@ info: cvss-score: 10 cve-id: CVE-2021-44228 cwe-id: CWE-502 + epss-score: 0.97578 tags: cve,cve2021,rce,oast,log4j,injection,kev requests: diff --git a/cves/2021/CVE-2021-44427.yaml b/cves/2021/CVE-2021-44427.yaml index bb3166bb33..280150bfb7 100644 --- a/cves/2021/CVE-2021-44427.yaml +++ b/cves/2021/CVE-2021-44427.yaml @@ -4,18 +4,19 @@ info: name: Rosario Student Information System Unauthenticated SQL Injection author: furkansayim,xShuden severity: critical - description: An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, - and DELETE) through /Side.php via the syear parameter. + description: An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. reference: - https://gitlab.com/francoisjacquet/rosariosis/-/issues/328 - https://twitter.com/RemotelyAlerts/status/1465697928178122775 - https://nvd.nist.gov/vuln/detail/CVE-2021-44427 + remediation: Upgrade to version 8.1.1 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-44427 cwe-id: CWE-89 - remediation: Upgrade to version 8.1.1 or higher. + cpe: cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:* + epss-score: 0.00409 tags: cve,cve2021,sqli,rosariosis requests: diff --git a/cves/2021/CVE-2021-44451.yaml b/cves/2021/CVE-2021-44451.yaml index 8a462097a1..84057f940f 100644 --- a/cves/2021/CVE-2021-44451.yaml +++ b/cves/2021/CVE-2021-44451.yaml @@ -6,19 +6,21 @@ info: severity: medium description: | Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. - remediation: Upgrade to Apache Superset 1.4.0 or higher. reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json - https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb - https://nvd.nist.gov/vuln/detail/CVE-2021-44451 + remediation: Upgrade to Apache Superset 1.4.0 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-44451 cwe-id: CWE-522 + cpe: cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* + epss-score: 0.00713 metadata: - verified: true shodan-query: http.favicon.hash:1582430156 + verified: "true" tags: cve,cve2021,apache,superset,default-login requests: diff --git a/cves/2021/CVE-2021-44515.yaml b/cves/2021/CVE-2021-44515.yaml index fa9faae8c7..9d3ff5a31f 100644 --- a/cves/2021/CVE-2021-44515.yaml +++ b/cves/2021/CVE-2021-44515.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-44515 cwe-id: CWE-287 + cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* + epss-score: 0.97344 tags: cve,cve2021,zoho,rce,manageengine,kev requests: diff --git a/cves/2021/CVE-2021-44521.yaml b/cves/2021/CVE-2021-44521.yaml index 5e9827d39f..59314dee76 100644 --- a/cves/2021/CVE-2021-44521.yaml +++ b/cves/2021/CVE-2021-44521.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-44521 cwe-id: CWE-94 + cpe: cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:* + epss-score: 0.00851 tags: cve,cve2021,network,rce,apache,cassandra network: diff --git a/cves/2021/CVE-2021-44528.yaml b/cves/2021/CVE-2021-44528.yaml index 8fa9e5b665..a6383fffc1 100644 --- a/cves/2021/CVE-2021-44528.yaml +++ b/cves/2021/CVE-2021-44528.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-44528 cwe-id: CWE-601 + cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* + epss-score: 0.00098 tags: seclists,cve,cve2021,redirect requests: diff --git a/cves/2021/CVE-2021-44529.yaml b/cves/2021/CVE-2021-44529.yaml index 2a56a93b6f..edd9cafc8c 100644 --- a/cves/2021/CVE-2021-44529.yaml +++ b/cves/2021/CVE-2021-44529.yaml @@ -9,14 +9,17 @@ info: - https://forums.ivanti.com/s/article/SA-2021-12-02 - https://twitter.com/Dinosn/status/1505273954478530569 - https://nvd.nist.gov/vuln/detail/CVE-2021-44529 + - http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-44529 cwe-id: CWE-94 + cpe: cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:* + epss-score: 0.95898 metadata: shodan-query: title:"LANDesk(R) Cloud Services Appliance" - tags: cve,cve2021,ivanti,epm,csa,injection + tags: cve2021,ivanti,epm,csa,injection,packetstorm,cve requests: - raw: diff --git a/cves/2021/CVE-2021-44848.yaml b/cves/2021/CVE-2021-44848.yaml index b174863f6e..4a022efb33 100644 --- a/cves/2021/CVE-2021-44848.yaml +++ b/cves/2021/CVE-2021-44848.yaml @@ -9,12 +9,15 @@ info: - https://github.com/cybelesoft/virtualui/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2021-44848 - https://www.tenable.com/cve/CVE-2021-44848 + - http://packetstormsecurity.com/files/165327/Cibele-Thinfinity-VirtualUI-2.5.41.0-User-Enumeration.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-44848 cwe-id: CWE-287 - tags: virtualui,tenable,cve,cve2021,exposure,thinfinity + cpe: cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:* + epss-score: 0.00924 + tags: cve2021,exposure,thinfinity,packetstorm,virtualui,tenable,cve requests: - raw: diff --git a/cves/2021/CVE-2021-45043.yaml b/cves/2021/CVE-2021-45043.yaml index f0787778fa..a44ba19ed0 100644 --- a/cves/2021/CVE-2021-45043.yaml +++ b/cves/2021/CVE-2021-45043.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-45043 cwe-id: CWE-22 + cpe: cpe:2.3:a:hd-network_real-time_monitoring_system_project:hd-network_real-time_monitoring_system:*:*:*:*:*:*:*:* + epss-score: 0.04534 metadata: google-query: intitle:"HD-Network Real-time Monitoring System V2.0" tags: camera,edb,cve,cve2021,hdnetwork,lfi,iot diff --git a/cves/2021/CVE-2021-45046.yaml b/cves/2021/CVE-2021-45046.yaml index 651ced1cbb..de5ff67b68 100644 --- a/cves/2021/CVE-2021-45046.yaml +++ b/cves/2021/CVE-2021-45046.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9 cve-id: CVE-2021-45046 cwe-id: CWE-502 + epss-score: 0.97416 tags: cve,cve2021,rce,oast,log4j,injection requests: diff --git a/cves/2021/CVE-2021-45092.yaml b/cves/2021/CVE-2021-45092.yaml index 9b4dd4f9f5..3d6926ce69 100644 --- a/cves/2021/CVE-2021-45092.yaml +++ b/cves/2021/CVE-2021-45092.yaml @@ -9,12 +9,15 @@ info: - https://github.com/cybelesoft/virtualui/issues/2 - https://nvd.nist.gov/vuln/detail/CVE-2021-44848 - https://www.tenable.com/cve/CVE-2021-45092 + - http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-45092 cwe-id: CWE-74 - tags: iframe,thinfinity,tenable,cve,cve2021,injection + cpe: cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:* + epss-score: 0.69904 + tags: tenable,cve,cve2021,injection,packetstorm,iframe,thinfinity requests: - method: GET diff --git a/cves/2021/CVE-2021-45232.yaml b/cves/2021/CVE-2021-45232.yaml index 880b97330b..20d047affa 100644 --- a/cves/2021/CVE-2021-45232.yaml +++ b/cves/2021/CVE-2021-45232.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45232 cwe-id: CWE-306 + cpe: cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:* + epss-score: 0.9725 tags: cve,cve2021,apache,unauth,apisix requests: diff --git a/cves/2021/CVE-2021-45380.yaml b/cves/2021/CVE-2021-45380.yaml index f02b9d272e..51b77d3a98 100644 --- a/cves/2021/CVE-2021-45380.yaml +++ b/cves/2021/CVE-2021-45380.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-45380 cwe-id: CWE-79 + cpe: cpe:2.3:a:appcms:appcms:*:*:*:*:*:*:*:* + epss-score: 0.02006 metadata: shodan-query: http.html:"Powerd by AppCMS" tags: cve,cve2021,appcms,xss diff --git a/cves/2021/CVE-2021-45422.yaml b/cves/2021/CVE-2021-45422.yaml index 8a428ded25..70c2816f3b 100644 --- a/cves/2021/CVE-2021-45422.yaml +++ b/cves/2021/CVE-2021-45422.yaml @@ -10,11 +10,14 @@ info: - https://seclists.org/fulldisclosure/2022/Jan/31 - https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/ - https://nvd.nist.gov/vuln/detail/CVE-2021-45422 + - http://reprise.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-45422 cwe-id: CWE-79 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.00247 metadata: shodan-query: http.html:"Reprise License" verified: "true" diff --git a/cves/2021/CVE-2021-45428.yaml b/cves/2021/CVE-2021-45428.yaml index ec30ef8f6c..beff2eb06d 100644 --- a/cves/2021/CVE-2021-45428.yaml +++ b/cves/2021/CVE-2021-45428.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45428 cwe-id: CWE-639 + epss-score: 0.06433 metadata: shodan-query: http.html:"TLR-2005KSH" verified: "true" diff --git a/cves/2021/CVE-2021-45967.yaml b/cves/2021/CVE-2021-45967.yaml index c8cfdf156a..6c10952109 100644 --- a/cves/2021/CVE-2021-45967.yaml +++ b/cves/2021/CVE-2021-45967.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45967 cwe-id: CWE-918 + epss-score: 0.61596 tags: cve,cve2021,pascom,ssrf requests: diff --git a/cves/2021/CVE-2021-45968.yaml b/cves/2021/CVE-2021-45968.yaml index 9467be6081..ef20a12290 100644 --- a/cves/2021/CVE-2021-45968.yaml +++ b/cves/2021/CVE-2021-45968.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-45968 cwe-id: CWE-22 + epss-score: 0.00507 tags: cve,cve2021,pascom,lfi requests: diff --git a/cves/2021/CVE-2021-46005.yaml b/cves/2021/CVE-2021-46005.yaml index d8e3340bc8..0933bb384e 100644 --- a/cves/2021/CVE-2021-46005.yaml +++ b/cves/2021/CVE-2021-46005.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-46005 cwe-id: CWE-79 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: sourcecodester,authenticated,edb,cve,cve2021,xss requests: diff --git a/cves/2021/CVE-2021-46068.yaml b/cves/2021/CVE-2021-46068.yaml index d943069462..9e9d0688a8 100644 --- a/cves/2021/CVE-2021-46068.yaml +++ b/cves/2021/CVE-2021-46068.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46068 cwe-id: CWE-79 + cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: cve,cve2021,xss,vms,authenticated diff --git a/cves/2021/CVE-2021-46069.yaml b/cves/2021/CVE-2021-46069.yaml index b7e8dcd760..046cf8bf59 100644 --- a/cves/2021/CVE-2021-46069.yaml +++ b/cves/2021/CVE-2021-46069.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46069 cwe-id: CWE-79 + cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: cve,cve2021,xss,vms,authenticated diff --git a/cves/2021/CVE-2021-46071.yaml b/cves/2021/CVE-2021-46071.yaml index 04eb814b54..04526c2aac 100644 --- a/cves/2021/CVE-2021-46071.yaml +++ b/cves/2021/CVE-2021-46071.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46071 cwe-id: CWE-79 + cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: cve,cve2021,xss,vms,authenticated diff --git a/cves/2021/CVE-2021-46072.yaml b/cves/2021/CVE-2021-46072.yaml index 714918ed28..d88bd9c26c 100644 --- a/cves/2021/CVE-2021-46072.yaml +++ b/cves/2021/CVE-2021-46072.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46072 cwe-id: CWE-79 + cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: cve,cve2021,xss,vms,authenticated diff --git a/cves/2021/CVE-2021-46073.yaml b/cves/2021/CVE-2021-46073.yaml index ffb60793f9..f7a92d82e3 100644 --- a/cves/2021/CVE-2021-46073.yaml +++ b/cves/2021/CVE-2021-46073.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46073 cwe-id: CWE-79 + cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00092 metadata: verified: "true" tags: cve,cve2021,xss,vms,authenticated diff --git a/cves/2021/CVE-2021-46379.yaml b/cves/2021/CVE-2021-46379.yaml index 9ff8273918..845817ba8c 100644 --- a/cves/2021/CVE-2021-46379.yaml +++ b/cves/2021/CVE-2021-46379.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-46379 cwe-id: CWE-601 + epss-score: 0.00246 metadata: verified: "true" tags: cve,cve2021,redirect,dlink,router diff --git a/cves/2021/CVE-2021-46381.yaml b/cves/2021/CVE-2021-46381.yaml index 55202c7843..e1f42ccde7 100644 --- a/cves/2021/CVE-2021-46381.yaml +++ b/cves/2021/CVE-2021-46381.yaml @@ -9,12 +9,14 @@ info: - https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing - https://www.dlink.com/en/security-bulletin/ - https://nvd.nist.gov/vuln/detail/CVE-2021-46381 + - http://packetstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-46381 cwe-id: CWE-22 - tags: cve,cve2021,dlink,lfi,router + epss-score: 0.01125 + tags: cve2021,dlink,lfi,router,packetstorm,cve requests: - method: POST diff --git a/cves/2021/CVE-2021-46387.yaml b/cves/2021/CVE-2021-46387.yaml index a3ef370c63..a3c6f10bbc 100644 --- a/cves/2021/CVE-2021-46387.yaml +++ b/cves/2021/CVE-2021-46387.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2021-46387 cwe-id: CWE-79 + epss-score: 0.00455 metadata: shodan-query: http.title:"Zywall2Plus" tags: cve,cve2021,xss,zyxel,edb diff --git a/cves/2021/CVE-2021-46417.yaml b/cves/2021/CVE-2021-46417.yaml index ce8b9dd70f..ecc78e3563 100644 --- a/cves/2021/CVE-2021-46417.yaml +++ b/cves/2021/CVE-2021-46417.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2021-46417 cwe-id: CWE-22 + epss-score: 0.73372 metadata: shodan-query: http.html:"Franklin Fueling Systems" verified: "true" diff --git a/cves/2021/CVE-2021-46422.yaml b/cves/2021/CVE-2021-46422.yaml index 462fb8ba10..9e7b759062 100644 --- a/cves/2021/CVE-2021-46422.yaml +++ b/cves/2021/CVE-2021-46422.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2021-46422 cwe-id: CWE-78 + epss-score: 0.94686 metadata: shodan-query: html:"SDT-CW3B1" verified: "true" diff --git a/cves/2021/CVE-2021-46424.yaml b/cves/2021/CVE-2021-46424.yaml index 2b6d737b8a..662163cdeb 100644 --- a/cves/2021/CVE-2021-46424.yaml +++ b/cves/2021/CVE-2021-46424.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.1 cve-id: CVE-2021-46424 cwe-id: CWE-306 + epss-score: 0.01117 metadata: shodan-query: http.html:"TLR-2005KSH" verified: "true" diff --git a/cves/2022/CVE-2022-0140.yaml b/cves/2022/CVE-2022-0140.yaml index cc4682ea12..6261a0ce24 100644 --- a/cves/2022/CVE-2022-0140.yaml +++ b/cves/2022/CVE-2022-0140.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-0140 cwe-id: CWE-200 + cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:*:*:* + epss-score: 0.00841 tags: wpscan,cve,cve2022,xss,wordpress requests: diff --git a/cves/2022/CVE-2022-0147.yaml b/cves/2022/CVE-2022-0147.yaml index ac757645c4..3dab24077d 100644 --- a/cves/2022/CVE-2022-0147.yaml +++ b/cves/2022/CVE-2022-0147.yaml @@ -10,11 +10,14 @@ info: - https://wpscan.com/vulnerability/2c735365-69c0-4652-b48e-c4a192dfe0d1 - https://wordpress.org/plugins/wp-gdpr-compliance/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0147 + - https://plugins.trac.wordpress.org/changeset/2681371 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0147 cwe-id: CWE-79 + cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:*:*:* + epss-score: 0.00103 metadata: verified: "true" tags: cve2022,wordpress,xss,wp,authenticated,cve,wp-plugin,wp-gdpr-compliance,wpscan diff --git a/cves/2022/CVE-2022-0148.yaml b/cves/2022/CVE-2022-0148.yaml index b2d6dd34ba..16fd152ac0 100644 --- a/cves/2022/CVE-2022-0148.yaml +++ b/cves/2022/CVE-2022-0148.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0148 cwe-id: CWE-79 + cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: xss,wp-plugin,authenticated,wpscan,cve,cve2022,wordpress requests: diff --git a/cves/2022/CVE-2022-0149.yaml b/cves/2022/CVE-2022-0149.yaml index edb49b7787..c2fde256a3 100644 --- a/cves/2022/CVE-2022-0149.yaml +++ b/cves/2022/CVE-2022-0149.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0149 cwe-id: CWE-79 + cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: wpscan,cve,cve2022,wordpress,wp-plugin,xss,woocommerce,authenticated requests: diff --git a/cves/2022/CVE-2022-0150.yaml b/cves/2022/CVE-2022-0150.yaml index cdaaed7f6d..682fc0fda5 100644 --- a/cves/2022/CVE-2022-0150.yaml +++ b/cves/2022/CVE-2022-0150.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0150 cwe-id: CWE-79 + cpe: cpe:2.3:a:wp_accessibility_helper_project:wp_accessibility_helper:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: wordpress,wp-plugin,wp,wpscan,cve,cve2022,xss requests: diff --git a/cves/2022/CVE-2022-0165.yaml b/cves/2022/CVE-2022-0165.yaml index b4445d5404..e659f85361 100644 --- a/cves/2022/CVE-2022-0165.yaml +++ b/cves/2022/CVE-2022-0165.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0165 cwe-id: CWE-601 + cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:*:*:* + epss-score: 0.001 tags: cve,cve2022,wp-plugin,redirect,wordpress,wp,wpscan requests: diff --git a/cves/2022/CVE-2022-0189.yaml b/cves/2022/CVE-2022-0189.yaml index bdf0f4db66..ca3ad7c1c4 100644 --- a/cves/2022/CVE-2022-0189.yaml +++ b/cves/2022/CVE-2022-0189.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0189 cwe-id: CWE-79 + cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,authenticated requests: diff --git a/cves/2022/CVE-2022-0201.yaml b/cves/2022/CVE-2022-0201.yaml index b69da0b65f..70b4993e28 100644 --- a/cves/2022/CVE-2022-0201.yaml +++ b/cves/2022/CVE-2022-0201.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0201 cwe-id: CWE-79 + epss-score: 0.00112 tags: wp-plugin,wpscan,cve,cve2022,xss,wordpress requests: diff --git a/cves/2022/CVE-2022-0206.yaml b/cves/2022/CVE-2022-0206.yaml index 263b52743d..494ef0f544 100644 --- a/cves/2022/CVE-2022-0206.yaml +++ b/cves/2022/CVE-2022-0206.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0206 cwe-id: CWE-79 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:*:*:* + epss-score: 0.00119 metadata: verified: "true" tags: xss,wp,authenticated,cve2022,wordpress,wp-plugin,newstatpress,wpscan,cve diff --git a/cves/2022/CVE-2022-0208.yaml b/cves/2022/CVE-2022-0208.yaml index 29da10141b..020d26928f 100644 --- a/cves/2022/CVE-2022-0208.yaml +++ b/cves/2022/CVE-2022-0208.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0208 cwe-id: CWE-79 + cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:*:*:* + epss-score: 0.00119 tags: cve2022,mappress,xss,wordpress,wp-plugin,wpscan,cve requests: diff --git a/cves/2022/CVE-2022-0212.yaml b/cves/2022/CVE-2022-0212.yaml index c4f364da09..abc9989b17 100644 --- a/cves/2022/CVE-2022-0212.yaml +++ b/cves/2022/CVE-2022-0212.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0212 cwe-id: CWE-79 + cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:*:*:* + epss-score: 0.00097 metadata: verified: "true" tags: cve,cve2022,xss,wpscan,wordpress,wp-plugin,wp,spider-event-calendar,unauthenticated diff --git a/cves/2022/CVE-2022-0218.yaml b/cves/2022/CVE-2022-0218.yaml index ef3d714ef8..deb5a5b3c7 100644 --- a/cves/2022/CVE-2022-0218.yaml +++ b/cves/2022/CVE-2022-0218.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0218 cwe-id: CWE-79 + cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:*:*:* + epss-score: 0.04205 tags: wordpress,wp-plugin,xss,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-0220.yaml b/cves/2022/CVE-2022-0220.yaml index 73ceeeb1bd..f8e91f360a 100644 --- a/cves/2022/CVE-2022-0220.yaml +++ b/cves/2022/CVE-2022-0220.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0220 cwe-id: CWE-79 + cpe: cpe:2.3:a:welaunch:wordpress_gdpr\&ccpa:*:*:*:*:*:*:*:* + epss-score: 0.00143 tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,unauth requests: diff --git a/cves/2022/CVE-2022-0234.yaml b/cves/2022/CVE-2022-0234.yaml index a1898f2091..16654a875b 100644 --- a/cves/2022/CVE-2022-0234.yaml +++ b/cves/2022/CVE-2022-0234.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0234 cwe-id: CWE-79 + cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:*:*:* + epss-score: 0.00112 metadata: google-query: inurl:"wp-content/plugins/woocommerce-currency-switcher" verified: "true" diff --git a/cves/2022/CVE-2022-0271.yaml b/cves/2022/CVE-2022-0271.yaml index 45edb306c5..b6b72bbdb1 100644 --- a/cves/2022/CVE-2022-0271.yaml +++ b/cves/2022/CVE-2022-0271.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0271 cwe-id: CWE-79 + cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:*:*:* + epss-score: 0.00078 tags: wp,wp-plugin,wordpress,cve,cve2022,learnpress,wpscan,xss requests: diff --git a/cves/2022/CVE-2022-0281.yaml b/cves/2022/CVE-2022-0281.yaml index e0c898ff3b..02a7bfccd9 100644 --- a/cves/2022/CVE-2022-0281.yaml +++ b/cves/2022/CVE-2022-0281.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-0281 cwe-id: CWE-200 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00422 metadata: shodan-query: http.favicon.hash:780351152 tags: cve,cve2022,microweber,disclosure,huntr diff --git a/cves/2022/CVE-2022-0288.yaml b/cves/2022/CVE-2022-0288.yaml index 16085e702d..472e022393 100644 --- a/cves/2022/CVE-2022-0288.yaml +++ b/cves/2022/CVE-2022-0288.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0288 cwe-id: CWE-79 + epss-score: 0.00119 tags: wordpress,xss,wpscan,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-0346.yaml b/cves/2022/CVE-2022-0346.yaml index 30d405b5e9..1eb493a075 100644 --- a/cves/2022/CVE-2022-0346.yaml +++ b/cves/2022/CVE-2022-0346.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0346 cwe-id: CWE-79 + cpe: cpe:2.3:a:xmlsitemapgenerator:xml_sitemap_generator:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss,www-xml-sitemap-generator-org diff --git a/cves/2022/CVE-2022-0349.yaml b/cves/2022/CVE-2022-0349.yaml index 2877e6d90a..78c88dfdb8 100644 --- a/cves/2022/CVE-2022-0349.yaml +++ b/cves/2022/CVE-2022-0349.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0349 cwe-id: CWE-89 + cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:*:*:* + epss-score: 0.01065 metadata: verified: "true" tags: cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,cve diff --git a/cves/2022/CVE-2022-0378.yaml b/cves/2022/CVE-2022-0378.yaml index 9cce944e5f..b2af4084f1 100644 --- a/cves/2022/CVE-2022-0378.yaml +++ b/cves/2022/CVE-2022-0378.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0378 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00112 metadata: shodan-query: http.favicon.hash:780351152 tags: cve,cve2022,microweber,xss,huntr diff --git a/cves/2022/CVE-2022-0381.yaml b/cves/2022/CVE-2022-0381.yaml index a724d37b78..7d7d7406f9 100644 --- a/cves/2022/CVE-2022-0381.yaml +++ b/cves/2022/CVE-2022-0381.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0381 cwe-id: CWE-79 + cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:*:*:* + epss-score: 0.00174 tags: cve,cve2022,swagger,xss,wordpress requests: diff --git a/cves/2022/CVE-2022-0412.yaml b/cves/2022/CVE-2022-0412.yaml index 9b13911ec7..da5406fa72 100644 --- a/cves/2022/CVE-2022-0412.yaml +++ b/cves/2022/CVE-2022-0412.yaml @@ -10,11 +10,14 @@ info: - https://wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682 - https://wordpress.org/plugins/ti-woocommerce-wishlist/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0412 + - https://plugins.trac.wordpress.org/changeset/2668899 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0412 cwe-id: CWE-89 + cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:*:*:* + epss-score: 0.01037 metadata: verified: "true" tags: sqli,ti-woocommerce-wishlist,wpscan,cve,cve2022,woocommerce,wordpress,wp-plugin,wp diff --git a/cves/2022/CVE-2022-0415.yaml b/cves/2022/CVE-2022-0415.yaml index 9f9a9f7876..d3f347b0e4 100644 --- a/cves/2022/CVE-2022-0415.yaml +++ b/cves/2022/CVE-2022-0415.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-0415 cwe-id: CWE-78 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* + epss-score: 0.44522 metadata: verified: "true" tags: rce,gogs,authenticated,huntr,cve,cve2022 diff --git a/cves/2022/CVE-2022-0422.yaml b/cves/2022/CVE-2022-0422.yaml index 2593d09fd5..89e3f22821 100644 --- a/cves/2022/CVE-2022-0422.yaml +++ b/cves/2022/CVE-2022-0422.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0422 cwe-id: CWE-79 + cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: cve,cve2022,wordpress,xss,wp-plugin,wpscan requests: diff --git a/cves/2022/CVE-2022-0432.yaml b/cves/2022/CVE-2022-0432.yaml index ca1151f580..eb0c8a4fe6 100644 --- a/cves/2022/CVE-2022-0432.yaml +++ b/cves/2022/CVE-2022-0432.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0432 cwe-id: CWE-1321 + cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: mastodon,prototype,huntr,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-0434.yaml b/cves/2022/CVE-2022-0434.yaml index 92cb35303b..b7010ffa29 100644 --- a/cves/2022/CVE-2022-0434.yaml +++ b/cves/2022/CVE-2022-0434.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0434 cwe-id: CWE-89 + cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:*:*:* + epss-score: 0.01851 metadata: verified: "true" tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,unauth diff --git a/cves/2022/CVE-2022-0437.yaml b/cves/2022/CVE-2022-0437.yaml index 358ed67faf..c673b85f82 100644 --- a/cves/2022/CVE-2022-0437.yaml +++ b/cves/2022/CVE-2022-0437.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0437 cwe-id: CWE-79 + cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: oss,huntr,cve,cve2022,karma,xss requests: diff --git a/cves/2022/CVE-2022-0441.yaml b/cves/2022/CVE-2022-0441.yaml index 91d1cd470c..fa143883ac 100644 --- a/cves/2022/CVE-2022-0441.yaml +++ b/cves/2022/CVE-2022-0441.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0441 cwe-id: CWE-269 + cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:*:*:* + epss-score: 0.07571 metadata: verified: "true" tags: cve,cve2022,wordpress,wp-plugin,wpscan,wp,unauth diff --git a/cves/2022/CVE-2022-0482.yaml b/cves/2022/CVE-2022-0482.yaml index 7ee41afa5e..1da678e74b 100644 --- a/cves/2022/CVE-2022-0482.yaml +++ b/cves/2022/CVE-2022-0482.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.1 cve-id: CVE-2022-0482 cwe-id: CWE-863 + cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:* + epss-score: 0.01927 tags: cve,cve2022,easyappointments,huntr requests: diff --git a/cves/2022/CVE-2022-0535.yaml b/cves/2022/CVE-2022-0535.yaml index 1e9e090375..62fa0540d6 100644 --- a/cves/2022/CVE-2022-0535.yaml +++ b/cves/2022/CVE-2022-0535.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2022-0535 cwe-id: CWE-79 + cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:*:*:* + epss-score: 0.00111 metadata: verified: "true" tags: cve2022,wp-plugin,xss,authenticated,e2pdf,wpscan,cve,wordpress,wp diff --git a/cves/2022/CVE-2022-0540.yaml b/cves/2022/CVE-2022-0540.yaml index ad50fa4868..40cc339c37 100644 --- a/cves/2022/CVE-2022-0540.yaml +++ b/cves/2022/CVE-2022-0540.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0540 cwe-id: CWE-287 + epss-score: 0.32961 metadata: shodan-query: http.component:"Atlassian Jira" tags: cve,cve2022,atlassian,jira,exposure,auth-bypass diff --git a/cves/2022/CVE-2022-0543.yaml b/cves/2022/CVE-2022-0543.yaml index d26e91ee2f..2711b02b1b 100644 --- a/cves/2022/CVE-2022-0543.yaml +++ b/cves/2022/CVE-2022-0543.yaml @@ -18,6 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2022-0543 + epss-score: 0.97438 metadata: shodan-query: redis_version tags: cve,cve2022,network,redis,unauth,rce,kev diff --git a/cves/2022/CVE-2022-0591.yaml b/cves/2022/CVE-2022-0591.yaml index 0bfdd570a4..51717e29ed 100644 --- a/cves/2022/CVE-2022-0591.yaml +++ b/cves/2022/CVE-2022-0591.yaml @@ -8,12 +8,14 @@ info: reference: - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47 - https://nvd.nist.gov/vuln/detail/CVE-2022-0591 - tags: wp,wp-plugin,wordpress,cve,formcraft3,wpscan,ssrf,cve2022,unauth classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.10 + cvss-score: 9.1 cve-id: CVE-2022-0591 cwe-id: CWE-918 + cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:*:*:* + epss-score: 0.00509 + tags: wp,wp-plugin,wordpress,cve,formcraft3,wpscan,ssrf,cve2022,unauth requests: - method: GET diff --git a/cves/2022/CVE-2022-0594.yaml b/cves/2022/CVE-2022-0594.yaml index 7fabd075cd..9709f4df6a 100644 --- a/cves/2022/CVE-2022-0594.yaml +++ b/cves/2022/CVE-2022-0594.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-0594 cwe-id: CWE-863 + cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:*:*:* + epss-score: 0.00302 metadata: verified: "true" tags: cve,cve2022,wordpress,wp,wp-plugin,exposure,wpscan diff --git a/cves/2022/CVE-2022-0595.yaml b/cves/2022/CVE-2022-0595.yaml index 85f16ad2ee..ec12f7a3d7 100644 --- a/cves/2022/CVE-2022-0595.yaml +++ b/cves/2022/CVE-2022-0595.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0595 cwe-id: CWE-79 + cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:*:*:* + epss-score: 0.00135 tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive,unauth requests: diff --git a/cves/2022/CVE-2022-0599.yaml b/cves/2022/CVE-2022-0599.yaml index b1a73d1aa8..afd58eb2cb 100644 --- a/cves/2022/CVE-2022-0599.yaml +++ b/cves/2022/CVE-2022-0599.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0599 cwe-id: CWE-79 + cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:*:*:* + epss-score: 0.00097 tags: cve,cve2022,wordpress,wp-plugin,xss,wp,authenticated,wpscan requests: diff --git a/cves/2022/CVE-2022-0653.yaml b/cves/2022/CVE-2022-0653.yaml index 97a429face..cef98dd2de 100644 --- a/cves/2022/CVE-2022-0653.yaml +++ b/cves/2022/CVE-2022-0653.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0653 cwe-id: CWE-79 + cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:*:*:* + epss-score: 0.00755 tags: cve,cve2022,wordpress,xss,wp-plugin requests: diff --git a/cves/2022/CVE-2022-0656.yaml b/cves/2022/CVE-2022-0656.yaml index 0cef636e67..39fd184c75 100644 --- a/cves/2022/CVE-2022-0656.yaml +++ b/cves/2022/CVE-2022-0656.yaml @@ -13,6 +13,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-0656 cwe-id: CWE-552 + cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:*:*:*:*:*:*:*:*:* + epss-score: 0.00588 metadata: google-query: inurl:"/wp-content/plugins/udraw" verified: "true" diff --git a/cves/2022/CVE-2022-0660.yaml b/cves/2022/CVE-2022-0660.yaml index 9cdc808f6e..b81d731e02 100644 --- a/cves/2022/CVE-2022-0660.yaml +++ b/cves/2022/CVE-2022-0660.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-0660 cwe-id: CWE-209 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.0053 metadata: verified: "true" tags: cve2022,microweber,disclosure,authenticated,huntr,cve diff --git a/cves/2022/CVE-2022-0678.yaml b/cves/2022/CVE-2022-0678.yaml index e551ad2a55..51d1e489de 100644 --- a/cves/2022/CVE-2022-0678.yaml +++ b/cves/2022/CVE-2022-0678.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0678 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00134 metadata: shodan-query: http.favicon.hash:780351152 verified: "true" diff --git a/cves/2022/CVE-2022-0679.yaml b/cves/2022/CVE-2022-0679.yaml index 653b6f5f12..4e0a785533 100644 --- a/cves/2022/CVE-2022-0679.yaml +++ b/cves/2022/CVE-2022-0679.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0679 cwe-id: CWE-22 + cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:*:*:* + epss-score: 0.00661 metadata: verified: "true" tags: narnoo-distributor,cve,cve2022,wordpress,wp-plugin,wpscan,wp,rce,unauth,lfi diff --git a/cves/2022/CVE-2022-0692.yaml b/cves/2022/CVE-2022-0692.yaml index 66d040fbd4..288ba8a43c 100644 --- a/cves/2022/CVE-2022-0692.yaml +++ b/cves/2022/CVE-2022-0692.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0692 cwe-id: CWE-601 + cpe: cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: huntr,cve,cve2022,redirect,rudloff,alltube requests: diff --git a/cves/2022/CVE-2022-0693.yaml b/cves/2022/CVE-2022-0693.yaml index 4a8ef1d846..b798fedee9 100644 --- a/cves/2022/CVE-2022-0693.yaml +++ b/cves/2022/CVE-2022-0693.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0693 cwe-id: CWE-89 + cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:*:*:* + epss-score: 0.00782 metadata: verified: "true" tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022 diff --git a/cves/2022/CVE-2022-0735.yaml b/cves/2022/CVE-2022-0735.yaml index d924ae0074..4b034138ae 100644 --- a/cves/2022/CVE-2022-0735.yaml +++ b/cves/2022/CVE-2022-0735.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0735 cwe-id: CWE-863 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.05572 metadata: shodan-query: http.title:"GitLab" tags: cve,cve2022,gitlab diff --git a/cves/2022/CVE-2022-0760.yaml b/cves/2022/CVE-2022-0760.yaml index 511212dcf5..b43e606d72 100644 --- a/cves/2022/CVE-2022-0760.yaml +++ b/cves/2022/CVE-2022-0760.yaml @@ -10,11 +10,14 @@ info: - https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210 - https://wordpress.org/plugins/simple-link-directory/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0760 + - https://plugins.trac.wordpress.org/changeset/2684915 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0760 cwe-id: CWE-89 + cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:*:*:* + epss-score: 0.00879 metadata: verified: "true" tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan diff --git a/cves/2022/CVE-2022-0781.yaml b/cves/2022/CVE-2022-0781.yaml index 9e057c78fd..d0fe920169 100644 --- a/cves/2022/CVE-2022-0781.yaml +++ b/cves/2022/CVE-2022-0781.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0781 cwe-id: CWE-89 + cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:*:*:* + epss-score: 0.01112 metadata: verified: "true" tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,nirweb-support,unauth diff --git a/cves/2022/CVE-2022-0784.yaml b/cves/2022/CVE-2022-0784.yaml index b34521c73d..42e400de4d 100644 --- a/cves/2022/CVE-2022-0784.yaml +++ b/cves/2022/CVE-2022-0784.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0784 cwe-id: CWE-89 + cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:*:*:* + epss-score: 0.01515 metadata: verified: "true" tags: cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,cve2022,wordpress diff --git a/cves/2022/CVE-2022-0785.yaml b/cves/2022/CVE-2022-0785.yaml index 730f0e192d..fbe632f820 100644 --- a/cves/2022/CVE-2022-0785.yaml +++ b/cves/2022/CVE-2022-0785.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0785 cwe-id: CWE-89 + cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:*:*:* + epss-score: 0.01364 metadata: verified: "true" tags: sqli,wordpress,wp-plugin,unauth,daily-prayer-time-for-mosques,wpscan,cve,cve2022,wp diff --git a/cves/2022/CVE-2022-0786.yaml b/cves/2022/CVE-2022-0786.yaml index f8a96a7566..7fa14eb61e 100644 --- a/cves/2022/CVE-2022-0786.yaml +++ b/cves/2022/CVE-2022-0786.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0786 cwe-id: CWE-89 + cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:*:*:* + epss-score: 0.02366 metadata: verified: "true" tags: sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,cve,cve2022,wpscan diff --git a/cves/2022/CVE-2022-0788.yaml b/cves/2022/CVE-2022-0788.yaml index e7ca0e4754..53ddd22241 100644 --- a/cves/2022/CVE-2022-0788.yaml +++ b/cves/2022/CVE-2022-0788.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0788 cwe-id: CWE-89 + cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:*:*:* + epss-score: 0.02366 metadata: verified: "true" tags: cve,sqli,wordpress,wp-plugin,cve2022,wp,wp-fundraising-donation,unauth,wpscan diff --git a/cves/2022/CVE-2022-0817.yaml b/cves/2022/CVE-2022-0817.yaml index 0636e1e6c9..b75017b01e 100644 --- a/cves/2022/CVE-2022-0817.yaml +++ b/cves/2022/CVE-2022-0817.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0817 cwe-id: CWE-89 + cpe: cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:*:*:* + epss-score: 0.01364 metadata: verified: "true" tags: cve2022,wp,unauth,sqli,cve,wp-plugin,badgeos,wpscan,wordpress diff --git a/cves/2022/CVE-2022-0824.yaml b/cves/2022/CVE-2022-0824.yaml index cec83fac34..674b7801ee 100644 --- a/cves/2022/CVE-2022-0824.yaml +++ b/cves/2022/CVE-2022-0824.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-0824 cwe-id: CWE-284 + cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* + epss-score: 0.9725 tags: rce,oss,huntr,cve,cve2022,webmin,authenticated requests: diff --git a/cves/2022/CVE-2022-0826.yaml b/cves/2022/CVE-2022-0826.yaml index 3f7127dcdb..1d8c1480a4 100644 --- a/cves/2022/CVE-2022-0826.yaml +++ b/cves/2022/CVE-2022-0826.yaml @@ -15,8 +15,10 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0826 cwe-id: CWE-89 + cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:*:*:* + epss-score: 0.01364 metadata: - verified: true + verified: "true" tags: cve2022,wp-plugin,wpscan,cve,wordpress,wp,sqli,wp-video-gallery-free,unauth requests: diff --git a/cves/2022/CVE-2022-0827.yaml b/cves/2022/CVE-2022-0827.yaml index 50f237c799..9984f2ae52 100644 --- a/cves/2022/CVE-2022-0827.yaml +++ b/cves/2022/CVE-2022-0827.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0827 cwe-id: CWE-89 + cpe: cpe:2.3:a:presspage:bestbooks:*:*:*:*:*:*:*:* + epss-score: 0.02366 metadata: verified: "true" tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,bestbooks,unauthenticated diff --git a/cves/2022/CVE-2022-0867.yaml b/cves/2022/CVE-2022-0867.yaml index c48ac66959..8442574fea 100644 --- a/cves/2022/CVE-2022-0867.yaml +++ b/cves/2022/CVE-2022-0867.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0867 cwe-id: CWE-89 + cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:*:*:* + epss-score: 0.0208 metadata: verified: "true" tags: unauth,wp,cve2022,wordpress,wp-plugin,arprice-responsive-pricing-table,sqli,wpscan,cve diff --git a/cves/2022/CVE-2022-0870.yaml b/cves/2022/CVE-2022-0870.yaml index 8c32d7d0d1..fc6ae542f4 100644 --- a/cves/2022/CVE-2022-0870.yaml +++ b/cves/2022/CVE-2022-0870.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-0870 cwe-id: CWE-918 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* + epss-score: 0.00125 metadata: verified: "true" tags: cve,cve2022,ssrf,gogs,authenticated,huntr diff --git a/cves/2022/CVE-2022-0885.yaml b/cves/2022/CVE-2022-0885.yaml index d1934d2c8f..77de7bd6f2 100644 --- a/cves/2022/CVE-2022-0885.yaml +++ b/cves/2022/CVE-2022-0885.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0885 cwe-id: CWE-94 + cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:*:*:* + epss-score: 0.07018 metadata: verified: "true" tags: unauth,wpscan,wp-plugin,rce,wp,wordpress,member-hero,cve,cve2022 diff --git a/cves/2022/CVE-2022-0928.yaml b/cves/2022/CVE-2022-0928.yaml index 9d8b37f2fa..61adc18671 100644 --- a/cves/2022/CVE-2022-0928.yaml +++ b/cves/2022/CVE-2022-0928.yaml @@ -15,8 +15,10 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0928 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00135 metadata: - verified: true + verified: "true" tags: cve,cve2022,authenticated,huntr,xss,microweber,cms requests: diff --git a/cves/2022/CVE-2022-0948.yaml b/cves/2022/CVE-2022-0948.yaml index 21a5a6fec2..a9bdd8e97c 100644 --- a/cves/2022/CVE-2022-0948.yaml +++ b/cves/2022/CVE-2022-0948.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0948 cwe-id: CWE-89 + cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.03454 metadata: verified: "true" tags: cve,wp,unauth,sqli,woc-order-alert,wpscan,cve2022,wordpress,wp-plugin diff --git a/cves/2022/CVE-2022-0949.yaml b/cves/2022/CVE-2022-0949.yaml index d820a83c25..63fc6680c5 100644 --- a/cves/2022/CVE-2022-0949.yaml +++ b/cves/2022/CVE-2022-0949.yaml @@ -6,16 +6,18 @@ info: severity: critical description: | WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. - remediation: Fixed in version 6.930. reference: - https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb - https://wordpress.org/plugins/stopbadbots/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0949 + remediation: Fixed in version 6.930. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0949 cwe-id: CWE-89 + cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:*:*:* + epss-score: 0.01364 metadata: verified: "true" tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress diff --git a/cves/2022/CVE-2022-0952.yaml b/cves/2022/CVE-2022-0952.yaml index c51d27c117..1fdbf10996 100644 --- a/cves/2022/CVE-2022-0952.yaml +++ b/cves/2022/CVE-2022-0952.yaml @@ -14,6 +14,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-0952 cwe-id: CWE-862 + cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:*:*:* + epss-score: 0.34971 metadata: verified: "true" tags: wp,wp-plugin,sitemap,wpscan,cve,cve2022,wordpress diff --git a/cves/2022/CVE-2022-0954.yaml b/cves/2022/CVE-2022-0954.yaml index 3bec175e5b..5d9c050ab9 100644 --- a/cves/2022/CVE-2022-0954.yaml +++ b/cves/2022/CVE-2022-0954.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0954 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00135 metadata: verified: "true" tags: cve,cve2022,xss,microweber,huntr diff --git a/cves/2022/CVE-2022-0963.yaml b/cves/2022/CVE-2022-0963.yaml index 5a03cfe931..5c317fe6f8 100644 --- a/cves/2022/CVE-2022-0963.yaml +++ b/cves/2022/CVE-2022-0963.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0963 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00135 metadata: verified: "true" tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive diff --git a/cves/2022/CVE-2022-0968.yaml b/cves/2022/CVE-2022-0968.yaml index 7f6d1ea147..9c7a39a190 100644 --- a/cves/2022/CVE-2022-0968.yaml +++ b/cves/2022/CVE-2022-0968.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.5 cve-id: CVE-2022-0968 cwe-id: CWE-190 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00091 tags: cve,cve2022,overflow,microweber,cms,huntr variables: diff --git a/cves/2022/CVE-2022-1007.yaml b/cves/2022/CVE-2022-1007.yaml index 5e0561daf8..d91b5adb76 100644 --- a/cves/2022/CVE-2022-1007.yaml +++ b/cves/2022/CVE-2022-1007.yaml @@ -10,11 +10,14 @@ info: - https://wpscan.com/vulnerability/6f5b764b-d13b-4371-9cc5-91204d9d6358 - https://wordpress.org/plugins/advanced-booking-calendar/ - https://nvd.nist.gov/vuln/detail/cve-2022-1007 + - https://plugins.trac.wordpress.org/changeset/2695427 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1007 cwe-id: CWE-79 + cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: wp-plugin,advanced-booking-calendar,cve,cve2022,wp,authenticated,wpscan,wordpress,xss diff --git a/cves/2022/CVE-2022-1013.yaml b/cves/2022/CVE-2022-1013.yaml index c17d2f4ed6..580d1de119 100644 --- a/cves/2022/CVE-2022-1013.yaml +++ b/cves/2022/CVE-2022-1013.yaml @@ -6,16 +6,18 @@ info: severity: critical description: | WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. - remediation: Fixed in version 1.3.4. reference: - https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d - https://wordpress.org/plugins/personal-dictionary/ - https://nvd.nist.gov/vuln/detail/CVE-2022-1013 + remediation: Fixed in version 1.3.4. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-1013 cwe-id: CWE-89 + cpe: cpe:2.3:a:ays-pro:personal_dictionary:*:*:*:*:*:*:*:* + epss-score: 0.00876 metadata: verified: "true" tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary diff --git a/cves/2022/CVE-2022-1020.yaml b/cves/2022/CVE-2022-1020.yaml index 4293352fff..6fa4c45856 100644 --- a/cves/2022/CVE-2022-1020.yaml +++ b/cves/2022/CVE-2022-1020.yaml @@ -13,6 +13,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1020 cwe-id: CWE-352,CWE-862 + cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:*:*:* + epss-score: 0.00604 tags: wpscan,wp,wp-plugin,wordpress,cve,cve2022,unauth requests: diff --git a/cves/2022/CVE-2022-1040.yaml b/cves/2022/CVE-2022-1040.yaml index c21e4a0d94..2882edb5f0 100644 --- a/cves/2022/CVE-2022-1040.yaml +++ b/cves/2022/CVE-2022-1040.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1040 cwe-id: CWE-287 + cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:* + epss-score: 0.9741 metadata: shodan-query: http.title:"Sophos" verified: "true" diff --git a/cves/2022/CVE-2022-1054.yaml b/cves/2022/CVE-2022-1054.yaml index e72719b86f..b18900565a 100644 --- a/cves/2022/CVE-2022-1054.yaml +++ b/cves/2022/CVE-2022-1054.yaml @@ -12,6 +12,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-1054 cwe-id: CWE-862 + cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:*:*:* + epss-score: 0.00349 tags: wordpress,cve,cve2022,wpscan,wp,wp-plugin requests: diff --git a/cves/2022/CVE-2022-1057.yaml b/cves/2022/CVE-2022-1057.yaml index a648f83342..cf1fa8625f 100644 --- a/cves/2022/CVE-2022-1057.yaml +++ b/cves/2022/CVE-2022-1057.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1057 cwe-id: CWE-89 + cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.11201 metadata: verified: "true" tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,pricing-deals-for-woocommerce,unauth diff --git a/cves/2022/CVE-2022-1058.yaml b/cves/2022/CVE-2022-1058.yaml index 23a12de324..eed2d751b6 100644 --- a/cves/2022/CVE-2022-1058.yaml +++ b/cves/2022/CVE-2022-1058.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1058 cwe-id: CWE-601 + cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* + epss-score: 0.001 metadata: shodan-query: title:"Gitea" verified: "true" diff --git a/cves/2022/CVE-2022-1119.yaml b/cves/2022/CVE-2022-1119.yaml index 2e0ecf66e8..3a037235c5 100644 --- a/cves/2022/CVE-2022-1119.yaml +++ b/cves/2022/CVE-2022-1119.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1119 cwe-id: CWE-22 + cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:*:*:* + epss-score: 0.34055 tags: wp,wp-plugin,wpscan,cve,cve2022,lfi,wordpress requests: diff --git a/cves/2022/CVE-2022-1162.yaml b/cves/2022/CVE-2022-1162.yaml index c7c95021e2..6c497e1815 100644 --- a/cves/2022/CVE-2022-1162.yaml +++ b/cves/2022/CVE-2022-1162.yaml @@ -9,14 +9,17 @@ info: - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162 + - http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-1162 cwe-id: CWE-798 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.14658 metadata: shodan-query: http.title:"GitLab" - tags: cve,cve2022,gitlab + tags: cve,cve2022,gitlab,packetstorm requests: - method: GET diff --git a/cves/2022/CVE-2022-1168.yaml b/cves/2022/CVE-2022-1168.yaml index 9a72a0b6b8..22353c023e 100644 --- a/cves/2022/CVE-2022-1168.yaml +++ b/cves/2022/CVE-2022-1168.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1168 cwe-id: CWE-79 + cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:*:*:* + epss-score: 0.001 metadata: google-query: inurl:"wp-content/plugins/wp-jobsearch" verified: "true" diff --git a/cves/2022/CVE-2022-1221.yaml b/cves/2022/CVE-2022-1221.yaml index 6c2b34470f..5eac5f6938 100644 --- a/cves/2022/CVE-2022-1221.yaml +++ b/cves/2022/CVE-2022-1221.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1221 cwe-id: CWE-79 + cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve diff --git a/cves/2022/CVE-2022-1329.yaml b/cves/2022/CVE-2022-1329.yaml index bebc0df20b..60f0bde4f0 100644 --- a/cves/2022/CVE-2022-1329.yaml +++ b/cves/2022/CVE-2022-1329.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-1329 cwe-id: CWE-434 + cpe: cpe:2.3:a:elementor:elementor_website_builder:*:*:*:*:*:*:*:* + epss-score: 0.96934 metadata: verified: "true" tags: cve,cve2022,rce,wordpress,wp-plugin,wp,elementor,authenticated,intrusive,fileupload diff --git a/cves/2022/CVE-2022-1386.yaml b/cves/2022/CVE-2022-1386.yaml index 6f289f524d..a52dd36f74 100644 --- a/cves/2022/CVE-2022-1386.yaml +++ b/cves/2022/CVE-2022-1386.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1386 cwe-id: CWE-918 + cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:*:*:* + epss-score: 0.03501 tags: wpscan,cve,cve2022,wordpress,ssrf,themefusion,wp,fusion,avada requests: diff --git a/cves/2022/CVE-2022-1388.yaml b/cves/2022/CVE-2022-1388.yaml index 824800fadb..07f010c86c 100644 --- a/cves/2022/CVE-2022-1388.yaml +++ b/cves/2022/CVE-2022-1388.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1388 cwe-id: CWE-306 + epss-score: 0.97462 metadata: shodan-query: http.title:"BIG-IP®-+Redirect" +"Server" verified: "true" diff --git a/cves/2022/CVE-2022-1390.yaml b/cves/2022/CVE-2022-1390.yaml index 32c8954e74..c547200dd8 100644 --- a/cves/2022/CVE-2022-1390.yaml +++ b/cves/2022/CVE-2022-1390.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1390 cwe-id: CWE-22 + cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:*:*:* + epss-score: 0.96251 tags: packetstorm,wpscan,cve,cve2022,wordpress,wp-plugin,lfi,wp requests: diff --git a/cves/2022/CVE-2022-1391.yaml b/cves/2022/CVE-2022-1391.yaml index bc1d0889fc..4197f56bbc 100644 --- a/cves/2022/CVE-2022-1391.yaml +++ b/cves/2022/CVE-2022-1391.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1391 cwe-id: CWE-22 + cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:*:*:* + epss-score: 0.0147 tags: cve2022,wordpress,wp-plugin,lfi,wp,edb,wpscan,cve requests: diff --git a/cves/2022/CVE-2022-1392.yaml b/cves/2022/CVE-2022-1392.yaml index b75a81b595..717f4555e9 100644 --- a/cves/2022/CVE-2022-1392.yaml +++ b/cves/2022/CVE-2022-1392.yaml @@ -13,8 +13,10 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1392 + cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:*:*:* + epss-score: 0.00757 metadata: - verified: true + verified: "true" tags: lfi,wp-plugin,unauth,wpscan,cve,cve2022,packetstorm,wp,wordpress requests: diff --git a/cves/2022/CVE-2022-1398.yaml b/cves/2022/CVE-2022-1398.yaml index f0e3ae16ef..4684cabf82 100644 --- a/cves/2022/CVE-2022-1398.yaml +++ b/cves/2022/CVE-2022-1398.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.5 cve-id: CVE-2022-1398 cwe-id: CWE-981 + cpe: cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:*:*:* + epss-score: 0.00319 metadata: verified: "true" tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,wpscan,external-media-without-import,authenticated diff --git a/cves/2022/CVE-2022-1439.yaml b/cves/2022/CVE-2022-1439.yaml index b1a66614ea..cbb23a730e 100644 --- a/cves/2022/CVE-2022-1439.yaml +++ b/cves/2022/CVE-2022-1439.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1439 cwe-id: CWE-79 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: shodan-query: http.favicon.hash:780351152 tags: cve,cve2022,microweber,xss,huntr diff --git a/cves/2022/CVE-2022-1442.yaml b/cves/2022/CVE-2022-1442.yaml index 37503839c6..30115565b7 100644 --- a/cves/2022/CVE-2022-1442.yaml +++ b/cves/2022/CVE-2022-1442.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1442 cwe-id: CWE-862 + cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:*:*:* + epss-score: 0.02891 metadata: google-query: inurl:/wp-content/plugins/metform verified: "true" diff --git a/cves/2022/CVE-2022-1574.yaml b/cves/2022/CVE-2022-1574.yaml index e527846980..36b4305857 100644 --- a/cves/2022/CVE-2022-1574.yaml +++ b/cves/2022/CVE-2022-1574.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1574 cwe-id: CWE-434 + cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:*:*:* + epss-score: 0.60802 metadata: verified: "true" tags: wp-plugin,wp,fileupload,unauth,wpscan,cve2022,wordpress,intrusive,cve,html2wp diff --git a/cves/2022/CVE-2022-1595.yaml b/cves/2022/CVE-2022-1595.yaml index da9080884e..9f25911041 100644 --- a/cves/2022/CVE-2022-1595.yaml +++ b/cves/2022/CVE-2022-1595.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-1595 cwe-id: CWE-200 + cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:*:*:* + epss-score: 0.00145 metadata: verified: "true" tags: unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url diff --git a/cves/2022/CVE-2022-1597.yaml b/cves/2022/CVE-2022-1597.yaml index 35ebc1c232..e3b4285546 100644 --- a/cves/2022/CVE-2022-1597.yaml +++ b/cves/2022/CVE-2022-1597.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1597 cwe-id: CWE-79 + cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:*:*:* + epss-score: 0.00139 metadata: google-query: inurl:/wp-content/plugins/wpqa verified: "true" diff --git a/cves/2022/CVE-2022-1598.yaml b/cves/2022/CVE-2022-1598.yaml index 7ba07fced5..f569105da1 100644 --- a/cves/2022/CVE-2022-1598.yaml +++ b/cves/2022/CVE-2022-1598.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-1598 cwe-id: CWE-284 + cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:*:*:* + epss-score: 0.00236 metadata: google-query: inurl:/wp-content/plugins/wpqa verified: "true" diff --git a/cves/2022/CVE-2022-1713.yaml b/cves/2022/CVE-2022-1713.yaml index 95a34fc4aa..12ec4456ff 100644 --- a/cves/2022/CVE-2022-1713.yaml +++ b/cves/2022/CVE-2022-1713.yaml @@ -15,9 +15,11 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1713 cwe-id: CWE-918 + cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:* + epss-score: 0.00715 metadata: - verified: true shodan-query: http.title:"Flowchart Maker" + verified: "true" tags: drawio,ssrf,oss,huntr,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-1724.yaml b/cves/2022/CVE-2022-1724.yaml index 97950e4ae3..88c4d7c671 100644 --- a/cves/2022/CVE-2022-1724.yaml +++ b/cves/2022/CVE-2022-1724.yaml @@ -13,6 +13,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1724 cwe-id: CWE-79 + cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: xss,wp,wordpress,wpscan,cve,cve2022,wp-plugin diff --git a/cves/2022/CVE-2022-1768.yaml b/cves/2022/CVE-2022-1768.yaml index bef9abc90f..070d099d78 100644 --- a/cves/2022/CVE-2022-1768.yaml +++ b/cves/2022/CVE-2022-1768.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1768 cwe-id: CWE-89 + cpe: cpe:2.3:a:rsvpmaker_project:rsvpmaker:*:*:*:*:*:*:*:* + epss-score: 0.72757 metadata: verified: "true" tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,rsvpmaker diff --git a/cves/2022/CVE-2022-1815.yaml b/cves/2022/CVE-2022-1815.yaml index f7a27e1593..fd061b1679 100644 --- a/cves/2022/CVE-2022-1815.yaml +++ b/cves/2022/CVE-2022-1815.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1815 cwe-id: CWE-918 + cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:* + epss-score: 0.0061 metadata: verified: "true" tags: huntr,cve,cve2022,drawio,ssrf,oast,oss,jgraph diff --git a/cves/2022/CVE-2022-1883.yaml b/cves/2022/CVE-2022-1883.yaml index 6dd9c15038..ce6a12d0fd 100644 --- a/cves/2022/CVE-2022-1883.yaml +++ b/cves/2022/CVE-2022-1883.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-1883 cwe-id: CWE-89 + cpe: cpe:2.3:a:camptocamp:terraboard:*:*:*:*:*:*:*:* + epss-score: 0.11596 tags: cve,cve2022,terraboard,sqli,huntr requests: diff --git a/cves/2022/CVE-2022-1904.yaml b/cves/2022/CVE-2022-1904.yaml index 37cac91201..66b863405d 100644 --- a/cves/2022/CVE-2022-1904.yaml +++ b/cves/2022/CVE-2022-1904.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1904 cwe-id: CWE-79 + cpe: cpe:2.3:a:fatcatapps:easy_pricing_tables:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: verified: "true" tags: wp,wordpress,wpscan,cve,cve2022,wp-plugin,xss diff --git a/cves/2022/CVE-2022-1906.yaml b/cves/2022/CVE-2022-1906.yaml index 0cf1efbc16..4222fbe3b2 100644 --- a/cves/2022/CVE-2022-1906.yaml +++ b/cves/2022/CVE-2022-1906.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1906 cwe-id: CWE-79 + cpe: cpe:2.3:a:digiprove:copyright_proof:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: google-query: inurl:/wp-content/plugins/digiproveblog verified: "true" diff --git a/cves/2022/CVE-2022-1910.yaml b/cves/2022/CVE-2022-1910.yaml index c31593fdf5..53bc82960b 100644 --- a/cves/2022/CVE-2022-1910.yaml +++ b/cves/2022/CVE-2022-1910.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1910 cwe-id: CWE-79 + cpe: cpe:2.3:a:averta:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: wordpress,xss,auxin-elements,wpscan,cve,cve2017,wp-plugin,wp diff --git a/cves/2022/CVE-2022-1916.yaml b/cves/2022/CVE-2022-1916.yaml index 2f98314a2d..d0c56c1655 100644 --- a/cves/2022/CVE-2022-1916.yaml +++ b/cves/2022/CVE-2022-1916.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1916 cwe-id: CWE-79 + cpe: cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00083 tags: wordpress,wp-plugin,xss,wpscan,cve,cve2022,wp requests: diff --git a/cves/2022/CVE-2022-1933.yaml b/cves/2022/CVE-2022-1933.yaml index 377b69c9d1..0f3257289d 100644 --- a/cves/2022/CVE-2022-1933.yaml +++ b/cves/2022/CVE-2022-1933.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1933 cwe-id: CWE-79 + cpe: cpe:2.3:a:collect_and_deliver_interface_for_woocommerce_project:collect_and_deliver_interface_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: verified: "true" tags: cdi,wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss diff --git a/cves/2022/CVE-2022-1937.yaml b/cves/2022/CVE-2022-1937.yaml index 8dc8e0c289..08a1b74022 100644 --- a/cves/2022/CVE-2022-1937.yaml +++ b/cves/2022/CVE-2022-1937.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1937 cwe-id: CWE-79 + cpe: cpe:2.3:a:awin:awin_data_feed:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: verified: "true" tags: cve,cve2022,xss,awin,wpscan,wp-plugin,wp,wordpress,authenticated diff --git a/cves/2022/CVE-2022-1946.yaml b/cves/2022/CVE-2022-1946.yaml index 2e83277a35..1b1d8e99fa 100644 --- a/cves/2022/CVE-2022-1946.yaml +++ b/cves/2022/CVE-2022-1946.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1946 cwe-id: CWE-79 + cpe: cpe:2.3:a:wpdevart:gallery:*:*:*:*:*:*:*:* + epss-score: 0.00083 metadata: google-query: inurl:"/wp-content/plugins/gallery-album/" verified: "true" diff --git a/cves/2022/CVE-2022-1952.yaml b/cves/2022/CVE-2022-1952.yaml index 2124b7189e..40f8014e23 100644 --- a/cves/2022/CVE-2022-1952.yaml +++ b/cves/2022/CVE-2022-1952.yaml @@ -15,8 +15,10 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1952 cwe-id: CWE-434 + cpe: cpe:2.3:a:syntactics:free_booking_plugin_for_hotels\,_restaurant_and_car_rental:*:*:*:*:*:*:*:* + epss-score: 0.96693 metadata: - verified: true + verified: "true" tags: cve,cve2022,wpscan,wordpress,easync-booking,unauth,wp,file-upload,wp-plugin,intrusive requests: diff --git a/cves/2022/CVE-2022-2034.yaml b/cves/2022/CVE-2022-2034.yaml index 39a3b636ec..113662ebc1 100644 --- a/cves/2022/CVE-2022-2034.yaml +++ b/cves/2022/CVE-2022-2034.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2034 cwe-id: CWE-862 + cpe: cpe:2.3:a:automattic:sensei_lms:*:*:*:*:*:*:*:* + epss-score: 0.01053 metadata: verified: "true" tags: wp,disclosure,wpscan,cve,cve2022,sensei-lms,fuzz,hackerone,wordpress,wp-plugin diff --git a/cves/2022/CVE-2022-21371.yaml b/cves/2022/CVE-2022-21371.yaml index 261214bd05..b2b87cf030 100644 --- a/cves/2022/CVE-2022-21371.yaml +++ b/cves/2022/CVE-2022-21371.yaml @@ -9,11 +9,14 @@ info: - https://www.oracle.com/security-alerts/cpujan2022.html - https://nvd.nist.gov/vuln/detail/CVE-2022-21371 - https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786 + - http://packetstormsecurity.com/files/165736/Oracle-WebLogic-Server-14.1.1.0.0-Local-File-Inclusion.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-21371 - tags: cve,cve2022,lfi,weblogic,oracle + cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* + epss-score: 0.9693 + tags: cve,cve2022,lfi,weblogic,oracle,packetstorm requests: - method: GET diff --git a/cves/2022/CVE-2022-21500.yaml b/cves/2022/CVE-2022-21500.yaml index 3f0025ae73..80fe68ff51 100644 --- a/cves/2022/CVE-2022-21500.yaml +++ b/cves/2022/CVE-2022-21500.yaml @@ -15,6 +15,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-21500 + epss-score: 0.97069 metadata: shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200 verified: "true" diff --git a/cves/2022/CVE-2022-21587.yaml b/cves/2022/CVE-2022-21587.yaml index 42c4119f08..54173c17ba 100644 --- a/cves/2022/CVE-2022-21587.yaml +++ b/cves/2022/CVE-2022-21587.yaml @@ -10,12 +10,15 @@ info: - https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/ - https://www.oracle.com/security-alerts/cpuoct2022.html - https://nvd.nist.gov/vuln/detail/CVE-2022-21587 + - http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-21587 cwe-id: CWE-94 - tags: cve,cve2022,rce,oast,intrusive,oracle,ebs,unauth,kev + cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:* + epss-score: 0.97405 + tags: cve,intrusive,ebs,unauth,kev,cve2022,rce,oast,oracle,packetstorm requests: - raw: diff --git a/cves/2022/CVE-2022-21661.yaml b/cves/2022/CVE-2022-21661.yaml index b4193f2c55..3a88e941e5 100644 --- a/cves/2022/CVE-2022-21661.yaml +++ b/cves/2022/CVE-2022-21661.yaml @@ -17,6 +17,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-21661 cwe-id: CWE-89 + epss-score: 0.95358 metadata: verified: "true" tags: wp,sqli,wpquery,wpscan,packetstorm,cve,cve2022,wordpress diff --git a/cves/2022/CVE-2022-21705.yaml b/cves/2022/CVE-2022-21705.yaml index 1e09625694..d9c88303d4 100644 --- a/cves/2022/CVE-2022-21705.yaml +++ b/cves/2022/CVE-2022-21705.yaml @@ -6,18 +6,20 @@ info: severity: high description: | October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions. - remediation: | - The issue has been patched in Build 474 (1.0.474) and 1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe manually to installation. reference: - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22 - https://cyllective.com/blog/post/octobercms-cve-2022-21705/ - https://nvd.nist.gov/vuln/detail/CVE-2022-21705 + remediation: | + The issue has been patched in Build 474 (1.0.474) and 1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe manually to installation. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-21705 cwe-id: CWE-74 + cpe: cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:* + epss-score: 0.0036 tags: cve,cve2022,authenticated,rce,cms,octobercms,injection requests: diff --git a/cves/2022/CVE-2022-2185.yaml b/cves/2022/CVE-2022-2185.yaml index 9b04432fd6..52e4960dd3 100644 --- a/cves/2022/CVE-2022-2185.yaml +++ b/cves/2022/CVE-2022-2185.yaml @@ -14,6 +14,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-2185 cwe-id: CWE-732 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* + epss-score: 0.12566 metadata: shodan-query: http.title:"GitLab" tags: cve,cve2022,gitlab diff --git a/cves/2022/CVE-2022-2187.yaml b/cves/2022/CVE-2022-2187.yaml index 76ce320f26..d070d8bfda 100644 --- a/cves/2022/CVE-2022-2187.yaml +++ b/cves/2022/CVE-2022-2187.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2187 cwe-id: CWE-79 + cpe: cpe:2.3:a:contact_form_7_captcha_project:contact_form_7_captcha:*:*:*:*:*:*:*:* + epss-score: 0.00071 tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,wp requests: diff --git a/cves/2022/CVE-2022-22242.yaml b/cves/2022/CVE-2022-22242.yaml index c88e8381b9..85e033ff35 100644 --- a/cves/2022/CVE-2022-22242.yaml +++ b/cves/2022/CVE-2022-22242.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-22242 cwe-id: CWE-79 + cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* + epss-score: 0.42509 metadata: shodan-query: title:"Juniper Web Device Manager" verified: "true" diff --git a/cves/2022/CVE-2022-22536.yaml b/cves/2022/CVE-2022-22536.yaml index 6afb76b607..5820c3961b 100644 --- a/cves/2022/CVE-2022-22536.yaml +++ b/cves/2022/CVE-2022-22536.yaml @@ -15,6 +15,7 @@ info: cvss-score: 10 cve-id: CVE-2022-22536 cwe-id: CWE-444 + epss-score: 0.96833 metadata: shodan-query: http.favicon.hash:-266008933 tags: cve,cve2022,sap,smuggling,netweaver,web-dispatcher,memory-pipes,kev diff --git a/cves/2022/CVE-2022-2290.yaml b/cves/2022/CVE-2022-2290.yaml index 7840533def..78a8fab804 100644 --- a/cves/2022/CVE-2022-2290.yaml +++ b/cves/2022/CVE-2022-2290.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2290 cwe-id: CWE-79 + cpe: cpe:2.3:a:trilium_project:trilium:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: shodan-query: title:"Trilium Notes" verified: "true" diff --git a/cves/2022/CVE-2022-22947.yaml b/cves/2022/CVE-2022-22947.yaml index 2b859809f8..c0e55237a5 100644 --- a/cves/2022/CVE-2022-22947.yaml +++ b/cves/2022/CVE-2022-22947.yaml @@ -16,6 +16,7 @@ info: cvss-score: 10 cve-id: CVE-2022-22947 cwe-id: CWE-94 + epss-score: 0.97536 tags: cve,cve2022,apache,spring,vmware,actuator,oast,kev requests: diff --git a/cves/2022/CVE-2022-22954.yaml b/cves/2022/CVE-2022-22954.yaml index 886c9cc465..aa4ca322e9 100644 --- a/cves/2022/CVE-2022-22954.yaml +++ b/cves/2022/CVE-2022-22954.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22954 cwe-id: CWE-94 + epss-score: 0.97529 metadata: shodan-query: http.favicon.hash:-1250474341 tags: workspaceone,kev,tenable,packetstorm,cve,cve2022,vmware,ssti diff --git a/cves/2022/CVE-2022-22963.yaml b/cves/2022/CVE-2022-22963.yaml index f08a8e8a9e..5e29a2b3cb 100644 --- a/cves/2022/CVE-2022-22963.yaml +++ b/cves/2022/CVE-2022-22963.yaml @@ -18,6 +18,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22963 cwe-id: CWE-94 + epss-score: 0.97501 tags: vulhub,cve,cve2022,springcloud,rce,kev requests: diff --git a/cves/2022/CVE-2022-22965.yaml b/cves/2022/CVE-2022-22965.yaml index 41c8a47152..f618d786a3 100644 --- a/cves/2022/CVE-2022-22965.yaml +++ b/cves/2022/CVE-2022-22965.yaml @@ -19,6 +19,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22965 cwe-id: CWE-94 + epss-score: 0.9752 tags: cve,cve2022,rce,spring,injection,oast,intrusive,kev requests: diff --git a/cves/2022/CVE-2022-22972.yaml b/cves/2022/CVE-2022-22972.yaml index dc44fa1296..a45e6b5f72 100644 --- a/cves/2022/CVE-2022-22972.yaml +++ b/cves/2022/CVE-2022-22972.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22972 cwe-id: CWE-287 + epss-score: 0.90493 metadata: fofa-query: app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" tags: cve,cve2022,vmware,auth-bypass,oast diff --git a/cves/2022/CVE-2022-23131.yaml b/cves/2022/CVE-2022-23131.yaml index 40b9b42d62..a80d7d02f5 100644 --- a/cves/2022/CVE-2022-23131.yaml +++ b/cves/2022/CVE-2022-23131.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-23131 cwe-id: CWE-290 + cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* + epss-score: 0.9718 metadata: fofa-query: app="ZABBIX-监控系统" && body="saml" shodan-query: http.favicon.hash:892542951 diff --git a/cves/2022/CVE-2022-23134.yaml b/cves/2022/CVE-2022-23134.yaml index d3252104e3..6cee1f3274 100644 --- a/cves/2022/CVE-2022-23134.yaml +++ b/cves/2022/CVE-2022-23134.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2022-23134 + epss-score: 0.33652 tags: cve,cve2022,zabbix,auth-bypass,kev requests: diff --git a/cves/2022/CVE-2022-2314.yaml b/cves/2022/CVE-2022-2314.yaml index c1d9bc47d7..11176a244d 100644 --- a/cves/2022/CVE-2022-2314.yaml +++ b/cves/2022/CVE-2022-2314.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-2314 cwe-id: CWE-94 + cpe: cpe:2.3:a:vr_calendar_project:vr_calendar:*:*:*:*:*:*:*:* + epss-score: 0.04893 metadata: verified: "true" tags: cve,cve2022,wordpress,wp,wp-plugin,rce,vr-calendar-sync,unauth,wpscan diff --git a/cves/2022/CVE-2022-23178.yaml b/cves/2022/CVE-2022-23178.yaml index 0595e29a98..dc3cbc93f3 100644 --- a/cves/2022/CVE-2022-23178.yaml +++ b/cves/2022/CVE-2022-23178.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-23178 cwe-id: CWE-287 + epss-score: 0.0307 tags: cve,cve2022,crestron,disclosure requests: diff --git a/cves/2022/CVE-2022-23347.yaml b/cves/2022/CVE-2022-23347.yaml index 33fd19a910..632e0d9660 100644 --- a/cves/2022/CVE-2022-23347.yaml +++ b/cves/2022/CVE-2022-23347.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-23347 cwe-id: CWE-22 + cpe: cpe:2.3:a:bigantsoft:bigant_server:*:*:*:*:*:*:*:* + epss-score: 0.11867 metadata: shodan-query: http.html:"BigAnt" verified: "true" diff --git a/cves/2022/CVE-2022-23348.yaml b/cves/2022/CVE-2022-23348.yaml index 6eee2fa3a0..7de7b6127d 100644 --- a/cves/2022/CVE-2022-23348.yaml +++ b/cves/2022/CVE-2022-23348.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-23348 cwe-id: CWE-916 + cpe: cpe:2.3:a:bigantsoft:bigant_server:*:*:*:*:*:*:*:* + epss-score: 0.00337 metadata: shodan-query: http.html:"bigant" verified: "true" diff --git a/cves/2022/CVE-2022-2373.yaml b/cves/2022/CVE-2022-2373.yaml index 7b32cc054a..38ac93ee48 100644 --- a/cves/2022/CVE-2022-2373.yaml +++ b/cves/2022/CVE-2022-2373.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2373 cwe-id: CWE-862 + cpe: cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:*:*:* + epss-score: 0.00392 metadata: verified: "true" tags: simply-schedule-appointments,unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp diff --git a/cves/2022/CVE-2022-2376.yaml b/cves/2022/CVE-2022-2376.yaml index a06ad6605c..0a020e1ffe 100644 --- a/cves/2022/CVE-2022-2376.yaml +++ b/cves/2022/CVE-2022-2376.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2376 cwe-id: CWE-862 + cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:*:*:* + epss-score: 0.10443 tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure requests: diff --git a/cves/2022/CVE-2022-23779.yaml b/cves/2022/CVE-2022-23779.yaml index e42ca66955..f9cf974320 100644 --- a/cves/2022/CVE-2022-23779.yaml +++ b/cves/2022/CVE-2022-23779.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-23779 cwe-id: CWE-200 + cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* + epss-score: 0.00484 metadata: fofa-query: app="ZOHO-ManageEngine-Desktop" tags: cve,cve2022,zoho,exposure diff --git a/cves/2022/CVE-2022-2379.yaml b/cves/2022/CVE-2022-2379.yaml index 096d9efc33..790aab0187 100644 --- a/cves/2022/CVE-2022-2379.yaml +++ b/cves/2022/CVE-2022-2379.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-2379 cwe-id: CWE-862 + cpe: cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:*:*:* + epss-score: 0.0257 metadata: verified: "true" tags: wordpress,wp-plugin,wp,easy-student-results,disclosure,wpscan,cve,cve2022 diff --git a/cves/2022/CVE-2022-23808.yaml b/cves/2022/CVE-2022-23808.yaml index b174bac40d..cf5ae5d59d 100644 --- a/cves/2022/CVE-2022-23808.yaml +++ b/cves/2022/CVE-2022-23808.yaml @@ -15,9 +15,11 @@ info: cvss-score: 6.1 cve-id: CVE-2022-23808 cwe-id: CWE-79 + cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* + epss-score: 0.00166 metadata: - verified: true shodan-query: http.component:"phpmyadmin" + verified: "true" tags: cve,cve2022,phpmyadmin,xss requests: diff --git a/cves/2022/CVE-2022-2383.yaml b/cves/2022/CVE-2022-2383.yaml index 121112e33d..97641e37d7 100644 --- a/cves/2022/CVE-2022-2383.yaml +++ b/cves/2022/CVE-2022-2383.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2383 cwe-id: CWE-79 + cpe: cpe:2.3:a:slickremix:feed_them_social:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss diff --git a/cves/2022/CVE-2022-23854.yaml b/cves/2022/CVE-2022-23854.yaml index 431dfc7406..8b4ba76005 100644 --- a/cves/2022/CVE-2022-23854.yaml +++ b/cves/2022/CVE-2022-23854.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-23854 cwe-id: CWE-23 + cpe: cpe:2.3:a:aveva:intouch_access_anywhere:*:*:*:*:*:*:*:* + epss-score: 0.9685 metadata: shodan-query: http.html:"InTouch Access Anywhere" verified: "true" diff --git a/cves/2022/CVE-2022-23881.yaml b/cves/2022/CVE-2022-23881.yaml index 73150a422c..a5d62a850d 100644 --- a/cves/2022/CVE-2022-23881.yaml +++ b/cves/2022/CVE-2022-23881.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-23881 cwe-id: CWE-77 + cpe: cpe:2.3:a:zzzcms:zzzphp:*:*:*:*:*:*:*:* + epss-score: 0.31115 tags: cve,cve2022,rce,zzzphp,zzzcms requests: diff --git a/cves/2022/CVE-2022-23898.yaml b/cves/2022/CVE-2022-23898.yaml index a4806c0e80..1b508a4a78 100644 --- a/cves/2022/CVE-2022-23898.yaml +++ b/cves/2022/CVE-2022-23898.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-23898 cwe-id: CWE-89 + cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:* + epss-score: 0.01119 metadata: fofa-query: icon_hash="1464851260" shodan-query: http.favicon.hash:1464851260 diff --git a/cves/2022/CVE-2022-23944.yaml b/cves/2022/CVE-2022-23944.yaml index de7aa65f39..bbd9704745 100644 --- a/cves/2022/CVE-2022-23944.yaml +++ b/cves/2022/CVE-2022-23944.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.1 cve-id: CVE-2022-23944 cwe-id: CWE-306 + cpe: cpe:2.3:a:apache:shenyu:*:*:*:*:*:*:*:* + epss-score: 0.25673 tags: cve,cve2022,shenyu,unauth,apache requests: diff --git a/cves/2022/CVE-2022-24112.yaml b/cves/2022/CVE-2022-24112.yaml index 5f79eaed68..3901180cbb 100644 --- a/cves/2022/CVE-2022-24112.yaml +++ b/cves/2022/CVE-2022-24112.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-24112 cwe-id: CWE-290 + cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* + epss-score: 0.97264 metadata: fofa-query: title="Apache APISIX Dashboard" product: https://apisix.apache.org diff --git a/cves/2022/CVE-2022-24124.yaml b/cves/2022/CVE-2022-24124.yaml index 046dee8d11..e7840d3e5d 100644 --- a/cves/2022/CVE-2022-24124.yaml +++ b/cves/2022/CVE-2022-24124.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-24124 cwe-id: CWE-89 + cpe: cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:* + epss-score: 0.003 metadata: product: https://casdoor.org/ shodan-query: http.title:"Casdoor" diff --git a/cves/2022/CVE-2022-24129.yaml b/cves/2022/CVE-2022-24129.yaml index 9d3dc396c3..6536125f0e 100644 --- a/cves/2022/CVE-2022-24129.yaml +++ b/cves/2022/CVE-2022-24129.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.2 cve-id: CVE-2022-24129 cwe-id: CWE-918 + cpe: cpe:2.3:a:shibboleth:oidc_op:*:*:*:*:*:*:*:* + epss-score: 0.00362 tags: cve,cve2022,ssrf,oidc,shibboleth requests: diff --git a/cves/2022/CVE-2022-24181.yaml b/cves/2022/CVE-2022-24181.yaml index e4d4fbe5a6..db944e0d5c 100644 --- a/cves/2022/CVE-2022-24181.yaml +++ b/cves/2022/CVE-2022-24181.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-24181 cwe-id: CWE-79 + cpe: cpe:2.3:a:public_knowledge_project:open_journal_systems:*:*:*:*:*:*:*:* + epss-score: 0.00139 metadata: verified: "true" tags: cve,cve2022,xss,oss,pkp-lib,edb diff --git a/cves/2022/CVE-2022-24260.yaml b/cves/2022/CVE-2022-24260.yaml index e0535c78c8..f8b61cdf95 100644 --- a/cves/2022/CVE-2022-24260.yaml +++ b/cves/2022/CVE-2022-24260.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-24260 cwe-id: CWE-89 + cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* + epss-score: 0.68093 metadata: shodan-query: http.title:"VoIPmonitor" tags: cve,cve2022,voipmonitor,sqli,unauth diff --git a/cves/2022/CVE-2022-24288.yaml b/cves/2022/CVE-2022-24288.yaml index bef446a175..e63b4abdb3 100644 --- a/cves/2022/CVE-2022-24288.yaml +++ b/cves/2022/CVE-2022-24288.yaml @@ -14,9 +14,11 @@ info: cvss-score: 8.8 cve-id: CVE-2022-24288 cwe-id: CWE-78 + cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* + epss-score: 0.6361 metadata: - verified: true shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" + verified: "true" tags: cve,cve2022,airflow,rce requests: diff --git a/cves/2022/CVE-2022-2462.yaml b/cves/2022/CVE-2022-2462.yaml index 7994e02961..3081e86aba 100644 --- a/cves/2022/CVE-2022-2462.yaml +++ b/cves/2022/CVE-2022-2462.yaml @@ -21,6 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2462 cwe-id: CWE-200 + cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:*:*:* + epss-score: 0.00573 tags: cve,cve2022,wordpress,disclosure,wp-plugin,packetstorm requests: diff --git a/cves/2022/CVE-2022-2467.yaml b/cves/2022/CVE-2022-2467.yaml index 175a0dee04..759482f8a6 100644 --- a/cves/2022/CVE-2022-2467.yaml +++ b/cves/2022/CVE-2022-2467.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-2467 cwe-id: CWE-89 + cpe: cpe:2.3:a:garage_management_system_project:garage_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00866 metadata: verified: "true" tags: cve,cve2022,sourcecodester,garagemanagementsystem,sqli diff --git a/cves/2022/CVE-2022-24681.yaml b/cves/2022/CVE-2022-24681.yaml index cb02386823..62888a65ff 100644 --- a/cves/2022/CVE-2022-24681.yaml +++ b/cves/2022/CVE-2022-24681.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-24681 cwe-id: CWE-79 + cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* + epss-score: 0.00153 tags: cve,cve2022,manageengine,xss,authenticated requests: diff --git a/cves/2022/CVE-2022-24816.yaml b/cves/2022/CVE-2022-24816.yaml index a70452b7dd..5832a77646 100644 --- a/cves/2022/CVE-2022-24816.yaml +++ b/cves/2022/CVE-2022-24816.yaml @@ -6,17 +6,19 @@ info: severity: critical description: | Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. - remediation: 1.2.22 contains a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application by removing janino-x.y.z.jar from the classpath. reference: - https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html - https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx - https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb - https://nvd.nist.gov/vuln/detail/CVE-2022-24816 + remediation: 1.2.22 contains a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application by removing janino-x.y.z.jar from the classpath. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24816 cwe-id: CWE-94 + cpe: cpe:2.3:a:geosolutionsgroup:jai-ext:*:*:*:*:*:*:*:* + epss-score: 0.86938 metadata: fofa-query: app="GeoServer" shodan-query: /geoserver/ diff --git a/cves/2022/CVE-2022-24856.yaml b/cves/2022/CVE-2022-24856.yaml index 046487c42a..da8673c8fc 100644 --- a/cves/2022/CVE-2022-24856.yaml +++ b/cves/2022/CVE-2022-24856.yaml @@ -18,6 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-24856 cwe-id: CWE-918 + cpe: cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:* + epss-score: 0.03152 tags: cve,cve2022,flyteconsole,ssrf,oss,hackerone requests: diff --git a/cves/2022/CVE-2022-2486.yaml b/cves/2022/CVE-2022-2486.yaml index bf397b6486..c78e144b0e 100644 --- a/cves/2022/CVE-2022-2486.yaml +++ b/cves/2022/CVE-2022-2486.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-2486 cwe-id: CWE-78 + epss-score: 0.97304 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-2487.yaml b/cves/2022/CVE-2022-2487.yaml index e4ba8d4c26..2fa9ae7174 100644 --- a/cves/2022/CVE-2022-2487.yaml +++ b/cves/2022/CVE-2022-2487.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-2487 cwe-id: CWE-78 + epss-score: 0.97379 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-2488.yaml b/cves/2022/CVE-2022-2488.yaml index f4e04da2f6..fe791db768 100644 --- a/cves/2022/CVE-2022-2488.yaml +++ b/cves/2022/CVE-2022-2488.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-2488 cwe-id: CWE-78 + epss-score: 0.97379 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-24899.yaml b/cves/2022/CVE-2022-24899.yaml index 9b8518686b..b8313fe8ab 100644 --- a/cves/2022/CVE-2022-24899.yaml +++ b/cves/2022/CVE-2022-24899.yaml @@ -10,12 +10,15 @@ info: - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/ - https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2 - https://nvd.nist.gov/vuln/detail/CVE-2022-24899 + - https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html remediation: As a workaround, users may disable canonical tags in the root page settings. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-24899 cwe-id: CWE-79 + cpe: cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* + epss-score: 0.00189 metadata: shodan-query: title:"Contao" tags: cve,cve2022,contao,xss,huntr diff --git a/cves/2022/CVE-2022-24900.yaml b/cves/2022/CVE-2022-24900.yaml index f585c7af50..c88b396ce3 100644 --- a/cves/2022/CVE-2022-24900.yaml +++ b/cves/2022/CVE-2022-24900.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.6 cve-id: CVE-2022-24900 cwe-id: CWE-610 + cpe: cpe:2.3:a:piano_led_visualizer_project:piano_led_visualizer:*:*:*:*:*:*:*:* + epss-score: 0.00414 tags: cve,cve2022,lfi,piano,iot,oss requests: diff --git a/cves/2022/CVE-2022-24990.yaml b/cves/2022/CVE-2022-24990.yaml index 154aa29e43..895c068028 100644 --- a/cves/2022/CVE-2022-24990.yaml +++ b/cves/2022/CVE-2022-24990.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-24990 + epss-score: 0.96745 metadata: shodan-query: TerraMaster tags: cve,cve2022,terramaster,exposure,kev diff --git a/cves/2022/CVE-2022-25082.yaml b/cves/2022/CVE-2022-25082.yaml index d0cd95fd1a..f18674fa67 100644 --- a/cves/2022/CVE-2022-25082.yaml +++ b/cves/2022/CVE-2022-25082.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-25082 cwe-id: CWE-77 + epss-score: 0.03923 tags: totolink,cve,cve2022,router,unauth,rce,iot variables: diff --git a/cves/2022/CVE-2022-25125.yaml b/cves/2022/CVE-2022-25125.yaml index 76ac47c879..4833461179 100644 --- a/cves/2022/CVE-2022-25125.yaml +++ b/cves/2022/CVE-2022-25125.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-25125 cwe-id: CWE-89 + cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:* + epss-score: 0.01119 metadata: fofa-query: icon_hash="1464851260" shodan-query: http.favicon.hash:1464851260 diff --git a/cves/2022/CVE-2022-25216.yaml b/cves/2022/CVE-2022-25216.yaml index fbccebf9ef..0b22f5b069 100644 --- a/cves/2022/CVE-2022-25216.yaml +++ b/cves/2022/CVE-2022-25216.yaml @@ -13,6 +13,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-25216 cwe-id: CWE-22 + epss-score: 0.00605 tags: cve,cve2022,dvdFab,lfi,lfr,tenable requests: diff --git a/cves/2022/CVE-2022-25323.yaml b/cves/2022/CVE-2022-25323.yaml index cc33dc27eb..30887471bf 100644 --- a/cves/2022/CVE-2022-25323.yaml +++ b/cves/2022/CVE-2022-25323.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-25323 cwe-id: CWE-79 + cpe: cpe:2.3:a:zerof:web_server:*:*:*:*:*:*:*:* + epss-score: 0.00112 tags: xss,cve,cve2022,zerof requests: diff --git a/cves/2022/CVE-2022-25356.yaml b/cves/2022/CVE-2022-25356.yaml index 32725a1f9a..81bd461740 100644 --- a/cves/2022/CVE-2022-25356.yaml +++ b/cves/2022/CVE-2022-25356.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-25356 cwe-id: CWE-91 + cpe: cpe:2.3:a:altn:securitygateway:*:*:*:*:*:*:*:* + epss-score: 0.00389 metadata: google-query: inurl:"/SecurityGateway.dll" verified: "true" diff --git a/cves/2022/CVE-2022-2544.yaml b/cves/2022/CVE-2022-2544.yaml index 4e2dd15049..c367eaab3f 100644 --- a/cves/2022/CVE-2022-2544.yaml +++ b/cves/2022/CVE-2022-2544.yaml @@ -15,8 +15,10 @@ info: cvss-score: 7.5 cve-id: CVE-2022-2544 cwe-id: CWE-425 + cpe: cpe:2.3:a:wpmanageninja:ninja_job_board:*:*:*:*:*:*:*:* + epss-score: 0.0159 metadata: - verified: true + verified: "true" tags: ninja,exposure,wpscan,cve,cve2022,wordpress,wp-plugin,wp requests: diff --git a/cves/2022/CVE-2022-2546.yaml b/cves/2022/CVE-2022-2546.yaml index c6e9df6c1e..919911cc13 100644 --- a/cves/2022/CVE-2022-2546.yaml +++ b/cves/2022/CVE-2022-2546.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.7 cve-id: CVE-2022-2546 cwe-id: CWE-79 + cpe: cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:*:*:*:* + epss-score: 0.00361 metadata: verified: "true" tags: cve,all-in-one-wp-migration,authenticated,wpscan,cve2022,wordpress,wp-plugin,wp,xss diff --git a/cves/2022/CVE-2022-25481.yaml b/cves/2022/CVE-2022-25481.yaml index a8d5154ea3..dd8afde0c6 100644 --- a/cves/2022/CVE-2022-25481.yaml +++ b/cves/2022/CVE-2022-25481.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-25481 cwe-id: CWE-668 + cpe: cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:* + epss-score: 0.0072 metadata: shodan-query: title:"ThinkPHP" verified: "true" diff --git a/cves/2022/CVE-2022-2551.yaml b/cves/2022/CVE-2022-2551.yaml index 8a9ec17442..9d8f714158 100644 --- a/cves/2022/CVE-2022-2551.yaml +++ b/cves/2022/CVE-2022-2551.yaml @@ -18,6 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-2551 cwe-id: CWE-425 + cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:*:*:*:* + epss-score: 0.91072 metadata: google-query: inurl:/backups-dup-lite/dup-installer/ verified: "true" diff --git a/cves/2022/CVE-2022-2599.yaml b/cves/2022/CVE-2022-2599.yaml index af6aaba153..5c11aa2200 100644 --- a/cves/2022/CVE-2022-2599.yaml +++ b/cves/2022/CVE-2022-2599.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2599 cwe-id: CWE-79 + cpe: cpe:2.3:a:anti-malware_security_and_brute-force_firewall_project:anti-malware_security_and_brute-force_firewall:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: verified: "true" tags: wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,cve,cve2022 diff --git a/cves/2022/CVE-2022-26134.yaml b/cves/2022/CVE-2022-26134.yaml index f56d736094..1ede21e14e 100644 --- a/cves/2022/CVE-2022-26134.yaml +++ b/cves/2022/CVE-2022-26134.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-26134 cwe-id: CWE-74 + epss-score: 0.97542 metadata: shodan-query: http.component:"Atlassian Confluence" verified: "true" diff --git a/cves/2022/CVE-2022-26138.yaml b/cves/2022/CVE-2022-26138.yaml index 03523083c2..5de31a0333 100644 --- a/cves/2022/CVE-2022-26138.yaml +++ b/cves/2022/CVE-2022-26138.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-26138 cwe-id: CWE-798 + epss-score: 0.97406 metadata: shodan-query: http.component:"Atlassian Confluence" tags: cve,cve2022,confluence,atlassian,default-login,kev diff --git a/cves/2022/CVE-2022-26148.yaml b/cves/2022/CVE-2022-26148.yaml index 145648a2d6..306bd2ad45 100644 --- a/cves/2022/CVE-2022-26148.yaml +++ b/cves/2022/CVE-2022-26148.yaml @@ -14,6 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-26148 + epss-score: 0.15557 metadata: fofa-query: app="Grafana" shodan-query: title:"Grafana" diff --git a/cves/2022/CVE-2022-26159.yaml b/cves/2022/CVE-2022-26159.yaml index 41d6be2d94..498ce50d54 100644 --- a/cves/2022/CVE-2022-26159.yaml +++ b/cves/2022/CVE-2022-26159.yaml @@ -9,10 +9,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-26159 - https://podalirius.net/en/cves/2022-26159/ - https://issues.ametys.org/browse/CMS-10973 + - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-26159 + cpe: cpe:2.3:a:ametys:ametys:*:*:*:*:*:*:*:* + epss-score: 0.00465 tags: cve,cve2022,plugin,ametys,cms requests: diff --git a/cves/2022/CVE-2022-26233.yaml b/cves/2022/CVE-2022-26233.yaml index 3fa45df94d..0045ab7b71 100644 --- a/cves/2022/CVE-2022-26233.yaml +++ b/cves/2022/CVE-2022-26233.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-26233 cwe-id: CWE-22 + cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:* + epss-score: 0.00411 tags: cve,cve2022,barco,lfi,seclists,packetstorm requests: diff --git a/cves/2022/CVE-2022-2627.yaml b/cves/2022/CVE-2022-2627.yaml index 88402e190f..b361b59bc2 100644 --- a/cves/2022/CVE-2022-2627.yaml +++ b/cves/2022/CVE-2022-2627.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2627 cwe-id: CWE-79 + cpe: cpe:2.3:a:tagdiv:newspaper:*:*:*:*:*:*:*:* + epss-score: 0.00064 tags: xss,wordpress,wp,wp-theme,newspaper,wpscan,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-26352.yaml b/cves/2022/CVE-2022-26352.yaml index 159d6dd4a0..d3f1686ddd 100644 --- a/cves/2022/CVE-2022-26352.yaml +++ b/cves/2022/CVE-2022-26352.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-26352 cwe-id: CWE-22,CWE-434 + cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* + epss-score: 0.9749 tags: packetstorm,cve,cve2022,rce,dotcms,kev,fileupload,intrusive requests: diff --git a/cves/2022/CVE-2022-26564.yaml b/cves/2022/CVE-2022-26564.yaml index 33e215310b..d3437ee0bf 100644 --- a/cves/2022/CVE-2022-26564.yaml +++ b/cves/2022/CVE-2022-26564.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-26564 cwe-id: CWE-79 + cpe: cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: shodan-query: http.favicon.hash:-1521640213 tags: cve,cve2022,hoteldruid,xss diff --git a/cves/2022/CVE-2022-26833.yaml b/cves/2022/CVE-2022-26833.yaml index 8aaceca132..5ae849d31e 100644 --- a/cves/2022/CVE-2022-26833.yaml +++ b/cves/2022/CVE-2022-26833.yaml @@ -14,6 +14,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-26833 + cpe: cpe:2.3:a:openautomationsoftware:oas_platform:*:*:*:*:*:*:*:* + epss-score: 0.00634 tags: cve,cve2022,oas,oss,unauth requests: diff --git a/cves/2022/CVE-2022-26960.yaml b/cves/2022/CVE-2022-26960.yaml index d244810944..569e6019e9 100644 --- a/cves/2022/CVE-2022-26960.yaml +++ b/cves/2022/CVE-2022-26960.yaml @@ -16,8 +16,10 @@ info: cvss-score: 9.1 cve-id: CVE-2022-26960 cwe-id: CWE-22 + cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* + epss-score: 0.93908 metadata: - verified: true + verified: "true" tags: cve,cve2022,lfi,elfinder requests: diff --git a/cves/2022/CVE-2022-2756.yaml b/cves/2022/CVE-2022-2756.yaml index 6d98e660c1..918f7de96b 100644 --- a/cves/2022/CVE-2022-2756.yaml +++ b/cves/2022/CVE-2022-2756.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.5 cve-id: CVE-2022-2756 cwe-id: CWE-918 + cpe: cpe:2.3:a:kavitareader:kavita:*:*:*:*:*:*:*:* + epss-score: 0.00681 metadata: shodan-query: title:"kavita" verified: "true" diff --git a/cves/2022/CVE-2022-27593.yaml b/cves/2022/CVE-2022-27593.yaml index 832e3956fc..2fcbabc9c3 100644 --- a/cves/2022/CVE-2022-27593.yaml +++ b/cves/2022/CVE-2022-27593.yaml @@ -15,9 +15,10 @@ info: cvss-score: 9.1 cve-id: CVE-2022-27593 cwe-id: CWE-610 + epss-score: 0.36012 metadata: - verified: true shodan-query: title:"QNAP" + verified: "true" tags: cve,cve2022,qnap,lfi,kev requests: diff --git a/cves/2022/CVE-2022-27849.yaml b/cves/2022/CVE-2022-27849.yaml index d52f9a2027..5608f0b7a0 100644 --- a/cves/2022/CVE-2022-27849.yaml +++ b/cves/2022/CVE-2022-27849.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-27849 cwe-id: CWE-200 + cpe: cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:*:*:* + epss-score: 0.00426 metadata: google-query: inurl:/wp-content/plugins/simple-ajax-chat/ tags: wp,wordpress,wp-plugin,cve,cve2022,disclosure diff --git a/cves/2022/CVE-2022-27927.yaml b/cves/2022/CVE-2022-27927.yaml index 64d50a460c..91ec9d4967 100644 --- a/cves/2022/CVE-2022-27927.yaml +++ b/cves/2022/CVE-2022-27927.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-27927 cwe-id: CWE-89 + cpe: cpe:2.3:a:microfinance_management_system_project:microfinance_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00961 metadata: verified: "true" tags: microfinance,edb,cve,cve2022,sqli diff --git a/cves/2022/CVE-2022-28079.yaml b/cves/2022/CVE-2022-28079.yaml index c1b122ba24..c39bac655a 100644 --- a/cves/2022/CVE-2022-28079.yaml +++ b/cves/2022/CVE-2022-28079.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-28079 cwe-id: CWE-89 + cpe: cpe:2.3:a:college_management_system_project:college_management_system:*:*:*:*:*:*:*:* + epss-score: 0.79301 metadata: verified: "true" tags: cve,cve2022,sqli,cms,collegemanagement diff --git a/cves/2022/CVE-2022-28080.yaml b/cves/2022/CVE-2022-28080.yaml index 021d8a2b18..31cd055d4c 100644 --- a/cves/2022/CVE-2022-28080.yaml +++ b/cves/2022/CVE-2022-28080.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2022-28080 + cpe: cpe:2.3:a:event_management_system_project:event_management_system:*:*:*:*:*:*:*:* + epss-score: 0.01048 tags: royalevent,edb,cve,cve2022,sqli,authenticated,cms requests: diff --git a/cves/2022/CVE-2022-28117.yaml b/cves/2022/CVE-2022-28117.yaml index ae7fff3673..41190fbca0 100644 --- a/cves/2022/CVE-2022-28117.yaml +++ b/cves/2022/CVE-2022-28117.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.9 cve-id: CVE-2022-28117 cwe-id: CWE-918 + cpe: cpe:2.3:a:naviwebs:navigate_cms:*:*:*:*:*:*:*:* + epss-score: 0.00943 metadata: verified: "true" tags: authenticated,packetstorm,cve,cve2022,ssrf,navigate,cms,lfi diff --git a/cves/2022/CVE-2022-28219.yaml b/cves/2022/CVE-2022-28219.yaml index 16c51b8734..2333f96100 100644 --- a/cves/2022/CVE-2022-28219.yaml +++ b/cves/2022/CVE-2022-28219.yaml @@ -20,6 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-28219 cwe-id: CWE-611 + cpe: cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* + epss-score: 0.97282 metadata: shodan-query: http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus" verified: "true" diff --git a/cves/2022/CVE-2022-28290.yaml b/cves/2022/CVE-2022-28290.yaml index c08ed130b6..6816490e5a 100644 --- a/cves/2022/CVE-2022-28290.yaml +++ b/cves/2022/CVE-2022-28290.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28290 cwe-id: CWE-79 + cpe: cpe:2.3:a:welaunch:wordpress_country_selector:*:*:*:*:*:*:*:* + epss-score: 0.00078 tags: wordpress-country-selector,wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss requests: diff --git a/cves/2022/CVE-2022-28363.yaml b/cves/2022/CVE-2022-28363.yaml index 46534e84f1..da4a25f540 100644 --- a/cves/2022/CVE-2022-28363.yaml +++ b/cves/2022/CVE-2022-28363.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28363 cwe-id: CWE-79 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.0021 tags: xss,rlm,packetstorm,cve,cve2022 requests: diff --git a/cves/2022/CVE-2022-28365.yaml b/cves/2022/CVE-2022-28365.yaml index 051032c3f3..f709537707 100644 --- a/cves/2022/CVE-2022-28365.yaml +++ b/cves/2022/CVE-2022-28365.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-28365 cwe-id: CWE-668 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.00175 tags: rlm,packetstorm,cve,cve2022,exposure requests: diff --git a/cves/2022/CVE-2022-2863.yaml b/cves/2022/CVE-2022-2863.yaml index 19973f146c..93776092a8 100644 --- a/cves/2022/CVE-2022-2863.yaml +++ b/cves/2022/CVE-2022-2863.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.9 cve-id: CVE-2022-2863 cwe-id: CWE-22 + cpe: cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:*:*:* + epss-score: 0.71789 tags: wp,wpscan,seclists,packetstorm,authenticated,cve,cve2022,lfi,wordpress,wp-plugin requests: diff --git a/cves/2022/CVE-2022-28923.yaml b/cves/2022/CVE-2022-28923.yaml index fcc09df351..f3f17836eb 100644 --- a/cves/2022/CVE-2022-28923.yaml +++ b/cves/2022/CVE-2022-28923.yaml @@ -16,9 +16,11 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28923 cwe-id: CWE-601 + cpe: cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* + epss-score: 0.00821 metadata: + shodan-query: 'Server: caddy' verified: "true" - shodan-query: "Server: caddy" tags: cve,cve2022,redirect,caddy,webserver requests: diff --git a/cves/2022/CVE-2022-28955.yaml b/cves/2022/CVE-2022-28955.yaml index 9981af2679..5232011ef0 100644 --- a/cves/2022/CVE-2022-28955.yaml +++ b/cves/2022/CVE-2022-28955.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-28955 cwe-id: CWE-287 + epss-score: 0.01493 metadata: shodan-query: http.html:"DIR-816L" verified: "true" diff --git a/cves/2022/CVE-2022-29004.yaml b/cves/2022/CVE-2022-29004.yaml index 5b7fa68f3c..df6314a286 100644 --- a/cves/2022/CVE-2022-29004.yaml +++ b/cves/2022/CVE-2022-29004.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29004 cwe-id: CWE-79 + cpe: cpe:2.3:a:e-diary_management_system_project:e-diary_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00103 metadata: verified: "true" tags: cve,cve2022,xss,authenticated,edms diff --git a/cves/2022/CVE-2022-29005.yaml b/cves/2022/CVE-2022-29005.yaml index 323398d264..827df36c78 100644 --- a/cves/2022/CVE-2022-29005.yaml +++ b/cves/2022/CVE-2022-29005.yaml @@ -9,11 +9,14 @@ info: - https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt - https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ - https://nvd.nist.gov/vuln/detail/CVE-2022-29005 + - http://online.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-29005 cwe-id: CWE-79 + cpe: cpe:2.3:a:online_birth_certificate_system_project:online_birth_certificate_system:*:*:*:*:*:*:*:* + epss-score: 0.00079 metadata: verified: "true" tags: cve,cve2022,xss,obcs,authenticated diff --git a/cves/2022/CVE-2022-29006.yaml b/cves/2022/CVE-2022-29006.yaml index 06b31e2964..e7c2713a7c 100644 --- a/cves/2022/CVE-2022-29006.yaml +++ b/cves/2022/CVE-2022-29006.yaml @@ -10,11 +10,14 @@ info: - https://www.exploit-db.com/exploits/50370 - https://phpgurukul.com/directory-management-system-using-php-and-mysql/ - https://nvd.nist.gov/vuln/detail/CVE-2022-29006 + - https://github.com/sudoninja-noob/CVE-2022-29006/blob/main/CVE-2022-29006.txt classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29006 cwe-id: CWE-89 + cpe: cpe:2.3:a:directory_management_system_project:directory_management_system:*:*:*:*:*:*:*:* + epss-score: 0.16225 metadata: verified: "true" tags: cve,cve2022,sqli,auth-bypass,edb diff --git a/cves/2022/CVE-2022-29007.yaml b/cves/2022/CVE-2022-29007.yaml index c6de5bdd9f..070d790f4e 100644 --- a/cves/2022/CVE-2022-29007.yaml +++ b/cves/2022/CVE-2022-29007.yaml @@ -10,11 +10,14 @@ info: - https://www.exploit-db.com/exploits/50365 - https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ - https://nvd.nist.gov/vuln/detail/CVE-2022-29007 + - https://github.com/sudoninja-noob/CVE-2022-29007/blob/main/CVE-2022-29007.txt classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29007 cwe-id: CWE-89 + cpe: cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:*:*:*:*:*:*:*:* + epss-score: 0.16225 metadata: verified: "true" tags: cve,cve2022,sqli,auth-bypass,edb diff --git a/cves/2022/CVE-2022-29009.yaml b/cves/2022/CVE-2022-29009.yaml index 156241cd75..ab3a2f204f 100644 --- a/cves/2022/CVE-2022-29009.yaml +++ b/cves/2022/CVE-2022-29009.yaml @@ -10,11 +10,14 @@ info: - https://www.exploit-db.com/exploits/50355 - https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ - https://nvd.nist.gov/vuln/detail/CVE-2022-29009 + - https://github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29009 cwe-id: CWE-89 + cpe: cpe:2.3:a:cyber_cafe_management_system_project:cyber_cafe_management_system:*:*:*:*:*:*:*:* + epss-score: 0.16225 metadata: verified: "true" tags: cve2022,sqli,auth-bypass,edb,cve diff --git a/cves/2022/CVE-2022-29014.yaml b/cves/2022/CVE-2022-29014.yaml index b7c1a26f7f..28156bc810 100644 --- a/cves/2022/CVE-2022-29014.yaml +++ b/cves/2022/CVE-2022-29014.yaml @@ -9,11 +9,13 @@ info: - https://www.exploit-db.com/exploits/50864 - https://nvd.nist.gov/vuln/detail/CVE-2022-29014 - https://www2.razer.com/ap-en/desktops-and-networking/razer-sila + - https://packetstormsecurity.com/files/166683/Razer-Sila-2.0.418-Local-File-Inclusion.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-29014 - tags: cve,cve2022,razer,lfi,router,edb + epss-score: 0.78843 + tags: edb,packetstorm,cve,cve2022,razer,lfi,router requests: - raw: diff --git a/cves/2022/CVE-2022-29078.yaml b/cves/2022/CVE-2022-29078.yaml index 1c72f57856..b678f4a11f 100644 --- a/cves/2022/CVE-2022-29078.yaml +++ b/cves/2022/CVE-2022-29078.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29078 cwe-id: CWE-1336 + cpe: cpe:2.3:a:ejs:ejs:*:*:*:*:*:*:*:* + epss-score: 0.01511 tags: cve,cve2022,ssti,rce,ejs,nodejs,oast requests: diff --git a/cves/2022/CVE-2022-29153.yaml b/cves/2022/CVE-2022-29153.yaml index 7c0621ee0b..4d421be1ef 100644 --- a/cves/2022/CVE-2022-29153.yaml +++ b/cves/2022/CVE-2022-29153.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-29153 cwe-id: CWE-918 + epss-score: 0.00931 metadata: shodan-query: title:"Consul by HashiCorp" verified: "true" diff --git a/cves/2022/CVE-2022-29272.yaml b/cves/2022/CVE-2022-29272.yaml index 3180baf9d7..841096982b 100644 --- a/cves/2022/CVE-2022-29272.yaml +++ b/cves/2022/CVE-2022-29272.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29272 cwe-id: CWE-601 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.00261 tags: cve,cve2022,redirect,nagios,nagiosxi requests: diff --git a/cves/2022/CVE-2022-29298.yaml b/cves/2022/CVE-2022-29298.yaml index 2f75e09114..c650407f0e 100644 --- a/cves/2022/CVE-2022-29298.yaml +++ b/cves/2022/CVE-2022-29298.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-29298 cwe-id: CWE-22 + epss-score: 0.03044 metadata: shodan-query: http.html:"SolarView Compact" verified: "true" diff --git a/cves/2022/CVE-2022-29303.yaml b/cves/2022/CVE-2022-29303.yaml index 1d2c392e54..b6363da241 100644 --- a/cves/2022/CVE-2022-29303.yaml +++ b/cves/2022/CVE-2022-29303.yaml @@ -10,15 +10,17 @@ info: - https://www.exploit-db.com/exploits/50940 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303 - https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing + - http://packetstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29303 cwe-id: CWE-77 + epss-score: 0.95016 metadata: shodan-query: http.html:"SolarView Compact" verified: "true" - tags: cve,cve2022,rce,injection,solarview,edb + tags: injection,solarview,edb,packetstorm,cve,cve2022,rce variables: cmd: "cat${IFS}/etc/passwd" diff --git a/cves/2022/CVE-2022-29349.yaml b/cves/2022/CVE-2022-29349.yaml index cf3361ab2a..2f36b6fbb2 100644 --- a/cves/2022/CVE-2022-29349.yaml +++ b/cves/2022/CVE-2022-29349.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29349 cwe-id: CWE-79 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.0332 metadata: shodan-query: http.html:"kkFileView" verified: "true" diff --git a/cves/2022/CVE-2022-29383.yaml b/cves/2022/CVE-2022-29383.yaml index c0522654b9..aea237fce1 100644 --- a/cves/2022/CVE-2022-29383.yaml +++ b/cves/2022/CVE-2022-29383.yaml @@ -15,6 +15,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29383 + epss-score: 0.54769 metadata: verified: "true" tags: cve,cve2022,sqli,netgear,router diff --git a/cves/2022/CVE-2022-29455.yaml b/cves/2022/CVE-2022-29455.yaml index d46b7b79d9..53ae2c1f4d 100644 --- a/cves/2022/CVE-2022-29455.yaml +++ b/cves/2022/CVE-2022-29455.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29455 cwe-id: CWE-79 + cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:*:*:* + epss-score: 0.00148 metadata: verified: "true" tags: cve,cve2022,xss,wordpress,elementor diff --git a/cves/2022/CVE-2022-29464.yaml b/cves/2022/CVE-2022-29464.yaml index c82331a780..f0d6617a18 100644 --- a/cves/2022/CVE-2022-29464.yaml +++ b/cves/2022/CVE-2022-29464.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29464 cwe-id: CWE-434 + epss-score: 0.97465 metadata: shodan-query: http.favicon.hash:1398055326 tags: cve,cve2022,rce,fileupload,wso2,intrusive,kev diff --git a/cves/2022/CVE-2022-29548.yaml b/cves/2022/CVE-2022-29548.yaml index 5b26802bf7..ec9fbd4062 100644 --- a/cves/2022/CVE-2022-29548.yaml +++ b/cves/2022/CVE-2022-29548.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29548 cwe-id: CWE-79 + epss-score: 0.00115 metadata: google-query: inurl:"carbon/admin/login" verified: "true" diff --git a/cves/2022/CVE-2022-29775.yaml b/cves/2022/CVE-2022-29775.yaml index 011247fe3e..4b74d796e8 100644 --- a/cves/2022/CVE-2022-29775.yaml +++ b/cves/2022/CVE-2022-29775.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29775 cwe-id: CWE-287 + cpe: cpe:2.3:a:ispyconnect:ispy:*:*:*:*:*:*:*:* + epss-score: 0.01473 metadata: shodan-query: http.html:"iSpy is running" verified: "true" diff --git a/cves/2022/CVE-2022-30073.yaml b/cves/2022/CVE-2022-30073.yaml index 135827e8fc..602b3bc728 100644 --- a/cves/2022/CVE-2022-30073.yaml +++ b/cves/2022/CVE-2022-30073.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-30073 cwe-id: CWE-79 + cpe: cpe:2.3:a:wbce:wbce_cms:*:*:*:*:*:*:*:* + epss-score: 0.00124 metadata: verified: "true" tags: cve,cve2022,wbcecms,xss diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml index 03406d9de4..ed044a6dd3 100644 --- a/cves/2022/CVE-2022-30489.yaml +++ b/cves/2022/CVE-2022-30489.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30489 cwe-id: CWE-79 + epss-score: 0.00071 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-30512.yaml b/cves/2022/CVE-2022-30512.yaml index 5673f0d940..067280ccab 100644 --- a/cves/2022/CVE-2022-30512.yaml +++ b/cves/2022/CVE-2022-30512.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-30512 cwe-id: CWE-89 + cpe: cpe:2.3:a:school_dormitory_management_system_project:school_dormitory_management_system:*:*:*:*:*:*:*:* + epss-score: 0.01442 metadata: verified: "true" tags: cve,cve2022,sqli diff --git a/cves/2022/CVE-2022-30513.yaml b/cves/2022/CVE-2022-30513.yaml index f2dcf98586..b5fb7cc278 100644 --- a/cves/2022/CVE-2022-30513.yaml +++ b/cves/2022/CVE-2022-30513.yaml @@ -15,8 +15,10 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30513 cwe-id: CWE-79 + cpe: cpe:2.3:a:school_dormitory_management_system_project:school_dormitory_management_system:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: - verified: true + verified: "true" tags: cve,cve2022,xss,authenticated requests: diff --git a/cves/2022/CVE-2022-30514.yaml b/cves/2022/CVE-2022-30514.yaml index f736275b13..ad3866b7a3 100644 --- a/cves/2022/CVE-2022-30514.yaml +++ b/cves/2022/CVE-2022-30514.yaml @@ -16,8 +16,10 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30514 cwe-id: CWE-79 + cpe: cpe:2.3:a:school_dormitory_management_system_project:school_dormitory_management_system:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: - verified: true + verified: "true" tags: cve,cve2022,xss,authenticated requests: diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml index 12922c9a7a..e047d37bd7 100644 --- a/cves/2022/CVE-2022-30525.yaml +++ b/cves/2022/CVE-2022-30525.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-30525 cwe-id: CWE-78 + epss-score: 0.97547 metadata: shodan-query: title:"USG FLEX 100","USG FLEX 100w","USG FLEX 200","USG FLEX 500","USG FLEX 700","USG FLEX 50","USG FLEX 50w","ATP100","ATP200","ATP500","ATP700" tags: zyxel,cve,cve2022,firewall,unauth,kev,msf,rce diff --git a/cves/2022/CVE-2022-30776.yaml b/cves/2022/CVE-2022-30776.yaml index ee863c1351..ef599c0e70 100644 --- a/cves/2022/CVE-2022-30776.yaml +++ b/cves/2022/CVE-2022-30776.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30776 cwe-id: CWE-79 + cpe: cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:* + epss-score: 0.00086 metadata: shodan-query: http.html:"atmail" verified: "true" diff --git a/cves/2022/CVE-2022-30777.yaml b/cves/2022/CVE-2022-30777.yaml index c7b81333ed..953611feba 100644 --- a/cves/2022/CVE-2022-30777.yaml +++ b/cves/2022/CVE-2022-30777.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30777 cwe-id: CWE-79 + cpe: cpe:2.3:a:parallels:h-sphere:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: shodan-query: title:"h-sphere" verified: "true" diff --git a/cves/2022/CVE-2022-31126.yaml b/cves/2022/CVE-2022-31126.yaml index 9cf66874d7..d7a4cffb57 100644 --- a/cves/2022/CVE-2022-31126.yaml +++ b/cves/2022/CVE-2022-31126.yaml @@ -18,6 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31126 cwe-id: CWE-74 + cpe: cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:* + epss-score: 0.85296 metadata: shodan-query: http.html:"Roxy-WI" verified: "true" diff --git a/cves/2022/CVE-2022-31268.yaml b/cves/2022/CVE-2022-31268.yaml index b8148bb605..07de5ba482 100644 --- a/cves/2022/CVE-2022-31268.yaml +++ b/cves/2022/CVE-2022-31268.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31268 cwe-id: CWE-22 + cpe: cpe:2.3:a:gitblit:gitblit:*:*:*:*:*:*:*:* + epss-score: 0.00303 metadata: shodan-query: http.html:"Gitblit" verified: "true" diff --git a/cves/2022/CVE-2022-31269.yaml b/cves/2022/CVE-2022-31269.yaml index 1bd23f8fd2..adba31ebed 100644 --- a/cves/2022/CVE-2022-31269.yaml +++ b/cves/2022/CVE-2022-31269.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.2 cve-id: CVE-2022-31269 cwe-id: CWE-798 + epss-score: 0.00252 metadata: shodan-query: http.title:"Linear eMerge" verified: "true" diff --git a/cves/2022/CVE-2022-31299.yaml b/cves/2022/CVE-2022-31299.yaml index 9350d2e4c8..04521418dc 100644 --- a/cves/2022/CVE-2022-31299.yaml +++ b/cves/2022/CVE-2022-31299.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31299 cwe-id: CWE-79 + cpe: cpe:2.3:a:angtech:haraj:*:*:*:*:*:*:*:* + epss-score: 0.00103 metadata: verified: "true" tags: cve,cve2022,haraj,xss diff --git a/cves/2022/CVE-2022-31373.yaml b/cves/2022/CVE-2022-31373.yaml index 8c1c21231b..63465f1530 100644 --- a/cves/2022/CVE-2022-31373.yaml +++ b/cves/2022/CVE-2022-31373.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31373 cwe-id: CWE-79 + epss-score: 0.00071 metadata: shodan-query: http.html:"SolarView Compact" verified: "true" diff --git a/cves/2022/CVE-2022-31474.yaml b/cves/2022/CVE-2022-31474.yaml index b9205cd05c..a1a2a108fb 100644 --- a/cves/2022/CVE-2022-31474.yaml +++ b/cves/2022/CVE-2022-31474.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31474 cwe-id: CWE-22 + cpe: cpe:2.3:a:ithemes:backupbuddy:*:*:*:*:*:*:*:* + epss-score: 0.00382 tags: cve,cve2022,wordpress,wp-plugin,wp,lfi,backupbuddy requests: diff --git a/cves/2022/CVE-2022-31499.yaml b/cves/2022/CVE-2022-31499.yaml index 89960c92bd..2af32fcc36 100644 --- a/cves/2022/CVE-2022-31499.yaml +++ b/cves/2022/CVE-2022-31499.yaml @@ -16,6 +16,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31499 cwe-id: CWE-78 + epss-score: 0.03969 metadata: shodan-query: title:"eMerge" verified: "true" diff --git a/cves/2022/CVE-2022-31656.yaml b/cves/2022/CVE-2022-31656.yaml index d15ea19969..33ae38acb9 100644 --- a/cves/2022/CVE-2022-31656.yaml +++ b/cves/2022/CVE-2022-31656.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31656 cwe-id: CWE-287 + epss-score: 0.8971 metadata: shodan-query: http.favicon.hash:-1250474341 verified: "true" diff --git a/cves/2022/CVE-2022-31793.yaml b/cves/2022/CVE-2022-31793.yaml index 23797e44cc..f6a78d76c6 100644 --- a/cves/2022/CVE-2022-31793.yaml +++ b/cves/2022/CVE-2022-31793.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31793 cwe-id: CWE-22 + cpe: cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:* + epss-score: 0.36068 metadata: verified: "true" tags: cve,cve2022,network,muhttpd,lfi,unauth diff --git a/cves/2022/CVE-2022-31798.yaml b/cves/2022/CVE-2022-31798.yaml index e1dca30afe..a0759e5333 100644 --- a/cves/2022/CVE-2022-31798.yaml +++ b/cves/2022/CVE-2022-31798.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31798 cwe-id: CWE-79 + epss-score: 0.00078 metadata: shodan-query: http.title:"eMerge" verified: "true" diff --git a/cves/2022/CVE-2022-31814.yaml b/cves/2022/CVE-2022-31814.yaml index e6b64fab53..dff4d50f59 100644 --- a/cves/2022/CVE-2022-31814.yaml +++ b/cves/2022/CVE-2022-31814.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-31814 + cpe: cpe:2.3:a:netgate:pfblockerng:*:*:*:*:*:*:*:* + epss-score: 0.97126 metadata: verified: "true" tags: cve,cve2022,pfsense,pfblockerng,rce,oast diff --git a/cves/2022/CVE-2022-31845.yaml b/cves/2022/CVE-2022-31845.yaml index 10ffe5e7d4..360a49b7d3 100644 --- a/cves/2022/CVE-2022-31845.yaml +++ b/cves/2022/CVE-2022-31845.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31845 cwe-id: CWE-668 + epss-score: 0.00889 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2022/CVE-2022-31846.yaml b/cves/2022/CVE-2022-31846.yaml index 985a50689b..3f53739c40 100644 --- a/cves/2022/CVE-2022-31846.yaml +++ b/cves/2022/CVE-2022-31846.yaml @@ -15,6 +15,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31846 cwe-id: CWE-668 + epss-score: 0.00889 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2022/CVE-2022-31847.yaml b/cves/2022/CVE-2022-31847.yaml index d424060031..42fbea7c91 100644 --- a/cves/2022/CVE-2022-31847.yaml +++ b/cves/2022/CVE-2022-31847.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31847 cwe-id: CWE-668 + epss-score: 0.00474 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2022/CVE-2022-31854.yaml b/cves/2022/CVE-2022-31854.yaml index 671c9f362e..690340975c 100644 --- a/cves/2022/CVE-2022-31854.yaml +++ b/cves/2022/CVE-2022-31854.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-31854 cwe-id: CWE-434 + cpe: cpe:2.3:a:codologic:codoforum:*:*:*:*:*:*:*:* + epss-score: 0.03161 metadata: verified: "true" tags: cve,cve2022,rce,codoforumrce,authenticated diff --git a/cves/2022/CVE-2022-32007.yaml b/cves/2022/CVE-2022-32007.yaml index fee1101dd8..b7fa44df44 100644 --- a/cves/2022/CVE-2022-32007.yaml +++ b/cves/2022/CVE-2022-32007.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32007 cwe-id: CWE-89 + cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: verified: "true" tags: cve,cve2022,sqli,eris,authenticated diff --git a/cves/2022/CVE-2022-32015.yaml b/cves/2022/CVE-2022-32015.yaml index cb1ba49550..c5a2cebd44 100644 --- a/cves/2022/CVE-2022-32015.yaml +++ b/cves/2022/CVE-2022-32015.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32015 cwe-id: CWE-89 + cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: verified: "true" tags: cve,cve2022,sqli,jobsearch diff --git a/cves/2022/CVE-2022-32018.yaml b/cves/2022/CVE-2022-32018.yaml index b9819f6aa3..2d63a4b4a4 100644 --- a/cves/2022/CVE-2022-32018.yaml +++ b/cves/2022/CVE-2022-32018.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32018 cwe-id: CWE-89 + cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: verified: "true" tags: cve,cve2022,sqli diff --git a/cves/2022/CVE-2022-32022.yaml b/cves/2022/CVE-2022-32022.yaml index bbcd2e0040..30f90d6a0e 100644 --- a/cves/2022/CVE-2022-32022.yaml +++ b/cves/2022/CVE-2022-32022.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32022 cwe-id: CWE-89 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00457 metadata: shodan-query: http.html:"Car Rental Management System" verified: "true" diff --git a/cves/2022/CVE-2022-32024.yaml b/cves/2022/CVE-2022-32024.yaml index 702a2df8ed..58f2595987 100644 --- a/cves/2022/CVE-2022-32024.yaml +++ b/cves/2022/CVE-2022-32024.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32024 cwe-id: CWE-89 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. shodan-query: http.html:"Car Rental Management System" diff --git a/cves/2022/CVE-2022-32025.yaml b/cves/2022/CVE-2022-32025.yaml index aaeeb7a420..5cf4a11811 100644 --- a/cves/2022/CVE-2022-32025.yaml +++ b/cves/2022/CVE-2022-32025.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32025 cwe-id: CWE-89 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. shodan-query: http.html:"Car Rental Management System" diff --git a/cves/2022/CVE-2022-32026.yaml b/cves/2022/CVE-2022-32026.yaml index 39e05a5192..f84e05cbd6 100644 --- a/cves/2022/CVE-2022-32026.yaml +++ b/cves/2022/CVE-2022-32026.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32028 cwe-id: CWE-89 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. shodan-query: http.html:"Car Rental Management System" diff --git a/cves/2022/CVE-2022-32028.yaml b/cves/2022/CVE-2022-32028.yaml index b598d48ce0..b45be50ca8 100644 --- a/cves/2022/CVE-2022-32028.yaml +++ b/cves/2022/CVE-2022-32028.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-32028 cwe-id: CWE-89 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00458 metadata: comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. shodan-query: http.html:"Car Rental Management System" diff --git a/cves/2022/CVE-2022-32094.yaml b/cves/2022/CVE-2022-32094.yaml index f32ecc9e57..61a06c6034 100644 --- a/cves/2022/CVE-2022-32094.yaml +++ b/cves/2022/CVE-2022-32094.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-32094 cwe-id: CWE-89 + cpe: cpe:2.3:a:hospital_management_system_project:hospital_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00931 metadata: shodan-query: http.html:"Hospital Management System" verified: "true" diff --git a/cves/2022/CVE-2022-32195.yaml b/cves/2022/CVE-2022-32195.yaml index a8cef00f12..64be25f0d3 100644 --- a/cves/2022/CVE-2022-32195.yaml +++ b/cves/2022/CVE-2022-32195.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32195 cwe-id: CWE-79 + cpe: cpe:2.3:a:edx:open_edx:*:*:*:*:*:*:*:* + epss-score: 0.00086 metadata: comment: Hover the cursor on the redirect link shodan-query: http.html:"Open edX" diff --git a/cves/2022/CVE-2022-32409.yaml b/cves/2022/CVE-2022-32409.yaml index 45a9d0ff2e..1a194611e2 100644 --- a/cves/2022/CVE-2022-32409.yaml +++ b/cves/2022/CVE-2022-32409.yaml @@ -14,6 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-32409 cwe-id: CWE-94 + cpe: cpe:2.3:a:softwarepublico:i3geo:*:*:*:*:*:*:*:* + epss-score: 0.62068 metadata: shodan-query: http.html:"i3geo" verified: "true" diff --git a/cves/2022/CVE-2022-32429.yaml b/cves/2022/CVE-2022-32429.yaml index 8590204655..c964d792f4 100644 --- a/cves/2022/CVE-2022-32429.yaml +++ b/cves/2022/CVE-2022-32429.yaml @@ -10,11 +10,13 @@ info: - https://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html - https://elifulkerson.com/CVE-2022-32429/ - https://nvd.nist.gov/vuln/detail/CVE-2022-32429 + - http://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-32429 cwe-id: CWE-287 + epss-score: 0.02388 metadata: shodan-query: http.favicon.hash:-2073748627 || http.favicon.hash:-1721140132 verified: "true" diff --git a/cves/2022/CVE-2022-32444.yaml b/cves/2022/CVE-2022-32444.yaml index d972a2ecba..f76701e09c 100644 --- a/cves/2022/CVE-2022-32444.yaml +++ b/cves/2022/CVE-2022-32444.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32444 cwe-id: CWE-601 + cpe: cpe:2.3:a:yuba:u5cms:*:*:*:*:*:*:*:* + epss-score: 0.00086 tags: cve,cve2022,redirect,u5cms,cms requests: diff --git a/cves/2022/CVE-2022-32770.yaml b/cves/2022/CVE-2022-32770.yaml index 8eb2c1da0d..2960d6fd77 100644 --- a/cves/2022/CVE-2022-32770.yaml +++ b/cves/2022/CVE-2022-32770.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32770 cwe-id: CWE-79 + cpe: cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:* + epss-score: 0.00095 metadata: shodan-query: http.html:"AVideo" verified: "true" diff --git a/cves/2022/CVE-2022-32771.yaml b/cves/2022/CVE-2022-32771.yaml index 1f88718ad7..0c2c849db7 100644 --- a/cves/2022/CVE-2022-32771.yaml +++ b/cves/2022/CVE-2022-32771.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32771 cwe-id: CWE-79 + cpe: cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:* + epss-score: 0.00095 metadata: shodan-query: http.html:"AVideo" verified: "true" diff --git a/cves/2022/CVE-2022-32772.yaml b/cves/2022/CVE-2022-32772.yaml index 1fbbc00bbf..0a367ace02 100644 --- a/cves/2022/CVE-2022-32772.yaml +++ b/cves/2022/CVE-2022-32772.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32772 cwe-id: CWE-79 + cpe: cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:* + epss-score: 0.00095 metadata: shodan-query: http.html:"AVideo" verified: "true" diff --git a/cves/2022/CVE-2022-33119.yaml b/cves/2022/CVE-2022-33119.yaml index c3e01af826..b40cf0cb9a 100644 --- a/cves/2022/CVE-2022-33119.yaml +++ b/cves/2022/CVE-2022-33119.yaml @@ -14,6 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-33119 cwe-id: CWE-79 + epss-score: 0.0012 metadata: shodan-query: http.html:"NVRsolo" verified: "true" diff --git a/cves/2022/CVE-2022-33174.yaml b/cves/2022/CVE-2022-33174.yaml index 59e665b041..cb218ea9ee 100644 --- a/cves/2022/CVE-2022-33174.yaml +++ b/cves/2022/CVE-2022-33174.yaml @@ -14,6 +14,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-33174 cwe-id: CWE-863 + epss-score: 0.00428 metadata: shodan-query: http.html:"Powertek" verified: "true" diff --git a/cves/2022/CVE-2022-33891.yaml b/cves/2022/CVE-2022-33891.yaml index 97a202cf36..4ef84e6b14 100644 --- a/cves/2022/CVE-2022-33891.yaml +++ b/cves/2022/CVE-2022-33891.yaml @@ -15,6 +15,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-33891 cwe-id: CWE-77 + cpe: cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:* + epss-score: 0.97421 metadata: shodan-query: title:"Spark Master at" verified: "true" diff --git a/cves/2022/CVE-2022-33901.yaml b/cves/2022/CVE-2022-33901.yaml index eda560465e..f573894724 100644 --- a/cves/2022/CVE-2022-33901.yaml +++ b/cves/2022/CVE-2022-33901.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-33901 + cpe: cpe:2.3:a:multisafepay:multisafepay_plugin_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00698 metadata: verified: "true" tags: cve,cve2022,wp-plugin,wp,wordpress,unauth,multisafepay,woocommerce diff --git a/cves/2022/CVE-2022-33965.yaml b/cves/2022/CVE-2022-33965.yaml index 28c11b0507..fae128f9c3 100644 --- a/cves/2022/CVE-2022-33965.yaml +++ b/cves/2022/CVE-2022-33965.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-33965 cwe-id: CWE-89 + cpe: cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:*:*:* + epss-score: 0.01298 metadata: google-query: inurl:"/wp-content/plugins/wp-stats-manager" verified: "true" diff --git a/cves/2022/CVE-2022-34045.yaml b/cves/2022/CVE-2022-34045.yaml index 57a05f35dd..47563616a8 100644 --- a/cves/2022/CVE-2022-34045.yaml +++ b/cves/2022/CVE-2022-34045.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-34045 cwe-id: CWE-798 + epss-score: 0.00785 metadata: shodan-query: http.html:"WN530HG4" verified: "true" diff --git a/cves/2022/CVE-2022-34046.yaml b/cves/2022/CVE-2022-34046.yaml index 32e5d5a7a6..7dcbe61b24 100644 --- a/cves/2022/CVE-2022-34046.yaml +++ b/cves/2022/CVE-2022-34046.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-34046 cwe-id: CWE-863 + epss-score: 0.30818 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-34047.yaml b/cves/2022/CVE-2022-34047.yaml index 4fce374828..fee7f5ef5e 100644 --- a/cves/2022/CVE-2022-34047.yaml +++ b/cves/2022/CVE-2022-34047.yaml @@ -16,6 +16,7 @@ info: cvss-score: 7.5 cve-id: CVE-2022-34047 cwe-id: CWE-668 + epss-score: 0.32795 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-34048.yaml b/cves/2022/CVE-2022-34048.yaml index 2f5e680805..00266f6354 100644 --- a/cves/2022/CVE-2022-34048.yaml +++ b/cves/2022/CVE-2022-34048.yaml @@ -16,6 +16,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-34048 cwe-id: CWE-79 + epss-score: 0.00061 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2022/CVE-2022-34049.yaml b/cves/2022/CVE-2022-34049.yaml index 859471a012..4df8e13563 100644 --- a/cves/2022/CVE-2022-34049.yaml +++ b/cves/2022/CVE-2022-34049.yaml @@ -17,6 +17,7 @@ info: cvss-score: 5.3 cve-id: CVE-2022-34049 cwe-id: CWE-552 + epss-score: 0.16953 metadata: shodan-query: http.title:"Wi-Fi APP Login" verified: "true" diff --git a/cves/2022/CVE-2022-34121.yaml b/cves/2022/CVE-2022-34121.yaml index 3f232fdcd0..861efc924e 100644 --- a/cves/2022/CVE-2022-34121.yaml +++ b/cves/2022/CVE-2022-34121.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-34121 cwe-id: CWE-829 + cpe: cpe:2.3:a:cuppacms:cuppacms:*:*:*:*:*:*:*:* + epss-score: 0.7596 metadata: verified: "true" tags: cve,cve2022,lfi,cuppa,cms diff --git a/cves/2022/CVE-2022-34328.yaml b/cves/2022/CVE-2022-34328.yaml index 68443dab7f..aca502a9fe 100644 --- a/cves/2022/CVE-2022-34328.yaml +++ b/cves/2022/CVE-2022-34328.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-34328 cwe-id: CWE-79 + cpe: cpe:2.3:a:pmb_project:pmb:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: shodan-query: http.html:"PMB Group" verified: "true" diff --git a/cves/2022/CVE-2022-34576.yaml b/cves/2022/CVE-2022-34576.yaml index 2ba3da4c7d..10804b38f5 100644 --- a/cves/2022/CVE-2022-34576.yaml +++ b/cves/2022/CVE-2022-34576.yaml @@ -13,6 +13,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-34576 + epss-score: 0.00452 metadata: shodan-query: http.html:"Wavlink" verified: "true" diff --git a/cves/2022/CVE-2022-34590.yaml b/cves/2022/CVE-2022-34590.yaml index 639c5dc346..b6a06b83f9 100644 --- a/cves/2022/CVE-2022-34590.yaml +++ b/cves/2022/CVE-2022-34590.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-34590 cwe-id: CWE-89 + cpe: cpe:2.3:a:hospital_management_system_project:hospital_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00326 metadata: shodan-query: http.html:"Hospital Management System" verified: "true" diff --git a/cves/2022/CVE-2022-34753.yaml b/cves/2022/CVE-2022-34753.yaml index 30db48faf1..ca1719b1ff 100644 --- a/cves/2022/CVE-2022-34753.yaml +++ b/cves/2022/CVE-2022-34753.yaml @@ -16,6 +16,7 @@ info: cvss-score: 8.8 cve-id: CVE-2022-34753 cwe-id: CWE-78 + epss-score: 0.96979 metadata: shodan-query: html:"SpaceLogic C-Bus" tags: cve,cve2022,iot,spacelogic,rce,oast,packetstorm diff --git a/cves/2022/CVE-2022-3484.yaml b/cves/2022/CVE-2022-3484.yaml index 447388d541..30bfeb63e6 100644 --- a/cves/2022/CVE-2022-3484.yaml +++ b/cves/2022/CVE-2022-3484.yaml @@ -14,9 +14,11 @@ info: cvss-score: 6.1 cve-id: CVE-2022-3484 cwe-id: CWE-79 + cpe: cpe:2.3:a:wpb_show_core_project:wpb_show_core:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: - verified: true google-query: inurl:wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php + verified: "true" tags: wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss,wpb-show-core requests: diff --git a/cves/2022/CVE-2022-3506.yaml b/cves/2022/CVE-2022-3506.yaml index be43c1c809..7b7d413af3 100644 --- a/cves/2022/CVE-2022-3506.yaml +++ b/cves/2022/CVE-2022-3506.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-3506 cwe-id: CWE-79 + cpe: cpe:2.3:a:never5:related_posts:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: verified: "true" tags: wordpress,wp,wp-plugin,relatedposts,cve,cve2022,xss,authenticated,huntr diff --git a/cves/2022/CVE-2022-35151.yaml b/cves/2022/CVE-2022-35151.yaml index 199aaeadd9..11df5cd83f 100644 --- a/cves/2022/CVE-2022-35151.yaml +++ b/cves/2022/CVE-2022-35151.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-35151 cwe-id: CWE-79 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.00085 metadata: shodan-query: http.html:"kkFileView" verified: "true" diff --git a/cves/2022/CVE-2022-35405.yaml b/cves/2022/CVE-2022-35405.yaml index 2da0529eff..c4aab34235 100644 --- a/cves/2022/CVE-2022-35405.yaml +++ b/cves/2022/CVE-2022-35405.yaml @@ -16,6 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-35405 + epss-score: 0.97399 metadata: shodan-query: http.title:"ManageEngine" tags: cve,cve2022,rce,zoho,passwordmanager,deserialization,unauth,msf,kev diff --git a/cves/2022/CVE-2022-35413.yaml b/cves/2022/CVE-2022-35413.yaml index 4aa84e7310..7d4eba1764 100644 --- a/cves/2022/CVE-2022-35413.yaml +++ b/cves/2022/CVE-2022-35413.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-35413 cwe-id: CWE-798 + cpe: cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:* + epss-score: 0.88914 metadata: shodan-query: http.title:"Intelligent WAPPLES" verified: "true" diff --git a/cves/2022/CVE-2022-35416.yaml b/cves/2022/CVE-2022-35416.yaml index 90b8578414..d074510bef 100644 --- a/cves/2022/CVE-2022-35416.yaml +++ b/cves/2022/CVE-2022-35416.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-35416 cwe-id: CWE-79 + cpe: cpe:2.3:a:h3c:ssl_vpn:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: shodan-query: http.html_hash:510586239 verified: "true" diff --git a/cves/2022/CVE-2022-35493.yaml b/cves/2022/CVE-2022-35493.yaml index 8bc76eaa74..f22e0962fc 100644 --- a/cves/2022/CVE-2022-35493.yaml +++ b/cves/2022/CVE-2022-35493.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-35493 cwe-id: CWE-79 + cpe: cpe:2.3:a:wrteam:eshop_-_ecommerce_\/_store_website:*:*:*:*:*:*:*:* + epss-score: 0.00089 metadata: shodan-query: http.html:"eShop - Multipurpose Ecommerce" verified: "true" diff --git a/cves/2022/CVE-2022-3578.yaml b/cves/2022/CVE-2022-3578.yaml index e45ba3bf0c..5319b99a06 100644 --- a/cves/2022/CVE-2022-3578.yaml +++ b/cves/2022/CVE-2022-3578.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-3578 cwe-id: CWE-79 + cpe: cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: verified: "true" tags: wp-plugin,wordpress,wpscan,cve,wp,xss,profilegrid,authenticated,cve2022 diff --git a/cves/2022/CVE-2022-35914.yaml b/cves/2022/CVE-2022-35914.yaml index ae0622e03d..b6f14cf306 100644 --- a/cves/2022/CVE-2022-35914.yaml +++ b/cves/2022/CVE-2022-35914.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-35914 cwe-id: CWE-74 + cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* + epss-score: 0.96873 metadata: shodan-query: http.favicon.hash:"-1474875778" verified: "true" diff --git a/cves/2022/CVE-2022-36446.yaml b/cves/2022/CVE-2022-36446.yaml index 8ea407a0a5..ffc7378d59 100644 --- a/cves/2022/CVE-2022-36446.yaml +++ b/cves/2022/CVE-2022-36446.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-36446 cwe-id: CWE-116 + cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* + epss-score: 0.97101 metadata: shodan-query: title:"Webmin" tags: cve2022,webmin,rce,authenticated,edb,cve diff --git a/cves/2022/CVE-2022-36537.yaml b/cves/2022/CVE-2022-36537.yaml index f7a8589037..8bfdf8ee9b 100644 --- a/cves/2022/CVE-2022-36537.yaml +++ b/cves/2022/CVE-2022-36537.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-36537 cwe-id: CWE-200 + cpe: cpe:2.3:a:zkoss:zk_framework:*:*:*:*:*:*:*:* + epss-score: 0.91875 metadata: shodan-query: http.title:"Server backup manager" verified: "true" diff --git a/cves/2022/CVE-2022-36642.yaml b/cves/2022/CVE-2022-36642.yaml index 00cfd40bce..cc5c9e9c75 100644 --- a/cves/2022/CVE-2022-36642.yaml +++ b/cves/2022/CVE-2022-36642.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-36642 cwe-id: CWE-862 + epss-score: 0.64551 metadata: shodan-query: http.title:"Omnia MPX Node | Login" verified: "true" diff --git a/cves/2022/CVE-2022-36804.yaml b/cves/2022/CVE-2022-36804.yaml index c2926b7872..55f5ffef64 100644 --- a/cves/2022/CVE-2022-36804.yaml +++ b/cves/2022/CVE-2022-36804.yaml @@ -16,6 +16,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-36804 cwe-id: CWE-77 + cpe: cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:* + epss-score: 0.97247 metadata: shodan-query: http.component:"BitBucket" tags: cve,cve2022,bitbucket,atlassian,kev diff --git a/cves/2022/CVE-2022-36883.yaml b/cves/2022/CVE-2022-36883.yaml index 56ea8fccfa..9b564d1dc2 100644 --- a/cves/2022/CVE-2022-36883.yaml +++ b/cves/2022/CVE-2022-36883.yaml @@ -9,11 +9,14 @@ info: - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883 - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 + - http://www.openwall.com/lists/oss-security/2022/07/27/1 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2022-36883 cwe-id: CWE-862 + cpe: cpe:2.3:a:jenkins:git:*:*:*:*:*:*:*:* + epss-score: 0.0048 metadata: shodan-query: X-Jenkins verified: "true" diff --git a/cves/2022/CVE-2022-37042.yaml b/cves/2022/CVE-2022-37042.yaml index 540cb67669..b52fb79efa 100644 --- a/cves/2022/CVE-2022-37042.yaml +++ b/cves/2022/CVE-2022-37042.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-37042 cwe-id: CWE-287 + cpe: cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:* + epss-score: 0.97468 metadata: fofa-query: app="zimbra-邮件系统" shodan-query: http.favicon.hash:"1624375939" diff --git a/cves/2022/CVE-2022-37153.yaml b/cves/2022/CVE-2022-37153.yaml index 5ef1b9aa8c..a4e0a7a91e 100644 --- a/cves/2022/CVE-2022-37153.yaml +++ b/cves/2022/CVE-2022-37153.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-37153 cwe-id: CWE-79 + cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* + epss-score: 0.00097 metadata: shodan-query: http.html:"Artica" verified: "true" diff --git a/cves/2022/CVE-2022-37299.yaml b/cves/2022/CVE-2022-37299.yaml index d643281547..991aa071e5 100644 --- a/cves/2022/CVE-2022-37299.yaml +++ b/cves/2022/CVE-2022-37299.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.5 cve-id: CVE-2022-37299 cwe-id: CWE-22 + cpe: cpe:2.3:a:shirne_cms_project:shirne_cms:*:*:*:*:*:*:*:* + epss-score: 0.00402 metadata: verified: "true" tags: cve,cve2022,shirnecms,lfi diff --git a/cves/2022/CVE-2022-3768.yaml b/cves/2022/CVE-2022-3768.yaml index 831a390c95..8c763e4e47 100644 --- a/cves/2022/CVE-2022-3768.yaml +++ b/cves/2022/CVE-2022-3768.yaml @@ -10,12 +10,15 @@ info: - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768 - https://cve.report/CVE-2022-3768 + - https://bulletin.iese.de/post/wp-smart-contracts_1-3-11/ remediation: Fixed in version 1.3.12 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2022-3768 cwe-id: CWE-89 + cpe: cpe:2.3:a:wpsmartcontracts:wpsmartcontracts:*:*:*:*:*:*:*:* + epss-score: 0.00844 metadata: verified: "true" tags: wp-smart-contracts,wpscan,cve,wp-plugin,sqli,wordpress,cve2022,wp,authenticated diff --git a/cves/2022/CVE-2022-3800.yaml b/cves/2022/CVE-2022-3800.yaml index 3ea1180164..7ef33ce049 100644 --- a/cves/2022/CVE-2022-3800.yaml +++ b/cves/2022/CVE-2022-3800.yaml @@ -12,9 +12,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-3800 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cve-id: CVE-2022-3800 cvss-score: 8.8 + cve-id: CVE-2022-3800 cwe-id: CWE-89 + cpe: cpe:2.3:a:ibax:go-ibax:*:*:*:*:*:*:*:* + epss-score: 0.00625 tags: cve,cve2022,ibax,go-ibax,sqli requests: diff --git a/cves/2022/CVE-2022-38463.yaml b/cves/2022/CVE-2022-38463.yaml index db0bb75a2f..a4fee2ebe3 100644 --- a/cves/2022/CVE-2022-38463.yaml +++ b/cves/2022/CVE-2022-38463.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-38463 cwe-id: CWE-79 + cpe: cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:* + epss-score: 0.00117 metadata: shodan-query: http.title:"ServiceNow" verified: "true" diff --git a/cves/2022/CVE-2022-38553.yaml b/cves/2022/CVE-2022-38553.yaml index eb2d6a07b6..8dee80f8dd 100644 --- a/cves/2022/CVE-2022-38553.yaml +++ b/cves/2022/CVE-2022-38553.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-38553 cwe-id: CWE-79 + cpe: cpe:2.3:a:creativeitem:academy_learning_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00098 metadata: google-query: intext:"Study any topic, anytime" verified: "true" diff --git a/cves/2022/CVE-2022-38637.yaml b/cves/2022/CVE-2022-38637.yaml index b97430b29e..a7d26d6ae5 100644 --- a/cves/2022/CVE-2022-38637.yaml +++ b/cves/2022/CVE-2022-38637.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-38637 cwe-id: CWE-89 + cpe: cpe:2.3:a:hospital_management_system_project:hospital_management_system:*:*:*:*:*:*:*:* + epss-score: 0.00749 metadata: shodan-query: http.html:"Hospital Management System" verified: "true" diff --git a/cves/2022/CVE-2022-38794.yaml b/cves/2022/CVE-2022-38794.yaml index 9b84d5d12c..728aa56027 100644 --- a/cves/2022/CVE-2022-38794.yaml +++ b/cves/2022/CVE-2022-38794.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-38794 cwe-id: CWE-22 + cpe: cpe:2.3:a:zaver_project:zaver:*:*:*:*:*:*:*:* + epss-score: 0.00267 tags: cve,cve2022,lfi,zaver requests: diff --git a/cves/2022/CVE-2022-38817.yaml b/cves/2022/CVE-2022-38817.yaml index bddabf805e..81106ec962 100644 --- a/cves/2022/CVE-2022-38817.yaml +++ b/cves/2022/CVE-2022-38817.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-38817 + cpe: cpe:2.3:a:linuxfoundation:dapr_dashboard:*:*:*:*:*:*:*:* + epss-score: 0.00541 metadata: shodan-query: http.title:"Dapr Dashboard" tags: cve,cve2022,dapr,dashboard,unauth diff --git a/cves/2022/CVE-2022-38870.yaml b/cves/2022/CVE-2022-38870.yaml index 924cfb8f0b..219ae4aa34 100644 --- a/cves/2022/CVE-2022-38870.yaml +++ b/cves/2022/CVE-2022-38870.yaml @@ -14,6 +14,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-38870 cwe-id: CWE-306 + cpe: cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:* + epss-score: 0.00295 metadata: shodan-query: http.title:"free5GC Web Console" tags: cve,cve2022,free5gc,exposure diff --git a/cves/2022/CVE-2022-3908.yaml b/cves/2022/CVE-2022-3908.yaml index 1e887fe770..82e6e60b8b 100644 --- a/cves/2022/CVE-2022-3908.yaml +++ b/cves/2022/CVE-2022-3908.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 1.4.7. reference: - https://wpscan.com/vulnerability/c44802a0-8cbe-4386-9523-3b6cb44c6505 - https://wordpress.org/plugins/helloprint/ - https://nvd.nist.gov/vuln/detail/CVE-2022-3908 + remediation: Fixed in version 1.4.7. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-3908 cwe-id: CWE-79 + cpe: cpe:2.3:a:helloprint:helloprint:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: xss,wordpress,wp-plugin,helloprint,cve,cve2022,wp,authenticated,wpscan diff --git a/cves/2022/CVE-2022-39195.yaml b/cves/2022/CVE-2022-39195.yaml index bc2b68f019..5345c353cb 100644 --- a/cves/2022/CVE-2022-39195.yaml +++ b/cves/2022/CVE-2022-39195.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-39195 cwe-id: CWE-79 + cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:* + epss-score: 0.00147 metadata: shodan-query: http.html:"LISTSERV" verified: "true" diff --git a/cves/2022/CVE-2022-3933.yaml b/cves/2022/CVE-2022-3933.yaml index 2e8426349a..d37c265810 100644 --- a/cves/2022/CVE-2022-3933.yaml +++ b/cves/2022/CVE-2022-3933.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks. - remediation: Fixed in version 3.9.6. reference: - https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4 - https://wordpress.org/plugins/essential-real-estate/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2022-3933 + remediation: Fixed in version 3.9.6. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-3933 cwe-id: CWE-79 + cpe: cpe:2.3:a:g5theme:essential_real_estate:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: wpscan,cve2022,authenticated,wordpress,wp-plugin,wp,essential-real-estate,cve,xss diff --git a/cves/2022/CVE-2022-3934.yaml b/cves/2022/CVE-2022-3934.yaml index 399dc66020..dbefbc47d3 100644 --- a/cves/2022/CVE-2022-3934.yaml +++ b/cves/2022/CVE-2022-3934.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 3.0.13. reference: - https://wpscan.com/vulnerability/ab68381f-c4b8-4945-a6a5-1d4d6473b73a - https://nvd.nist.gov/vuln/detail/CVE-2022-3934 + remediation: Fixed in version 3.0.13. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-3934 cwe-id: CWE-79 + cpe: cpe:2.3:a:mehanoid:flat_pm:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: authenticated,wpscan,cve,cve2022,xss,flatpm,wordpress,wp-plugin diff --git a/cves/2022/CVE-2022-3982.yaml b/cves/2022/CVE-2022-3982.yaml index cfd7cb6a81..d2b2a6bfda 100644 --- a/cves/2022/CVE-2022-3982.yaml +++ b/cves/2022/CVE-2022-3982.yaml @@ -6,16 +6,18 @@ info: severity: critical description: | The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. - remediation: Fixed in 3.2.2 reference: - https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867 - https://wordpress.org/plugins/booking-calendar/ - https://nvd.nist.gov/vuln/detail/CVE-2022-3982 + remediation: Fixed in 3.2.2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-3982 cwe-id: CWE-434 + cpe: cpe:2.3:a:wpdevart:booking_calendar:*:*:*:*:*:*:*:* + epss-score: 0.93708 metadata: verified: "true" tags: cve,cve2022,rce,wpscan,wordpress,wp-plugin,wp,booking-calendar,unauthenticated diff --git a/cves/2022/CVE-2022-39952.yaml b/cves/2022/CVE-2022-39952.yaml index 8d3a4daae5..834ffc24ed 100644 --- a/cves/2022/CVE-2022-39952.yaml +++ b/cves/2022/CVE-2022-39952.yaml @@ -17,6 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-39952 cwe-id: CWE-610 + cpe: cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* + epss-score: 0.96793 metadata: shodan-query: title:"FortiNAC" verified: "true" diff --git a/cves/2022/CVE-2022-39960.yaml b/cves/2022/CVE-2022-39960.yaml index d6031f6ff7..d8d109ecf4 100644 --- a/cves/2022/CVE-2022-39960.yaml +++ b/cves/2022/CVE-2022-39960.yaml @@ -15,6 +15,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-39960 cwe-id: CWE-862 + cpe: cpe:2.3:a:netic:group_export:*:*:*:*:*:*:*:* + epss-score: 0.3157 metadata: shodan-query: http.component:"Atlassian Jira" verified: "true" diff --git a/cves/2022/CVE-2022-40083.yaml b/cves/2022/CVE-2022-40083.yaml index 99d53eff29..245f5d8b62 100644 --- a/cves/2022/CVE-2022-40083.yaml +++ b/cves/2022/CVE-2022-40083.yaml @@ -6,15 +6,17 @@ info: severity: critical description: | Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. - remediation: Download and install 4.9.0, which contains a patch for this issue. reference: - https://github.com/labstack/echo/issues/2259 - https://nvd.nist.gov/vuln/detail/CVE-2022-40083 + remediation: Download and install 4.9.0, which contains a patch for this issue. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H cvss-score: 9.6 cve-id: CVE-2022-40083 cwe-id: CWE-601 + cpe: cpe:2.3:a:labstack:echo:*:*:*:*:*:*:*:* + epss-score: 0.00432 tags: cve,cve2022,redirect,labstack requests: diff --git a/cves/2022/CVE-2022-40359.yaml b/cves/2022/CVE-2022-40359.yaml index 57167dc921..ef028b2c2a 100644 --- a/cves/2022/CVE-2022-40359.yaml +++ b/cves/2022/CVE-2022-40359.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-40359 cwe-id: CWE-79 + cpe: cpe:2.3:a:kfm_project:kfm:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: verified: "true" tags: cve,cve2022,xss,kfm diff --git a/cves/2022/CVE-2022-4050.yaml b/cves/2022/CVE-2022-4050.yaml index 66910ece9b..b4c54b01e3 100644 --- a/cves/2022/CVE-2022-4050.yaml +++ b/cves/2022/CVE-2022-4050.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-4050 cwe-id: CWE-89 + cpe: cpe:2.3:a:beardev:joomsport:*:*:*:*:*:*:*:* + epss-score: 0.11791 metadata: verified: "true" tags: wpscan,cve,cve2022,wp-plugin,wp,joomsport-sports-league-results-management,wordpress,sqli,unauth diff --git a/cves/2022/CVE-2022-4060.yaml b/cves/2022/CVE-2022-4060.yaml index 573b02951b..342d9357d1 100644 --- a/cves/2022/CVE-2022-4060.yaml +++ b/cves/2022/CVE-2022-4060.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-4060 cwe-id: CWE-94 + cpe: cpe:2.3:a:odude:user_post_gallery:*:*:*:*:*:*:*:* + epss-score: 0.01059 metadata: verified: "true" tags: unauth,wpscan,cve2022,rce,wordpress,wp-plugin,wp,cve,wp-upg diff --git a/cves/2022/CVE-2022-4063.yaml b/cves/2022/CVE-2022-4063.yaml index 9cc8893f09..11b15cbf92 100644 --- a/cves/2022/CVE-2022-4063.yaml +++ b/cves/2022/CVE-2022-4063.yaml @@ -6,16 +6,18 @@ info: severity: critical description: | WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers. - remediation: Fixed in version 2.1.4.1. reference: - https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7 - https://wordpress.org/plugins/inpost-gallery/ - https://nvd.nist.gov/vuln/detail/CVE-2022-4063 + remediation: Fixed in version 2.1.4.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-4063 cwe-id: CWE-22 + cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:*:*:* + epss-score: 0.01177 metadata: verified: "true" tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan diff --git a/cves/2022/CVE-2022-40684.yaml b/cves/2022/CVE-2022-40684.yaml index c2bb50aeb8..caccd3795c 100644 --- a/cves/2022/CVE-2022-40684.yaml +++ b/cves/2022/CVE-2022-40684.yaml @@ -17,6 +17,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-40684 cwe-id: CWE-306 + epss-score: 0.96347 tags: cve,cve2022,fortinet,fortigate,fortios,fortiproxy,auth-bypass,kev requests: diff --git a/cves/2022/CVE-2022-40734.yaml b/cves/2022/CVE-2022-40734.yaml index 4f3eabdbb6..561f5c7298 100644 --- a/cves/2022/CVE-2022-40734.yaml +++ b/cves/2022/CVE-2022-40734.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.5 cve-id: CVE-2022-40734 cwe-id: CWE-22 + cpe: cpe:2.3:a:unisharp:laravel_filemanager:*:*:*:*:*:*:*:* + epss-score: 0.01707 metadata: shodan-query: http.html:"Laravel Filemanager" verified: "true" diff --git a/cves/2022/CVE-2022-40879.yaml b/cves/2022/CVE-2022-40879.yaml index 13bd42c2a8..6977963043 100644 --- a/cves/2022/CVE-2022-40879.yaml +++ b/cves/2022/CVE-2022-40879.yaml @@ -14,9 +14,11 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29349 cwe-id: CWE-79 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.00076 metadata: - verified: true shodan-query: http.html:"kkFileView" + verified: "true" tags: cve,cve2022,kkFileView,xss requests: diff --git a/cves/2022/CVE-2022-40881.yaml b/cves/2022/CVE-2022-40881.yaml index bafbfd6b54..a1aa23537c 100644 --- a/cves/2022/CVE-2022-40881.yaml +++ b/cves/2022/CVE-2022-40881.yaml @@ -15,6 +15,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-40881 cwe-id: CWE-77 + epss-score: 0.90339 metadata: shodan-query: http.favicon.hash:"-244067125" verified: "true" diff --git a/cves/2022/CVE-2022-4117.yaml b/cves/2022/CVE-2022-4117.yaml index 77b3c18ad6..8725963e71 100644 --- a/cves/2022/CVE-2022-4117.yaml +++ b/cves/2022/CVE-2022-4117.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-4117 cwe-id: CWE-89 + cpe: cpe:2.3:a:iws-geo-form-fields_project:iws-geo-form-fields:*:*:*:*:*:*:*:* + epss-score: 0.06254 metadata: verified: "true" tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,iws-geo-form-fields,wpscan diff --git a/cves/2022/CVE-2022-4140.yaml b/cves/2022/CVE-2022-4140.yaml index d619f5e665..cf87b886e9 100644 --- a/cves/2022/CVE-2022-4140.yaml +++ b/cves/2022/CVE-2022-4140.yaml @@ -6,16 +6,18 @@ info: severity: high description: | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server. - remediation: Fixed in version 2.8.5 reference: - https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7 - https://wordpress.org/plugins/usc-e-shop/ - https://nvd.nist.gov/vuln/detail/CVE-2022-4140 + remediation: Fixed in version 2.8.5 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-4140 cwe-id: CWE-552 + cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:*:*:* + epss-score: 0.02425 metadata: verified: "true" tags: usc-e-shop,wpscan,cve,cve2022,wp-plugin,wp,wordpress,lfi,unauthenticated diff --git a/cves/2022/CVE-2022-41473.yaml b/cves/2022/CVE-2022-41473.yaml index 0f5b7a7393..21b35db3a1 100644 --- a/cves/2022/CVE-2022-41473.yaml +++ b/cves/2022/CVE-2022-41473.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-41473 cwe-id: CWE-79 + cpe: cpe:2.3:a:rpcms:rpcms:*:*:*:*:*:*:*:* + epss-score: 0.00076 metadata: shodan-query: http.html:"RPCMS" verified: "true" diff --git a/cves/2022/CVE-2022-41840.yaml b/cves/2022/CVE-2022-41840.yaml index d608fd824e..0a201fecd5 100644 --- a/cves/2022/CVE-2022-41840.yaml +++ b/cves/2022/CVE-2022-41840.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-41840 cwe-id: CWE-22 + cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:*:*:* + epss-score: 0.00276 metadata: verified: "true" tags: cve,cve2022,wp-plugin,wordpress,wp,lfi,unauth,usc-e-shop diff --git a/cves/2022/CVE-2022-42233.yaml b/cves/2022/CVE-2022-42233.yaml index 8ec9f4476b..3e347508ca 100644 --- a/cves/2022/CVE-2022-42233.yaml +++ b/cves/2022/CVE-2022-42233.yaml @@ -14,6 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2022-42233 cwe-id: CWE-287 + epss-score: 0.91121 metadata: fofa-query: product=="Tenda-11N-Wireless-AP" shodan-query: http.title:"Tenda 11N" diff --git a/cves/2022/CVE-2022-4260.yaml b/cves/2022/CVE-2022-4260.yaml index 691087d9aa..7fa386de48 100644 --- a/cves/2022/CVE-2022-4260.yaml +++ b/cves/2022/CVE-2022-4260.yaml @@ -16,6 +16,8 @@ info: cvss-score: 4.8 cve-id: CVE-2022-4260 cwe-id: CWE-79 + cpe: cpe:2.3:a:wp-ban_project:wp-ban:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: cve2022,wp-plugin,xss,wordpress,wpscan,wp,authenticated,cve,wp-ban diff --git a/cves/2022/CVE-2022-42746.yaml b/cves/2022/CVE-2022-42746.yaml index 6ff93c907c..d6104efb48 100644 --- a/cves/2022/CVE-2022-42746.yaml +++ b/cves/2022/CVE-2022-42746.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-42746 cwe-id: CWE-79 + cpe: cpe:2.3:a:auieo:candidats:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: shodan-query: http.html:"CandidATS" verified: "true" diff --git a/cves/2022/CVE-2022-42747.yaml b/cves/2022/CVE-2022-42747.yaml index 767e94ed5a..af3e77dc45 100644 --- a/cves/2022/CVE-2022-42747.yaml +++ b/cves/2022/CVE-2022-42747.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-42747 cwe-id: CWE-79 + cpe: cpe:2.3:a:auieo:candidats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: http.html:"CandidATS" verified: "true" diff --git a/cves/2022/CVE-2022-42748.yaml b/cves/2022/CVE-2022-42748.yaml index adcfac438a..ff66d4015f 100644 --- a/cves/2022/CVE-2022-42748.yaml +++ b/cves/2022/CVE-2022-42748.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-42748 cwe-id: CWE-79 + cpe: cpe:2.3:a:auieo:candidats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: http.html:"CandidATS" verified: "true" diff --git a/cves/2022/CVE-2022-42749.yaml b/cves/2022/CVE-2022-42749.yaml index 37d5666fc2..d4aa08f2c0 100644 --- a/cves/2022/CVE-2022-42749.yaml +++ b/cves/2022/CVE-2022-42749.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-42749 cwe-id: CWE-79 + cpe: cpe:2.3:a:auieo:candidats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: http.html:"CandidATS" verified: "true" diff --git a/cves/2022/CVE-2022-4301.yaml b/cves/2022/CVE-2022-4301.yaml index e2d3c454bb..5f0b69cfba 100644 --- a/cves/2022/CVE-2022-4301.yaml +++ b/cves/2022/CVE-2022-4301.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 2.9.15. reference: - https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d - https://nvd.nist.gov/vuln/detail/CVE-2022-4301 + remediation: Fixed in version 2.9.15. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-4301 cwe-id: CWE-79 + cpe: cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: cve,cve2022,xss,sunshine,wordpress,wp-plugin,wpscan,unauth diff --git a/cves/2022/CVE-2022-43014.yaml b/cves/2022/CVE-2022-43014.yaml index 896193e035..a8e87c4d3c 100644 --- a/cves/2022/CVE-2022-43014.yaml +++ b/cves/2022/CVE-2022-43014.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-43014 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: title:"OpenCATS" verified: "true" diff --git a/cves/2022/CVE-2022-43015.yaml b/cves/2022/CVE-2022-43015.yaml index ba07736c00..20d6901063 100644 --- a/cves/2022/CVE-2022-43015.yaml +++ b/cves/2022/CVE-2022-43015.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-43015 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: title:"OpenCATS" verified: "true" diff --git a/cves/2022/CVE-2022-43016.yaml b/cves/2022/CVE-2022-43016.yaml index 79f6773f15..f9d5513954 100644 --- a/cves/2022/CVE-2022-43016.yaml +++ b/cves/2022/CVE-2022-43016.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-43016 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: title:"OpenCATS" verified: "true" diff --git a/cves/2022/CVE-2022-43017.yaml b/cves/2022/CVE-2022-43017.yaml index 4088db0a0b..bffce15399 100644 --- a/cves/2022/CVE-2022-43017.yaml +++ b/cves/2022/CVE-2022-43017.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-43017 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: title:"OpenCATS" verified: "true" diff --git a/cves/2022/CVE-2022-43018.yaml b/cves/2022/CVE-2022-43018.yaml index de8bd46573..88b37198ef 100644 --- a/cves/2022/CVE-2022-43018.yaml +++ b/cves/2022/CVE-2022-43018.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-43018 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00064 metadata: shodan-query: title:"OpenCATS" verified: "true" diff --git a/cves/2022/CVE-2022-4306.yaml b/cves/2022/CVE-2022-4306.yaml index f0d4d65a6c..94dcd0054a 100644 --- a/cves/2022/CVE-2022-4306.yaml +++ b/cves/2022/CVE-2022-4306.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 1.5.4. reference: - https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe - https://nvd.nist.gov/vuln/detail/CVE-2022-4306 + remediation: Fixed in version 1.5.4. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-4306 cwe-id: CWE-79 + cpe: cpe:2.3:a:panda_pods_repeater_field_project:panda_pods_repeater_field:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: cve,cve2022,xss,panda,pods,repeater,wordpress,wp-plugin,wpscan,authenticated diff --git a/cves/2022/CVE-2022-43140.yaml b/cves/2022/CVE-2022-43140.yaml index 207852a4d2..62540cbf6e 100644 --- a/cves/2022/CVE-2022-43140.yaml +++ b/cves/2022/CVE-2022-43140.yaml @@ -5,7 +5,7 @@ info: author: Co5mos severity: high description: | - kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. + kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. reference: - https://github.com/kekingcn/kkFileView/issues/392 - https://nvd.nist.gov/vuln/detail/CVE-2022-43140 @@ -13,10 +13,12 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2022-43140 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.13314 metadata: - verified: "true" - shodan-query: http.html:"kkFileView" fofa-query: app="kkFileView" + shodan-query: http.html:"kkFileView" + verified: "true" tags: cve,cve2022,ssrf,kkFileview requests: diff --git a/cves/2022/CVE-2022-4320.yaml b/cves/2022/CVE-2022-4320.yaml index 2055520659..50deef6590 100644 --- a/cves/2022/CVE-2022-4320.yaml +++ b/cves/2022/CVE-2022-4320.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-4320 cwe-id: CWE-79 + cpe: cpe:2.3:a:mhsoftware:wordpress_events_calendar_plugin:*:*:*:*:*:*:*:* + epss-score: 0.00085 metadata: verified: "true" tags: calendar,event,xss,wordpress,wp,wp-plugin,cve,cve2022,wpscan diff --git a/cves/2022/CVE-2022-4325.yaml b/cves/2022/CVE-2022-4325.yaml index acf25a6691..29e9aa20d4 100644 --- a/cves/2022/CVE-2022-4325.yaml +++ b/cves/2022/CVE-2022-4325.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin. - remediation: Fixed in version 1.10.1. reference: - https://wpscan.com/vulnerability/5b983c48-6b05-47cf-85cb-28bbeec17395 - https://wordpress.org/plugins/post-status-notifier-lite/ - https://nvd.nist.gov/vuln/detail/CVE-2022-4325 + remediation: Fixed in version 1.10.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-4325 cwe-id: CWE-79 + cpe: cpe:2.3:a:ifeelweb:post_status_notifier_lite:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: wp,wordpress,wpscan,authenticated,cve,cve2022,xss,wp-plugin,post-status-notifier-lite diff --git a/cves/2022/CVE-2022-4447.yaml b/cves/2022/CVE-2022-4447.yaml index 43358fba9f..f05b0bcd33 100644 --- a/cves/2022/CVE-2022-4447.yaml +++ b/cves/2022/CVE-2022-4447.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-4447 cwe-id: CWE-89 + cpe: cpe:2.3:a:fontsy_project:fontsy:*:*:*:*:*:*:*:* + epss-score: 0.04513 metadata: verified: "true" tags: cve,wordpress,wp,wpscan,cve2022,wp-plugin,sqli,fontsy,unauth diff --git a/cves/2022/CVE-2022-44877.yaml b/cves/2022/CVE-2022-44877.yaml index 80081b1492..8f7daee415 100644 --- a/cves/2022/CVE-2022-44877.yaml +++ b/cves/2022/CVE-2022-44877.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-44877 cwe-id: CWE-78 + cpe: cpe:2.3:a:control-webpanel:webpanel:*:*:*:*:*:*:*:* + epss-score: 0.97463 metadata: shodan-query: http.title:"Login | Control WebPanel" verified: "true" diff --git a/cves/2022/CVE-2022-45917.yaml b/cves/2022/CVE-2022-45917.yaml index 14fbffc6f1..55e1f480c2 100644 --- a/cves/2022/CVE-2022-45917.yaml +++ b/cves/2022/CVE-2022-45917.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-45917 cwe-id: CWE-601 + cpe: cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:* + epss-score: 0.00087 metadata: shodan-query: http.html:"ILIAS" verified: "true" diff --git a/cves/2022/CVE-2022-45933.yaml b/cves/2022/CVE-2022-45933.yaml index c3a7e4cbb7..01f7351f17 100644 --- a/cves/2022/CVE-2022-45933.yaml +++ b/cves/2022/CVE-2022-45933.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-45933 cwe-id: CWE-287 + cpe: cpe:2.3:a:kubeview_project:kubeview:*:*:*:*:*:*:*:* + epss-score: 0.005 metadata: shodan-query: http.title:"KubeView" verified: "true" diff --git a/cves/2022/CVE-2022-46169.yaml b/cves/2022/CVE-2022-46169.yaml index f1ff329b1a..f89ccc5a46 100644 --- a/cves/2022/CVE-2022-46169.yaml +++ b/cves/2022/CVE-2022-46169.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-46169 cwe-id: CWE-285 + cpe: cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* + epss-score: 0.97203 metadata: shodan-query: title:"Login to Cacti" verified: "true" diff --git a/cves/2022/CVE-2022-46381.yaml b/cves/2022/CVE-2022-46381.yaml index f7a86568eb..e18c874ba4 100644 --- a/cves/2022/CVE-2022-46381.yaml +++ b/cves/2022/CVE-2022-46381.yaml @@ -15,6 +15,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-46381 cwe-id: CWE-79 + epss-score: 0.03583 metadata: shodan-query: http.html:"Linear eMerge" verified: "true" diff --git a/cves/2022/CVE-2022-46888.yaml b/cves/2022/CVE-2022-46888.yaml index d7ecf6bb83..e7191a2172 100644 --- a/cves/2022/CVE-2022-46888.yaml +++ b/cves/2022/CVE-2022-46888.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-46888 cwe-id: CWE-79 + cpe: cpe:2.3:a:nexusphp:nexusphp:*:*:*:*:*:*:*:* + epss-score: 0.00089 metadata: shodan-query: http.favicon.hash:-582931176 verified: "true" diff --git a/cves/2022/CVE-2022-46934.yaml b/cves/2022/CVE-2022-46934.yaml index a9343015ad..742ea5449b 100644 --- a/cves/2022/CVE-2022-46934.yaml +++ b/cves/2022/CVE-2022-46934.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-46934 cwe-id: CWE-79 + cpe: cpe:2.3:a:keking:kkfileview:*:*:*:*:*:*:*:* + epss-score: 0.00085 metadata: shodan-query: http.html:"kkFileView" verified: "true" diff --git a/cves/2022/CVE-2022-47002.yaml b/cves/2022/CVE-2022-47002.yaml index ccba4e2bc5..87452ae561 100644 --- a/cves/2022/CVE-2022-47002.yaml +++ b/cves/2022/CVE-2022-47002.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-47002 cwe-id: CWE-863 + cpe: cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:* + epss-score: 0.03041 metadata: shodan-query: 'Generator: Masa CMS' verified: "true" diff --git a/cves/2022/CVE-2022-47003.yaml b/cves/2022/CVE-2022-47003.yaml index 8da96d9851..ee56f44dd3 100644 --- a/cves/2022/CVE-2022-47003.yaml +++ b/cves/2022/CVE-2022-47003.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-47003 cwe-id: CWE-863 + cpe: cpe:2.3:a:murasoftware:mura_cms:*:*:*:*:*:*:*:* + epss-score: 0.01501 metadata: shodan-query: 'Generator: Musa CMS' verified: "true" diff --git a/cves/2022/CVE-2022-47945.yaml b/cves/2022/CVE-2022-47945.yaml index 1c551d9087..cec1638555 100644 --- a/cves/2022/CVE-2022-47945.yaml +++ b/cves/2022/CVE-2022-47945.yaml @@ -15,6 +15,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-47945 + cpe: cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:* + epss-score: 0.01693 metadata: fofa-query: header="think_lang" shodan-query: title:"Thinkphp" diff --git a/cves/2022/CVE-2022-47966.yaml b/cves/2022/CVE-2022-47966.yaml index 4324751a8e..1705b1ff1f 100644 --- a/cves/2022/CVE-2022-47966.yaml +++ b/cves/2022/CVE-2022-47966.yaml @@ -15,6 +15,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-47966 + epss-score: 0.97386 metadata: shodan-query: title:"ManageEngine" verified: "true" diff --git a/cves/2022/CVE-2022-47986.yaml b/cves/2022/CVE-2022-47986.yaml index 205f3079dc..b0670b3bdd 100644 --- a/cves/2022/CVE-2022-47986.yaml +++ b/cves/2022/CVE-2022-47986.yaml @@ -10,15 +10,17 @@ info: - https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/ - https://www.ibm.com/support/pages/node/6952319 - https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 + - http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html remediation: This vulnerability can be remediated by either upgrading to Faspex 4.4.2 Patch Level 2 or Faspex 5.x which does not contain this vulnerability. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-47986 + epss-score: 0.85205 metadata: shodan-query: html:"Aspera Faspex" verified: "true" - tags: cve,cve2022,ibm,aspera,faspex,kev + tags: cve,cve2022,ibm,aspera,faspex,kev,packetstorm requests: - raw: diff --git a/cves/2022/CVE-2022-48012.yaml b/cves/2022/CVE-2022-48012.yaml index 6b63b59df9..8fa0b890b0 100644 --- a/cves/2022/CVE-2022-48012.yaml +++ b/cves/2022/CVE-2022-48012.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-48012 cwe-id: CWE-79 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.0007 metadata: shodan-query: title:"opencats" verified: "true" diff --git a/cves/2022/CVE-2022-48165.yaml b/cves/2022/CVE-2022-48165.yaml index 7e84d497fb..f3914dd8b8 100644 --- a/cves/2022/CVE-2022-48165.yaml +++ b/cves/2022/CVE-2022-48165.yaml @@ -15,6 +15,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-48165 + epss-score: 0.15228 metadata: shodan-query: http.favicon.hash:-1350437236 verified: "true" diff --git a/cves/2022/CVE-2022-4897.yaml b/cves/2022/CVE-2022-4897.yaml index 7117f87811..64e628a849 100644 --- a/cves/2022/CVE-2022-4897.yaml +++ b/cves/2022/CVE-2022-4897.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. - remediation: Fixed in version 8.8.3. reference: - https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f - https://nvd.nist.gov/vuln/detail/CVE-2022-4897 + remediation: Fixed in version 8.8.3. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-4897 cwe-id: CWE-79 + cpe: cpe:2.3:a:ithemes:backupbuddy:*:*:*:*:*:*:*:* + epss-score: 0.00323 metadata: verified: "true" tags: cve,cve2022,xss,backupbuddy,wordpress,wp-plugin,wpscan,wp,authenticated diff --git a/cves/2023/CVE-2023-0236.yaml b/cves/2023/CVE-2023-0236.yaml index c078a9a534..60921aaf6f 100644 --- a/cves/2023/CVE-2023-0236.yaml +++ b/cves/2023/CVE-2023-0236.yaml @@ -6,15 +6,17 @@ info: severity: medium description: | WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin. - remediation: Fixed in version 2.0.10. reference: - https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8 - https://nvd.nist.gov/vuln/detail/CVE-2023-0236 + remediation: Fixed in version 2.0.10. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-0236 cwe-id: CWE-79 + cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:*:*:* + epss-score: 0.00071 metadata: verified: "true" tags: cve,cve2022,xss,tutorlms,wpscan,wordpress,wp-plugin,authenticated diff --git a/cves/2023/CVE-2023-0261.yaml b/cves/2023/CVE-2023-0261.yaml index fc7c5cd073..1543bf0039 100644 --- a/cves/2023/CVE-2023-0261.yaml +++ b/cves/2023/CVE-2023-0261.yaml @@ -6,16 +6,18 @@ info: severity: high description: | WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site. - remediation: Fixed in version 10.8. reference: - https://wpscan.com/vulnerability/6a3b6752-8d72-4ab4-9d49-b722a947d2b0 - https://wordpress.org/plugins/wp-tripadvisor-review-slider/ - https://nvd.nist.gov/vuln/detail/CVE-2023-0261 + remediation: Fixed in version 10.8. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2023-0261 cwe-id: CWE-89 + cpe: cpe:2.3:a:ljapps:wp_tripadvisor_review_slider:*:*:*:*:*:*:*:* + epss-score: 0.03734 metadata: verified: "true" tags: cve2023,wordpress,wp,wp-tripadvisor-review-slider,auth,cve,sqli,wp-plugin,wpscan diff --git a/cves/2023/CVE-2023-0552.yaml b/cves/2023/CVE-2023-0552.yaml index 125af88cc2..209eb39f95 100644 --- a/cves/2023/CVE-2023-0552.yaml +++ b/cves/2023/CVE-2023-0552.yaml @@ -16,6 +16,8 @@ info: cvss-score: 5.4 cve-id: CVE-2023-0552 cwe-id: CWE-601 + cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:*:*:* + epss-score: 0.00078 metadata: verified: "true" tags: cve2023,redirect,pie,pie-register,wpscan,cve diff --git a/cves/2023/CVE-2023-0669.yaml b/cves/2023/CVE-2023-0669.yaml index b8cbd3e931..fb843572fa 100644 --- a/cves/2023/CVE-2023-0669.yaml +++ b/cves/2023/CVE-2023-0669.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.2 cve-id: CVE-2023-0669 cwe-id: CWE-502 + cpe: cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:* + epss-score: 0.96761 metadata: shodan-query: http.favicon.hash:1484947000 verified: "true" diff --git a/cves/2023/CVE-2023-0942.yaml b/cves/2023/CVE-2023-0942.yaml index 99d0a87a0e..43e2c893cc 100644 --- a/cves/2023/CVE-2023-0942.yaml +++ b/cves/2023/CVE-2023-0942.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-0942 cwe-id: CWE-79 + cpe: cpe:2.3:a:artisanworkshop:japanized_for_woocommerce:*:*:*:*:*:*:*:* + epss-score: 0.00322 metadata: verified: "true" tags: cve2023,woocommerce-for-japan,wp,wpscan,wordpress,authenticated,cve,xss,woocommerce,plugin diff --git a/cves/2023/CVE-2023-0968.yaml b/cves/2023/CVE-2023-0968.yaml index 653a19ce9c..cd997ecf64 100644 --- a/cves/2023/CVE-2023-0968.yaml +++ b/cves/2023/CVE-2023-0968.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-0968 cwe-id: CWE-79 + cpe: cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:*:*:* + epss-score: 0.0069 metadata: verified: "true" tags: wordpress,cve,cve2023,wp,wp-plugin,xss,watu,authenticated,wpscan diff --git a/cves/2023/CVE-2023-1080.yaml b/cves/2023/CVE-2023-1080.yaml index 6805ce8c1a..bed6664cc0 100644 --- a/cves/2023/CVE-2023-1080.yaml +++ b/cves/2023/CVE-2023-1080.yaml @@ -17,6 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-1080 cwe-id: CWE-79 + cpe: cpe:2.3:a:gnpublisher:gn_publisher:*:*:*:*:*:*:*:* + epss-score: 0.00522 metadata: verified: "true" tags: wp-plugin,wordpress,gn-publisher,authenticated,cve2023,wp,xss,wpscan,cve diff --git a/cves/2023/CVE-2023-1177.yaml b/cves/2023/CVE-2023-1177.yaml index ef5dff0ce2..40772eb516 100644 --- a/cves/2023/CVE-2023-1177.yaml +++ b/cves/2023/CVE-2023-1177.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-1177 cwe-id: CWE-29 + cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* + epss-score: 0.00965 metadata: shodan-query: http.title:"mlflow" verified: "true" diff --git a/cves/2023/CVE-2023-23488.yaml b/cves/2023/CVE-2023-23488.yaml index 8b790a2250..dfb63f69dc 100644 --- a/cves/2023/CVE-2023-23488.yaml +++ b/cves/2023/CVE-2023-23488.yaml @@ -10,14 +10,17 @@ info: - https://www.tenable.com/security/research/tra-2023-2 - https://wordpress.org/plugins/paid-memberships-pro/ - https://nvd.nist.gov/vuln/detail/CVE-2023-23488 + - http://packetstormsecurity.com/files/171661/WordPress-Paid-Memberships-Pro-2.9.8-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-23488 cwe-id: CWE-89 + cpe: cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:*:*:* + epss-score: 0.05246 metadata: verified: "true" - tags: wp-plugin,wp,sqli,paid-memberships-pro,cve,cve2023,wordpress,tenable + tags: paid-memberships-pro,cve2023,wordpress,tenable,packetstorm,wp-plugin,sqli,cve,wp requests: - raw: diff --git a/cves/2023/CVE-2023-23489.yaml b/cves/2023/CVE-2023-23489.yaml index 0fbd0188b4..a007623494 100644 --- a/cves/2023/CVE-2023-23489.yaml +++ b/cves/2023/CVE-2023-23489.yaml @@ -16,6 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-23489 cwe-id: CWE-89 + cpe: cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:*:*:* + epss-score: 0.81787 metadata: verified: "true" tags: easy-digital-downloads,unauth,cve,wpscan,wordpress,wp,wp-plugin,cve2023,sqli,tenable diff --git a/cves/2023/CVE-2023-23492.yaml b/cves/2023/CVE-2023-23492.yaml index 827ed67178..9b791baed4 100644 --- a/cves/2023/CVE-2023-23492.yaml +++ b/cves/2023/CVE-2023-23492.yaml @@ -17,6 +17,8 @@ info: cvss-score: 8.8 cve-id: CVE-2023-23492 cwe-id: CWE-89 + cpe: cpe:2.3:a:login_with_phone_number_project:login_with_phone_number:*:*:*:*:*:*:*:* + epss-score: 0.01376 metadata: verified: "true" tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023 diff --git a/cves/2023/CVE-2023-23752.yaml b/cves/2023/CVE-2023-23752.yaml index a86dc66f3e..2145eb47f4 100644 --- a/cves/2023/CVE-2023-23752.yaml +++ b/cves/2023/CVE-2023-23752.yaml @@ -6,16 +6,18 @@ info: severity: medium description: | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. - remediation: Upgrade to Joomla! version 4.2.8 or later. reference: - https://unsafe.sh/go-149780.html - https://twitter.com/gov_hack/status/1626471960141238272/photo/1 - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html - https://nvd.nist.gov/vuln/detail/CVE-2023-23552 + remediation: Upgrade to Joomla! version 4.2.8 or later. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-23752 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* + epss-score: 0.9138 metadata: shodan-query: html:"Joomla! - Open Source Content Management" verified: "true" diff --git a/cves/2023/CVE-2023-24044.yaml b/cves/2023/CVE-2023-24044.yaml index 0a2696716b..4423b1f9f7 100644 --- a/cves/2023/CVE-2023-24044.yaml +++ b/cves/2023/CVE-2023-24044.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24044 cwe-id: CWE-601 + cpe: cpe:2.3:a:plesk:obsidian:*:*:*:*:*:*:*:* + epss-score: 0.00192 metadata: fofa-query: title="Plesk Obsidian" shodan-query: title:"Plesk Obsidian" diff --git a/cves/2023/CVE-2023-24278.yaml b/cves/2023/CVE-2023-24278.yaml index 8c77000b84..6adebb5215 100644 --- a/cves/2023/CVE-2023-24278.yaml +++ b/cves/2023/CVE-2023-24278.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24278 cwe-id: CWE-79 + cpe: cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:* + epss-score: 0.00095 metadata: shodan-query: http.favicon.hash:1099097618 verified: "true" diff --git a/cves/2023/CVE-2023-24322.yaml b/cves/2023/CVE-2023-24322.yaml index 1c4ec7d767..615150658a 100644 --- a/cves/2023/CVE-2023-24322.yaml +++ b/cves/2023/CVE-2023-24322.yaml @@ -14,8 +14,10 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 - cwe-id: CWE-79 cve-id: CVE-2023-24322 + cwe-id: CWE-79 + cpe: cpe:2.3:a:mojoportal:mojoportal:*:*:*:*:*:*:*:* + epss-score: 0.00101 metadata: shodan-query: html:"mojoPortal" verified: "true" diff --git a/cves/2023/CVE-2023-24657.yaml b/cves/2023/CVE-2023-24657.yaml index f01eae9b0f..69b9daefa7 100644 --- a/cves/2023/CVE-2023-24657.yaml +++ b/cves/2023/CVE-2023-24657.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24657 cwe-id: CWE-79 + cpe: cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:* + epss-score: 0.00081 metadata: shodan-query: html:"phpIPAM IP address management" verified: "true" diff --git a/cves/2023/CVE-2023-24733.yaml b/cves/2023/CVE-2023-24733.yaml index 4451e98c37..e34efbf6a1 100644 --- a/cves/2023/CVE-2023-24733.yaml +++ b/cves/2023/CVE-2023-24733.yaml @@ -14,6 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24733 cwe-id: CWE-79 + cpe: cpe:2.3:a:pmb_project:pmb:*:*:*:*:*:*:*:* + epss-score: 0.00096 metadata: shodan-query: http.favicon.hash:1469328760 verified: "true" diff --git a/cves/2023/CVE-2023-24735.yaml b/cves/2023/CVE-2023-24735.yaml index b8e2c93fa5..5651891334 100644 --- a/cves/2023/CVE-2023-24735.yaml +++ b/cves/2023/CVE-2023-24735.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24735 cwe-id: CWE-601 + cpe: cpe:2.3:a:pmb_project:pmb:*:*:*:*:*:*:*:* + epss-score: 0.01158 metadata: shodan-query: http.favicon.hash:1469328760 verified: "true" diff --git a/cves/2023/CVE-2023-24737.yaml b/cves/2023/CVE-2023-24737.yaml index 7bba298d0b..6d5d6982e1 100644 --- a/cves/2023/CVE-2023-24737.yaml +++ b/cves/2023/CVE-2023-24737.yaml @@ -15,6 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24737 cwe-id: CWE-79 + cpe: cpe:2.3:a:pmb_project:pmb:*:*:*:*:*:*:*:* + epss-score: 0.00096 metadata: shodan-query: http.favicon.hash:1469328760 verified: "true" diff --git a/cves/2023/CVE-2023-26255.yaml b/cves/2023/CVE-2023-26255.yaml index 5d1c735138..e0b240305b 100644 --- a/cves/2023/CVE-2023-26255.yaml +++ b/cves/2023/CVE-2023-26255.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-26255 cwe-id: CWE-22 + cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:*:*:* + epss-score: 0.21906 metadata: shodan-query: title:Jira tags: cve,cve2023,lfi,jira,cms,atlassian diff --git a/cves/2023/CVE-2023-26256.yaml b/cves/2023/CVE-2023-26256.yaml index 75eb47a46d..1d5ba1d2a6 100644 --- a/cves/2023/CVE-2023-26256.yaml +++ b/cves/2023/CVE-2023-26256.yaml @@ -15,6 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-26256 cwe-id: CWE-22 + cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:*:*:* + epss-score: 0.02111 metadata: shodan-query: title:Jira tags: cve,cve2023,lfi,jira,cms,atlassian diff --git a/cves/2023/CVE-2023-27292.yaml b/cves/2023/CVE-2023-27292.yaml index b979ac3826..a78da851fe 100644 --- a/cves/2023/CVE-2023-27292.yaml +++ b/cves/2023/CVE-2023-27292.yaml @@ -14,6 +14,8 @@ info: cvss-score: 5.4 cve-id: CVE-2023-27292 cwe-id: CWE-601 + cpe: cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:* + epss-score: 0.00082 metadata: shodan-query: title:"opencats" verified: "true" diff --git a/cves/2023/CVE-2023-27587.yaml b/cves/2023/CVE-2023-27587.yaml index b2a5f5bc31..7259710663 100644 --- a/cves/2023/CVE-2023-27587.yaml +++ b/cves/2023/CVE-2023-27587.yaml @@ -16,6 +16,8 @@ info: cvss-score: 6.5 cve-id: CVE-2023-27587 cwe-id: CWE-209 + cpe: cpe:2.3:a:readtomyshoe_project:readtomyshoe:*:*:*:*:*:*:*:* + epss-score: 0.15215 tags: cve,cve2023,debug,readtomyshoe,disclosure requests: diff --git a/cves/2023/CVE-2023-28343.yaml b/cves/2023/CVE-2023-28343.yaml index acac128533..5862d904dd 100644 --- a/cves/2023/CVE-2023-28343.yaml +++ b/cves/2023/CVE-2023-28343.yaml @@ -10,15 +10,17 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28343 - https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md - https://apsystems.com + - http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-28343 cwe-id: CWE-78 + epss-score: 0.21123 metadata: google-query: intitle:"Altenergy Power Control Software" shodan-query: title:"Altenergy Power Control Software" - tags: cve,cve2023,oast,altenergy,iot + tags: cve,cve2023,oast,altenergy,iot,packetstorm requests: - raw: diff --git a/cves/2023/CVE-2023-28432.yaml b/cves/2023/CVE-2023-28432.yaml index 77768a7c29..455255c041 100644 --- a/cves/2023/CVE-2023-28432.yaml +++ b/cves/2023/CVE-2023-28432.yaml @@ -16,6 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-28432 cwe-id: CWE-200 + cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:* + epss-score: 0.01489 metadata: fofa-query: app="Minio" shodan-query: title:"Minio Console"